Re: [IPSEC] Use xfrm_rcv for xfrm tunnel packets

From: kuznet@ms2.inr.ac.ru
Date: Thu Jul 31 2003 - 08:57:52 EST


Hello!

> In fact, I think that we need to preserve the guarantee that no
> two addresses share the same XFRM tunnel for IPv6. To do that,
> we will need to extend the SPI key in the SADB to at least 128
> bits.

Bits of saddr saved in spi field are supposed to be just hashing helper,
allowing to avoid hashing all the tunnels of all the tunnels ending
at our host and, hence, having one destination address, at one hash bucket.

IPv6 should do full check for saddr and can use some folded hash value
of saddr as spi.

Alexey
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html



This archive was generated by hypermail 2b29 : Thu Jul 31 2003 - 22:00:02 EST