From: Kazunori MIyazawa <kazunori@xxxxxxxxxxxx>
Date: Wed, 19 Feb 2003 23:39:15 +0900
> 3) I noticed comment above transformation from
> explicit dst->output() call to dst_output().
>
> It is not IPSEC issue, rather I believe that entire tree should
> have this conversion eventually. The concept of stackable
> destination cache entries is a generic one.
>
Please let me understand. I think dst->output calls each dst
output routine chains but those could not process the return value
NET_XMIT_BYPASS returned from ah and/or esp.
Is this out of scope of IPsec?
Not really. Stackable destinations are a powerful concept.
For example, we could reimplement IPIP processing using this.
In this way, IP tunnels can become stacked destinations.
Another application of stackable destinatins could be something
like CIPE.
Please understand what NET_XMIT_BYPASS means, which is "please
continue to invoke input/output method, I have placed new dst in skb"
I will apply the patch from Yoshfuji which makes the transformations.
|