* RE: [patch 3/3] Replace reverse_route() with a call to ip_route_m e_harder()
@ 2006-09-29 19:26 Venkat Yekkirala
2006-09-30 16:23 ` Patrick McHardy
0 siblings, 1 reply; 3+ messages in thread
From: Venkat Yekkirala @ 2006-09-29 19:26 UTC (permalink / raw)
To: Patrick McHardy, Horms
Cc: vyekkirala, Ken Brownfield, Roberto Nibali, netfilter-devel,
Farid Sarwari, Julian Anastasov, David Black, Joseph Mack NA3T,
David Miller
> With this patch we loose the security_skb_classify_flow call.
> I think it is also needed in ip_route_me_harder, if so your
> patch seems fine (but I get large rejects with the current
> tree, so I'm going to redo it).
>
> Venkat, is it correct to place a security_skb_classify_flow
> call in ip_route_me_harder (which also handles currently
> unlabeled protocols)?
This isn't necessary since the xfrm_decode_session invocation
from within ip_route_me_harder does take care of classifying
the flow.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [patch 3/3] Replace reverse_route() with a call to ip_route_m e_harder()
2006-09-29 19:26 [patch 3/3] Replace reverse_route() with a call to ip_route_m e_harder() Venkat Yekkirala
@ 2006-09-30 16:23 ` Patrick McHardy
2006-10-01 2:42 ` Horms
0 siblings, 1 reply; 3+ messages in thread
From: Patrick McHardy @ 2006-09-30 16:23 UTC (permalink / raw)
To: Venkat Yekkirala
Cc: Ken Brownfield, Roberto Nibali, netfilter-devel, Farid Sarwari,
David Black, Julian Anastasov, Horms, Joseph Mack NA3T,
David Miller
Venkat Yekkirala wrote:
>>Venkat, is it correct to place a security_skb_classify_flow
>>call in ip_route_me_harder (which also handles currently
>>unlabeled protocols)?
>
>
> This isn't necessary since the xfrm_decode_session invocation
> from within ip_route_me_harder does take care of classifying
> the flow.
Thanks, I missed the call in xfrm_decode_session because I
only looked in xfrm4_policy.c.
Simon, I fixed up the patch slightly and applied it, thanks.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [patch 3/3] Replace reverse_route() with a call to ip_route_m e_harder()
2006-09-30 16:23 ` Patrick McHardy
@ 2006-10-01 2:42 ` Horms
0 siblings, 0 replies; 3+ messages in thread
From: Horms @ 2006-10-01 2:42 UTC (permalink / raw)
To: Patrick McHardy
Cc: netfilter-devel, Ken Brownfield, Roberto Nibali, Venkat Yekkirala,
Farid Sarwari, Julian Anastasov, David Black, Joseph Mack NA3T,
David Miller
On Sat, Sep 30, 2006 at 06:23:08PM +0200, Patrick McHardy wrote:
> Venkat Yekkirala wrote:
> >>Venkat, is it correct to place a security_skb_classify_flow
> >>call in ip_route_me_harder (which also handles currently
> >>unlabeled protocols)?
> >
> >
> > This isn't necessary since the xfrm_decode_session invocation
> > from within ip_route_me_harder does take care of classifying
> > the flow.
>
> Thanks, I missed the call in xfrm_decode_session because I
> only looked in xfrm4_policy.c.
>
> Simon, I fixed up the patch slightly and applied it, thanks.
Thanks, I really was a bit unsure about this patch.
--
Horms
H: http://www.vergenet.net/~horms/
W: http://www.valinux.co.jp/en/
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-10-01 2:42 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-09-29 19:26 [patch 3/3] Replace reverse_route() with a call to ip_route_m e_harder() Venkat Yekkirala
2006-09-30 16:23 ` Patrick McHardy
2006-10-01 2:42 ` Horms
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.