[Openswan dev] preserving skb-nfmark in decrypted traffic
Tino Keitel
tino.keitel at innominate.com
Tue Feb 13 09:17:03 EST 2007
Hi folks,
I noticed that with recent OpenS/WAN versions the nfmark value of a
decrypted packet doesn't match the nfmark value of the encrypted packet
anymore. In my tests, a value of 0x12 became 0x70012.
skb->nfmark is only written in 2 places in ipsec_rcv.c, but never read.
What would be the side effects of removing the modifications to nfmark
in ipsec_rcv_cleanup() and ipsec_rcv_decap_cont()?
Regards,
Tino
More information about the Dev
mailing list