FAST_IPSEC is now IPSEC, please be advised...

gnn at gnn at
Tue Jul 3 12:22:48 UTC 2007


My most recent check-in moves FreeBSD HEAD, soon to be 7.0 into the
post Kame era.  What was once FAST_IPSEC has been made into IPSEC and
the Kame IPsec code has been removed from the tree.  We will continue
to use and update the Kame IPv6 code but of course there will be no
more drops of code from the Kame project as it ended a year ago.

Some things about the new IPsec:

1) Hardware Offload Support

Support for several vendors hardware accelerators is available by
using the new IPsec code.

2) Fine Grained Locking (SMP)

One of the major reasons to move to the new codebase and to deprecate
the Kame code was that we needed an IPsec stack that was locked for
our SMP kernel architecture.

3) Full IPv6 Support

One of the missing features of the old FAST_IPSEC code was IPv6
support. IPv6 is now fully supported. 

The code has been tested in my lab using both home grown tests and the
TAHI test suite ( as well by some FreeBSD
Developers, notably Bjoern Zeeb, who is also responsible for the user
land fixes, as well as numerous patches to the kernel.

Please forward problems, and patches to me, or this list.


More information about the freebsd-net mailing list