From: Hugo Santos <[EMAIL PROTECTED]> Date: Fri, 28 Jul 2006 04:13:22 +0100
> Certainly, control packets cause state transitions. TCP is a mixed > bag. I think the question here is whether we can afford a stack where > the data path is fully synchronous with the control path -- considering > the amount of "time" required by a state transition (and other burdens > you've identified). It might not pose a problem using the current > signalling, but as an example, if we consider SEcure Neighbor Discovery > (SEND, RFC 3971), validating a secure prefix to derive an address from, > involves checking certificate signatures (besides the > certificate-obtaining procedure); a process which may take some time. We check AH4 hash signatures synchronously in the softirq packet input path. I know about async-crypto, but the point is that we do this kind of heavy computation in the input path and it isn't a big deal. Now, if you're saying that, in response to a NDISC packet, we might have to go out and obtain the certificate, before we can process the NDISC packet. This is a different issue. Is that how this secure NDISC works? Or does the system obtain all the certificates first, by some other means, and then either it can certify an NDISC frame immediately or it can't? - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
