> On Mon, Jan 30, 2006 at 01:19:27AM -0800, Darren Reed wrote:
...
> > A good example is the seemingly endless number of loops dealing with
> > multirouting IREs and another is the duplication of "is this an ipsec
> > packet, if so call something special".
> >
> > Is anyone working on refactoring the code to address some of these issues?
>
> The IPsec team has an unfunded project to get rid of remaining STREAMS
> infrastucture related to IPsec (we were waiting for FireEngine, plus we do
> have other fish to fry). I believe Surya will lay the groundwork for a LOT
> of potential crap-removal by allowing someone to kill most of ip_newroute().
And what about code like this in ip_wput_ire():
if (!next_mp) {
ipsec_out_process(q, first_mp,
ire, ill_index);
...
return;
}
ipsec_out_process(q, first_mp, ire,
ill_index);
Is there a reason why ip_wput_ire() shouldn't be heavily rototilled? (apart
from funding, that is)
Darren
This message posted from opensolaris.org
_______________________________________________
networking-discuss mailing list
[email protected]
