On Mon, Mar 07, 2005 at 03:30:26AM +0100, Patrick McHardy wrote:
>
> I agree that it is more important, but I don't see any harm in fixing
> the other problem for transport mode first. Fixing the scalability
> problem requires a dynamically resized hash, anything static will
> lead to different scalability problems with a large number of policies.
> The tos/fwmark part looks comparatively small, simply reroute all
> packets based on src/dst/fwmark/predicted final tos if they differ.
> But since both of this is not done yet, I think it would be better to
> fix the smaller problem first.
The reason I'm asking is because the places where you're most likely
to use tos/fwmark is in IPsec gateways. In other words, it isn't
very useful unless it works in tunnel mode. This plus the fact
that the check for tunnel mode is a bit of a hack makes me think that
it's not worth it at the moment.
On the subject of fixing the scalability issue, we should just use
the flow cache directly for each bundle.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
|