The following diagram is where xfrm work while sending out a packet in the security path .
xxx-send
↓
ip_route_output_flow
↓
xfrm_lookup ------> point A
↓
dst_output-->ip_mc_output-->ip_fragment-->...
↓
xfrm_output ------> point B
↓
ip_output
↓
ip_fragment
↓
ip_finish_output/2
↓
neighboring subsystem
↓
dev_queue_xmit
↓
traffic control system
↓
hard_start_xmit
↓
end
The way of receiving a secure packet is not the same as sending:
ip_rcv
↓
ip_rcv_finish
↓
ip_route_input->+ip_forward-> xfrm4_policy_check->xfrm4_route_forward->
xfrm_output->ip_output->...(refer to the above)
↓
ip_local_deliver
↓
xfrm4_policy_check ------> point C
↓
xfrm_input ------ point D
↓
xxx_recv
↓
end
From Point A/B/C/D are key code of xfrm, i will go deep into each point later.
PS: point xfrm_lookup <==> xfrm4_route_forward
(to be continue...)
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment