hipl-core team mailing list archive
-
hipl-core team
-
Mailing list archive
-
Message #00184
[Branch ~christof-mroz/hipl/hipfw-performance] Rev 4940: UDP-Encapsulated ESP traffic is not supported over IPv6 anyway.
------------------------------------------------------------
revno: 4940
committer: Christof Mroz <christof.mroz@xxxxxxxxxxxxxx>
branch nick: hipfw-performance
timestamp: Mon 2010-09-13 21:06:48 +0200
message:
UDP-Encapsulated ESP traffic is not supported over IPv6 anyway.
modified:
firewall/conntrack.c
--
lp:~christof-mroz/hipl/hipfw-performance
https://code.launchpad.net/~christof-mroz/hipl/hipfw-performance
Your team HIPL core team is subscribed to branch lp:~christof-mroz/hipl/hipfw-performance.
To unsubscribe from this branch go to https://code.launchpad.net/~christof-mroz/hipl/hipfw-performance/+edit-subscription
=== modified file 'firewall/conntrack.c'
--- firewall/conntrack.c 2010-09-13 19:05:20 +0000
+++ firewall/conntrack.c 2010-09-13 19:06:48 +0000
@@ -386,17 +386,10 @@
HIP_IFEL(!inet_ntop(AF_INET6, &dest, daddr, sizeof(daddr)), -1,
"inet_ntop: %s", strerror(errno));
- if (esp_tuple->tuple->connection->udp_encap) {
- /* TODO: Add rule here as soon as UDP encapsulation over IPv6
- * support is implemented in hip_fw_init_context().
- */
-
- HIP_DEBUG("UDP over IPv6 -> no rule added/removed");
- } else {
- system_printf("ip6tables %s HIPFW-FORWARD -p 50 "
- "-d %s -m esp --espspi 0x%08X -j ACCEPT",
- flag, daddr, esp_tuple->spi);
- }
+ HIP_ASSERT(!esp_tuple->tuple->connection->udp_encap);
+ system_printf("ip6tables %s HIPFW-FORWARD -p 50 "
+ "-d %s -m esp --espspi 0x%08X -j ACCEPT",
+ flag, daddr, esp_tuple->spi);
}
out_err:
Follow ups
