From: "David S. Miller" <davem@redhat.com>
To: kazunori@miyazawa.org
Cc: kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org,
netdev@oss.sgi.com, usagi-core@linux-ipv6.org
Subject: Re: [PATH] IPv6 IPsec support
Date: Wed, 05 Mar 2003 20:43:48 -0800 (PST) [thread overview]
Message-ID: <20030305.204348.130225511.davem@redhat.com> (raw)
In-Reply-To: <20030306093219.1a702868.kazunori@miyazawa.org>
From: Kazunori Miyazawa <kazunori@miyazawa.org>
Date: Thu, 6 Mar 2003 09:32:19 +0900
- Extension Header Processing on inbound:
As a result of IPv6 IPsec support, Extension Header processing is devided
into ipv6_parse_exthdrs and ipproto->handler. I think it is better to merge
other Extension Header handling into ipproto->handler.
Ok.
- Fragmentation support on outbound:
We should change ipv6_build_xmit like ip_append_data style to support
fragmentation with IPsec.
Please work together with Alexey on this. There are known
major problems on ipv4 side, and it must be resolved before
ipv6 side may be done.
For example, right now a non-TCP packet can do the following. If it
is just slightly smaller than MTU, and when encapsulated in ESP/AH it
becomes larger than MTU, we will not fragment it and too-large frame
will be sent to device.
In my last round of talks with Alexey I believe we were very close to
a possible solution to this problem. The idea was to have a "local
dont-fragment" flag, and at the very last stage of IP output we check
this and either 1) clear DF and fragment or 2) drop packet and send
ICMP message back.
Alexey, what is the current state?
- Removing duplicate codes, clean up and improveing performance.
- Considering relation of IPv6 IPsec and Mobile IPv6. This is future stuff.
Ok.
next prev parent reply other threads:[~2003-03-06 4:43 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-03-05 14:30 [PATH] IPv6 IPsec support Kazunori Miyazawa
2003-03-05 15:21 ` David S. Miller
2003-03-05 15:48 ` (usagi-core 12294) Re: [PATCH] " YOSHIFUJI Hideaki / 吉藤英明
2003-03-05 23:41 ` David S. Miller
[not found] ` <20030306213217.GA6358@f00f.org>
2003-03-06 23:27 ` David S. Miller
2003-03-05 23:25 ` [PATH] " David S. Miller
2003-03-06 0:32 ` Kazunori Miyazawa
2003-03-06 4:43 ` David S. Miller [this message]
2003-03-18 18:32 ` [PATCH] IPv6 Extension headers (Re: [PATCH] IPv6 IPsec support) Mitsuru KANDA / 神田 充
2003-03-24 5:29 ` [PATCH] IPv6 Extension headers David S. Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030305.204348.130225511.davem@redhat.com \
--to=davem@redhat.com \
--cc=kazunori@miyazawa.org \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@oss.sgi.com \
--cc=usagi-core@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).