USENIX Technical Program - Abstract - USENIX Annual
Conference, Freenix Session - June 2000
Mbuf issues in 4.4BSD IPv6/IPsec support
experiences from KAME IPv6/IPsec implemntation
Jun-ichiro itojun Hagino, KAME Project, Internet Initiative Japan
Inc.
Abstract
The 4.4BSD network stack has made certain assumptions regarding the
packets it will handle. In particular, 4.4BSD assumes that (1) the total
protocol header length is shorter than or equal to MHLEN, usually 100
bytes, and (2) there are a limited number of protocol headers on a
packet. Neither of these assumptions hold any longer, due to the way
IPv6/IPsec specifications are written.
We at the KAME project are implementing IPv6 and IPsec support code on
top of 4.4BSD. To cope with the problems, we have introduced the
following changes: (1) a new function called m_pulldown, which adjusts
the mbuf chain with a minimal number of copies/allocations, and (2) a
new calling sequence for parsing inbound packet headers. These changes
allow us to manipulate incoming packets in a safer, more efficient, and
more spec-conformant way. The technique described in this paper is
integrated into the KAME IPv6/IPsec stack kit, and is freely available
under BSD copyright. The KAME codebase is being merged into NetBSD,
OpenBSD and FreeBSD. An integration into BSD/OS is planned.
|