On Wed, 2004-12-22 at 22:29 -0800, Park Lee wrote: > Thanks. > But, After a packet was received, It has already been > processed by xfrm4_rcv(), xfrm4_rcv_encap(), > ah_input(), esp_input(),etc. so, I think that there is > no need to search(or created) a bundle everytime a > packet is recieved, since it has already been > processed. Am I right? Are you sure you're not seeing the creation of a reply packet? Unless you're testing with UDP and a listening socket on the receiver, you're going to get a response packet if the incoming packet makes it through the iptables rules. You were testing with ICMP echo requests (ping), if I recall. I think either you're basing your idea of the packet flow on printk()'s, or I'm just too tired and missing where xfrm_lookup() gets called on the rx path... (yes, sk can be NULL there, but I was wrong about it being called for Rx'd packets, I think). However, if your NIC driver does NAPI, you can see an xfrm_lookup() on the reply packet when the driver calls netif_receive_skb() -- this bit me recently... -- David Dillow <dave@xxxxxxxxxxxxxx> - : send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
