[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: revised IPsec processing model
>Thanks for the additional info. As Bill & Markus pointed out, the VID
>is not the same as an address, in the sense discussed above. It is an
>identifier largely internal to IPsec. Does Bill's suggestion of how
>to accommodate the VID address your concerns?
i see, i guess we need to find some term other than "virtual interface".
my another concern is that the text talks too much about implementation
details - for instance, SPD cache implementation could vary by
implementation to implementation. with our implementation we cache
SPD on connected tcp/udp control block (inpcb).
maybe put less (but sufficient) text in 2401bis, and add VID and caching
details as appendix?
itojun