From owner-freebsd-net Thu Nov 30 16:34:14 2000 Delivered-To: freebsd-net@freebsd.org Received: from coconut.itojun.org (coconut.itojun.org [210.160.95.97]) by hub.freebsd.org (Postfix) with ESMTP id 91F2737B402 for ; Thu, 30 Nov 2000 16:34:10 -0800 (PST) Received: from kiwi.itojun.org (localhost.itojun.org [127.0.0.1]) by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id JAA03713; Fri, 1 Dec 2000 09:33:59 +0900 (JST) To: Dominick LaTrappe Cc: freebsd-net@freebsd.org, Cy Schubert - ITSD Open Systems Group , Gerhard Sittig In-reply-to: seraf's message of Thu, 30 Nov 2000 15:00:29 EST. X-Template-Reply-To: itojun@itojun.org X-Template-Return-Receipt-To: itojun@itojun.org X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD 90 5F B4 60 79 54 16 E2 Subject: Re: filtering ipsec traffic (fwd) From: itojun@iijlab.net Date: Fri, 01 Dec 2000 09:33:59 +0900 Message-ID: <3711.975630839@coconut.itojun.org> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >> from IPv6 point of view (yes, I'm IPv6 centric!) we cannot add extra >> interface like tun0. IPv6 has scoped address, and if we add extra >> interface in IP stack we will change the address semantics. >I take this to mean that in KAME an IPv6 address's scope cannot span >multiple interfaces, which is in itself a big limitation that will prevent >a lot of code from being IPv6-enabled. yes, spec-wise, scope can span across multiple interfaces. i know of no "link can span across multiple interface" implementation to date. "scope across multiple interfaces" does not really help you in this story. if you have multiple ethernet cards (under different scope) and single tunnelling device for ipsec (let us assume that it has its own scope), you aggregate traffic from two different scopes into single scope. itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message