From owner-freebsd-net@FreeBSD.ORG  Fri Mar 10 11:37:03 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AFA8916A420
	for <freebsd-net@freebsd.org>; Fri, 10 Mar 2006 11:37:03 +0000 (GMT)
	(envelope-from gnn@neville-neil.com)
Received: from mrout2-b.corp.dcn.yahoo.com (mrout2-b.corp.dcn.yahoo.com
	[216.109.112.28])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 51F8D43D49
	for <freebsd-net@freebsd.org>; Fri, 10 Mar 2006 11:37:03 +0000 (GMT)
	(envelope-from gnn@neville-neil.com)
Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com
	[216.145.48.98])
	by mrout2-b.corp.dcn.yahoo.com (8.13.4/8.13.4/y.out) with ESMTP id
	k2ABafBJ085402; Fri, 10 Mar 2006 03:36:42 -0800 (PST)
Date: Fri, 10 Mar 2006 20:36:40 +0900
Message-ID: <m2zmjyh6pj.wl%gnn@neville-neil.com>
From: gnn@freebsd.org
To: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net>
In-Reply-To: <20060309145303.GB19877@zen.inc>
References: <20060307180222.GA1308@zen.inc> <440FA8DC.3010006@errno.com>
	<20060309145303.GB19877@zen.inc>
User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8
	(=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6 Emacs/22.0.50
	(i686-apple-darwin8.5.2) MULE/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Cc: freebsd-net@freebsd.org
Subject: Re: FAST_IPSEC and tunnelled packets processing
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Mar 2006 11:37:03 -0000

At Thu, 9 Mar 2006 15:53:03 +0100,
VANHULLEBUS Yvan wrote:
> 
> On Wed, Mar 08, 2006 at 08:02:36PM -0800, Sam Leffler wrote:
> [.....]
> > If I recall the IPIP handling is different from KAME because there is 
> > support for IPIP encapsulation independent of the IPsec protocols while 
> > KAME only handles IPIP as part of the ESP tunnel configuration.  As to 
> > overhead, in practice, at least back in 4.x where this work was 
> > originally done, the netisr dispatch was effectively shortcircuited 
> > because the dispatch was done from the netisr thread so the net cost was 
> > a enqueue+dequeue of the packet.  I'm not sure about extraneous trips 
> > through ip_input or not stripping headers; this stuff used to work right 
> > but I've not looked at the code in years.
> 
> There IS some code to remove the IPIP header, but it doesn't work.
> 
> I just reported pr kern/94273 with a patch which solves it.
> 

Bug taken by me :-)  I'll try your patch and commit as necessary.

Later,
George