netdev
[Top] [All Lists]

IPsec and Path MTU

To: kuznet@xxxxxxxxxxxxx, davem@xxxxxxxxxx, jmorris@xxxxxxxxxx, netdev@xxxxxxxxxxx
Subject: IPsec and Path MTU
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 15 Jun 2004 22:43:34 +1000
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.5.1+cvs20040105i
Hi:

Can someone explain the rationale behind dst->path and dst_pmtu to me?

As far as I can see it was introduced specifically for IPsec.  However,
it seems to me that it makes no sense whatsoever in that case.

As it is, the MTU for any peer with an IPsec policy is determined
by the MTU of its dst->path.  But this is wrong because it assigns
a single MTU to all hosts behind an IPsec gateway, even though their
paths may well diverge beyond the gateway.

So unless I'm missing something, we should get rid of dst->path and
store the MTU in the xfrm dst's directly.

Comments?
-- 
Visit Openswan at http://www.openswan.org/
Email:  Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

<Prev in Thread] Current Thread [Next in Thread>