From: David Woodhouse <dw...@infradead.org> Date: Sun, 01 Feb 2015 13:33:50 +0000
> Of course, now I'm looking closely at the path these packets take to > leave the box, it starts to offend me that they're being passed up to > userspace just to encrypt them (as DTLS or ESP) and then send them back > down to the kernel on a UDP socket. The kernel already knows how to > {en,de}crypt ESP, and do the sequence number checking on incoming > packets. It's funny, I thought we had an IPSEC stack....