Nicolas Williams wrote:
> On Wed, Jan 28, 2009 at 03:07:57PM -0800, Erik Nordmark wrote:
>> We would like to start the IP datapath refactoring project.
>> We are requesting endorsement from the the networking community.
>
> Will IPsec connection latching also be reworked?
The implementation is slightly different in that most of ipsec_latch_t
either belongs on the transmit side (and lives in the ip_xmit_attr_t) or
on the receive side (and lives in the conn_t). But the identities are
used on both xmit and recv hence they remain in the separate ipsec_latch_t.
The intent is that the behavior be the same, except that for connect on
UDP and RAWIP we now latch the policy. Unconnected UDP and RAWIP do not
latch.
(This approach is more or less based on suggestions from Bill Sommerfeld
if I don't misremember.)
Erik
> While I'm not a core contributor to the networking community, I say +1.
>
> Nico
_______________________________________________
networking-discuss mailing list
[email protected]
