Question about IP tunnel

chenl (chenl@mail.sc.cninfo.net)
Mon, 21 Jun 1999 11:55:27 +0800


Hi,

I'm a graduate student doing something about IP security. To implement a
security gateway using Linux, I'm reading 'new_tunnel.c' by Sam
Lantinga, and want to rewrite it to implement IPSec tunneling.

There are 3 question about the new_tunnel.c:
1.In tunnel_xmit():
rt=ip_rt_route(iph->daddr,0,);
if(rt->rt_flags & RTF_GATEWAY)
target=rt->rt_gateway; /* Question: When the
rt->rt_flags & RTF_GATEWAY is true? */
/* In other words, by what configuration this
condition will meet? Can u give examples?*/
else
target=dev->pa_dstaddr;
2.As the example gaven by README.tunnel, the normal procedure to
configure tunnel is as below:
#ifconfig tunl0 202.115.6.1 pointopoint 202.115.5.1
#route add 202.115.5.1 dev eth0
#route add -net 202.115.5.0 dev tunl0
So, all IP packets from 202.115.6.1to 202.115.5.x, but 202.115.5.1 will
be encapsulated. If I also need to encapsulate packet from 202.115.6.1
to 202.115.5.1, what should I do? (to implement security gateway).
3. Is new_tunnel.c a right place to implement IP ESP tunneling? or,
other places as ip_forward be better?

Thanks for any suggestion from you.
Chen l.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/