On Thu, Feb 17, 2005 at 10:23:02PM +0100, Patrick McHardy wrote:
>
> I don't consider this inconsistent, in fact it is consistent to what
> happens with other tunnels. We could get the behaviour you want (my
Well we'll have to disagree on that. IMHO the flow with the internal
addresses equal to the external addresses over a tunnel mode SA should
be treated the same as that over a transport mode SA.
> patch + old behaviour for host-to-host tunnels) by looking at the
> policy selector, but I would prefer to always reroute. The change
> doesn't affect existing setups, as I said in my previous mail, it
> doesn't work properly since __xfrm4_find_bundle() ignores tos/fwmark
> and uses the route for src/dst that made the cache (first one used)
> for all tos/fwmark values, even if other routes exist.
Are you sure that it doesn't change existing behaviour? Suppose that
I had a socket bound to a specific device, doesn't the current code
use that device as long as we're sending to the remote IPsec gateway?
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
|