Re: [IPSEC] Use xfrm_rcv for xfrm tunnel packets

Date: Thu Jul 31 2003 - 08:57:52 EST


> In fact, I think that we need to preserve the guarantee that no
> two addresses share the same XFRM tunnel for IPv6. To do that,
> we will need to extend the SPI key in the SADB to at least 128
> bits.

Bits of saddr saved in spi field are supposed to be just hashing helper,
allowing to avoid hashing all the tunnels of all the tunnels ending
at our host and, hence, having one destination address, at one hash bucket.

IPv6 should do full check for saddr and can use some folded hash value
of saddr as spi.

To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to
More majordomo info at

This archive was generated by hypermail 2b29 : Thu Jul 31 2003 - 22:00:02 EST