Date: Sat, 07 Apr 2007 09:33:33 -0700 From: Sam Leffler <sam@errno.com> To: Jeremie Le Hen <jeremie@le-hen.org> Cc: gnn@freebsd.org, "Bruce M. Simpson" <bms@freebsd.org>, net@freebsd.org Subject: Re: A radical restructuring of IPsec... Message-ID: <4617C7DD.8050704@errno.com> In-Reply-To: <20070407101600.GF11297@obiwan.tataz.chchile.org> References: <m21wix61iy.wl%gnn@neville-neil.com> <46171DB2.6070705@FreeBSD.org> <20070407101600.GF11297@obiwan.tataz.chchile.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jeremie Le Hen wrote: > Hi, Bruce, > > On Sat, Apr 07, 2007 at 05:27:30AM +0100, Bruce M. Simpson wrote: >> I'm all for this in principle. I believe that the case for FAST_IPSEC >> over KAME IPSEC is fairly clear for those of us who have read the USENIX >> paper. Qualitatively speaking I can say FAST_IPSEC has been more >> pleasant to work with when introducing the TCP-MD5 support. > > Would you point out the paper you're talking about please ? He's probably talking about my old Usenix BSDCon paper about fast ipsec. Look at the Usenix web site. > > > > George, > > Thank you for your work! > > I'm a little sorrowful to see KAME's work going to be forgotten, but > well, this is Darwin's law :-). > > BTW, a couple of years ago, I've tried KAME's snapshot against my > RELENG_4's tree. There was a number of features that weren't in the > base system and I'm pretty sure this is still the case. I can't > remember them all but one: NAT-PT (RFC2766) (IPv4<->IPv6 translation). > Do you have any idea what those features will become in later days ? It's easier to add features when there's a single code base to add them too. Some stuff exists in netbsd's fast ipsec code base and can be brought over with minimal effort. Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4617C7DD.8050704>