netdev
[Top] [All Lists]

Re: [22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS

To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS
From: "David S. Miller" <davem@xxxxxxxxxxxxx>
Date: Fri, 18 Mar 2005 10:40:13 -0800
Cc: kuznet@xxxxxxxxxxxxx, yoshfuji@xxxxxxxxxxxxxx, kaber@xxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <20050318091129.GA28658@xxxxxxxxxxxxxxxxxxx>
References: <20050214221607.GC18465@xxxxxxxxxxxxxxxxxxx> <20050306213214.7d8a143d.davem@xxxxxxxxxxxxx> <20050307103536.GB7137@xxxxxxxxxxxxxxxxxxx> <20050308102741.GA23468@xxxxxxxxxxxxxxxxxxx> <20050314102614.GA9610@xxxxxxxxxxxxxxxxxxx> <20050314105313.GA21001@xxxxxxxxxxxxxxxxxxx> <20050314111002.GA29156@xxxxxxxxxxxxxxxxxxx> <20050315091904.GA6256@xxxxxxxxxxxxxxxxxxx> <20050315095837.GA7130@xxxxxxxxxxxxxxxxxxx> <20050318090310.GA28443@xxxxxxxxxxxxxxxxxxx> <20050318091129.GA28658@xxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
On Fri, 18 Mar 2005 20:11:29 +1100
Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:

> This patch makes ipt_TCPMSS use the correct MTU value for clamping.
> This is a bit tricky actually since TCPMSS can be used in FORWARD,
> LOCAL_OUT as well as POST_ROUTING.
> 
> In the first two cases we haven't performed IPsec yet so dst_mtu
> obviously does the right thing.  As it is, POST_ROUTING is performed
> after xfrm_output so MSS clamping is useless there.
> 
> With Patrick's IPsec netfilter stuff, there will be a POST_ROUTING
> processing before IPsec processing, in which case dst_mtu also returns
> exactly what we want.
> 
> Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

Applied, thanks Herbert.

> BTW Patrick, how is the IPsec netfilter stuff going?

That boy is seriously backlogged, so I'm not sure how much time
he's gotten to work on that yet.

<Prev in Thread] Current Thread [Next in Thread>