Patrick McHardy wrote:
>>I don't know what correct fix is. Adding an extra call to xfrm4_policy_check
>>in
>>tcp_v4_rcv before the checksum check fixes this problem and doesn't seem to
>>break anything else. On the other hand, moving some of the code in
>>esp_post_input into esp_input (especially
Patrick McHardy wrote:
> Chinh Nguyen wrote:
>
>>Patrick McHardy wrote:
>>
>>
>>>What values does skb->ip_summed have before that?
>>
>>
>>the skb->ip_summed value before the checksum check in tcp_v4_rcv is
>>CHECKSUM_NONE. Hence
Patrick McHardy wrote:
> Chinh Nguyen wrote:
>
>>I discovered that the "bug" is in the function tcp_v4_rcv for kernel
>>2.6.16-rc1.
>>
>>After the ESP packet is decapped and decrypted in xfrm4_rcv_encap_finish, the
>>unencrypted packet is pushed b
IPSec Transport Mode over NAT
Date: Tue, 09 Feb 2006 13:44:39 -0500
From: Chinh Nguyen <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Chinh Nguyen wrote:
>> Hi,
>> The first question is more academic. How does a per-socket bypass policy
>> equals
>> "accept transport m
