[redhat-lspp] Re: Inbound XFRM state during forwarding
James Morris
jmorris at redhat.com
Fri Oct 20 23:06:14 UTC 2006
On Fri, 20 Oct 2006, Paul Moore wrote:
> I just spent the past couple of hours looking at the kernel trying to trace an
> IPsec packet's path through the stack from when it first enters to when it
> leaves through the forwarding path. From what I can tell it appears that the
> XFRM state is kept in the sk_buff->sp field for inbound transforms and in the
> sk_buff->dst->xfrm field for outbound transforms. Unless I missed something
> somewhere (very possibile, I was looking at a *lot* of code this morning) it
> seems like we should be able to retrieve the context from the inbound SAs
> without problem, eliminating the need to overload/split/etc. the
> sk_buff->secmark field.
>
> If I'm wrong about the XFRM state could someone please correct me?
I believe this is correct.
--
James Morris
<jmorris at redhat.com>
More information about the redhat-lspp
mailing list