A radical restructuring of IPsec...
gnn at freebsd.org
gnn at freebsd.org
Fri Apr 6 14:06:39 UTC 2007
Hi,
There is now a patch here:
http://people.freebsd.org/~gnn/fast_ipv6.20070406.diff
which follows the current state of my radical_ipsec p4 branch.
The patch removes Kame derived IPsec from the tree, and adds v6
support to FAST_IPSEC. The IPSEC kernel option is removed, but the
FAST_IPSEC option remains. This is a test patch and has a known
problem with routing packets through a node. Nodes can operate in a
host mode, that is they are the endpoint of a tunnel.
When I applied the patch to a CURRENT tree (6 April 2007, 23:00 JST)
it applied but did not automatically create the netinet6/ip6_ipsec.c
and netinet6/ip6_sec.h file. I'm not sure why not. If those files
are not created then you can create them by hand from the patch file.
This is the direction that IPsec will be going in future so it would
be good for people to start at least looking at these changes.
Best,
George
More information about the freebsd-net
mailing list