Re: [22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS

netdev

Re: [22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS

To:	hadi@xxxxxxxxxx
Subject:	Re: [22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS
From:	Patrick McHardy <kaber@xxxxxxxxx>
Date:	Sun, 20 Mar 2005 20:10:52 +0100
Cc:	Ludo Stellingwerff <ludo@xxxxxxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to:	<1111344225.1093.68.camel@xxxxxxxxxxxxxxxx>
References:	<20050314102614.GA9610@xxxxxxxxxxxxxxxxxxx> <20050314105313.GA21001@xxxxxxxxxxxxxxxxxxx> <20050314111002.GA29156@xxxxxxxxxxxxxxxxxxx> <20050315091904.GA6256@xxxxxxxxxxxxxxxxxxx> <20050315095837.GA7130@xxxxxxxxxxxxxxxxxxx> <20050318090310.GA28443@xxxxxxxxxxxxxxxxxxx> <20050318091129.GA28658@xxxxxxxxxxxxxxxxxxx> <20050318104013.57d65e99.davem@xxxxxxxxxxxxx> <423D9ADA.6050407@xxxxxxxxx> <423DA58D.4050406@xxxxxxxxxxxxx> <20050320171707.GE4201@xxxxxxxxxxxxxxxxx> <423DB7B7.1070604@xxxxxxxxx> <423DBCCE.8090006@xxxxxxxxxxxxx> <423DBF6A.1080907@xxxxxxxxx> <1111344225.1093.68.camel@xxxxxxxxxxxxxxxx>
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.5) Gecko/20050106 Debian/1.7.5-1

jamal wrote:

BTW, is there any reason the SPD couldnt have been implemented from day
one using netfilter classification ? Why did we need another speacilized
classifier? the actions are clearly implementable as targets.


IMO iptables isn't so great that one would actually want to do this.
The entire ruleset needs to be one continous area in memory, so it can
not be changed, only replaced. To make it useable over pfkey would mean
many things that are currently done by iptables in userspace need to be
done in the kernel. There are multiple other reasons, but I don't think
its even worth discussing this. This of course doesn't mean I'm against
reducing the number of different classification engines.

Regards
Patrick

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
*Re: [24/] [IPSEC] Get ttl from child instead of path*, (continued)* *Re: [24/] [IPSEC] Get ttl from child instead of path*, David S. Miller* *Re: [23/] [IPV4] Kill remaining unnecessary uses of dst_pmtu*, David S. Miller* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, David S. Miller* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Ludo Stellingwerff* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Lennert Buytenhek* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Ludo Stellingwerff* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, jamal* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy* <= *Extending xfrm_selector (Was: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS)*, Herbert Xu* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, David S. Miller* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy* Netfilter+IPsec, Patrick McHardy Re: Netfilter+IPsec, David S. Miller Re: Netfilter+IPsec, Herbert Xu Re: Netfilter+IPsec, Patrick McHardy *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Herbert Xu* *Re: [21/] [IPv4] Fix MTU check in ipmr_queue_xmit*, David S. Miller* *Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, David S. Miller*

Previous by Date:	Re: Network card driver problem (znb.o/tulip), jamal
Next by Date:	Re: Network card driver problem (znb.o/tulip), Kosta Todorovic
Previous by Thread:	*Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, jamal*
Next by Thread:	*Extending xfrm_selector (Was: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS)*, Herbert Xu*
Indexes:	[Date] [Thread] [Top] [All Lists]