From: Patrick McHardy <kaber@trash.net>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>,
Maillist netdev <netdev@oss.sgi.com>
Subject: Re: [XFRM]: Always reroute in tunnel mode
Date: Thu, 17 Feb 2005 22:23:02 +0100 [thread overview]
Message-ID: <42150B36.5080609@trash.net> (raw)
In-Reply-To: <20050217203805.GA4047@gondor.apana.org.au>
Herbert Xu wrote:
>On Thu, Feb 17, 2005 at 07:15:55PM +0100, Patrick McHardy wrote:
>
>
>>I don't think this solves the inconsistency. By reuseing routes in tunnel
>>mode we allow routing by different criteria when the inner packet is headed
>>for the remote gateway. Your suggestion limits this a bit further, but we
>>can still have a situation where all packets going through a tunnel take
>>one path, except when the inner packet is heading for the remote gateway
>>itself.
>>
>>
>
>That's right. However, you should also look at it this way. We start
>with a policy with a transport mode SA. In order to protect the IP
>header we change it to use a tunnel mode SA with a host-to-host selector.
>With your patch this will change the route that the packet uses.
>
I don't consider this inconsistent, in fact it is consistent to what
happens with other tunnels. We could get the behaviour you want (my
patch + old behaviour for host-to-host tunnels) by looking at the
policy selector, but I would prefer to always reroute. The change
doesn't affect existing setups, as I said in my previous mail, it
doesn't work properly since __xfrm4_find_bundle() ignores tos/fwmark
and uses the route for src/dst that made the cache (first one used)
for all tos/fwmark values, even if other routes exist.
Regards
Patrick
next prev parent reply other threads:[~2005-02-17 21:23 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-17 6:22 [XFRM]: Always reroute in tunnel mode Patrick McHardy
2005-02-17 11:36 ` Herbert Xu
2005-02-17 18:15 ` Patrick McHardy
2005-02-17 18:25 ` Patrick McHardy
2005-02-17 20:38 ` Herbert Xu
2005-02-17 21:23 ` Patrick McHardy [this message]
2005-02-17 22:10 ` Herbert Xu
2005-02-17 23:02 ` Patrick McHardy
2005-02-17 23:11 ` David S. Miller
2005-02-18 9:53 ` Herbert Xu
2005-02-19 6:23 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42150B36.5080609@trash.net \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.