Date: Mon, 25 Jun 2007 09:28:04 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: blue <susan.lan@zyxel.com.tw> Cc: freebsd-net@freebsd.org Subject: Re: Questions about PF_KEY interface Message-ID: <20070625090445.B98813@maildrop.int.zabbadoz.net> In-Reply-To: <467F8002.9010803@zyxel.com.tw> References: <467F65A0.9010900@zyxel.com.tw> <20070625070547.GA24243@zen.inc> <467F8002.9010803@zyxel.com.tw>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 25 Jun 2007, blue wrote: > I have read the manual page for fast_ipsec and ipsec. However, the man page > for fast_ipsec on FreeBSD-6.1Release said currently fast_ipsec does not > support IPv6. However, I thought it could properly deal with IPv6 packets > after tracing code. Could fast_ipsec support IPv6? Another problem is: if the yes, after you apply the patches that were posted the last weeks on this list and will be committed to HEAD shortly. > only difference between fast_ipsec and ipsec is about crypto acceleration, > why fast_ipsec needs to modify a bunch of files (including ip6_input, > ip6_output, ip6_forward, ..., etc.), not only the encap/decap part? If an ipv6 packet arrives that uses IPSec transport or tunnel mode, how should it be dispatched to ipsec processing if there were no hooks? Quite a bit of the code is there make it possible to interchange the ipsec implementations. Parts of that will go away too. > The function, key_output(), which is defined in netkey\keysock.c, does not > lock Giant before key_parse(). According to the comments (see below), maybe Ignore it. It's almost dead code. Apart from that quite a bit of the network stack runs with GIANT compat shims still. > Do you mean FAST_IPSEC feature will be embedded in FreeBSD-7.0 or later > version instead of IPSEC? As IPSEC. Kame IPSEC will go away. Read the archives of this list;-) -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than hardware so better get it right the first time.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070625090445.B98813>