Date: Mon, 7 Oct 2002 09:32:15 -0700 From: "Sam Leffler" <sam@errno.com> To: "Terry Lambert" <tlambert2@mindspring.com> Cc: "Nate Lawson" <nate@root.org>, <freebsd-arch@FreeBSD.ORG>, <freebsd-net@FreeBSD.ORG> Subject: Re: CFR: m_tag patch Message-ID: <150d01c26e1f$192baf10$52557f42@errno.com> References: <Pine.BSF.4.21.0210062200110.5730-100000@root.org> <142f01c26dc1$6c4fa5b0$52557f42@errno.com> <3DA12517.6D1B4EC2@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Actually, the integration into IPv4 strikes me as little more than
> an afterthought: the KAME code handles it in IPv6 without the extra
> overhead for the non-IPSEC sockets, and the IPv4 support is more of
> a bolt-on than something designed in. I'd almost want to see the
> IPSEC stuff treated as a separate encapsulation layer, on its own.
>
IPsec integration is done the same for IPv4 and IPv6. Specifically, the
socket parameter is passed through the aux mbuf rather than as a function
param. I've changed both ip_output and ip6_output to pass the socket as an
additional parameter to eliminate this practice.
> Adding a aparameter for it specifically adds more cruft on the cruft
> that's already there, and makes the IPSEC *not* an encapsulation, in
> any way. 8-(.
>
Adding an extra param to ip*_output is a pragmatic approach chosen to
minimize impact to the code and reduce overhead. FWIW this approach is also
found in openbsd, irix and bsd/os.
> Is there another way to do this? A general extension mechanism for
> attributin mbufs seems to be a good idea. People have wanted this
> before, for credentials (e.g. Robert suggested something like this
> before).
>
m_tag's are a general extension mechanism for attributing mbuf chains (i.e.
packets). If deemed worthwhile they could be promoted from the pkthdr to
the base mbuf. For now I've tried to make the change that has least impact
as we're (supposedly) close a freeze for DP2. Also, the change I've made
permits MFC'ing to -stable w/ binary compatibility since the SLIST of
m_tag's requires only a single pointer so this can replace the point to the
aux mbuf list.
Sam
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?150d01c26e1f$192baf10$52557f42>