Subject: Re: Patch for Fast-IPsec over loopback
To: Bill Studenmund <wrstuden@netbsd.org>
From: None <itojun@iijlab.net>
List: tech-net
Date: 08/17/2003 10:12:33
>> KAME code removes tag before calling if_output(). why it isn't
>> sufficient?
>Offhand, because that means that tags only work "right" for IP traffic.
>While that is like 99.999% of the overall traffic, we should abstract
>things correctly. Since only the loopback interface can have packets
>"arrive" with tags, only it needs to worry about flushing them.
>
>I am of course assuming that the standard mbuf recycling code will deal
>with flushing tags (whatever that may mean). If instead the semantics are
>that the protocol should flush them, then ip_output needs to clean them
>for FAST_IPSEC too. And all the other protocols should too. :-|
my point is, what is the rationale for making layer 2 (if_loop.c) do
cleanup for layer 3 tags (FAST_IPSEC)? the cleanup of FAST_IPSEC tags
must be done in layer 3, which is, for instance, right before the call
to if_output().
itojun