Date: Fri, 10 Mar 2006 20:36:40 +0900 From: gnn@freebsd.org To: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net> Cc: freebsd-net@freebsd.org Subject: Re: FAST_IPSEC and tunnelled packets processing Message-ID: <m2zmjyh6pj.wl%gnn@neville-neil.com> In-Reply-To: <20060309145303.GB19877@zen.inc> References: <20060307180222.GA1308@zen.inc> <440FA8DC.3010006@errno.com> <20060309145303.GB19877@zen.inc>
next in thread | previous in thread | raw e-mail | index | archive | help
At Thu, 9 Mar 2006 15:53:03 +0100, VANHULLEBUS Yvan wrote: > > On Wed, Mar 08, 2006 at 08:02:36PM -0800, Sam Leffler wrote: > [.....] > > If I recall the IPIP handling is different from KAME because there is > > support for IPIP encapsulation independent of the IPsec protocols while > > KAME only handles IPIP as part of the ESP tunnel configuration. As to > > overhead, in practice, at least back in 4.x where this work was > > originally done, the netisr dispatch was effectively shortcircuited > > because the dispatch was done from the netisr thread so the net cost was > > a enqueue+dequeue of the packet. I'm not sure about extraneous trips > > through ip_input or not stripping headers; this stuff used to work right > > but I've not looked at the code in years. > > There IS some code to remove the IPIP header, but it doesn't work. > > I just reported pr kern/94273 with a patch which solves it. > Bug taken by me :-) I'll try your patch and commit as necessary. Later, George
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m2zmjyh6pj.wl%gnn>