From: jamal <hadi@cyberus.ca>
To: Benny Amorsen <benny+usenet@amorsen.dk>
Cc: Patrick McHardy <kaber@trash.net>,
timo.teras@iki.fi, herbert@gondor.apana.org.au,
davem@davemloft.net, netdev@vger.kernel.org
Subject: Re: [net-next-2.6 PATCH 1/7] xfrm: introduce basic mark infrastructure
Date: Tue, 16 Feb 2010 08:16:04 -0500 [thread overview]
Message-ID: <1266326164.6776.263.camel@bigi> (raw)
In-Reply-To: <m3hbphxrnm.fsf@ursa.amorsen.dk>
On Tue, 2010-02-16 at 13:59 +0100, Benny Amorsen wrote:
> From your description, I would add the IPSEC SPD + SA with a specific
> mark. Then I would set the mark in the rule table if I want the packets
> to go through the tunnel, or clear the mark to have them go through
> normal routing.
yes.
> Not perfect, because I would have to replicate parts of
> the routing table in the rule table, but it could be made to work.
Agreed this is a problem and not a nice one (the counter arguement is
at least theres a way for some users now..
> Perfect would be if I could set mark in the routing table instead of the
> rule table, but sometimes perfect is the enemy of good...
This is actually an interesting idea and is not far-fetched (and would
certainly get rid of the replication problem). If i understood
correctly, you would have:
ip route add blah blah mark 0x10
and that the routing core will use the mark to (as it does for example
with ifindex) to pick the route? I like the idea for the simple fact it
will reduce immensely configuration in some cases..
cheers,
jamal
next prev parent reply other threads:[~2010-02-16 13:16 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <xfrm-mark-net-next>
2010-02-14 15:18 ` [net-next-2.6 PATCH 0/7] xfrm by MARK jamal
2010-02-14 15:18 ` [net-next-2.6 PATCH 1/7] xfrm: introduce basic mark infrastructure jamal
2010-02-14 15:18 ` [net-next-2.6 PATCH 2/7] xfrm: SA lookups signature with mark jamal
2010-02-14 15:18 ` [net-next-2.6 PATCH 3/7] xfrm: SA lookups " jamal
2010-02-14 15:18 ` [net-next-2.6 PATCH 4/7] xfrm: SP lookups signature " jamal
2010-02-14 15:18 ` [net-next-2.6 PATCH 5/7] xfrm: SP lookups " jamal
2010-02-14 15:18 ` [net-next-2.6 PATCH 6/7] xfrm: Allow user space config of SAD mark jamal
2010-02-14 15:18 ` [net-next-2.6 PATCH 7/7] xfrm: Allow user space manipulation of SPD mark jamal
2010-02-15 15:42 ` [net-next-2.6 PATCH 1/7] xfrm: introduce basic mark infrastructure Patrick McHardy
2010-02-15 17:00 ` jamal
2010-02-15 17:06 ` Patrick McHardy
2010-02-15 17:14 ` jamal
2010-02-15 17:21 ` Patrick McHardy
2010-02-15 18:59 ` jamal
2010-02-16 10:43 ` Benny Amorsen
2010-02-16 11:57 ` jamal
2010-02-16 12:59 ` Benny Amorsen
2010-02-16 13:16 ` jamal [this message]
2010-02-16 21:56 ` Benny Amorsen
2010-02-17 11:58 ` jamal
[not found] <xfrm-mark-take2>
2010-02-20 20:55 ` [net-next-2.6 PATCH 0/7] xfrm by MARK jamal
2010-02-20 20:55 ` [net-next-2.6 PATCH 1/7] xfrm: introduce basic mark infrastructure jamal
2010-02-22 6:26 ` David Miller
2010-02-22 14:09 ` jamal
[not found] <xfrm-mark-v3>
2010-02-22 21:32 ` [net-next-2.6 PATCH 0/7] xfrm by MARK jamal
2010-02-22 21:32 ` [net-next-2.6 PATCH 1/7] xfrm: introduce basic mark infrastructure jamal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1266326164.6776.263.camel@bigi \
--to=hadi@cyberus.ca \
--cc=benny+usenet@amorsen.dk \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=timo.teras@iki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.