next up previous
Next: 6.9 ipsec_tunnel_xmit rework Up: 6 Milestone definitions Previous: 6.7 ipsec_rcv rework

6.8 creation of MAST device

The MAST device will be introduced in September as an experimental device. Select code from the transmit side will be placed into subroutines to be shared with the xmit rework.

This process will start, however on the receive side with the introduction of a single MAST device. A member will added to the ``ipsec_sa'' structure which will point to an appropriate MAST device. This will be used to set the skb->dev pointer to on cleartext packets emerging. This differs from established practice of pointing it to the ipsecX device.

Note that the ``ipsec_sa->odev'' member will be initalized to the single MAST device at present as no method of setting it from above is provided at this stage.

The skb's fwmark will be filled in with the SAID index. As an optional measure, a new member will be added to the skb structure called the ``flowpolicy''. An attempt will be made to get this patch into the mainstream.

This will permit later code to be written to do the tunnel exit checks within NetFilter.


next up previous
Next: 6.9 ipsec_tunnel_xmit rework Up: 6 Milestone definitions Previous: 6.7 ipsec_rcv rework
Michael Richardson
2001-09-16