Hello! > IPIP still didn't work after my last fix. It turns out that the security > path is not cleared for packets inside the tunnel. This breaks when the > SA selectors on the outside of the tunnel only allow packets with the > same source/destination address. ... which actually most likely means that the check is wrong. Is it due to the fact that you used tunnel addresses from SA to restore addresses to apply selector and that this information is not available for plain tunnel? > This patch clears the security path for all tunnel packets. Think more, please. I do not believe clearing the path is a good idea. It is too easy to be right. :-) Alexey - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
