A radical restructuring of IPsec...

gnn at freebsd.org gnn at freebsd.org
Fri Apr 6 14:06:39 UTC 2007


There is now a patch here:


which follows the current state of my radical_ipsec p4 branch.

The patch removes Kame derived IPsec from the tree, and adds v6
support to FAST_IPSEC.  The IPSEC kernel option is removed, but the
FAST_IPSEC option remains. This is a test patch and has a known
problem with routing packets through a node.  Nodes can operate in a
host mode, that is they are the endpoint of a tunnel.

When I applied the patch to a CURRENT tree (6 April 2007, 23:00 JST)
it applied but did not automatically create the netinet6/ip6_ipsec.c
and netinet6/ip6_sec.h file.  I'm not sure why not.  If those files
are not created then you can create them by  hand from the patch file.

This is the direction that IPsec will be going in future so it would
be good for people to start at least looking at these changes.


More information about the freebsd-net mailing list