| To: | Michael Richardson <mcr@xxxxxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: skb->security and friends |
| From: | Andi Kleen <ak@xxxxxxx> |
| Date: | Fri, 26 Oct 2001 21:42:35 +0200 |
| Cc: | design@xxxxxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx |
| In-reply-to: | <200110251841.f9PIfMM08793@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>; from mcr@xxxxxxxxxxxxxxxxxxxxxx on Thu, Oct 25, 2001 at 02:41:22PM -0400 |
| References: | <Pine.LNX.4.10.10110250102070.12619-100000@xxxxxxxxxxxxxxxxx> <200110251841.f9PIfMM08793@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> |
| Sender: | owner-netdev@xxxxxxxxxxx |
| User-agent: | Mutt/1.3.16i |
> We are seeking opinions. nfmark has the advantage that the routing code knows about it and can manage the destination cache based on it (very useful for pmtu management) security is basically on its way out; it was for a never completely merged ipsec implementation from the fi/sinus firewalls guys and is largely bitrotted now (e.g. a lot of stack modules won't maintain it correctly anymore and probably never have) If you wanted to use it you would need to fix it first. ->cb is free for your use as long as you have the skb queued privately, but it'll be destroyed as soon as you give it away. I don't understand your 64k comment. I would recommend to use nfmark. as far as I can see you'll need destination cache support anyways, and it gets you that for free. -Andi |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | automatic default route, Marco d'Itri |
|---|---|
| Next by Date: | Re: automatic default route, Pekka Savola |
| Previous by Thread: | Re: skb->security and friends, James R. Leu |
| Next by Thread: | Re: skb->security and friends, Michael Richardson |
| Indexes: | [Date] [Thread] [Top] [All Lists] |