[Top] [All Lists]

Re: [22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS

To: Patrick McHardy <kaber@xxxxxxxxx>
Subject: Re: [22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS
From: "David S. Miller" <davem@xxxxxxxxxxxxx>
Date: Tue, 22 Mar 2005 19:49:10 -0800
Cc: herbert@xxxxxxxxxxxxxxxxxxx, kuznet@xxxxxxxxxxxxx, yoshfuji@xxxxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <>
Sender: netdev-bounce@xxxxxxxxxxx
On Sun, 20 Mar 2005 16:46:34 +0100
Patrick McHardy <kaber@xxxxxxxxx> wrote:

> So what's holding back these patches is getting some consensus on what
> exactly we want to do and finding a better method for determining when
> decapsulation is done. One possibility would be stealing packets
> in xfrm_policy_check(), but I haven't thought much about this yet.

That latter idea sounds pursuable.  I guess you'd do a netfilter
hook in xfrm_policy_check() right?

So then you'd need to pass struct sk_buff ** instead of a direct
pointer.  And that looks fine too, as nobody seems to cache
skb->XXX state across xfrm_policy_check() calls.

<Prev in Thread] Current Thread [Next in Thread>