Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sun, 17 Mar 2002 23:13:36 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sun, 17 Mar 2002 23:13:27 -0500 Received: from pizda.ninka.net ([216.101.162.242]:57274 "EHLO pizda.ninka.net") by vger.kernel.org with ESMTP id ; Sun, 17 Mar 2002 23:13:12 -0500 Date: Sun, 17 Mar 2002 20:09:49 -0800 (PST) Message-Id: <20020317.200949.32384373.davem@redhat.com> To: alan@lxorguk.ukuu.org.uk Cc: davids@webmaster.com, linux-kernel@vger.kernel.org Subject: Re: RFC2385 (MD5 signature in TCP packets) support From: "David S. Miller" In-Reply-To: In-Reply-To: <20020316000629.AAA989@shell.webmaster.com@whenever> X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org From: Alan Cox Date: Sat, 16 Mar 2002 01:43:05 +0000 (GMT) Dave's suggestion is netfilter - and netfilter is fast enough I think. You only need filters on stuff you have already decided is for your IP too. After some thinking, the TAP idea is even nicer as it guarentees zero overhead, make it such that you only route the BGP stuff over the device having the TAP attached (make a dummy eth alias just for this purpose). - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/