next up previous
Next: 6.8 creation of MAST Up: 6 Milestone definitions Previous: 6.6 algorithm database work

6.7 ipsec_rcv rework

Work on redoing the receive functions using the algorithm database will begin in September and will be completed and tested for a release in November. This will have no externally visible changes to customers, the major goal of this stage is readability.

This work will consist of the following steps:

  1. rename ``tdb'' structure to ``ipsec_sa'', add reference count.
  2. create lifetime structure, moving all lifetime checks to common code.

  3. create an ident structure to be friendlier to PF_KEY.

  4. create transform data structure and ops structure containing a pointer to function for each each existing case statement of all ``switch'' clauses.

  5. create per-packet state structure (``job'') using the skb->options area and appropriate macros.

  6. split up into pre-crypto, crypto and post-crypto stages, calling each one directly. (i.e. not through queues or callbacks yet)

  7. use of low-level generic algorithm functions (e.g. 3DES, SHA1, MD5) to perform crypto.

  8. a later effort will transform the receive function into the software path of the target architecture.


next up previous
Next: 6.8 creation of MAST Up: 6 Milestone definitions Previous: 6.6 algorithm database work
Michael Richardson
2001-09-16