From: David Miller <davem@davemloft.net>
To: hsantos@av.it.pt
Cc: herbert@gondor.apana.org.au, kazunori@miyazawa.org,
yoshfuji@linux-ipv6.org, netdev@vger.kernel.org,
usagi-core@linux-ipv6.org
Subject: Re: Regarding offloading IPv6 addrconf and ndisc
Date: Thu, 27 Jul 2006 20:20:44 -0700 (PDT) [thread overview]
Message-ID: <20060727.202044.85689055.davem@davemloft.net> (raw)
In-Reply-To: <20060728031322.GE29313@innerghost.net>
From: Hugo Santos <hsantos@av.it.pt>
Date: Fri, 28 Jul 2006 04:13:22 +0100
> Certainly, control packets cause state transitions. TCP is a mixed
> bag. I think the question here is whether we can afford a stack where
> the data path is fully synchronous with the control path -- considering
> the amount of "time" required by a state transition (and other burdens
> you've identified). It might not pose a problem using the current
> signalling, but as an example, if we consider SEcure Neighbor Discovery
> (SEND, RFC 3971), validating a secure prefix to derive an address from,
> involves checking certificate signatures (besides the
> certificate-obtaining procedure); a process which may take some time.
We check AH4 hash signatures synchronously in the softirq packet
input path. I know about async-crypto, but the point is that we
do this kind of heavy computation in the input path and it isn't
a big deal.
Now, if you're saying that, in response to a NDISC packet, we might
have to go out and obtain the certificate, before we can process
the NDISC packet. This is a different issue. Is that how this
secure NDISC works? Or does the system obtain all the certificates
first, by some other means, and then either it can certify an NDISC
frame immediately or it can't?
next prev parent reply other threads:[~2006-07-28 3:21 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-27 11:25 Regarding offloading IPv6 addrconf and ndisc Hugo Santos
2006-07-27 12:25 ` Kazunori Miyazawa
2006-07-27 17:56 ` Hugo Santos
2006-07-27 23:56 ` Herbert Xu
2006-07-28 1:34 ` David Miller
2006-07-28 1:45 ` Hugo Santos
2006-07-28 2:27 ` David Miller
2006-07-28 3:13 ` Hugo Santos
2006-07-28 3:20 ` David Miller [this message]
2006-07-28 3:31 ` Hugo Santos
2006-07-28 4:07 ` Stephen Hemminger
2006-07-28 8:34 ` Hugo Santos
2006-07-28 12:45 ` Jamal Hadi Salim
2006-07-29 13:34 ` Hugo Santos
2006-07-30 3:28 ` Kazunori Miyazawa
2006-07-30 11:30 ` Hugo Santos
2006-07-31 21:23 ` David Miller
2006-08-01 11:50 ` Hugo Santos
2006-08-01 21:54 ` David Miller
2006-08-01 0:16 ` Kazunori Miyazawa
2006-07-28 2:22 ` Herbert Xu
2006-07-28 2:33 ` David Miller
2006-08-01 0:31 ` Andi Kleen
2006-08-01 0:46 ` David Miller
2006-08-01 0:49 ` Roland Dreier
2006-08-01 1:24 ` Jamal Hadi Salim
2006-08-01 1:30 ` Herbert Xu
2006-08-01 1:47 ` Jamal Hadi Salim
2006-08-01 12:13 ` Hugo Santos
2006-08-01 12:00 ` Hugo Santos
2006-08-01 21:57 ` David Miller
2006-08-03 13:28 ` Ingo Oeser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060727.202044.85689055.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=hsantos@av.it.pt \
--cc=kazunori@miyazawa.org \
--cc=netdev@vger.kernel.org \
--cc=usagi-core@linux-ipv6.org \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).