Re: RFC2385 (MD5 signature in TCP packets) support

Mike Fedyk (mfedyk@matchmail.com)
Sun, 17 Mar 2002 21:06:18 -0800


On Sun, Mar 17, 2002 at 08:09:49PM -0800, David S. Miller wrote:
> From: Alan Cox <alan@lxorguk.ukuu.org.uk>
> Date: Sat, 16 Mar 2002 01:43:05 +0000 (GMT)
>
> Dave's suggestion is netfilter - and netfilter is fast enough I
> think. You only need filters on stuff you have already decided is
> for your IP too.
>
> After some thinking, the TAP idea is even nicer as it guarentees zero
> overhead, make it such that you only route the BGP stuff over the
> device having the TAP attached (make a dummy eth alias just for this
> purpose).
>

... You'd have to use netfilter to mark the correct packets, then route on
that mark to the dummy interface.

How is that more efficient?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/