Herbert Xu wrote:
On Thu, Feb 17, 2005 at 07:15:55PM +0100, Patrick McHardy wrote:
I don't think this solves the inconsistency. By reuseing routes in tunnel
mode we allow routing by different criteria when the inner packet is headed
for the remote gateway. Your suggestion limits this a bit further, but we
can still have a situation where all packets going through a tunnel take
one path, except when the inner packet is heading for the remote gateway
That's right. However, you should also look at it this way. We start
with a policy with a transport mode SA. In order to protect the IP
header we change it to use a tunnel mode SA with a host-to-host selector.
With your patch this will change the route that the packet uses.
I don't consider this inconsistent, in fact it is consistent to what
happens with other tunnels. We could get the behaviour you want (my
patch + old behaviour for host-to-host tunnels) by looking at the
policy selector, but I would prefer to always reroute. The change
doesn't affect existing setups, as I said in my previous mail, it
doesn't work properly since __xfrm4_find_bundle() ignores tos/fwmark
and uses the route for src/dst that made the cache (first one used)
for all tos/fwmark values, even if other routes exist.