From: James Morris <jmorris@xxxxxxxxxxxxxxxx>
Date: Sun, 1 Jun 2003 02:01:42 +1000 (EST)
We need to either filter them out or make sure they are
displayed as ipip.
Part of the answer will depend on whether we want to expose xfrm-based
ipip tunnels for general use, or only use them internally for ipcomp.
I think it is an error to extend PF_KEY for our Linux purposes.
Our API here is basically defined to be whatever is in KAME :-)
However, setkey should filter entries it does not understand.
Currently I see no use for exposing these tunnel transforms
outside of the kernel. Mobile IPV6, if it decides to use
xfrm6_tunnel, can configure them itself in the kernel side support.
Or, if user side is more appropriate for MIPV6 access, we may allow
it to use xfrm netlink interface somehow.
|