IPSec on current.
Bruce M Simpson
bms at spc.org
Wed Oct 27 21:14:03 PDT 2004
On Wed, Oct 27, 2004 at 10:28:44PM -0400, David Gilbert wrote:
> George> Just for the record, yes, FAST_IPSEC does not support INET6.
>
> Not supporting IPv6 is less of a showstopper than not supporting
> FAST_IPSEC as the later is required (for isntance) BGP.
I have a whole load of changes to bring in itojun's stuff from NetBSD
which makes TCP_SIGNATURE work with KAME IPSEC, and also performs input
verification. Unfortunately, due to the way this works, this is all or
nothing and needs some rethinking to have the correct granularity. But
it's definitely a step in the right direction. In future it'll probably
require that applications using TCP_SIGNATURE be able to speak PF_KEY.
This stuff is still quite a bit far off from being committed to -CURRENT,
though, and I probably won't have a chance to finish it for some time.
FAST_IPSEC not jibing with INET6 is a separate issue, but from what I
understand, it's quite possible, again, lack of committer time/resource.
Regards,
BMS
More information about the freebsd-current
mailing list