Subject: Re: Splitting ip{,6}_output
To: DEGROOTE Arnaud <>
From: None <>
List: tech-net
Date: 03/02/2007 14:53:14
In message <>DEGROOTE Arnaud writes
>Content-Type: text/plain; charset=us-ascii
>Content-Disposition: inline
>In order to better integrate the fast_ipsec with our ipv{4,6} processing,
>we need to make some changes to the current way to deal in the output
>processing. Currently, we do something like that
>ip6_output calls ipsec6_process_packet which process the ipsec
>transformation on an asynchronous way. When it has finished,
>ipsec_process_done is called and the packet is reinjected in ip6_output
>with dummy arguments.
>There is two problems here :
>    - we lose the current argument of ip6_output ( all the options in
>	  particulary )
>    - we process some things that we already have processed on the first
>	 pass
>The situation is quite the same on the v4 side, maybe worse because when we
>call ipsec4_process_packet, we have already process most of the ip_output

But for tunnel mode, don't we *want* to redo all  that work?
("need to" might be more accurate.)