netatm: plan for removal unless an active maintainer is found
Pawel Jakub Dawidek
pjd at FreeBSD.org
Wed Mar 15 22:02:13 UTC 2006
On Wed, Mar 15, 2006 at 10:54:40AM +0000, Robert Watson wrote:
+> Otherwise, with the exception of KAME IPSEC, the network stack code is actually in pretty good shape for removing the Giant compat shims. We've had at least a couple of
+> people say they're willing to work on this and take steps in the right direction (including some initial patches for IPSEC improvement), but I guess we'll see come August
+> whether it has happened. The discussion has always been about whether it's better to add IPv6 support to FAST_IPSEC, or lock down KAME IPSEC. Both are desirable, and both
+> require significant familiarity with the code and protocols involved.
Let me add my two cents. There are actually two things to do with KAME
IPsec: MPSAFE and crypto(9) support and only one thing (IPv6) in case of
fast_ipsec(4), so I think it will be much easier to add IPv6 support to
fast_ipsec(4) and just drop KAME IPsec, so we can have one, full
functional IPsec stack.
This is really confusing for the users. When I first heard of
fast_ipsec(4) I thought it only works with crypto HW and if I need to do
cryptography in software I need KAME IPsec.
But that's just an opinion of a passive observer:)
--
Pawel Jakub Dawidek http://www.wheel.pl
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20060315/d1dad18e/attachment.pgp
More information about the freebsd-arch
mailing list