From: Patrick McHardy <kaber@trash.net>
Date: Thu, 22 Mar 2007 19:30:29 +0000 (-0700)
Subject: [NETFILTER]: nat: avoid rerouting packets if only XFRM policy key changed
X-Git-Tag: v2.6.21-rc5~45^2
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=848c29fd648e78fa87d0e399223826ce5dfc1b7a;p=pandora-kernel.git

[NETFILTER]: nat: avoid rerouting packets if only XFRM policy key changed

Currently NAT not only reroutes packets in the OUTPUT chain when the
routing key changed, but also if only the non-routing part of the
IPsec policy key changed. This breaks ping -I since it doesn't use
SO_BINDTODEVICE but IP_PKTINFO cmsg to specify the output device, and
this information is lost.

Only do full rerouting if the routing key changed, and just do a new
policy lookup with the old route if only the ports changed.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

Reading git-diff-tree failed