Re: [PATCH] xfrm ip6ip6

To:	jmorris@xxxxxxxxxxxxxxxx
Subject:	Re: [PATCH] xfrm ip6ip6
From:	"David S. Miller" <davem@xxxxxxxxxx>
Date:	Sun, 01 Jun 2003 01:34:52 -0700 (PDT)
Cc:	mk@xxxxxxxxxxxxxx, kuznet@xxxxxxxxxxxxx, netdev@xxxxxxxxxxx, usagi@xxxxxxxxxxxxxx
In-reply-to:	<Mutt.LNX.4.44.0306010158450.7298-100000@excalibur.intercode.com.au>
References:	<87fzmv5ejc.wl@karaba.org> <Mutt.LNX.4.44.0306010158450.7298-100000@excalibur.intercode.com.au>
Sender:	netdev-bounce@xxxxxxxxxxx

   From: James Morris <jmorris@xxxxxxxxxxxxxxxx>
   Date: Sun, 1 Jun 2003 02:01:42 +1000 (EST)

   We need to either filter them out or make sure they are 
   displayed as ipip.

   Part of the answer will depend on whether we want to expose xfrm-based 
   ipip tunnels for general use, or only use them internally for ipcomp.

I think it is an error to extend PF_KEY for our Linux purposes.
Our API here is basically defined to be whatever is in KAME :-)

However, setkey should filter entries it does not understand.

Currently I see no use for exposing these tunnel transforms
outside of the kernel.  Mobile IPV6, if it decides to use
xfrm6_tunnel, can configure them itself in the kernel side support.
Or, if user side is more appropriate for MIPV6 access, we may allow
it to use xfrm netlink interface somehow.

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [PATCH] xfrm ip6ip6, David S. Miller [PATCH] xfrm ip6ip6 (revised), Mitsuru KANDA / 神田充 Re: [PATCH] xfrm ip6ip6 (revised), YOSHIFUJI Hideaki / 吉藤英明 Re: [PATCH] xfrm ip6ip6 (revised), YOSHIFUJI Hideaki / 吉藤英明 Re: [PATCH] xfrm ip6ip6 (revised), Ville Nuorvala Re: [PATCH] xfrm ip6ip6 (revised), David S. Miller Re: [PATCH] xfrm ip6ip6 (revised), David S. Miller Re: [PATCH] xfrm ip6ip6, David S. Miller <=

Previous by Date:	Re: [PATCH] xfrm ip6ip6, David S. Miller
Next by Date:	ipsec / pppoe, Andreas Jellinghaus
Previous by Thread:	Re: [PATCH] xfrm ip6ip6 (revised), David S. Miller
Next by Thread:	ipsec / pppoe, Andreas Jellinghaus
Indexes:	[Date] [Thread] [Top] [All Lists]