Date: Thu, 7 Nov 2019 14:48:31 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Lawrence Stewart <lstewart@freebsd.org>, =?UTF-8?Q?Olivier_Cochard-Labb=c3=a9?= <olivier@freebsd.org>, freebsd-net@freebsd.org, Kurt Jaeger <pi@freebsd.org> Subject: Re: 10g IPsec ? Message-ID: <54db0c82-ad44-13ed-8e1f-702557f331e5@grosbein.net> In-Reply-To: <20191107073255.GU8521@funkthat.com> References: <20191104194637.GA71627@home.opsec.eu> <20191105191514.GG8521@funkthat.com> <CA%2Bq%2BTcogf6uiCX=LiENB=hpz3V-hJtKY-4m_2YYbxbuy9bFVww@mail.gmail.com> <f4051158-b80c-3c54-10c8-f1b01c401f0d@freebsd.org> <261b842d-51eb-4522-6ef5-0672e5d1594e@grosbein.net> <d2b64075-b9fe-b13d-760e-70cf0e074ea6@freebsd.org> <20191107073255.GU8521@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
07.11.2019 14:32, John-Mark Gurney wrote: > Don't we have the option of doing soft re-classification? Where we > recalculate the hash, and then do a netisr defer? I mean that'd burn > a bunch of extra cpu cycles, but you gotta do what you gotta do. If the host got a packet already, it can just process it without extra re-classification. The only case I know when such re-classification can be useful is assigning M_FLOWID to the mbuf so that lagg(4) using LACP could send it further using such M_FLOWID and maybe distribute distinct IPsec flows over distinct ports of LAGG group. I doubt this has much practical use :-) Generally we terminate IPsec locally or route packets to other hosts without need to differ them from other transit traffic.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54db0c82-ad44-13ed-8e1f-702557f331e5>