| To: | Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: IPsec xfrm resolution |
| From: | Patrick McHardy <kaber@xxxxxxxxx> |
| Date: | Sat, 19 Feb 2005 13:29:25 +0100 |
| Cc: | Maillist netdev <netdev@xxxxxxxxxxx> |
| In-reply-to: | <20050219092314.GA8153@xxxxxxxxxxxxxxxxxxx> |
| References: | <20050209085251.GA9030@xxxxxxxxxxxxxxxxxxx> <420B9DF1.3020704@xxxxxxxxx> <20050210202810.GA1609@xxxxxxxxxxxxxxxxxxx> <42144C3F.2060501@xxxxxxxxx> <20050217091137.GA9476@xxxxxxxxxxxxxxxxxxx> <42152841.5000707@xxxxxxxxx> <20050218100854.GA19427@xxxxxxxxxxxxxxxxxxx> <4216D6B4.5070901@xxxxxxxxx> <20050219092314.GA8153@xxxxxxxxxxxxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.5) Gecko/20050106 Debian/1.7.5-1 |
Herbert Xu wrote: On Sat, Feb 19, 2005 at 07:03:32AM +0100, Patrick McHardy wrote:- netfilter LOCAL_OUT hook sees incorrect output device - strict source routing check done with incorrect rt_gatewayOnce you take the above into account these turn out to be non-issues. If the optional SA is transport mode, then the route is identical with or without it. If it's tunnel mode, then we must perform the IPIP encapsulation regardless. This is not what happens currently. If an optional IPCOMP SA is missing it is skipped entirely. It is also legal to configure an optional ah/esp tunnel, although we don't accept such packets if the SA isn't present. Regards Patrick |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [XFRM]: Fix ICMP tempsel, YOSHIFUJI Hideaki / 吉藤英明 |
|---|---|
| Next by Date: | Re: [PATCH 2/3] r8169: code clean-up, Jon Mason |
| Previous by Thread: | Re: IPsec xfrm resolution, Herbert Xu |
| Next by Thread: | Re: IPsec xfrm resolution, Herbert Xu |
| Indexes: | [Date] [Thread] [Top] [All Lists] |