IPSec Inbound Processing Basic Doubt

Hello,

I have a basic doubt regarding ipsec inbound packet processing.
I have idea about the stackable destination.If I am not wrong it is like this.
 /* Output packet to network from transport.  */
static inline int dst_output(struct sk_buff *skb)
{
        int err;

        for (;;) {
                err = skb->dst->output(skb);

                if (likely(err == 0))
                        return err;
                if (unlikely(err != NET_XMIT_BYPASS))
                        return err;
        }
}

here skb->dst->oututput(skb)
               xfrm4_output(skb) 
                     {
                                x->type->output(skb)
                                skb->dst = dst_pop(skb);
                      }
                                            
And x->type->output(skb) calls ah_output | esp_output and the skb->dst
value is reset during dst_pop(skb)

All methods return non zero for the dst_output for loop to continue
except ip_queue_xmit   (I Think) which returns 0 and the for loop
exits. Error reporting by any member in the chain is through returning
XMIT_BYPASS or similar

I hope Its the way

My doubt regarding Inbound processing is
 dst_input()
{
    for(;;)
   {
        err = skb->dst->input()
   }
}
hope that it calls rxfrm4_rcv (ipv4)  calls
                                xfrm4_rcv_encap()
                                   {
                                        x->type->input()
                                        dst_release(skb->dst);

                                          //also there is a
netif_rx(skb) in the same method
                                    }
 and  x->type->input() calling ah_input | esp_input()

Now is it that 
a) inbound is similar to outbound stackable destination calls except
that the calls are in                                              
reverse direction
b)Does netif_rx call in xfrm4_rcv_encap mean one of the many xfrms of
ipsec gets processed first and the packet is fed back to the ipstack
through netif_rx() and the whole game starts again with ip_rcv
checking protocol finding 50 0r 51 and calling xfrm4_rcv

So is it a call chain 
or 
packet looping between ipsec and ip continuosly using  netif_rx and
ip_rcv and xfrm4_rcv




S Kartikeyan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: IPSec Inbound Processing Basic Doubt
    • From: Michael Becker <[email protected]>

• Prev by Date: Re: [ckrm-tech] Re: [patch 02/38] CKRM e18: Processor Delay Accounting
• Next by Date: Re: 2.6.12 breaks 8139cp
• Previous by thread: aic79xx -> can't suspend
• Next by thread: Re: IPSec Inbound Processing Basic Doubt
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]