Re: [2.1.4x] Patch for IPIP/Tunnel

A.N.Kuznetsov (kuznet@ms2.inr.ac.ru)
Wed, 30 Jul 1997 21:22:09 +0400 (MSD)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Martin Mares: "Re: [2.1.4x] Patch for IPIP/Tunnel"
Previous message: Dan Hollis: "Re: PentiumII's."

Hello!
>
> Another question: Is there any chance to get the current IPIP code
> to act as a generic (i.e., not restricted to a particular source address)
> decapsulator? I needed such setup (of course restricted by firewalling
> rules) in some cases, but I wasn't able to figure out how to set it up.
>

Nope, it is impossible in code "as is".
It requires a bit of trickery.
You could hack it to select a tunnel to assign
all not classified IPIP packets to it f.e. to hook netdev notifier
at ipip.c, catch the moment when the first tunnel goes up
and select it, or catch when tunl or tunl0 goes up, and
until this moment drop all such packets. Ugly.

Beware, if you just deleted ip_find_tunnel, firewall would
not able to segregate packets arrived from tunnel and normal traffic.

Alexey Kuznetsov.

Next message: Martin Mares: "Re: [2.1.4x] Patch for IPIP/Tunnel"
Previous message: Dan Hollis: "Re: PentiumII's."