Date: Sat, 7 Apr 2007 00:23:22 -0400 From: Kris Kennaway <kris@obsecurity.org> To: Ivan Voras <ivoras@fer.hr> Cc: freebsd-net@freebsd.org Subject: Re: A radical restructuring of IPsec... Message-ID: <20070407042322.GA72639@xor.obsecurity.org> In-Reply-To: <ev5mku$3tq$1@sea.gmane.org> References: <m21wix61iy.wl%gnn@neville-neil.com> <ev5mku$3tq$1@sea.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--envbJBWh7q8WU6mo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Apr 06, 2007 at 04:49:01PM +0200, Ivan Voras wrote: > gnn@freebsd.org wrote: >=20 > >The patch removes Kame derived IPsec from the tree, and adds v6 > >support to FAST_IPSEC. The IPSEC kernel option is removed, but the > >FAST_IPSEC option remains. This is a test patch and has a known > >problem with routing packets through a node. Nodes can operate in a > >host mode, that is they are the endpoint of a tunnel. >=20 > Just a quick question: Is the reason for this simplification,=20 > performance, cleanup (I see spl...() functions removed), or something els= e? KAME IPSEC is both giant-locked and lower performance than fast IPSEC (which also integrates with crypto hardware devices). The missing piece from the latter is what George has implemented, namely IPv6 support. Kris --envbJBWh7q8WU6mo Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGFxy5Wry0BWjoQKURAnySAKCn7H/2T7AOsuoVfhXegEbrHOKkVgCfQIK6 NBR4qmXXX3YINNs52GcR+uA= =QThW -----END PGP SIGNATURE----- --envbJBWh7q8WU6mo--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070407042322.GA72639>