Issue on packets sending through ip_route_output_key() to xfrm_lookup() in native IPsec

From: Park Lee (parklee_sel_at_yahoo.com)
Date: 12/30/04

  • Next message: Bill Davidsen: "Re: Trying out SCHED_BATCH" 
    Date:	Thu, 30 Dec 2004 08:03:17 -0800 (PST)
To: linux-kernel@vger.kernel.org

    Hi,
      In Linux native IPsec, there is a function
    xfrm_lookup(struct dst_entry **dst_p, struct flowi
    *fl, struct sock *sk, int flags) (in
    /usr/src/linux-2.6.5-1.358/net/xfrm/xfrm_policy.c).
    Whenever a packet is sending, kernel will call
    xfrm_lookup() to finds/creates a bundle for it.
      xfrm_lookup() can be called by many functions. one
    of these functions is ip_route_output_key().
    we can see its definition as follows:

    int ip_route_output_key(struct rtable **rp, struct
    flowi *flp)
    {
            int err;
            if ((err = __ip_route_output_key(rp, flp)) !=
    0)
                    return err;
            return flp->proto ? xfrm_lookup((struct
    dst_entry**)rp, flp, NULL, 0) : 0;
    }

    As ip_route_output_key() calls xfrm_lookup() with the
    argument sk set to NULL, Does this means that the
    packets sending through ip_route_output_key() to
    xfrm_lookup() have no corresponding local socket with
    them (because their sk is NULL)? Are these packets all
    created by special kernel socket (i.e. icmp_socket and
    tcp_socket)?

    Thank you very much.

    =====
    Best Regards,
    Park Lee

                    
    __________________________________
    Do you Yahoo!?
    Yahoo! Mail - Helps protect you from nasty viruses.
    http://promotions.yahoo.com/new_mail
    -
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  • Next message: Bill Davidsen: "Re: Trying out SCHED_BATCH"

    Relevant Pages