[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: revised IPsec processing model
At 11:04 +0900 7/22/03, Jun-ichiro itojun Hagino wrote:
> >Thanks for the additional info. As Bill & Markus pointed out, the VID
>>is not the same as an address, in the sense discussed above. It is an
>>identifier largely internal to IPsec. Does Bill's suggestion of how
>>to accommodate the VID address your concerns?
>
> i see, i guess we need to find some term other than "virtual
>interface".
>
> my another concern is that the text talks too much about implementation
> details - for instance, SPD cache implementation could vary by
> implementation to implementation. with our implementation we cache
> SPD on connected tcp/udp control block (inpcb).
> maybe put less (but sufficient) text in 2401bis, and add VID
>and caching
> details as appendix?
>
>itojun
There is no need to focus on caching in a host, because you can use
the tcp/udp blocks, as you note. But for BITS, BITW, and security
gateways, caching is critical and thus requires discussion. I will
revise the text to make clear this distinction.
Steve