Re: [RFC, PATCH 3/5]: netfilter+ipsec

netdev

Re: [RFC, PATCH 3/5]: netfilter+ipsec - input hooks

To:	"David S. Miller" <davem@xxxxxxxxxx>
Subject:	Re: [RFC, PATCH 3/5]: netfilter+ipsec - input hooks
From:	Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date:	Fri, 19 Mar 2004 22:47:57 +1100
Cc:	Patrick McHardy <kaber@xxxxxxxxx>, netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<20040318221523.07298f03.davem@xxxxxxxxxx>
References:	<20040308110331.GA20719@xxxxxxxxxxxxxxxxxxx> <404C874D.4000907@xxxxxxxxx> <20040308115858.75cdddca.davem@xxxxxxxxxx> <4059CF0E.3050708@xxxxxxxxx> <20040318221523.07298f03.davem@xxxxxxxxxx>
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mutt/1.5.5.1+cvs20040105i

On Thu, Mar 18, 2004 at 10:15:23PM -0800, David S. Miller wrote:
> 
> Be careful!  xfrm4_tunnel handles both uncompressed ipcomp packets
> _and_ IPIP encapsulator device packets.  Yet you will intepret usage
> of the ipprot as 'xfrm_prot==1' in all cases.

Good point.

> Yes this is ugly... if we added some kind of flag bit-mask to sk_buff,
> would that allow an easier implementation?

I'm not sure if this'll help in the degenerate IPCOMP case.  Perhaps
we need a way to tell if it is a degenerate IPCOMP tunnel or an IPIP
tunnel without actually processing the packet.
-- 
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: ip_route_me_harder -> xfrm_lookup, (continued) Re: ip_route_me_harder -> xfrm_lookup, Patrick McHardy Re: ip_route_me_harder -> xfrm_lookup, David S. Miller Re: ip_route_me_harder -> xfrm_lookup, Patrick McHardy [RFC, PATCH 1/5]: netfilter+ipsec - nf_reset, Patrick McHardy Re: [RFC, PATCH 1/5]: netfilter+ipsec - nf_reset, David S. Miller [RFC, PATCH 2/5]: netfilter+ipsec - output hooks, Patrick McHardy Re: [RFC, PATCH 2/5]: netfilter+ipsec - output hooks, David S. Miller Re: [RFC, PATCH 2/5]: netfilter+ipsec - output hooks, Herbert Xu [RFC, PATCH 3/5]: netfilter+ipsec - input hooks, Patrick McHardy Re: [RFC, PATCH 3/5]: netfilter+ipsec - input hooks, David S. Miller Re: [RFC, PATCH 3/5]: netfilter+ipsec - input hooks, Herbert Xu <= Re: [RFC, PATCH 3/5]: netfilter+ipsec - input hooks, Patrick McHardy Re: [RFC, PATCH 3/5]: netfilter+ipsec - input hooks, Herbert Xu Re: [RFC, PATCH 3/5]: netfilter+ipsec - input hooks, Herbert Xu Re: [RFC, PATCH 3/5]: netfilter+ipsec - input hooks, Herbert Xu Re: [RFC, PATCH 3/5]: netfilter+ipsec - input hooks, Patrick McHardy [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Patrick McHardy Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, David S. Miller Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Patrick McHardy Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Herbert Xu Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Patrick McHardy

Previous by Date:	Re: [RFC, PATCH 3/5]: netfilter+ipsec - input hooks, Herbert Xu
Next by Date:	Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Herbert Xu
Previous by Thread:	Re: [RFC, PATCH 3/5]: netfilter+ipsec - input hooks, David S. Miller
Next by Thread:	Re: [RFC, PATCH 3/5]: netfilter+ipsec - input hooks, Patrick McHardy
Indexes:	[Date] [Thread] [Top] [All Lists]