Some notes on FAST_IPSEC...
gnn at freebsd.org
gnn at freebsd.org
Wed May 11 18:23:44 PDT 2005
Hi Folks,
A few of us chatted about FAST_IPSEC at BSDCan today and came up with
the following task list that others might want to take a look at,
comment on, and maybe do some work on:
Tasks to update FAST_IPSec
Add IPv6 support (2-3 weeks)
Fix/update the compression code (< 1 week)
Bringing other things up to date (i.e. NATT and Raccoon)
PF_KEY separation to isolate PF_KEY from IPSec code
SDB APIs are insufficient and need to be able to do things like
bulk operations
In order to test IPSec you need to set up tunnels, of course, but the
most bugs are found by setting up the timers to recycle SAs really
fast.
Those who were there can correct/add to this list but I think this
encapsulates the thinking from today, most of which was courtesy of
Sam Leffler. Time estimates, of course, are subject to the Your
Mileage May Vary and Murphy's principles :-)
Later,
George
More information about the freebsd-net
mailing list