From: Patrick McHardy <kaber@trash.net>
Date: Wed, 15 Feb 2006 23:10:22 +0000 (-0800)
Subject: [XFRM]: Fix SNAT-related crash in xfrm4_output_finish
X-Git-Tag: v2.6.16-rc4~44^2~6
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=48d5cad87c3a4998d0bda16ccfb5c60dfe4de5fb;p=pandora-kernel.git

[XFRM]: Fix SNAT-related crash in xfrm4_output_finish

When a packet matching an IPsec policy is SNATed so it doesn't match any
policy anymore it looses its xfrm bundle, which makes xfrm4_output_finish
crash because of a NULL pointer dereference.

This patch directs these packets to the original output path instead. Since
the packets have already passed the POST_ROUTING hook, but need to start at
the beginning of the original output path which includes another
POST_ROUTING invocation, a flag is added to the IPCB to indicate that the
packet was rerouted and doesn't need to pass the POST_ROUTING hook again.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

Reading git-diff-tree failed