Date: Wed, 02 Apr 2003 16:55:13 +0200 From: Eric Masson <e-masson@kisoft-services.com> To: "Sam Leffler" <sam@errno.com> Cc: Mailing List FreeBSD Network <freebsd-net@freebsd.org> Subject: Re: options FAST_IPSEC & tunnels Message-ID: <8665pxrlta.fsf@notbsdems.interne.kisoft-services.com> In-Reply-To: <05b901c2f881$67e907f0$52557f42@errno.com> (Sam Leffler's message of "Tue, 1 Apr 2003 11:03:05 -0800") References: <86pto6mbxj.fsf@notbsdems.interne.kisoft-services.com> <05b901c2f881$67e907f0$52557f42@errno.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-=-= Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit >>>>> "Sam" == Sam Leffler <sam@errno.com> writes: Sam> Wow, someone besides me actually using fast ipsec! :) You're not alone ;) Sam> Packets are tagged once they've been processed on input. I think Sam> you can do a similar check with something like: Ok patch against 4.8-RELEASE attached. Sam> Long term, I intend is to associate packets with an enc device so Sam> there's a way to identify these packets when writing firewall Sam> rules. Fine. Thanks a lot Eric Masson -- > Nous recherchons une streap-teaseuse confirmée pour animer des dîners > dansants en région parisienne. Cette offre est sérieuse. Email pour > premier contact : gxxxx@club-internet.fr Tél Philippe : 0142458XXX -+- PG in Guide du Neuneu Usenet - Le premeir contact sera le bon -+- --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=ip_input.c.diff *** ip_input.c.orig Wed Apr 2 16:50:54 2003 --- ip_input.c Wed Apr 2 16:18:57 2003 *************** *** 432,437 **** --- 432,445 ---- goto pass; #endif + #if defined(FAST_IPSEC) && !defined(IPSEC_FILTERGIF) + /* + * Bypass packet filtering for packets from a tunnel (gif). + */ + if (m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL) != NULL) + goto pass; + #endif + /* * IpHack's section. * Right now when no processing on packet has done --=-=-=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8665pxrlta.fsf>