Hi, We know that the output process of Linux native IPsec fully uses the XFRM architecture. The order of primal functions are xfrm_lookup(), xfrm_tmpl_resolve(), xfrm_bundle_create() and dst_output(). The input process for IPsec is more simple than output. The order of primal functions (in IPv4) are xfrm4_rcv(), xfrm4_rcv_encap(), xfrm4_parse_spi(), xfrm4_policy_check(). But, Why should the input process also go throught xfrm_lookup(), xfrm_tmpl_resolve(), xfrm_bundle_create()? What's the purpose of this? Thank you. ===== Best Regards, Park Lee __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - : send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
