Re: [XFRM]: Always reroute in tunnel mode

netdev

Re: [XFRM]: Always reroute in tunnel mode

To:	Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject:	Re: [XFRM]: Always reroute in tunnel mode
From:	Patrick McHardy <kaber@xxxxxxxxx>
Date:	Sat, 19 Feb 2005 07:23:06 +0100
Cc:	"David S. Miller" <davem@xxxxxxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to:	<20050218095344.GA19307@xxxxxxxxxxxxxxxxxxx>
References:	<4214381F.5020507@xxxxxxxxx> <20050217113654.GA10346@xxxxxxxxxxxxxxxxxxx> <4214DF5B.3010608@xxxxxxxxx> <20050217203805.GA4047@xxxxxxxxxxxxxxxxxxx> <42150B36.5080609@xxxxxxxxx> <20050217221031.GA4554@xxxxxxxxxxxxxxxxxxx> <42152283.4030800@xxxxxxxxx> <20050217151122.098c6def.davem@xxxxxxxxxxxxx> <20050218095344.GA19307@xxxxxxxxxxxxxxxxxxx>
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.5) Gecko/20050106 Debian/1.7.5-1

Herbert Xu wrote:

Put it another way, my solution to Patrick's inconsistency would be to
always inherit the routing decision from the top to the bottom of the
bundle.  For example, suppose you had

ip ro add 192.168.0.0/16 \
        nexthop via 10.0.0.1 dev eth0 \
        nexthop via 10.0.0.2 dev eth0

Then the packets to 192.168.0.0/16 should be sent via 10.0.0.1/10.0.0.2
regardless of what IPsec protections are applied to it.

I agree it is a nice alternative to the current way. It would solve
another inconsistency caused by overriding the routing result in
tunnel mode: on output we don't care about oif, so packets from a
socket will be tunneled independent of sk_bound_dev_if. On input
packets won't be delivered to the socket if the encapsulated
packet arrived on a different interface.

Regards
Patrick

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[XFRM]: Always reroute in tunnel mode, Patrick McHardy Re: [XFRM]: Always reroute in tunnel mode, Herbert Xu Re: [XFRM]: Always reroute in tunnel mode, Patrick McHardy Re: [XFRM]: Always reroute in tunnel mode, Patrick McHardy Re: [XFRM]: Always reroute in tunnel mode, Herbert Xu Re: [XFRM]: Always reroute in tunnel mode, Patrick McHardy Re: [XFRM]: Always reroute in tunnel mode, Herbert Xu Re: [XFRM]: Always reroute in tunnel mode, Patrick McHardy Re: [XFRM]: Always reroute in tunnel mode, David S. Miller Re: [XFRM]: Always reroute in tunnel mode, Herbert Xu Re: [XFRM]: Always reroute in tunnel mode, Patrick McHardy <=

Previous by Date:	Re: IPsec xfrm resolution, Patrick McHardy
Next by Date:	Re: [PATCH 2.6] eepro100: remove ID for 82556, Meelis Roos
Previous by Thread:	Re: [XFRM]: Always reroute in tunnel mode, Herbert Xu
Next by Thread:	[Patch] passcred cleanup in struct socket, Herbert Poetzl
Indexes:	[Date] [Thread] [Top] [All Lists]