Conclusions

Conclusions   We have presented the OpenBSD mbuf_tags, a mechanism for tagging packets as they flow through the network stack. These tags are used by many different kernel components such as the IPsec stack, various pseudo-interfaces, the packet filtering engine (PF), etc. We discussed the design rationale, the API, and the uses of the tags in OpenBSD, as well as some future improvements we intend to make. The mbuf_tags have been in use in OpenBSD for several years, and were recently ported to FreeBSD. mbuf_tags represent a powerful and flexible mechanism for allowing kernel developers to perform certain types of processing on packets in different parts of the network stack.