From owner-freebsd-net  Wed Apr  3 10:14:18 2002
Delivered-To: freebsd-net@freebsd.org
Received: from ebb.errno.com (ebb.errno.com [66.127.85.87])
	by hub.freebsd.org (Postfix) with ESMTP id C86EF37B4C9
	for <freebsd-net@freebsd.org>; Wed,  3 Apr 2002 10:13:16 -0800 (PST)
Received: from melange (melange.errno.com [66.127.85.82])
	(authenticated bits=0)
	by ebb.errno.com (8.12.1/8.12.1) with ESMTP id g33IDFpt033980
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO)
	for <freebsd-net@freebsd.org>; Wed, 3 Apr 2002 10:13:16 -0800 (PST)?g
	(envelope-from sam@errno.com)œ
Message-ID: <2c1d01c1db3b$460c7720$52557f42@errno.com>
From: "Sam Leffler" <sam@errno.com>
To: <freebsd-net@freebsd.org>
Subject: kame ipsec vs. openbsd ipsec
Date: Wed, 3 Apr 2002 10:13:35 -0800
Organization: Errno Consulting
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

I'm slogging through the KAME IPsec code looking at adding support for
crypto hardware (and NICs that do onboard IPSEC processing).  The OpenBSD
IPsec implementation already has this and doing something similar to what
OpenBSD has done requires restructuring large parts of the KAME code in a
similar way.  (It's also likely to have repercussions throughout the rest of
the inet code.) So it seems I can either muck with the KAME code or
integrate the OpenBSD code instead. Both options are a lot of work so I
thought I'd solicit some feedback first.

1. Has anyone else seriously looked at doing this?
2. Has anyone compared the OpenBSD and KAME implementations and understand
their relative strengths? (e.g. is there some reason to work with KAME other
than it's already in the system)

I found an old port of the OpenBSD code to FreeBSD but that was abandoned.

    Sam


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message