Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 15 Mar 2006 22:59:15 +0100
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        Robert Watson <rwatson@FreeBSD.org>
Cc:        arch@freebsd.org
Subject:   Re: netatm: plan for removal unless an active maintainer is found
Message-ID:  <20060315215915.GB16188@garage.freebsd.pl>
In-Reply-To: <20060315105031.E5861@fledge.watson.org>
References:  <20060315004530.B5861@fledge.watson.org> <20060314.204252.74651890.imp@bsdimp.com> <20060315105031.E5861@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--4bRzO86E/ozDv8r1
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Mar 15, 2006 at 10:54:40AM +0000, Robert Watson wrote:
+> Otherwise, with the exception of KAME IPSEC, the network stack code is a=
ctually in pretty good shape for removing the Giant compat shims.  We've ha=
d at least a couple of=20
+> people say they're willing to work on this and take steps in the right d=
irection (including some initial patches for IPSEC improvement), but I gues=
s we'll see come August=20
+> whether it has happened.  The discussion has always been about whether i=
t's better to add IPv6 support to FAST_IPSEC, or lock down KAME IPSEC.  Bot=
h are desirable, and both=20
+> require significant familiarity with the code and protocols involved.

Let me add my two cents. There are actually two things to do with KAME
IPsec: MPSAFE and crypto(9) support and only one thing (IPv6) in case of
fast_ipsec(4), so I think it will be much easier to add IPv6 support to
fast_ipsec(4) and just drop KAME IPsec, so we can have one, full
functional IPsec stack.

This is really confusing for the users. When I first heard of
fast_ipsec(4) I thought it only works with crypto HW and if I need to do
cryptography in software I need KAME IPsec.

But that's just an opinion of a passive observer:)

--=20
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--4bRzO86E/ozDv8r1
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFEGI4yForvXbEpPzQRAuNJAKCJp1AqWN4F9QsSPY3rkNwFwMA5LQCfRNx3
T9TlhIZqePaUpBJsOgzfJ68=
=L8YU
-----END PGP SIGNATURE-----

--4bRzO86E/ozDv8r1--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060315215915.GB16188>