Re: IPsec: stack problems

To: tech-net%netbsd.org@localhost
Subject: Re: IPsec: stack problems
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Thu, 1 Mar 2018 22:45:49 +0100

On Thu, Mar 01, 2018 at 03:39:49PM +0100, Maxime Villard wrote:
> Le 01/03/2018 à 15:07, Joerg Sonnenberger a écrit :
> > On Thu, Mar 01, 2018 at 10:25:54AM +0100, Maxime Villard wrote:
> > > In fact, the crypto code was written with the assumption that when
> > > crypto_dispatch returns, there is no further crypto processing.
> > > 
> > > If the packet is repushed, this assumption does not hold anymore, and I'm not
> > > sure whether it wouldn't break things.
> > > 
> > > But otherwise yes, it would be nice to repush the packet.
> > 
> > I don't understand that. The lower layers already expect the decrypted
> > data, so crypto processing has to be done at this point anyway?
> 
> I meant to say that I'm not sure that there aren't many design changes needed
> in order to repush the packet.

Note that I am not saying to push it back into the normal inet/inet6
ISR, but have one dedicated to IPsec.

Joerg

References:
- IPsec: stack problems
  - From: Maxime Villard
- Re: IPsec: stack problems
  - From: Joerg Sonnenberger
- Re: IPsec: stack problems
  - From: Maxime Villard
- Re: IPsec: stack problems
  - From: Joerg Sonnenberger
- Re: IPsec: stack problems
  - From: Maxime Villard

Prev by Date: Re: IPsec: stack problems
Next by Date: Re: IPsec: stack problems
Previous by Thread: Re: IPsec: stack problems
Next by Thread: Re: IPsec: stack problems
Indexes:

Home | Main Index | Thread Index | Old Index