Tobias Brunner 09ee9dba96 ipv6: Reinject IPv6 packets if IPsec policy matches after SNAT ...

If SNAT modifies the source address the resulting packet might match
an IPsec policy, reinject the packet if that's the case.

The exact same thing is already done for IPv4.

Signed-off-by: Tobias Brunner <tobias@strongswan.org>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

2017-12-26 17:14:56 -05:00

44 KiB

Raw Blame History

View Raw