Re: [PATCH][IPSEC] inter address family IPsec tunnel on the fly

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Kazunori MIAZAWA <kazunori@miyazawa.org>
To: David Miller <davem@davemloft.net>
Cc: netdev@vger.kernel.org, usagi-core@linux-ipv6.org
Subject: Re: [PATCH][IPSEC] inter address family IPsec tunnel on the fly
Date: Sat, 08 Mar 2008 23:46:13 +0900	[thread overview]
Message-ID: <47D2A6B5.101@miyazawa.org> (raw)
In-Reply-To: <20080306.231947.135681188.davem@davemloft.net>

David Miller wrote:
> From: Kazunori MIYAZAWA <kazunori@miyazawa.org>
> Date: Fri, 07 Mar 2008 15:32:09 +0900
> 
>> David Miller wrote:
>>> I also wonder if the PF_KEY limitation really exists.  For example we
>>> will set x->sel.family etc. from the SADB_EXT_ADDRESS_PROXY attribute
>>> if present.
>>>
>> Yes, we have SADB_EXT_ADDRESS_PROXY. But it is not enough, I think.
>> xfrm_selector has both src and dst so that we need some way to
>> specify the address is src or dst.
>>
>> from RFC2367
> 
> Thank you for this information.
> 
>>> Finally, if the determination can be made in the data path, it
>>> by definition could be made during rule insertion which is much
>>> more efficient and appropriate.
>> I agree with you.
> 
> I am sure there is a simple solution to this problem somewhere,
> it is just hiding :-)
> 

I think one solution is xfrm_state has two inner_modes
and switch them when the family is any.

This is just an idea :-p

--
Kazunori Miyazawa

next prev parent reply	other threads:[~2008-03-08 14:46 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-05 12:37 [PATCH][IPSEC] inter address family IPsec tunnel on the fly Kazunori MIYAZAWA
2008-03-05 21:40 ` David Miller
2008-03-07  6:32   ` Kazunori MIYAZAWA
2008-03-07  7:19     ` David Miller
2008-03-08 14:46       ` Kazunori MIAZAWA [this message]
2008-03-08 22:15         ` David Miller
2008-03-14  3:23           ` Kazunori MIYAZAWA
2008-03-21 11:20             ` David Miller
2008-03-24  7:16               ` Kazunori MIYAZAWA
2008-03-24  7:44                 ` Kazunori MIYAZAWA
2008-03-24  7:49                   ` David Miller
2008-03-24 21:53                   ` David Miller
2008-03-24  7:48                 ` David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47D2A6B5.101@miyazawa.org \
    --to=kazunori@miyazawa.org \
    --cc=davem@davemloft.net \
    --cc=netdev@vger.kernel.org \
    --cc=usagi-core@linux-ipv6.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.