netdev
[Top] [All Lists]

Re: [XFRM]: Always reroute in tunnel mode

To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [XFRM]: Always reroute in tunnel mode
From: Patrick McHardy <kaber@xxxxxxxxx>
Date: Sat, 19 Feb 2005 07:23:06 +0100
Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to: <20050218095344.GA19307@gondor.apana.org.au>
References: <4214381F.5020507@trash.net> <20050217113654.GA10346@gondor.apana.org.au> <4214DF5B.3010608@trash.net> <20050217203805.GA4047@gondor.apana.org.au> <42150B36.5080609@trash.net> <20050217221031.GA4554@gondor.apana.org.au> <42152283.4030800@trash.net> <20050217151122.098c6def.davem@davemloft.net> <20050218095344.GA19307@gondor.apana.org.au>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.5) Gecko/20050106 Debian/1.7.5-1
Herbert Xu wrote:

Put it another way, my solution to Patrick's inconsistency would be to
always inherit the routing decision from the top to the bottom of the
bundle.  For example, suppose you had

ip ro add 192.168.0.0/16 \
        nexthop via 10.0.0.1 dev eth0 \
        nexthop via 10.0.0.2 dev eth0

Then the packets to 192.168.0.0/16 should be sent via 10.0.0.1/10.0.0.2
regardless of what IPsec protections are applied to it.

I agree it is a nice alternative to the current way. It would solve
another inconsistency caused by overriding the routing result in
tunnel mode: on output we don't care about oif, so packets from a
socket will be tunneled independent of sk_bound_dev_if. On input
packets won't be delivered to the socket if the encapsulated
packet arrived on a different interface.

Regards
Patrick


<Prev in Thread] Current Thread [Next in Thread>