David S. Miller <[EMAIL PROTECTED]> wrote: > From: Nicolas DICHTEL <[EMAIL PROTECTED]> > Date: Mon, 06 Feb 2006 12:00:30 +0100 > >> in the same way of this patch, why dst_entry are stored for >> RAW socket ? In case of specific IPSec rules for ICMPv6, >> xfrm state can be different for the same destination. >> Attached, a proposed patch. > > We cache the flow we used to store that dst into the socket, > and we'll verify that on the next sendmsg() call so it's OK. > > See the checks done in ip6_dst_lookup() when we have a cached > route attached to the socket.
I think he's saying that the checks in ip6_dst_lookup is not enough for IPsec because it only checks the destination address and oif instead of all the addresses/protocol/ports. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html