diff options
author | Patrick McHardy <kaber@trash.net> | 2006-01-06 23:03:34 -0800 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-01-07 12:57:31 -0800 |
commit | b05e106698d9966de524e78d9da1bf6407fe0c32 (patch) | |
tree | 8a7c253b7249451941674805cccdaaba299dff6f /include/net | |
parent | 951dbc8ac714b04c36296b8b5c36c8e036ce433f (diff) |
[IPV4/6]: Netfilter IPsec input hooks
When the innermost transform uses transport mode the decapsulated packet
is not visible to netfilter. Pass the packet through the PRE_ROUTING and
LOCAL_IN hooks again before handing it to upper layer protocols to make
netfilter-visibility symetrical to the output path.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/ipv6.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 860bbac4c4ee..3b1d963d396c 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h @@ -418,6 +418,8 @@ extern int ipv6_rcv(struct sk_buff *skb, struct packet_type *pt, struct net_device *orig_dev); +extern int ip6_rcv_finish(struct sk_buff *skb); + /* * upper-layer output functions */ |