On Wed, 2008-09-03 at 13:40 -0400, Peter Memishian wrote: > > > > http://zhadum.east/ws/seb/seb-ipobs/webrev/ > > > > > > I think there's something fundamental I'm missing. Why is it OK for the > > > dstzone to be ALL_ZONES in the tcp/udp calls to ipnet_hook() if the > > > destination is another zone on the local system? > > > > The only calls to ipnet_hook() in tcp and udp are for packets that are > > in the fast-path directly to the link-layer, and therefore, not to > > another zone. > > I'm not convinced this is a robust assumption. For instance, after > Crossbow integrates, zones may be using VNICs which means they'll take the > GLDv3 function-call-based codepath.
On output, the ip module (or more specifically one IP stack) does not know if a packet is destined to an IP address on a different system, or an IP address in an exclusive stack zone somewhere on "this" system. So if a destination isn't "local" (not local to "this" stack), then the packet goes down to the link layer. If the packet happens to be destined to a different IP stack (either on this machine or a different one), "this" stack has no way of knowing which stack that might be and what its zoneid is. The destination zone for packets that go down to the link-layer has to be "Uknown". Crossbow doesn't change this situation at all. It just means that instead of going out on the wire and coming back in on the same NIC, the packets will be passed up through a VNIC via the virtual switch. Are you suggesting that, in the output paths, we try and figure out if a packet is eventually going to come back to a different stack? -Seb
