On Tue, 15 Mar 2005 21:05:22 +1100
Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:
> This patch replaces most of the other uses of dst_pmtu with dst_mtu.
> As far as I can tell these are either identical because dst->path == dst,
> or they're a straightforward replacement of (the slightly incorrect)
> dst_pmtu(dst) - dst->header_Len with dst_mtu(dst).
>
> Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Applied, thanks Herbert.
> At this point the only remaining user of dst_pmtu is ipt_REJECT which
> will go away either when we use icmp_send in there or when I replace
> it with dst_mtu.
Yes, I saw that posting on netfilter-devel where you asked Rusty
why icmp_send() wasn't directly used even though it appears it
should be.
> We can now remove the other users of dst->path as well with the removal
> of that attribute itself as the goal.
Ok, sounds great.
So, at that point, I guess the next task is to handle PMTU events of already
encrypted packets properly? We still have that problem right? When the
ICMP payload is encrypted we have to cache some information on IPSEC output
so that a proto+SPI key can find us the encrypted inner IP header info, which
we'll need in order to process (and/or forward) the ICMP PMTU information
correctly.
|