Gitiles
Code Review Sign In
LeafOS / LeafOS-Devices / android_kernel_samsung_gta4xl / eb9c7ebe6980c41cf6ae889e301c3b49f473ee9f^! / . / net / dccp / ipv4.c
commiteb9c7ebe6980c41cf6ae889e301c3b49f473ee9f[log] [tgz]
authorPatrick McHardy <kaber@trash.net>Fri Jan 06 23:06:30 2006 -0800
committerDavid S. Miller <davem@sunset.davemloft.net>Sat Jan 07 12:57:37 2006 -0800
tree419103d15b9de9c26c8400c698625231df55da91
parentb59c270104f03960069596722fea70340579244d [diff] [blame]
[NETFILTER]: Handle NAT in IPsec policy checks

Handle NAT of decapsulated IPsec packets by reconstructing the struct flowi
of the original packet from the conntrack information for IPsec policy
checks.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c
index 23ba177..00f9832 100644
--- a/net/dccp/ipv4.c
+++ b/net/dccp/ipv4.c

@@ -986,6 +986,7 @@
 
 	if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
 		goto discard_and_relse;
+	nf_reset(skb);
 
 	return sk_receive_skb(sk, skb);
 
@@ -1099,7 +1100,6 @@
 		kfree_skb(sk->sk_send_head);
 		sk->sk_send_head = NULL;
 	}
-	nf_reset(skb);
 
 	/* Clean up a referenced DCCP bind bucket. */
 	if (inet_csk(sk)->icsk_bind_hash != NULL)