netdev
[Top] [All Lists]

Re: [PATCH][IPSEC] IPsec policy can be matched by ICMP type and code

To: davem@xxxxxxxxxx
Subject: Re: [PATCH][IPSEC] IPsec policy can be matched by ICMP type and code
From: YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@xxxxxxxxxxxxxx>
Date: Tue, 10 Aug 2004 10:32:29 +0900 (JST)
Cc: nakam@xxxxxxxxxxxxxx, netdev@xxxxxxxxxxx, usagi-core@xxxxxxxxxxxxxx
In-reply-to: <20040809170705.6ab75c5f.davem@redhat.com>
Organization: USAGI Project
References: <20040809175404.301bd60a@localhost> <20040809170705.6ab75c5f.davem@redhat.com>
Sender: netdev-bounce@xxxxxxxxxxx
In article <20040809170705.6ab75c5f.davem@xxxxxxxxxx> (at Mon, 9 Aug 2004 
17:07:05 -0700), "David S. Miller" <davem@xxxxxxxxxx> says:

> Truly %100 RAW sockets should have their packets untouched by
> the kernel.  User wants exactly that packet to be sent onto
> the wire.

Does it make sense to excude IPPPROTO_RAW sockets and/or hdrincl sockets, 
which would be 100% truly raw socket?
Or, do we add some socket option for this?

Mip6 is required to exchange ipsec'ed datagrams (!= IPPROTO_RAW).
(as I told you at Networking Summit if I remember correctly),
so we need some sort of the patch, anyway.

Thanks.

--yoshfuji

<Prev in Thread] Current Thread [Next in Thread>