linux-ipsec: Re: IPSec: Fragmentation in Linux 2.0.xx IP stack

> The version I am puting together is based on some old code (Enskip,
> linux-ipsec by JI) and parts of the IPSec found in OpenBSD.

Anything from OpenBSD whose license contains the advertising clause version of the BSD license cannot be mixed with GPL code. Thats why JI's code got chucked in the cosmic trashcan.

> I was wondering if you would have any idea where to put a hook to process
> a complete IP datagram before fragmentation, without causing too much
> overhead in general IP packet processing.

Personal opinion - hook at the device layer. The other approach would be to use 2.1.x and change the destination cache output function to be your processor. Even then the ip_build_xmit case remains. Right now ip_build_xmit is such a huge win its important to keep it.

Maybe change ip based sockets to call

        sk->ip_build_xmit()

and switch on a per socket basis ?

Alan Received on Tue Apr 28 08:22:24 1998

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek