Date: Sat, 27 Oct 2012 21:03:29 +0000 (UTC) From: Andre Oppermann <andre@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r242190 - user/andre/tcp_workqueue/sys/netipsec Message-ID: <201210272103.q9RL3TbK058266@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: andre Date: Sat Oct 27 21:03:29 2012 New Revision: 242190 URL: http://svn.freebsd.org/changeset/base/242190 Log: Add ASCII art to ipsec pfil description for better overview. Modified: user/andre/tcp_workqueue/sys/netipsec/ipsec_pfil.c Modified: user/andre/tcp_workqueue/sys/netipsec/ipsec_pfil.c ============================================================================== --- user/andre/tcp_workqueue/sys/netipsec/ipsec_pfil.c Sat Oct 27 20:17:59 2012 (r242189) +++ user/andre/tcp_workqueue/sys/netipsec/ipsec_pfil.c Sat Oct 27 21:03:29 2012 (r242190) @@ -94,6 +94,41 @@ extern struct protosw inetsw[]; * tunnel have to be made. * This should be represented as virtual interfaces in the kernel. * + * + * + +--------------------------------------+ip_enqueue() + * | | ^ + * v v | + * ip_input() | + * + | + * | | + * v | + * pfil_run_hooks()+---+ | + * | | + * v | + * ipsec_pfil_run()+------>AH|ESP? | + * + + + | + * | no | | yes | + * | policy?<----+ | | + * | + + | | + * | no | | yes | | + * |<-----+ | v | + * | | verify/decrypt | + * | | no + + | + * | X------+ | | + * | drop v | + * | next_hdr | + * | + + | + * | other | | ip + + * |<------------------+ +------>find_if() + * | + * v + * next_pfil_hook() + * v + + * | | + * |<------------+ + * | + * v + * * Next steps: * - Implement 1 in a pfil hook to block non-encrypted packets. * - Implement 2 in a pfil hook to in-path transform transport mode packets.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201210272103.q9RL3TbK058266>