[Openswan dev] Openswan 2.6.24 TCP traffic
Ronen Shitrit
rshitrit at marvell.com
Wed Feb 10 02:07:11 EST 2010
See below
-----Original Message-----
From: David McCullough [mailto:david_mccullough at mcafee.com]
Sent: Wednesday, February 10, 2010 6:39 AM
To: Ronen Shitrit
Cc: dev at openswan.org
Subject: Re: [Openswan dev] Openswan 2.6.24 TCP traffic
Jivin Ronen Shitrit lays it down ...
> I think I found the problem,
> There is a new flag IFF_XMIT_DST_RELEASE see commit
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93f154b594fe47e4a7e5358b309add449a046cd3
>
> I believe this flag should be unset in our case,
> It will probably solve my problem, I will test it tomorrow...
Patch attached. Works AFAICT. Let us know how you go and I'll commit
this.
[Ronen Shitrit] Thanks, it works for me :)
Not sure if we should look at klips and see if we can call
skb_dst_release(..) earlier than "when we are finished with the skb".
I fixed up the general nothing goes wrong case so that we do not need,
so perhaps after the last icmp/reply packet type cases we can release the
dst.
[Ronen Shitrit] From the commit description it seems that this was done for perf optimizations only, I believe that in case someone is using IPsec the performance impact of the dst release relocation will be much smaller...
BTW: does rmmod work for you?
More information about the Dev
mailing list