[Ipsec-tools-devel] Re: [XFRM] Allow transport SAs even when there is no policy
Brought to you by:
mit_warlord,
netbsd
From: David S. M. <da...@da...> - 2004-10-21 05:10:10
|
On Wed, 20 Oct 2004 07:25:29 +1000 Herbert Xu <he...@go...> wrote: > On Tue, Oct 19, 2004 at 04:16:02PM +0200, Patrick McHardy wrote: > > > > Looks good. So you agree we should also apply my patch to > > xfrm_policy_lookup (attached again with less confusing subject) ? It makes > > packets with a secpath fall through to __xfrm_policy_check when the policy > > list is empty, so the default policy is always the same. This will break > > setups with keying daemons that don't add forward policies for tunnel mode > > SAs. > > Agreed. Thanks. Also applied. Thanks Patrick and Herbert. BTW, Herbert, you can use a signed-off-by: line as an "ACK" if you want :-) |