On Fri, 20 Oct 2006, Paul Moore wrote: > I just spent the past couple of hours looking at the kernel trying to trace an > IPsec packet's path through the stack from when it first enters to when it > leaves through the forwarding path. From what I can tell it appears that the > XFRM state is kept in the sk_buff->sp field for inbound transforms and in the > sk_buff->dst->xfrm field for outbound transforms. Unless I missed something > somewhere (very possibile, I was looking at a *lot* of code this morning) it > seems like we should be able to retrieve the context from the inbound SAs > without problem, eliminating the need to overload/split/etc. the > sk_buff->secmark field. > > If I'm wrong about the XFRM state could someone please correct me?
I believe this is correct. -- James Morris <[EMAIL PROTECTED]> -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
