RFC, its only lightly tested, if at all.
This replaces the ipv4+ipv6 session decode functions in xfrm
with a flow dissector description and then uses that to populate
the flowi.
Main drawback is that if we don't want to break MOBIKE the
flow dissector needs more bloat to get to the mh_type from
the ipv6 mobility extension header.
Comments welcome, mainly sent for the sake of next weeks
IPSec workshop.
Florian Westphal (3):
xfrm: move mark and oif flowi decode into common code
flow_dissector: add ipv6 mobility header support
xfrm: policy: replace session decode with flow dissector
include/net/flow_dissector.h | 5 +
net/core/flow_dissector.c | 27 ++++
net/xfrm/xfrm_policy.c | 290 +++++++++++++++--------------------
3 files changed, 152 insertions(+), 170 deletions(-)