On Sun, Dec 04, 2005 at 11:09:09PM +0100, Patrick McHardy wrote:
>
> Thanks, I've added the correct patch now :) Unless I missed something,
> it was still missing a call to dst_output after the last transform
> in xfrm4_output_finish, unless we keep the loop in dst_output.
Good catch. The lines
Herbert Xu wrote:
before tunnel mode transforms and added a missing dst_output call
for the final packet.
This shouldn't be necessary if you apply it on top of my previous
patch which made xfrm[46]_output process the first SA and all subsequent
transport mode SAs. I've included that patch here
Herbert Xu wrote:
On Mon, Nov 28, 2005 at 02:07:03AM +0100, Patrick McHardy wrote:
Thanks, this looks great. I've changed it to only call the hooks
Glad you liked it :)
before tunnel mode transforms and added a missing dst_output call
for the final packet.
This shouldn't be necessary i
On Mon, Nov 28, 2005 at 02:07:03AM +0100, Patrick McHardy wrote:
>
> Thanks, this looks great. I've changed it to only call the hooks
Glad you liked it :)
> before tunnel mode transforms and added a missing dst_output call
> for the final packet.
This shouldn't be necessary if you apply it on t
Herbert Xu wrote:
On Tue, Nov 22, 2005 at 09:31:39PM +1100, herbert wrote:
Unfortunately it looks like gcc 3.3.5 at least is too dumb to optimise
it away. I think we'll need a better strategy.
OK, the idea is still the same: Move the loop from dst_output into
xfrm4_output/xfrm6_output since
On Tue, Nov 22, 2005 at 09:31:39PM +1100, herbert wrote:
>
> Unfortunately it looks like gcc 3.3.5 at least is too dumb to optimise
> it away. I think we'll need a better strategy.
OK, the idea is still the same: Move the loop from dst_output into
xfrm4_output/xfrm6_output since they're the only
On Tue, Nov 22, 2005 at 09:30:38PM +1100, herbert wrote:
>
> the need to return control to dst_output. The only reason for
> dst_output to exist is to handle compilers that can't optimise away
> tail calls. So if we are going to rely on the compiler to do away
> with tail calls (ip_dst_output <->
On Tue, Nov 22, 2005 at 05:53:35AM +0100, Patrick McHardy wrote:
>
> This looks nice, but placing the hooks at the end of the xfrm[46]
> functions doesn't work with queueing without recursively calling
> dst_output (as okfn) since we have to provide an okfn but also
> have to return ownership of t
Patrick McHardy wrote:
Herbert Xu wrote:
On Sun, Nov 20, 2005 at 04:31:34PM +, Patrick McHardy wrote:
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index ae0779d..b93e7cd 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -78,6 +79,34 @@ int ip_route_me_harder(stru
Herbert Xu wrote:
On Sun, Nov 20, 2005 at 04:31:34PM +, Patrick McHardy wrote:
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index ae0779d..b93e7cd 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -78,6 +79,34 @@ int ip_route_me_harder(struct sk_buff **
}
EXPORT_SY
On Sun, Nov 20, 2005 at 04:31:34PM +, Patrick McHardy wrote:
>
> diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
> index ae0779d..b93e7cd 100644
> --- a/net/ipv4/netfilter.c
> +++ b/net/ipv4/netfilter.c
> @@ -78,6 +79,34 @@ int ip_route_me_harder(struct sk_buff **
> }
> EXPORT_SYMBOL
[IPV4/6]: Netfilter IPsec output hooks
Add alternative ip_dst_output/ip6_dst_output functions to call netfilter
hooks between xfrm transforms. Packets visit the FORWARD/LOCAL_OUT and
POST_ROUTING hook before encapsulation and the LOCAL_OUT and POST_ROUTING
hook after each tunnel mode transform.
S
12 matches
Mail list logo
