Re: [Ipsec] Issue on input process of Linux native IPsec

[Park Lee]

On Fri, 24 Dec 2004 at 01:23, David Dillow wrote:
> On Wed, 2004-12-22 at 22:29 -0800, Park Lee wrote:
> > Thanks.
> > But, After a packet was received, It has already 
> > been processed by xfrm4_rcv(), xfrm4_rcv_encap(),
> > ah_input(), esp_input(),etc. so, I think that 
> > there is no need to search(or created) a bundle 
> > everytime a packet is recieved, since it has 
> > already been processed. Am I right?
>
> Are you sure you're not seeing the creation of a 
> reply packet? Unless you're testing with UDP and a 
> listening socket on the receiver, you're going to 
> get a response packet if the incoming packet makes 
> it through the iptables rules. You were testing 
> with ICMP echo requests (ping), if I recall.
>
> I think either you're basing your idea of the 
> packet flow on printk()'s,or I'm just too tired and 
> missing where xfrm_lookup() gets called on the
> rx path... 

Yes, I'm testing with ping and basing my idea of the
packet flow on printk().

> (yes, sk can be NULL there, but I was wrong about 
> it being called for Rx'd packets, I think).

Does this mean that when the reply (response) packet
is sending out through xfrm_lookup(), the sk parameter
of xfrm_lookup() will not be NULL? and When the
incoming packet itself goes through xfrm_lookup(), the
sk parameter will be NULL?

Thank you 
and 
Merry Christmas.


=====
Best Regards,
Park Lee


		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - Helps protect you from nasty viruses. 
http://promotions.yahoo.com/new_mail
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/