From: Herbert Xu <[EMAIL PROTECTED]> Date: Sun, 2 Apr 2006 19:56:01 +1000
> This patch moves the sending of ICMP messages when there are no IPv4/IPv6 > tunnels present to tunnel4/tunnel6 respectively. Please note that for now > if xfrm4_tunnel/xfrm6_tunnel is loaded then no ICMP messages will ever be > sent. This is similar to how we handle AH/ESP/IPCOMP. > > This move fixes the bug where we always send an ICMP message when there is > no ip6_tunnel device present for a given packet even if it is later handled > by IPsec. It also causes ICMP messages to be sent when no IPIP tunnel is > present. > > I've decided to use the "port unreachable" ICMP message over the current > value of "address unreachable" (and "protocol unreachable" by GRE) because > it is not ambiguous unlike the other ones which can be triggered by other > conditions. There seems to be no standard specifying what value must be > used so this change should be OK. In fact we should change GRE to use > this value as well. > > Incidentally, this patch also fixes a fairly serious bug in xfrm6_tunnel > where we don't check whether the embedded IPv6 header is present before > dereferencing it for the inside source address. > > This patch is inspired by a previous patch by Hugo Santos <[EMAIL PROTECTED]>. > > Signed-off-by: Herbert Xu <[EMAIL PROTECTED]> Applied, thanks Herbert. And yes I do agree about changing IP GRE tunnel ICMP generation to be in line with the rest of this stuff. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
