From owner-freebsd-net@FreeBSD.ORG  Thu May 12 01:23:44 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5F4CB16A53D
	for <freebsd-net@freebsd.org>; Thu, 12 May 2005 01:23:44 +0000 (GMT)
Received: from mail-relay1.yahoo.com (mail-relay1.yahoo.com [216.145.48.34])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 350CB43D75
	for <freebsd-net@freebsd.org>; Thu, 12 May 2005 01:23:43 +0000 (GMT)
	(envelope-from gnn@neville-neil.com)
Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com
	[216.145.48.98])j4C1Ngxv039252
	for <freebsd-net@freebsd.org>; Wed, 11 May 2005 18:23:42 -0700 (PDT)
Date: Wed, 11 May 2005 21:23:45 -0400
Message-ID: <m2fywtfd9a.wl%gnn@neville-neil.com>
From: gnn@freebsd.org
To: freebsd-net@freebsd.org
User-Agent: Wanderlust/2.12.0 (Your Wildest Dreams) SEMI/1.14.6 (Maruoka)
	FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.3.50 (powerpc-apple-darwin7.7.0)
	MULE/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Subject: Some notes on FAST_IPSEC...
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 12 May 2005 01:23:44 -0000

Hi Folks,

A few of us chatted about FAST_IPSEC at BSDCan today and came up with
the following task list that others might want to take a look at,
comment on, and maybe do some work on:

Tasks to update FAST_IPSec
    Add IPv6 support (2-3 weeks)
    Fix/update the compression code (< 1 week)
    Bringing other things up to date (i.e. NATT and Raccoon)
    PF_KEY separation to isolate PF_KEY from IPSec code
    SDB APIs are insufficient and need to be able to do things like
    bulk operations

In order to test IPSec you need to set up tunnels, of course, but the
most bugs are found by setting up the timers to recycle SAs really
fast.

Those who were there can correct/add to this list but I think this
encapsulates the thinking from today, most of which was courtesy of
Sam Leffler.  Time estimates, of course, are subject to the Your
Mileage May Vary and Murphy's principles :-)

Later,
George