(review request) ipfw and ipsec processing order for
outgoingpackets
Andre Oppermann
andre at freebsd.org
Mon Nov 29 10:08:52 PST 2004
Joost Bekkers wrote:
>
> On Mon, Nov 29, 2004 at 04:04:20PM +0100, Andre Oppermann wrote:
> > Joost Bekkers wrote:
> > >
> > > On Mon, Nov 29, 2004 at 11:14:46AM +0100, Andre Oppermann wrote:
> > > > >
> > > > > The attached patch is against 5.3R
> > > >
> > > > Please post unified diffs.
> > > >
> > >
> > > Ok, here you go.
> >
> > While this way of 'fixing' the IPSEC problem works it is rather gross
> > and not very stylish. I prefer not to have this in the tree as makes
> > maintainance a lot harder.
> >
>
> I totaly agree that it is not pretty. I was trying to avoid duplicating
> the code (so every change would have to be made twice) and making it a
> function didn't sit right for some reason. Hints/tips for dealing with
> this kind of situation are welcome, but maybe better off-list.
As things currently are with IPSEC code weaved directly into ip_input()
and ip_output() there is no better way than what you have proposed.
> > I have some stuff wrt [Fast]IPSEC and your problem in the works and
> > it should become ready around christmas time (loadable [Fast]IPSEC, at
> > least for IPv4).
> >
>
> Looking forward to it.
It will solve it much more nicely. :)
--
Andre
More information about the freebsd-net
mailing list