Re: [Ipsec] Issue on input process of Linux native IPsec

From: Park Lee
Date: Thu Mar 10 2005 - 05:43:55 EST

On Fri, 24 Dec 2004 at 16:15, David Dillow wrote:
> xfrm_lookup() is only called for outgoing packets,
> not for received packets. I don't think ping
> replies (ICMP echo replies) will ever have a non-
> NULL sk, as they are not associated with a socket.

But, as we know, The Linux network component creates
two special purpose sockets for use by the AF_INET
protocol family. The tcp socket is used to send resets
when a TCP packet is rejected, since there may be no
local socket corresponding to the packet. The icmp
socket is used to send ICMP messages.

Then, Why did you say that ping replies (ICMP echo
replies) were not associated with a socket?
Is there any difference between the special purpose
socket and the socket you mentioned above?

Thank you.

Best Regards,
Park Lee

Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at