From 8b7817f3a959ed99d7443afc12f78a7e1fcc2063 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Wed, 12 Dec 2007 10:44:43 -0800 Subject: [IPSEC]: Add ICMP host relookup support RFC 4301 requires us to relookup ICMP traffic that does not match any policies using the reverse of its payload. This patch implements this for ICMP traffic that originates from or terminates on localhost. This is activated on outbound with the new policy flag XFRM_POLICY_ICMP, and on inbound by the new state flag XFRM_STATE_ICMP. On inbound the policy check is now performed by the ICMP protocol so that it can repeat the policy check where necessary. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller --- include/net/dst.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include/net') diff --git a/include/net/dst.h b/include/net/dst.h index aaa2dbb50179..31468c9aa877 100644 --- a/include/net/dst.h +++ b/include/net/dst.h @@ -268,6 +268,7 @@ extern void dst_init(void); /* Flags for xfrm_lookup flags argument. */ enum { XFRM_LOOKUP_WAIT = 1 << 0, + XFRM_LOOKUP_ICMP = 1 << 1, }; struct flowi; -- cgit v1.2.3