| To: | Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: IPsec xfrm resolution |
| From: | Patrick McHardy <kaber@xxxxxxxxx> |
| Date: | Sat, 19 Feb 2005 19:47:11 +0100 |
| Cc: | Maillist netdev <netdev@xxxxxxxxxxx> |
| In-reply-to: | <20050219183202.GA10773@xxxxxxxxxxxxxxxxxxx> |
| References: | <20050209085251.GA9030@xxxxxxxxxxxxxxxxxxx> <420B9DF1.3020704@xxxxxxxxx> <20050210202810.GA1609@xxxxxxxxxxxxxxxxxxx> <42144C3F.2060501@xxxxxxxxx> <20050217091137.GA9476@xxxxxxxxxxxxxxxxxxx> <42152841.5000707@xxxxxxxxx> <20050218100854.GA19427@xxxxxxxxxxxxxxxxxxx> <4216D6B4.5070901@xxxxxxxxx> <20050219092314.GA8153@xxxxxxxxxxxxxxxxxxx> <42173125.3040505@xxxxxxxxx> <20050219183202.GA10773@xxxxxxxxxxxxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.5) Gecko/20050106 Debian/1.7.5-1 |
Herbert Xu wrote: On Sat, Feb 19, 2005 at 01:29:25PM +0100, Patrick McHardy wrote:This is not what happens currently. If an optional IPCOMP SA is missing it is skipped entirely. It is also legal to configure an optional ah/esp tunnel, although we don't accept such packets if the SA isn't present.That's a bug. How can you forward packets properly if the tunnel mode SA is missing? Using normal routing. What meaning would "optional" have otherwise ? If the encapsulation has to be done, the user shouldn't mark the SA as optional in my opinion. Regards Patrick |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [XFRM]: Fix ICMP tempsel, Herbert Xu |
|---|---|
| Next by Date: | Re: [XFRM]: Fix ICMP tempsel, Patrick McHardy |
| Previous by Thread: | Re: IPsec xfrm resolution, Herbert Xu |
| Next by Thread: | Re: IPsec xfrm resolution, Herbert Xu |
| Indexes: | [Date] [Thread] [Top] [All Lists] |