hipl-core team mailing list archive
-
hipl-core team
-
Mailing list archive
-
Message #00183
[Branch ~christof-mroz/hipl/hipfw-performance] Rev 4939: Don't add iptables rules for ESP traffic if userspace_ipsec is used.
------------------------------------------------------------
revno: 4939
committer: Christof Mroz <christof.mroz@xxxxxxxxxxxxxx>
branch nick: hipfw-performance
timestamp: Mon 2010-09-13 21:05:20 +0200
message:
Don't add iptables rules for ESP traffic if userspace_ipsec is used.
modified:
firewall/conntrack.c
--
lp:~christof-mroz/hipl/hipfw-performance
https://code.launchpad.net/~christof-mroz/hipl/hipfw-performance
Your team HIPL core team is subscribed to branch lp:~christof-mroz/hipl/hipfw-performance.
To unsubscribe from this branch go to https://code.launchpad.net/~christof-mroz/hipl/hipfw-performance/+edit-subscription
=== modified file 'firewall/conntrack.c'
--- firewall/conntrack.c 2010-09-13 14:26:58 +0000
+++ firewall/conntrack.c 2010-09-13 19:05:20 +0000
@@ -324,9 +324,10 @@
* @param insert Boolean: remove rule if zero, add otherwise.
* @return 0 on success, -1 otherwise.
*
- * @todo Test rules using userspace_ipsec, Relay, LSI, sys-opp, midauth and
- * light-update configurations.
- * @todo Test different byte orders.
+ * @todo Test rules using userspace_ipsec, Relay, LSI, sys-opp, midauth,
+ * light-update and esp_prot configurations.
+ * @todo Test with different byte ordering.
+ * @todo Inbound and outbound tables.
*
* @see update_esp_address
* @see free_esp_tuple
@@ -337,13 +338,12 @@
int err = 0;
const char *flag = insert ? "-I" : "-D";
- if(prefer_userspace) {
+ if (hip_userspace_ipsec || prefer_userspace) {
return 0;
}
HIP_ASSERT(esp_tuple);
HIP_ASSERT(dest);
- HIP_ASSERT(!hip_userspace_ipsec);
if (esp_tuple->tuple->esp_relay) {
HIP_DEBUG("ESP Relay requested; not handled via iptables "