Date: Fri, 06 Apr 2007 23:05:57 +0900 From: gnn@freebsd.org To: net@freebsd.org Subject: A radical restructuring of IPsec... Message-ID: <m21wix61iy.wl%gnn@neville-neil.com>
next in thread | raw e-mail | index | archive | help
Hi, There is now a patch here: http://people.freebsd.org/~gnn/fast_ipv6.20070406.diff which follows the current state of my radical_ipsec p4 branch. The patch removes Kame derived IPsec from the tree, and adds v6 support to FAST_IPSEC. The IPSEC kernel option is removed, but the FAST_IPSEC option remains. This is a test patch and has a known problem with routing packets through a node. Nodes can operate in a host mode, that is they are the endpoint of a tunnel. When I applied the patch to a CURRENT tree (6 April 2007, 23:00 JST) it applied but did not automatically create the netinet6/ip6_ipsec.c and netinet6/ip6_sec.h file. I'm not sure why not. If those files are not created then you can create them by hand from the patch file. This is the direction that IPsec will be going in future so it would be good for people to start at least looking at these changes. Best, George
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m21wix61iy.wl%gnn>