From owner-freebsd-hackers  Sat Aug 17 18:40:11 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id SAA05246
          for hackers-outgoing; Sat, 17 Aug 1996 18:40:11 -0700 (PDT)
Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id SAA05233
          for <hackers@FreeBSD.org>; Sat, 17 Aug 1996 18:40:08 -0700 (PDT)
Message-Id: <199608180140.SAA05233@freefall.freebsd.org>
Received: by cheops.anu.edu.au
	(1.37.109.16/16.2) id AA007542400; Sun, 18 Aug 1996 11:40:00 +1000
From: Darren Reed <avalon@coombs.anu.edu.au>
Subject: Re: DIVERT
To: archie@whistle.com (Archie Cobbs)
Date: Sun, 18 Aug 1996 11:39:59 +1000 (EST)
Cc: hackers@FreeBSD.org
In-Reply-To: <199608151811.LAA14400@bubba.whistle.com> from "Archie Cobbs" at Aug 15, 96 11:11:54 am
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-hackers@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

[Just going through old mail not yet deleted...]

In some mail from Archie Cobbs, sie said:
> Divert sockets were motivated by a discussion about how one would
> implement something like address translation (or packet encryption)
> under FreeBSD. Lots of people commented that more kernel bloat is
> a hated thing. I happened to agree strongly with this sentiment.

You should be aware of the NRL project to do IPsec (for NetBSD) as well
as ENskip (SKIP compatible code, written in Switzerland, also for NetBSD).
I suspect that there are a number of requirements in the various encryption
protocols for IP which will make kernel bloat (either via LKM's or direct)
inevitable.  I don't imagine either of those would be too hard to port to
FreeBSD.