From owner-freebsd-net@FreeBSD.ORG  Fri Apr  6 14:06:39 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: net@freebsd.org
Delivered-To: freebsd-net@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 7C43216A404
	for <net@freebsd.org>; Fri,  6 Apr 2007 14:06:39 +0000 (UTC)
	(envelope-from gnn@neville-neil.com)
Received: from mrout3.yahoo.com (mrout3.yahoo.com [216.145.54.173])
	by mx1.freebsd.org (Postfix) with ESMTP id 2D71913C489
	for <net@freebsd.org>; Fri,  6 Apr 2007 14:06:39 +0000 (UTC)
	(envelope-from gnn@neville-neil.com)
Received: from minion.local.neville-neil.com (proxy8.corp.yahoo.com
	[216.145.48.13])
	by mrout3.yahoo.com (8.13.6/8.13.6/y.out) with ESMTP id l36E6GX0035449
	for <net@freebsd.org>; Fri, 6 Apr 2007 07:06:16 -0700 (PDT)
Date: Fri, 06 Apr 2007 23:05:57 +0900
Message-ID: <m21wix61iy.wl%gnn@neville-neil.com>
From: gnn@freebsd.org
To: net@freebsd.org
User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8
	(=?ISO-8859-4?Q?Shij=F2?=) APEL/10.7 Emacs/22.0.95
	(i386-apple-darwin8.8.2) MULE/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Cc: 
Subject: A radical restructuring of IPsec...
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Apr 2007 14:06:39 -0000

Hi,

There is now a patch here:

http://people.freebsd.org/~gnn/fast_ipv6.20070406.diff

which follows the current state of my radical_ipsec p4 branch.

The patch removes Kame derived IPsec from the tree, and adds v6
support to FAST_IPSEC.  The IPSEC kernel option is removed, but the
FAST_IPSEC option remains. This is a test patch and has a known
problem with routing packets through a node.  Nodes can operate in a
host mode, that is they are the endpoint of a tunnel.

When I applied the patch to a CURRENT tree (6 April 2007, 23:00 JST)
it applied but did not automatically create the netinet6/ip6_ipsec.c
and netinet6/ip6_sec.h file.  I'm not sure why not.  If those files
are not created then you can create them by  hand from the patch file.

This is the direction that IPsec will be going in future so it would
be good for people to start at least looking at these changes.

Best,
George