David S. Miller wrote:
On Sun, 20 Mar 2005 16:46:34 +0100
Patrick McHardy <kaber@xxxxxxxxx> wrote:
So what's holding back these patches is getting some consensus on what
exactly we want to do and finding a better method for determining when
decapsulation is done. One possibility would be stealing packets
in xfrm_policy_check(), but I haven't thought much about this yet.
That latter idea sounds pursuable. I guess you'd do a netfilter
hook in xfrm_policy_check() right?
It would call netif_rx(). The packet should pass all hooks as usual,
so everything works as expected. It is cleaner than my current
approach, but has the same problems wrt. statistics and AF_PACKET/raw
sockets. I'll post a patch (probably tomorrow, its late here) so we
have something concrete to talk about.
Regards
Patrick
|