updated patch - (was Re: fix for IPSEC-IPV4 breakage)
Andrew Atrens
atrens at nortelnetworks.com
Mon Oct 18 15:15:01 PDT 2004
>
Organization: Nortel Networks
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7Bit
Lines: 36
NNTP-Posting-Host: 47.128.22.25
X-Trace: 1098137702 crater_reader.dragonflybsd.org 742 47.128.22.25
Xref: crater_reader.dragonflybsd.org dragonfly.submit:1983
Matthew Dillon wrote:
> Change the 0's to NULL's for pointer assignments.
Oops, that's a C++ habit :)
> I wish there were a
> cleaner way, but after staring at it the only correct solution is to
> either change the decrypt API (and I don't think we want to change the
> decrypt API)
I think FAST_IPSEC does things differently in this regard than does IPSEC.
> or to pass a 'minimum first mbuf length' that the demuxer
> can assign for things like IPSEC to maintain...
Hmm...
> or to give up entirely
> and have the tcp and udp stacks re-check and re-pullup as necessary.
Since you are doing the kernel assertion check anyway, there would be no
additional runtime penalty for folks NOT using IPSEC. (Unless the you plan
on doing away with the assertion at some point).
> In anycase, we've chomped on this too much and need to move on, so
> give it a few days for others to test and if nothing better comes
> along we will commit it (email me a reminder if it doesn't get done in
> ~3 days). Or if Jeff wants to just commit it now he can do that too.
Okay, thanks. Though I'm not entirely happy with what I've got, I don't
want to tie up too many of folks free cycles either. :(
Andrew.
More information about the Submit
mailing list