Re: [PATCH] IPv6 IPSEC support
From: David S. Miller (davem@redhat.com)
Date: Sat Feb 22 2003 - 18:47:53 EST
From: YOSHIFUJI Hideaki / �$B5HF#1QL@�(B <yoshfuji@linux-ipv6.org>
Date: Sat, 22 Feb 2003 21:49:35 +0900 (JST)
xfrm_policy.c:xfrm6_bundle_create() seems to depend on ip6_route_output()
as xfrm_bundle_create() depends on __ip_route_output_key().
How do we solve this dependency? inter-module?
Good question.
Maybe we can pass around a structure to xfrm_lookup() which contains
information on how to lookup routes for tunnels. It can just be
a function pointer right now.
It may be possible to generalize this technique even more, making
more xfrm_*() routines address-family independant.
One example, xfrm_lookup() gets this xfrm_afinfo pointer, and it can
use it to learn how to compare addresses. The xfrm_afinfo pointer
is also passed to xfrm_bundle_create() which uses it to learn how
to lookup tunnel routes.
A small net/ipv6/xfrm_ipv6.c module is created, which registers
a xfrm_afinfo structure to the generic xfrm engine, it teaches
how to do these operations for AF_INET6 xfrm objects.
Do you think this can work?
We have several conflicting desires, all of them arise from capability
to make many things as modules. The only reliable aspect is that
ipv4 cannot be modular. Because of this we can allow xfrm_user and
af_key to be either modular or non-modular.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29
: Sun Feb 23 2003 - 22:00:37 EST