On Thu, Jan 26, 2006 at 03:25:17PM +0100, Patrick McHardy wrote: > > [IPV4]: Always set fl.proto in ip_route_newports > > ip_route_newports uses the struct flowi from the struct rtable returned > by ip_route_connect for the new route lookup and just replaces the port > numbers if they have changed. If an IPsec policy exists which doesn't match > port 0 the struct flowi won't have the proto field set and no xfrm lookup > is done for the changed ports.
Thanks Patrick, the patch looks good to me. However, I think the rationale given above isn't quite right. If the original dst is actually IPsec, the protocol field should always be set regardless of whether the policy that triggered it has a protocol or not. So I thnk the case where it's really needed is if the original dst is not IPsec. In that case the protocol won't be set since the routing cache doesn't have it as a key. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
