[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netbsd-tech-net
Subject:    Re: fast-ipsec and ipfilter
From:       Jonathan Stone <jonathan () DSG ! Stanford ! EDU>
Date:       2003-11-23 23:48:51
[Download RAW message or body]


In message <200311231905.18492.scw@netbsd.org>Steve Woodford writes


>This means that fast-ipsec tunnels do not work when ipfilter is in the 
>mix.

Far from unexpected. Thansk for trying it.

>To address this, I've attached a patch which does pretty much the same 
>thing for fast-ipsec as is currently done for Kame IPsec.
>
>Comments?

I havent tried compiling or running it, but it all looks reasonable.
The biggest comment I have that Sam Leffler and I try to keep the
FreeBSD (4.x) and NetBSD sys/netipsec in synch.  I think the patch
will compile on FreeBSD, but if you can wait a day or two to commit, I
can test it in FreeBSD 4.x kernel source. I can check whether Sam has
comments too, if he hasn't seen it already.

Should we put in IPv6 filtering hooks whilst we're at it?

[prev in list] [next in list] [prev in thread] [next in thread]