Subject: Re: Patch for Fast-IPsec over loopback
To: None <jonathan@dsg.stanford.edu>
From: Jun-ichiro itojun Hagino <itojun@itojun.org>
List: tech-net
Date: 08/16/2003 06:49:08
> >i will be more comfortable if you remove tags related to fast-ipsec
> >only.
>
> Which would be OK with me, if there was a section 9 manpage describing
> the semantics of tags. If that's currently not well-defined, then lets
> flesh it out.
>
> Right now all I have to go on is intuition. My own intuition goes
> something like this: ICMP reflection (e.g, icmp echo) should behave as
> if ICMP reception and it was implemented in userspace, on a normal
> socket. A userspace implementation would strip all tags, and so
> therefore a kernel implementation should strip all tags, too.
>
> A similar analogy with a host transmitting and receiving its own
> packets suggests (to me at least) that if_loop should strip all tags,
> too.
as for if_loop.c:
your logic makes sense, but we may want to use tags to packet loop
prevention within the kernel.
KAME code removes tag before calling if_output(). why it isn't
sufficient?
i'm okay if you commit ip_icmp.c diff.
itojun