Limiting frame re-encryption with TCP retries...

Limiting frame re-encryption with TCP retries...

[James Ketrenos]

The recent 'pskb change in dst-output' thread reminded me that I've been meaning 
to ask about this...

With wireless drivers TCP retransmission occur pretty frequently.  With WEP, 
etc. this means the driver has to re-encrypt the same frame with each retry.

In one of the snapshots for ipw2100 I was encrypting over the SKB provided from 
the kernel via the xmit and putting new data at the head and tail (to hold the 
IV and ICV).  Anyway, that broke all sorts of tools (ip_conntrack, netfilter, etc.)

So now I allocate a new SKB on reception of an SKB from the networking stack and 
encrypt the copy.  The question I have -- is there a way to attach the new SKB 
to the old one such that if the transmit is retried I can check that data and 
don't have to re-encrypt it?

 From the sk_buff.h description of the cb field, I only get to use that data 
while I control the SKB.  Even if this weren't the case it wouldn't quite do 
what I need.  Ideally I want to be able to attach the encrypted SKB to the 
original SKB such that when the network stack gets the ACK it can nuke the 
original SKB and the encrypted one and the driver doesn't have to know.

This gets complicated further when 802.11 level fragmentation is required -- and 
one incoming SKB results in N outbound 802.11 fragments, each encrypted separately.

Any ideas?  I'm not too familiar with the internals of the kernel's network 
stack so if there is something obvious that I should have seen already, please 
point it out to me :)

Thanks,
James