Hi,
In Linux native IPsec, there is a function
xfrm_lookup(struct dst_entry **dst_p, struct flowi
*fl, struct sock *sk, int flags) (in
/usr/src/linux-2.6.5-1.358/net/xfrm/xfrm_policy.c).
Whenever a packet is sending, kernel will call
xfrm_lookup() to finds/creates a bundle for it.
xfrm_lookup() can be called by many functions. one
of these functions is ip_route_output_key().
we can see its definition as follows:
int ip_route_output_key(struct rtable **rp, struct
flowi *flp)
{
int err;
if ((err = __ip_route_output_key(rp, flp)) !=
0)
return err;
return flp->proto ? xfrm_lookup((struct
dst_entry**)rp, flp, NULL, 0) : 0;
}
As ip_route_output_key() calls xfrm_lookup() with the
argument sk set to NULL, Does this means that the
packets sending through ip_route_output_key() to
xfrm_lookup() have no corresponding local socket with
them (because their sk is NULL)? Are these packets all
created by special kernel socket (i.e. icmp_socket and
tcp_socket)?
Thank you very much.
=====
Best Regards,
Park Lee
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
