Re: [Ipsec] Issue on input process of Linux native IPsec

[David Dillow]

[ Trimmed cc list to non-moderated lists.]

On Fri, 2004-12-24 at 11:23 -0800, Park Lee wrote:
> > I think either you're basing your idea of the 
> > packet flow on printk()'s,or I'm just too tired and 
> > missing where xfrm_lookup() gets called on the
> > rx path... 
> 
> Yes, I'm testing with ping and basing my idea of the
> packet flow on printk().

In the work I've been doing, I've found it very helpful to open a text
editor, and make a call graph for the task I'm interested in -- in your
case, a graph of every function that gets called upon receive, starting
with your network driver's receive function.

Doing a similar one for Tx would be useful for you as well, though I'd
start with the UDP output path, as it was pretty simple.

> > (yes, sk can be NULL there, but I was wrong about 
> > it being called for Rx'd packets, I think).
> 
> Does this mean that when the reply (response) packet
> is sending out through xfrm_lookup(), the sk parameter
> of xfrm_lookup() will not be NULL? and When the
> incoming packet itself goes through xfrm_lookup(), the
> sk parameter will be NULL?

xfrm_lookup() is only called for outgoing packets, not for received
packets.  I don't think ping replies (ICMP echo replies) will ever have
a non-NULL sk, as they are not associated with a socket.
-- 
David Dillow <dave@xxxxxxxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/