netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [IPSEC] Set TTL from route

from [David S. Miller] [Permanent Link][Original]
To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [IPSEC] Set TTL from route
From: "David S. Miller" <davem@xxxxxxxxxx>
Date: Tue, 24 Aug 2004 11:47:08 -0700
Cc: netdev@xxxxxxxxxxx, kaber@xxxxxxxxx
In-reply-to: <20040824105641.GA10202@gondor.apana.org.au>
References: <20040824105641.GA10202@gondor.apana.org.au>
Sender: netdev-bounce@xxxxxxxxxxx 
On Tue, 24 Aug 2004 20:56:41 +1000
Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:

> Here is the promised patch that sets the TTL from the route parameter.
> I decided against adding an option to inherit the TTL like IPIP/GRE
> as I think that it doesn't really make sense with IPsec.  But it
> can be easily added later if someone needs it.

I think we want to add this at some point.

> This isn't completely right when nested tunnels are involved.  The
> TTL for intervening tunnels should be set from the routes to the
> intervening nodes.  But fixing that involves using information that
> isn't currently in the bundle.  I'll revisit this once the MTU stuff
> is fixed since that'll also involving adding the intervening routes
> to the bundle.

Looks great, patch applied.

Patrick McHardy was thinking of looking into the MTU issues
after he finished up some netfilter IPSEC patches he's been
working on.  Perhaps you can work together with him :)
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Billing 3: WAS(Re: [PATCH 2/4] deferred drop, __parent workaround, reshape_fail , netdev@oss.sgi.com ,, Harald Welte
Next by Date:  Re: [PATCH] add SCTP to xfrm_flowi_{sport,dport}(), David S. Miller
Previous by Thread:  [IPSEC] Set TTL from route, Herbert Xu
Next by Thread:  Re: [IPSEC] Set TTL from route, Herbert Xu
Indexes:  [Date] [Thread] [Top] [All Lists]