Re: [22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS

netdev

Re: [22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS

To:	"David S. Miller" <davem@xxxxxxxxxxxxx>
Subject:	Re: [22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS
From:	Patrick McHardy <kaber@xxxxxxxxx>
Date:	Wed, 23 Mar 2005 05:03:04 +0100
Cc:	herbert@xxxxxxxxxxxxxxxxxxx, kuznet@xxxxxxxxxxxxx, yoshfuji@xxxxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to:	<20050322194910.6a9fa3a4.davem@xxxxxxxxxxxxx>
References:	<20050214221607.GC18465@xxxxxxxxxxxxxxxxxxx> <20050306213214.7d8a143d.davem@xxxxxxxxxxxxx> <20050307103536.GB7137@xxxxxxxxxxxxxxxxxxx> <20050308102741.GA23468@xxxxxxxxxxxxxxxxxxx> <20050314102614.GA9610@xxxxxxxxxxxxxxxxxxx> <20050314105313.GA21001@xxxxxxxxxxxxxxxxxxx> <20050314111002.GA29156@xxxxxxxxxxxxxxxxxxx> <20050315091904.GA6256@xxxxxxxxxxxxxxxxxxx> <20050315095837.GA7130@xxxxxxxxxxxxxxxxxxx> <20050318090310.GA28443@xxxxxxxxxxxxxxxxxxx> <20050318091129.GA28658@xxxxxxxxxxxxxxxxxxx> <20050318104013.57d65e99.davem@xxxxxxxxxxxxx> <423D9ADA.6050407@xxxxxxxxx> <20050322194910.6a9fa3a4.davem@xxxxxxxxxxxxx>
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.5) Gecko/20050106 Debian/1.7.5-1

David S. Miller wrote:

On Sun, 20 Mar 2005 16:46:34 +0100
Patrick McHardy <kaber@xxxxxxxxx> wrote:

So what's holding back these patches is getting some consensus on what
exactly we want to do and finding a better method for determining when
decapsulation is done. One possibility would be stealing packets
in xfrm_policy_check(), but I haven't thought much about this yet.



That latter idea sounds pursuable.  I guess you'd do a netfilter
hook in xfrm_policy_check() right?


It would call netif_rx(). The packet should pass all hooks as usual,
so everything works as expected. It is cleaner than my current
approach, but has the same problems wrt. statistics and AF_PACKET/raw
sockets. I'll post a patch (probably tomorrow, its late here) so we
have something concrete to talk about.

Regards
Patrick

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
*Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, (continued)* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Ludo Stellingwerff* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Lennert Buytenhek* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Ludo Stellingwerff* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, jamal* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy* *Extending xfrm_selector (Was: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS)*, Herbert Xu* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, David S. Miller* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy* <= Netfilter+IPsec, Patrick McHardy Re: Netfilter+IPsec, David S. Miller Re: Netfilter+IPsec, Herbert Xu Re: Netfilter+IPsec, Patrick McHardy *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Herbert Xu* *Re: [21/] [IPv4] Fix MTU check in ipmr_queue_xmit*, David S. Miller* *Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, David S. Miller* *Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, Herbert Xu* *Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, David S. Miller* *Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, Mika Penttilä*

Previous by Date:	Re: iptables breakage WAS(Re: dummy as IMQ replacement, jamal
Next by Date:	Re: patch: introduce simple actions, Jamal Hadi Salim
Previous by Thread:	*Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, David S. Miller*
Next by Thread:	Netfilter+IPsec, Patrick McHardy
Indexes:	[Date] [Thread] [Top] [All Lists]