Date: Wed, 3 Apr 2002 10:13:35 -0800 From: "Sam Leffler" <sam@errno.com> To: <freebsd-net@freebsd.org> Subject: kame ipsec vs. openbsd ipsec Message-ID: <2c1d01c1db3b$460c7720$52557f42@errno.com>
next in thread | raw e-mail | index | archive | help
I'm slogging through the KAME IPsec code looking at adding support for
crypto hardware (and NICs that do onboard IPSEC processing). The OpenBSD
IPsec implementation already has this and doing something similar to what
OpenBSD has done requires restructuring large parts of the KAME code in a
similar way. (It's also likely to have repercussions throughout the rest of
the inet code.) So it seems I can either muck with the KAME code or
integrate the OpenBSD code instead. Both options are a lot of work so I
thought I'd solicit some feedback first.
1. Has anyone else seriously looked at doing this?
2. Has anyone compared the OpenBSD and KAME implementations and understand
their relative strengths? (e.g. is there some reason to work with KAME other
than it's already in the system)
I found an old port of the OpenBSD code to FreeBSD but that was abandoned.
Sam
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2c1d01c1db3b$460c7720$52557f42>