ipsec changes in 5.2R
Crist J. Clark
cristjc at comcast.net
Wed Feb 4 14:05:04 PST 2004
On Wed, Feb 04, 2004 at 10:36:51PM +0100, Guido van Rooij wrote:
> On Wed, Feb 04, 2004 at 01:21:47PM -0800, Crist J. Clark wrote:
> > On Wed, Feb 04, 2004 at 10:19:33PM +1100, Andrew Thomson wrote:
> > > Thanks, that worked a treat for me too.. everything back to normal!
> > >
> > > So what's the go with this fast_ipsec business. Is this going to be the
> > > main implementation for Freebsd?
> >
> > I believe the main reason FAST_IPSEC came to be is support for crypto
> > hardware.
> >
> > However, FAST_IPSEC cannot replace KAME IPsec. FAST_IPSEC is IPv4-only
> > whereas KAME is IPv6 with its required IPsec abilities "back-ported"
> > into the IPv4 stack.
> >
> > It would be really, really nice to get this bug out of KAME IPsec
> > before 5.2.1, but if 5.2 didn't wait...
>
>
> True. Is KAME aware of this problem or is it FBSD specific?
I believe it's FreeBSD specific, but I also believe it is a result of
the effort to sync up the KAME stuff in the FreeBSD repository with
more recent KAME SNAPs.
There was quite a bit of chatter on the list about fixing some IPsec
panics. I thought the same people were looking into this too, but when
5.2 passed by without a lot of concern... ? There have been commits to
KAME IPsec code in the last day or so, but I haven't reviewed them or
tried them out to see if they have anything to do with these issues.
--
Crist J. Clark | cjclark at alum.mit.edu
| cjclark at jhu.edu
http://people.freebsd.org/~cjc/ | cjc at freebsd.org
More information about the freebsd-current
mailing list