Re: [22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS

netdev

Re: [22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS

from [jamal]

To:	Patrick McHardy <kaber@xxxxxxxxx>
Subject:	Re: [22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS
From:	jamal <hadi@xxxxxxxxxx>
Date:	20 Mar 2005 13:43:45 -0500
Cc:	Ludo Stellingwerff <ludo@xxxxxxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to:	<423DBF6A.1080907@xxxxxxxxx>
Organization:	jamalopolous
References:	<20050314102614.GA9610@xxxxxxxxxxxxxxxxxxx> <20050314105313.GA21001@xxxxxxxxxxxxxxxxxxx> <20050314111002.GA29156@xxxxxxxxxxxxxxxxxxx> <20050315091904.GA6256@xxxxxxxxxxxxxxxxxxx> <20050315095837.GA7130@xxxxxxxxxxxxxxxxxxx> <20050318090310.GA28443@xxxxxxxxxxxxxxxxxxx> <20050318091129.GA28658@xxxxxxxxxxxxxxxxxxx> <20050318104013.57d65e99.davem@xxxxxxxxxxxxx> <423D9ADA.6050407@xxxxxxxxx> <423DA58D.4050406@xxxxxxxxxxxxx> <20050320171707.GE4201@xxxxxxxxxxxxxxxxx> <423DB7B7.1070604@xxxxxxxxx> <423DBCCE.8090006@xxxxxxxxxxxxx> <423DBF6A.1080907@xxxxxxxxx>
Reply-to:	hadi@xxxxxxxxxx
Sender:	netdev-bounce@xxxxxxxxxxx

On Sun, 2005-03-20 at 13:22, Patrick McHardy wrote:
> Ludo Stellingwerff wrote:
> > I'm hoping that using the fwmark as a selector can provide a workable
> > solution for both mine and Lennert's problem, any many more related
> > situations. Netfilter has a (almost) complete range of selectors.
> > e.g. Lennerts problem could be solved using a combination of the
> > "realm" match of iptables, in combination with a fwmark for SPD matching.
> 
> Routing of local packets is done before the first netfilter hook
> is called, but I forgot about ip_route_me_harder(). So you're right,
> the realm can be translated to nfmark values using iptables.

BTW, is there any reason the SPD couldnt have been implemented from day
one using netfilter classification ? Why did we need another speacilized
classifier? the actions are clearly implementable as targets.

cheers,
jamal

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
*Re: [25/] [NET] Kill unnecessary uses of dst_path_metric*, (continued)* *Re: [25/] [NET] Kill unnecessary uses of dst_path_metric*, David S. Miller* *Re: [24/] [IPSEC] Get ttl from child instead of path*, David S. Miller* *Re: [23/] [IPV4] Kill remaining unnecessary uses of dst_pmtu*, David S. Miller* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, David S. Miller* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Ludo Stellingwerff* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Lennert Buytenhek* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Ludo Stellingwerff* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, jamal* <= *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy* *Extending xfrm_selector (Was: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS)*, Herbert Xu* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, David S. Miller* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy* Netfilter+IPsec, Patrick McHardy Re: Netfilter+IPsec, David S. Miller Re: Netfilter+IPsec, Herbert Xu Re: Netfilter+IPsec, Patrick McHardy *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Herbert Xu* *Re: [21/] [IPv4] Fix MTU check in ipmr_queue_xmit*, David S. Miller*

Previous by Date:	Re: dummy as IMQ replacement, jamal
Next by Date:	Re: Network card driver problem (znb.o/tulip), Kosta Todorovic
Previous by Thread:	*Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy*
Next by Thread:	*Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy*
Indexes:	[Date] [Thread] [Top] [All Lists]