Subject: Re: Patch for Fast-IPsec over loopback
To: None <itojun@iijlab.net>
From: Bill Studenmund <wrstuden@netbsd.org>
List: tech-net
Date: 08/16/2003 19:16:55
On Sun, 17 Aug 2003 itojun@iijlab.net wrote:

> >I am of course assuming that the standard mbuf recycling code will deal
> >with flushing tags (whatever that may mean). If instead the semantics are
> >that the protocol should flush them, then ip_output needs to clean them
> >for FAST_IPSEC too. And all the other protocols should too. :-|
>
> 	my point is, what is the rationale for making layer 2 (if_loop.c) do
> 	cleanup for layer 3 tags (FAST_IPSEC)?  the cleanup of FAST_IPSEC tags
> 	must be done in layer 3, which is, for instance, right before the call
> 	to if_output().

Hmmm... I don't know enough about tags to definitively answer.

One reason to leave them around would be so that bpf could be adjusted to
see what they were on packets that are sent.

Are tags layer-distinct or not? i.e. can a layer tell its own tags from
tags due to other layers (either due to behaviors like they all start
"KAME" or "FASTIPSEC" or some such, or due to a layer number field)? If
it's easy for different layers to not step on each other, then it seems to
me that it's easiest to just GC them when the packet gets recycled.

As to why if_loop.c should do this, it is one of the few places that
packets that were going out turn around and come back in. As I understand
it, broadcasting on SIMPLEX interfaces is the other main place. Everything
else (hardware interfaces) would have started with a tagless packet, so
the turnaround points need to simulate that.

If the decision is that each layer should clean up its own tags, that's
fine. It just seems easier to defer that to packet recycle.

Take care,

Bill