| To: | lpetande@xxxxxxxxxx |
|---|---|
| Subject: | Re: [patch]: CONFIG_IPV6_SUBTREES fix for MIPv6 |
| From: | "David S. Miller" <davem@xxxxxxxxxx> |
| Date: | Tue, 10 Jun 2003 09:51:35 -0700 (PDT) |
| Cc: | nakam@xxxxxxxxxxxxxx, lpetande@xxxxxxxxxxxxxxxxxxx, yoshfuji@xxxxxxxxxxxxxx, vnuorval@xxxxxxxxxx, kuznet@xxxxxxxxxxxxx, netdev@xxxxxxxxxxx, ajtuomin@xxxxxxxxxxxxxxxxxxx, jagana@xxxxxxxxxx, kumarkr@xxxxxxxxxx, usagi-core@xxxxxxxxxxxxxx |
| In-reply-to: | <3EE5F85E.9080006@xxxxxxxxxx> |
| References: | <Pine.GSO.4.44.0306091140470.25126-100000@xxxxxxxxxxxxxxxxxxx> <20030609203659.089b241b.nakam@xxxxxxxxxxxxxx> <3EE5F85E.9080006@xxxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
From: Henrik Petander <lpetande@xxxxxxxxxx>
Date: Tue, 10 Jun 2003 18:25:18 +0300
Then the policies for mipv6 would need to be specified at the same time
as the ipsec policies. This is not a problem as long as the policies are
loaded at start up. However, this could lead to problems with
applications which specify their own policies, e.g. racoon.
It is an important point.
Ask yourself this, why do we have tunnel devices and don't implement
them with cool routing or XFRM rules? We don't do this because as
soon as you type "zebra" all your by-hand routes are gone, and as soon
as you type "racoon" al your by-hand xfrm rules are gone.
If you want to do these things using routes or xfrm rules, you must
integrate the creation of them into either zebra or racoon. You
cannot have a setup where mipv6d and racoon/zebra fight each other
flushing each other's settings. It doesn't work.
|
| Previous by Date: | Re: 3c59x (was Route cache performance under stress), Andi Kleen |
|---|---|
| Next by Date: | Re: Route cache performance under stress, chas williams |
| Previous by Thread: | Re: [patch]: CONFIG_IPV6_SUBTREES fix for MIPv6, David S. Miller |
| Next by Thread: | Re: [patch]: CONFIG_IPV6_SUBTREES fix for MIPv6, Henrik Petander |
| Indexes: | [Date] [Thread] [Top] [All Lists] |