From: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: davem@redhat.com, jmorris@redhat.com, netdev@oss.sgi.com
Subject: Re: IPsec and Path MTU
Date: Thu, 17 Jun 2004 00:23:41 +0400 [thread overview]
Message-ID: <20040616202341.GD29781@ms2.inr.ac.ru> (raw)
In-Reply-To: <20040616121026.GA1169@gondor.apana.org.au>
Hello!
> > So unless I'm missing something, we should get rid of dst->path and
> > store the MTU in the xfrm dst's directly.
Yes, this is absolutely true. BTW we talked about this already.
The problem here is pure technical. In any case pmtu on path
going through tunnel is _lower_ than dst_path() and has to be
recalculated when dst_path() changes. Because we do not hold
any back references for dst's using dst->path, we cannot do this
actively. dst_path() is enough to do this.
But it is definitely not enough when pmtu is lowered on some
policies by another reasons.
So, holding pmtu at all the dst's is necessary and we have to sync
those mtus with dst_path instead using it directly.
> Now the problem with all this is that it looks pretty complicated.
I am afraid I still did not understand your troubles completely.
Actually, the last time when we discussed this we had only one
but _damn_ ugly problem. We have to remember original packet content
to reply with ICMP correctly, when encapsulating. Is it possible
that you are confused with this? We do send invalid ICMP_FRAG_NEEDED
from ip_fragment. PMTU discovery will work only if we reply to original,
not transofrmed packet. See?
Alexey
next prev parent reply other threads:[~2004-06-16 20:23 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-15 12:43 IPsec and Path MTU Herbert Xu
2004-06-15 14:50 ` Michael Richardson
2004-06-16 11:43 ` Herbert Xu
2004-06-16 14:43 ` Michael Richardson
2004-06-18 7:35 ` Glen Turner
2004-06-16 12:10 ` Herbert Xu
2004-06-16 14:12 ` James Morris
2004-06-16 20:23 ` Alexey Kuznetsov [this message]
2004-06-16 20:49 ` David S. Miller
2004-06-16 23:11 ` Herbert Xu
2004-06-17 17:58 ` David S. Miller
2004-06-17 21:31 ` Herbert Xu
2004-06-17 22:22 ` David S. Miller
2004-06-17 23:09 ` Herbert Xu
2004-06-16 19:56 ` Alexey Kuznetsov
2004-06-16 23:13 ` Herbert Xu
2004-06-17 19:01 ` Alexey Kuznetsov
2004-06-17 21:38 ` Herbert Xu
2004-06-17 22:29 ` David S. Miller
2004-06-17 23:12 ` Herbert Xu
2004-06-17 23:14 ` David S. Miller
2004-06-17 23:18 ` Herbert Xu
[not found] ` <20040618202551.GA2733@ms2.inr.ac.ru>
2004-06-18 22:21 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040616202341.GD29781@ms2.inr.ac.ru \
--to=kuznet@ms2.inr.ac.ru \
--cc=davem@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=jmorris@redhat.com \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).