Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 21 Nov 2007 22:33:15 +0000 (UTC)
From:      "Bjoern A. Zeeb" <bz@FreeBSD.org>
To:        src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/sys/netinet tcp_output.c
Message-ID:  <20071121223042.X53707@maildrop.int.zabbadoz.net>
In-Reply-To: <200711212230.lALMUE59024039@repoman.freebsd.org>
References:  <200711212230.lALMUE59024039@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 21 Nov 2007, Bjoern A. Zeeb wrote:

> bz          2007-11-21 22:30:14 UTC
>
>  FreeBSD src repository
>
>  Modified files:
>    sys/netinet          tcp_output.c
>  Log:
>  Make TSO work with IPSEC compiled into the kernel.
>
>  The lookup hurts a bit for connections but had been there anyway
>  if IPSEC was compiled in. So moving the lookup up a bit gives us
>  TSO support at not extra cost.
>
>  PR:             kern/115586
>  Tested by:      gallatin
>  Discussed with: kmacy
>  MFC after:      2 months
>
>  Revision  Changes    Path
>  1.143     +16 -3     src/sys/netinet/tcp_output.c


Remarks:
* There is an edge case that has not been and is not addressed by this commit:
   in case memory allocation fails in ipsec_hdrsiz_tcp() we return 0 and
   enable TSO anyway. Also ipoptlen calculation would be wrong if the proper
   lookup would have shown that we will do IPsec processing.

* ipsec?_hdrsiz() in the call path from ipsec_hdrsiz_tcp()
   still has an XXX comment 'if we should panic in case no IPSEC processing
   is needed'. That was never enforced and the comment should probably be
   removed as there have not been and are no checks if IPsec processing is
   needed before this (else we would not need to do the lookup here).

* We should see if we can find a shortcut to check if IPsec processing
   is needed to not hurt connections that much  in case IPSEC is compiled
   in but there are no policies or ipsec would "not be enabled".
   Future IPSec work should keep that in mind. (Discussed with sam and rwatson)

--
Bjoern A. Zeeb                                 bzeeb at Zabbadoz dot NeT
Software is harder than hardware  so better get it right the first time.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071121223042.X53707>