On Tue, 14 Oct 2003 15:54:31 +0400 (MSD) kuznet@ms2.inr.ac.ru wrote: > Sigh, I did not plan to clear secpath ever. It was expected to accumulate > all the path through stack and kept forever, maybe, even given to end user > if he wants. Sweet dreams. :-) > > I do not see anything bad with your suggestion, eventually each segment > of secpath might be cleared immediately after it is verified against policy > and this happens right before packet reaches decapsulation in IPIP tunnel, > so it is OK. But it still does not look good to lose information just > to allow to pass easier through some poorly designed test. Maybe, there > is some way to fixt the test yet... For now I'll put Herbert's patch in so that things are working in the mean time. - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
