Question about tunnels, IPsec and redirect
bill4carson at gmail.com
Thu Sep 26 03:02:52 EDT 2013
On 2013年09月25日 02:52, Kevin Wilson wrote:
> I am looking at this patch:
> and I cannot understand it. Can somebody please try
> to explain ?
> more specifically:
> Can somebody please give an example of some setup of IPsec tunnel
> where the ip_rt_send_redirect() method should not be called when the
> skb->sp is not NULL ?
+ if (rt->rt_flags&RTCF_DOREDIRECT && !opt->srr && !skb->sp)
If IPsec policy is not enabled for a specific flow that this skb matches, skb->sp is NULL.
> (in other words, why if the SKB is and IPsec SKB, we should not send a
> redirect in such a case while forwarding a packet; note I am talking
> about IPv4)
> Note that the check for skb->sp was changed in recent kernels to
> skb_sec_path(skb), but it is essentially the same.
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
More information about the Kernelnewbies