Re: [22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS

To:	Patrick McHardy <kaber@xxxxxxxxx>
Subject:	Re: [22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS
From:	"David S. Miller" <davem@xxxxxxxxxxxxx>
Date:	Tue, 22 Mar 2005 19:49:10 -0800
Cc:	herbert@xxxxxxxxxxxxxxxxxxx, kuznet@xxxxxxxxxxxxx, yoshfuji@xxxxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to:	<423D9ADA.6050407@xxxxxxxxx>
References:	<20050214221607.GC18465@xxxxxxxxxxxxxxxxxxx> <20050306213214.7d8a143d.davem@xxxxxxxxxxxxx> <20050307103536.GB7137@xxxxxxxxxxxxxxxxxxx> <20050308102741.GA23468@xxxxxxxxxxxxxxxxxxx> <20050314102614.GA9610@xxxxxxxxxxxxxxxxxxx> <20050314105313.GA21001@xxxxxxxxxxxxxxxxxxx> <20050314111002.GA29156@xxxxxxxxxxxxxxxxxxx> <20050315091904.GA6256@xxxxxxxxxxxxxxxxxxx> <20050315095837.GA7130@xxxxxxxxxxxxxxxxxxx> <20050318090310.GA28443@xxxxxxxxxxxxxxxxxxx> <20050318091129.GA28658@xxxxxxxxxxxxxxxxxxx> <20050318104013.57d65e99.davem@xxxxxxxxxxxxx> <423D9ADA.6050407@xxxxxxxxx>
Sender:	netdev-bounce@xxxxxxxxxxx

On Sun, 20 Mar 2005 16:46:34 +0100
Patrick McHardy <kaber@xxxxxxxxx> wrote:

> So what's holding back these patches is getting some consensus on what
> exactly we want to do and finding a better method for determining when
> decapsulation is done. One possibility would be stealing packets
> in xfrm_policy_check(), but I haven't thought much about this yet.

That latter idea sounds pursuable.  I guess you'd do a netfilter
hook in xfrm_policy_check() right?

So then you'd need to pass struct sk_buff ** instead of a direct
pointer.  And that looks fine too, as nobody seems to cache
skb->XXX state across xfrm_policy_check() calls.

<Prev in Thread]	Current Thread	[Next in Thread>
*Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, (continued)* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, David S. Miller* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Ludo Stellingwerff* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Lennert Buytenhek* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Ludo Stellingwerff* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, jamal* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy* *Extending xfrm_selector (Was: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS)*, Herbert Xu* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, David S. Miller* <= *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy* Netfilter+IPsec, Patrick McHardy Re: Netfilter+IPsec, David S. Miller Re: Netfilter+IPsec, Herbert Xu Re: Netfilter+IPsec, Patrick McHardy *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Herbert Xu* *Re: [21/] [IPv4] Fix MTU check in ipmr_queue_xmit*, David S. Miller* *Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, David S. Miller* *Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, Herbert Xu* *Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, David S. Miller*

Previous by Date:	netdev-2.6 queue updated, Jeff Garzik
Next by Date:	Re: iptables breakage WAS(Re: dummy as IMQ replacement, jamal
Previous by Thread:	*Extending xfrm_selector (Was: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS)*, Herbert Xu*
Next by Thread:	*Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy*
Indexes:	[Date] [Thread] [Top] [All Lists]