(review request) ipfw and ipsec processing order for
outgoingpackets
Andre Oppermann
andre at freebsd.org
Mon Nov 29 02:14:55 PST 2004
Joost Bekkers wrote:
>
> Hi
>
> A while ago there was a discussion about passing packet through pfil before
> they are processed by ipsec. I've posted a rough patch back then and I've
> finally had time to polish it.
>
> Although the changes seem very invasive at first glance, the .o files created
> are identical as long as IPSEC_FILTERGIF is not defined. With FAST_IPSEC diff(1)
> will tell you otherwise, but that is due to changed linenumbers which are used
> as arguments in two places. I've checked for differences by disassembling (objdump -d)
> the .o files.
>
> The attached patch is against 5.3R
Please post unified diffs.
> I'm running it myself with FAST_IPSEC. The combination of this patch and the kame
> ipsec could do with some more testing.
--
Andre
More information about the freebsd-net
mailing list