tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: IPsec: stack problems



On Thu, Mar 01, 2018 at 03:39:49PM +0100, Maxime Villard wrote:
> Le 01/03/2018 à 15:07, Joerg Sonnenberger a écrit :
> > On Thu, Mar 01, 2018 at 10:25:54AM +0100, Maxime Villard wrote:
> > > In fact, the crypto code was written with the assumption that when
> > > crypto_dispatch returns, there is no further crypto processing.
> > > 
> > > If the packet is repushed, this assumption does not hold anymore, and I'm not
> > > sure whether it wouldn't break things.
> > > 
> > > But otherwise yes, it would be nice to repush the packet.
> > 
> > I don't understand that. The lower layers already expect the decrypted
> > data, so crypto processing has to be done at this point anyway?
> 
> I meant to say that I'm not sure that there aren't many design changes needed
> in order to repush the packet.

Note that I am not saying to push it back into the normal inet/inet6
ISR, but have one dedicated to IPsec.

Joerg


Home | Main Index | Thread Index | Old Index