netdev
[Top] [All Lists]

Re: Problem with IPSEC tunnel mode

To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject: Re: Problem with IPSEC tunnel mode
From: Patrick McHardy <kaber@xxxxxxxxx>
Date: Fri, 22 Apr 2005 02:13:35 +0200
Cc: jamal <hadi@xxxxxxxxxx>, Wolfgang Walter <wolfgang.walter@xxxxxxxxxxxxxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to: <20050421235802.GB10451@xxxxxxxxxxxxxxxxxxx>
References: <E1DObFc-0000je-00@xxxxxxxxxxxxxxxxxxxxxxxx> <200504211640.16742.wolfgang.walter@xxxxxxxxxxxxxxxxxxxx> <20050421214618.GA29991@xxxxxxxxxxxxxxxxxxx> <1114127419.10572.4.camel@xxxxxxxxxxxxxxxxxxxxx> <20050421235802.GB10451@xxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.6) Gecko/20050324 Debian/1.7.6-1
Herbert Xu wrote:
On Thu, Apr 21, 2005 at 07:50:19PM -0400, jamal wrote:

What was the reason there exist a FWD direction in the policies?

You should really ask Alexey about that :) I myself had the same
question when I first started in this area.  However, since it
has been present since the very beginning and people are already
relying on it, we will have to live with it.

I guess it was for performance reasons. A router that only needs
IPsec for management doesn't need to perform policy checks for
forwarded packets, which makes sense too me.

Regards
Patrick

<Prev in Thread] Current Thread [Next in Thread>