A radical restructuring of IPsec...
Sam Leffler
sam at errno.com
Sat Apr 7 17:01:19 UTC 2007
Jeremie Le Hen wrote:
> Hi, Bruce,
>
> On Sat, Apr 07, 2007 at 05:27:30AM +0100, Bruce M. Simpson wrote:
>> I'm all for this in principle. I believe that the case for FAST_IPSEC
>> over KAME IPSEC is fairly clear for those of us who have read the USENIX
>> paper. Qualitatively speaking I can say FAST_IPSEC has been more
>> pleasant to work with when introducing the TCP-MD5 support.
>
> Would you point out the paper you're talking about please ?
He's probably talking about my old Usenix BSDCon paper about fast ipsec.
Look at the Usenix web site.
>
>
>
> George,
>
> Thank you for your work!
>
> I'm a little sorrowful to see KAME's work going to be forgotten, but
> well, this is Darwin's law :-).
>
> BTW, a couple of years ago, I've tried KAME's snapshot against my
> RELENG_4's tree. There was a number of features that weren't in the
> base system and I'm pretty sure this is still the case. I can't
> remember them all but one: NAT-PT (RFC2766) (IPv4<->IPv6 translation).
> Do you have any idea what those features will become in later days ?
It's easier to add features when there's a single code base to add them
too. Some stuff exists in netbsd's fast ipsec code base and can be
brought over with minimal effort.
Sam
More information about the freebsd-net
mailing list