Re: [PATCH] tunneling icmp patch (long!)
Friedrich Lobenstock (fl@fl.priv.at)
Fri, 07 May 1999 03:04:29 +0200
Alan Cox wrote:
> > ...
> Please don't run patches like this on the real internet. The moment you get
> a loop in your tunnel you will upset quite a few people
> > ....
> The TTL must always be decreasing. It is valid for it to decrease only one
> across a tunnel transit, but you cannot go setting the TTL higher than
> it was before without risking a loop
e.g: this host: eth0 = A.A.A.X and eth0:0 = 10.3.1.1
tunnelling partner: eth0 = B.B.B.X and eth1 = 10.2.1.1
tunneling: 10.2.1.0/24 <-> 10.3.1.0/24
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.2.1.0 B.B.B.X 255.255.255.0 UG 0 0 0 tunl0
A.A.A.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.3.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 A.A.A.Y 0.0.0.0 UG 0 0 0 eth0
traceroute to 10.2.1.111 (10.2.1.111), 30 hops max, 40 byte packets
1 10.2.1.1 (10.2.1.1) 92 ms 90 ms 106 ms
2 10.2.1.111 (10.2.1.111) 105 ms 71 ms 58 ms
�
Without my patch this would be totally different.
You get this:
traceroute to 10.2.1.111 (10.2.1.111), 30 hops max, 40 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 10.2.1.111 (10.2.1.111) 77 ms 70 ms 76 ms
This shows you that there is a tunnel.
For me a tunnel should be totally transparent to the user. This
is not true in the unpatched version of the ipip module but how
can this be done without the hazard of building endless loops.
MfG / Regards
Friedrich
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/