enc(4) (was: Re: gif(4) and bpf(4))
Simon L. Nielsen
simon at FreeBSD.org
Wed Jan 26 01:23:38 PST 2005
On 2005.01.26 02:33:54 +0000, Bruce M Simpson wrote:
> On Tue, Jan 25, 2005 at 06:38:42PM +0100, Jeremie Le Hen wrote:
> > Are you thinking about the enc(4) interface [1] [2] provided with OpenBSD ?
>
> Somewhat, although whilst enc(4) provides some of this functionality, its
> role as far as I can see is mainly to provide a 'tapping point' for filtering
> packets as they pass out of the system and into IPSEC (something I believe
> we now handle using mbuf tags).
I have been looking into porting enc(4) from OpenBSD and have some
partial patches at this point. The point of enc(4) AFAIK is to allow
packet filtering of IPsec traffic, basically the ipfw "ipsec" keyword
more generic, and bpf tapping of traffic in and out of IPsec tunnels.
It's not really related to FreeBSD's use of mbuf tags for IPsec
handling, since those are not "visible" from userland. Anyone, please
correct me if I'm wrong.
--
Simon L. Nielsen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20050126/5569fd2e/attachment.bin
More information about the freebsd-net
mailing list