| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4B7982AB.5060409@trash.net> Date: Mon, 15 Feb 2010 18:21:47 +0100 From: Patrick McHardy <kaber@...sh.net> To: hadi@...erus.ca CC: timo.teras@....fi, herbert@...dor.apana.org.au, davem@...emloft.net, netdev@...r.kernel.org Subject: Re: [net-next-2.6 PATCH 1/7] xfrm: introduce basic mark infrastructure jamal wrote: > On Mon, 2010-02-15 at 18:06 +0100, Patrick McHardy wrote: > >> One related feature which would be nice to have is the ability >> to use marks for xfrm tunnel routing. But I'm not sure we can >> do this in a backwards compatible way. > > I take it policy routing by mark is insufficient. The xfrm route lookup doesn't use the packet mark. > If you have time, can you give me an example setup description of that > and why it would be hard to be backward-compat? A couple of years ago I used this in a multipath setup, which was using CONNMARK to persistently bind connections (tunnels in this case) to a route after the first selection. The problem with backwards compatibility is that people using marks for multipath routing are most likely not expecting the mark to suddenly take effect for IPsec tunnel routing. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists