From: Herbert Xu <herbert@gondor.apana.org.au> Date: Fri, 27 Jun 2003 19:25:17 +1000 On Fri, Jun 27, 2003 at 02:15:39AM -0700, David S. Miller wrote: > So you agree with uses of optional transforms such as ipcomp, right? In principle yes. However, I still have problems with the implications for address spoofing. I still don't know how I can possible filter out spoofed packages through such a tunnel using the existing firewall facility. Hmmm, maybe you don't understand how it works. When IPCOMP's compression isn't deemed "worthwhile", we just end up with a plain IP/IP tunnel. The outer IP saddr/daddr are identical regardless of whether IPCOMP is applied or not. - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
