From owner-cvs-all Tue Oct 15 19:10:12 2002 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 137D737B401; Tue, 15 Oct 2002 19:10:10 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9C8AB43E9E; Tue, 15 Oct 2002 19:10:09 -0700 (PDT) (envelope-from sam@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id g9G2A9mV005685; Tue, 15 Oct 2002 19:10:09 -0700 (PDT) (envelope-from sam@repoman.freebsd.org) Received: (from sam@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id g9G2A8VI005684; Tue, 15 Oct 2002 19:10:08 -0700 (PDT) Message-Id: <200210160210.g9G2A8VI005684@repoman.freebsd.org> From: Sam Leffler Date: Tue, 15 Oct 2002 19:10:08 -0700 (PDT) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netipsec ah.h ah_var.h esp.h esp_var.h ipcomp.h ipcomp_var.h ipip_var.h ipsec.c ipsec.h ipsec6.h ipsec_input.c ipsec_mbuf.c ipsec_output.c key.c key.h key_debug.c key_debug.h key_var.h keydb.h keysock.c keysock.h xform.h ... X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG sam 2002/10/15 19:10:08 PDT Added files: sys/netipsec ah.h ah_var.h esp.h esp_var.h ipcomp.h ipcomp_var.h ipip_var.h ipsec.c ipsec.h ipsec6.h ipsec_input.c ipsec_mbuf.c ipsec_output.c key.c key.h key_debug.c key_debug.h key_var.h keydb.h keysock.c keysock.h xform.h xform_ah.c xform_esp.c xform_ipcomp.c xform_ipip.c Log: "Fast IPsec": this is an experimental IPsec implementation that is derived from the KAME IPsec implementation, but with heavy borrowing and influence of openbsd. A key feature of this implementation is that it uses the kernel crypto framework to do all crypto work so when h/w crypto support is present IPsec operation is automatically accelerated. Otherwise the protocol implementations are rather differet while the SADB and policy management code is very similar to KAME (for the moment). Note that this implementation is enabled with a FAST_IPSEC option. With this you get all protocols; i.e. there is no FAST_IPSEC_ESP option. FAST_IPSEC and IPSEC are mutually exclusive; you cannot build both into a single system. This software is well tested with IPv4 but should be considered very experimental (i.e. do not deploy in production environments). This software does NOT currently support IPv6. In fact do not configure FAST_IPSEC and INET6 in the same system. Obtained from: KAME + openbsd Supported by: Vernier Networks Revision Changes Path 1.1 +56 -0 src/sys/netipsec/ah.h (new) 1.1 +78 -0 src/sys/netipsec/ah_var.h (new) 1.1 +69 -0 src/sys/netipsec/esp.h (new) 1.1 +78 -0 src/sys/netipsec/esp_var.h (new) 1.1 +55 -0 src/sys/netipsec/ipcomp.h (new) 1.1 +67 -0 src/sys/netipsec/ipcomp_var.h (new) 1.1 +65 -0 src/sys/netipsec/ipip_var.h (new) 1.1 +1941 -0 src/sys/netipsec/ipsec.c (new) 1.1 +389 -0 src/sys/netipsec/ipsec.h (new) 1.1 +89 -0 src/sys/netipsec/ipsec6.h (new) 1.1 +728 -0 src/sys/netipsec/ipsec_input.c (new) 1.1 +401 -0 src/sys/netipsec/ipsec_mbuf.c (new) 1.1 +737 -0 src/sys/netipsec/ipsec_output.c (new) 1.1 +7287 -0 src/sys/netipsec/key.c (new) 1.1 +107 -0 src/sys/netipsec/key.h (new) 1.1 +747 -0 src/sys/netipsec/key_debug.c (new) 1.1 +88 -0 src/sys/netipsec/key_debug.h (new) 1.1 +74 -0 src/sys/netipsec/key_var.h (new) 1.1 +181 -0 src/sys/netipsec/keydb.h (new) 1.1 +603 -0 src/sys/netipsec/keysock.c (new) 1.1 +82 -0 src/sys/netipsec/keysock.h (new) 1.1 +126 -0 src/sys/netipsec/xform.h (new) 1.1 +1209 -0 src/sys/netipsec/xform_ah.c (new) 1.1 +966 -0 src/sys/netipsec/xform_esp.c (new) 1.1 +608 -0 src/sys/netipsec/xform_ipcomp.c (new) 1.1 +699 -0 src/sys/netipsec/xform_ipip.c (new) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message