On Tue, Dec 19, 2017 at 2:56 AM, David Miller <[email protected]> wrote: > > - ICMP errors are similar to input, except the search is for the > > outbound XFRM state, because the only data that is available is > > the outbound SPI. Thus, ICMP errors are only processed if the > > ikey is the same as the same as the okey. AFAICS this is > > consistent with GRE tunnels, but not with existing VTI > > behaviour. > > I think you will need to sort out the VTI ICMP behavior difference > with what exists now.
Thanks for the feedback. I've sent out a new series that addresses this. I had to make some minor changes to the common ip tunnel lookup functions to make it work, because currently, a tunnel can only be looked up by i_key. https://patchwork.ozlabs.org/patch/851558/ .
