[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 03163) Issue on input process of Linux native IPsec

To: ipsec-tools-devel@xxxxxxxxxxxxxxxxxxxxx, usagi-users@xxxxxxxxxxxxxx
Subject: (usagi-users 03163) Issue on input process of Linux native IPsec
From: Park Lee <parklee_sel@xxxxxxxxx>
Date: Tue, 21 Dec 2004 10:32:19 -0800 (PST)
Cc: ipsec@xxxxxxxxxxxxxxxxx, linux-net@xxxxxxxxxxxxxxx
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=tp52H8+h2bPhn6Ro/ugRhVdPLpb3thBnxlhS6JsIFS9qdfwJx1Dd4l+lIxhN3LwS714BHUSthIMpbI7EtfAs/U2ZCapVJFbIslBcJvvgy/+BhrUB7PDlpDNZjsCZrkL/8mi/IhsNqUkIfHWUt+UxzXoLkhqrr+CQ/3gnSFKey4Y= ;
Reply-to: usagi-users@xxxxxxxxxxxxxx

Hi,
  We know that the output process of Linux native
IPsec fully uses the XFRM architecture. The order of
primal functions are xfrm_lookup(),
xfrm_tmpl_resolve(), xfrm_bundle_create() and
dst_output(). 
  The input process for IPsec is more simple than
output. The order of primal functions (in IPv4) are
xfrm4_rcv(), xfrm4_rcv_encap(), xfrm4_parse_spi(),
xfrm4_policy_check().
  But, Why should the input process also go throught
xfrm_lookup(), xfrm_tmpl_resolve(),
xfrm_bundle_create()? What's the purpose of this? 

  Thank you.


=====
Best Regards,
Park Lee

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Prev by Date: (usagi-users 03162) [usagi-announce] 2004/12/20 snapshot
Next by Date: (usagi-users 03164) Policy routing
Previous by thread: (usagi-users 03162) [usagi-announce] 2004/12/20 snapshot
Next by thread: (usagi-users 03164) Policy routing
Index(es):
- Date
- Thread