netbsd-docs: typos in www.netbsd.org/Documentation/network/ipsec/

Subject: typos in www.netbsd.org/Documentation/network/ipsec/
To: None <netbsd-docs@netbsd.org>
From: David Waitzman <djw@bbn.com>
List: netbsd-docs
Date: 05/24/2002 12:03:27 
I think that the following picture, in "Interaction with ipfilter" section in
the "NetBSD IPsec" doc is somewhat wrong:
 inbound processing:
 userland programs IKE daemon
 ^ AF_INET{,6} socket ^ | PF_KEY socket
 ========= | ============================= | | ======== Kernel/user
boundary
 | | v
 transport layer, TCP/UDP key management table
 ^ ^ | key information
 | | |
 | | v
 +-----IP input/output logic <-------> AH/ESP/IPcomp logic
 v ^ ^ |
 tunnel | +----------------------+ decapsulated IPsec packets
 devices |
 | ipfilter rules
 | ^
 +------>|
 |
 Network drivers (ethernet)
 outbound processing:
 userland programs IKE daemon
 | AF_INET{,6} socket ^ | PF_KEY socket
 =========== | =========================== | | ======== Kernel/user
boundary
 v | v
 transport layer, TCP/UDP key management table
 | ^ | key information
 | | |
 v | v
 +---->IP input/output logic <-------> AH/ESP/IPcomp logic
 | | (incl. IPsec tunnel
encapsulation)
 tunnel |
 devices |
 | ipfilter rules
 | |
 +---------+
 v
 Network drivers (ethernet)I 
I would correct it to:
 inbound processing:
 userland programs IKE daemon
 ^ AF_INET{,6} socket ^ | PF_KEY socket
 ========= | ============================= | | ======== Kernel/user
boundary
 | | v
 transport layer, TCP/UDP key management table
 ^ ^ | key information
 | | |
 | | v
 +-----IP input logic ---------------> AH/ESP/IPcomp logic
 v ^ ^ |
 tunnel | +----------------------+ decapsulated IPsec packets
 devices | 
 | ipfilter rules 
 | ^ 
 +------>| 
 |
 Network drivers (ethernet) 
 
 outbound processing: 
 userland programs IKE daemon
 | AF_INET{,6} socket ^ | PF_KEY socket
 =========== | =========================== | | ======== Kernel/user
boundary
 v | v
 transport layer, TCP/UDP key management table
 | ^ | key information
 | | |
 v | v 
 +---->IP output logic -------------> AH/ESP/IPcomp logic
 | | ^ | incl. IPsec tunnel
encapsulation)
 tunnel | +----------------------+ encapsulated IPsec
packets 
 devices | 
 | ipfilter rules
 | |
 +---------+
 v
 Network drivers (ethernet)I 
**************************************
Which is to say, there are problems around the following two sections:
 +-----IP input logic ---------------> AH/ESP/IPcomp logic
 v ^ ^ |
 tunnel | +----------------------+ decapsulated IPsec packets
 
and 
 +---->IP output logic -------------> AH/ESP/IPcomp logic
 | | ^ | incl. IPsec tunnel
encapsulation)
 tunnel | +----------------------+ encapsulated IPsec
packets 
 devices | 
-- 
-david waitzman
 BBN Technologies

AltStyle によって変換されたページ (->オリジナル) /