Dave Huang <khym%azeotrope.org@localhost> writes: > And since ip_forward() was already getting the MTU, I figure there's > no need for ipsec4_forward() to do it again... especially since it > doesn't actually work (sp->req->sav is NULL in ipsec4_forward()). I think the concept is that a packet that would be routed out one interface matches an SPD entry and can get put in a tunnel that causes the encapsulated packet to be sent out a different interface. Really only the interface that gets the tunnel packet should matter (and the route MTU for that outer dst).
Attachment:
pgp10nfaGuqyb.pgp
Description: PGP signature