[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter-devel
Subject:    Re: [PATCH 05/13]: [IPV4/6]: Netfilter IPsec output hooks
From:       Patrick McHardy <kaber () trash ! net>
Date:       2005-11-28 12:25:48
Message-ID: 438AF74C.6000608 () trash ! net
[Download RAW message or body]

Herbert Xu wrote:
> On Mon, Nov 28, 2005 at 02:07:03AM +0100, Patrick McHardy wrote:
> 
>>Thanks, this looks great. I've changed it to only call the hooks
> 
> 
> Glad you liked it :)
> 
> 
>>before tunnel mode transforms and added a missing dst_output call
>>for the final packet.
> 
> 
> This shouldn't be necessary if you apply it on top of my previous
> patch which made xfrm[46]_output process the first SA and all subsequent
> transport mode SAs.  I've included that patch here again.
> 
> I think it still makes sense to do that because this corresponds
> with the usual representation of an IPsec connection and it
> simplifies the handling of netfilter hooks.

I agree, I missed that your patch based on that one. Let me have
another look :)

[prev in list] [next in list] [prev in thread] [next in thread]