netdev
[Top] [All Lists]

Re: [hipl-users] Re: [PATCH 2.6.12.2] XFRM: BEET IPsec mode for Linux

To: diego.beltrami@xxxxxxx
Subject: Re: [hipl-users] Re: [PATCH 2.6.12.2] XFRM: BEET IPsec mode for Linux
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Sat, 30 Jul 2005 21:15:00 +1000
Cc: herbert@xxxxxxxxxxxxxxxxxxx, infrahip@xxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <1122651216.25842.67.camel@odysse>
Organization: Core
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: tin/1.7.4-20040225 ("Benbecula") (UNIX) (Linux/2.4.27-hx-1-686-smp (i686))
Diego Beltrami <diego.beltrami@xxxxxxx> wrote:
> 
> The modifications in the ESP functions are due to the hybrid cases when
> Inner and Outer address families are different; in those cases the
> values returned by espX functions are not coherent.

I see.  However, this is really a consequence of us not implementing
interfamily transforms for plain old tunnel mode.  Had we implemented
that, it would be a piece of cake to extend this to BEET without
touching ESP.

>> Also, if you're going to do cross-family transforms, it should be
>> done for both BEET and plain tunnel-mode.
> 
> Potentially it could be possible also for plain tunnel-mode: this will
> require further analysis.

It definitely does need further analysis even for BEET mode.  The rcv
path for interfamily transforms is straightforward since we pass through
netif_rx.  However, on the outbound path things aren't that simple.

I suggest that you remove the interfamily support for the initial merge
of the BEET implementation.  We can then readd it for both plain tunnel
and BEET mode.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

<Prev in Thread] Current Thread [Next in Thread>