Francesco DiMambro wrote:
> Hi Erik
> Another important note I think you're missing about MDT,
I don't think I'm missing anything with MDT ;-) I've read far more code
and design documents for what's gone into the TCP/IP stack than I'd
admit in public ;-)
> what appears to be happening below is a transform from Data
> to encrypted data. Which simply can mean to MDT you allocate
> a buffer for the resultant encrypted packets which will be
> the payload part of the MDT message, no need for a header
> the driver gets payload buffers with one packet after another
> described by the pdesc structure. The driver just sends it using
> the MDT path with no interpretation beyond this is an MDT message.
> You get the benefit of locking down/syncing only one payload buffer,
> the benefit of traversing the stack once and finally all that for a bunch
> of packets.
That was what I said in the email as a possible way to exploit MDT with
IPsec. The complexity increase in the IPsec code is a bit excessive; it
would be hard to do this without lots of code duplication.
TCP/IP fastpaths delenda est,
Erik
_______________________________________________
networking-discuss mailing list
[email protected]
