On Sat, 16 Aug 2003, Jun-ichiro itojun Hagino wrote:

> > A similar analogy with a host transmitting and receiving its own
> > packets suggests (to me at least) that if_loop should strip all tags,
> > too.
>
> 	as for if_loop.c:
> 	your logic makes sense, but we may want to use tags to packet loop
> 	prevention within the kernel.

As I understand it, the only way tags can prevent looping in the kernel is
if they are going over the (or a) loopback interface. So let's just put
the detection in said interface, before Jonathan's tag flush.

I'm shooting in the dark, but something along the lines of (obviously
pseudocode):

	if (found_already_looped_tag(m) {
		panic("Loop oops!");
	}
	strip_tags(m);
	add_tag(m, already_looped_tag);

and we have the loop detection you were refering to.

> 	KAME code removes tag before calling if_output().  why it isn't
> 	sufficient?

Offhand, because that means that tags only work "right" for IP traffic.
While that is like 99.999% of the overall traffic, we should abstract
things correctly. Since only the loopback interface can have packets
"arrive" with tags, only it needs to worry about flushing them.

I am of course assuming that the standard mbuf recycling code will deal
with flushing tags (whatever that may mean). If instead the semantics are
that the protocol should flush them, then ip_output needs to clean them
for FAST_IPSEC too. And all the other protocols should too. :-|

Take care,

Bill