Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 6 Dec 2004 14:43:15 +0100
From:      Jeremie Le Hen <jeremie@le-hen.org>
To:        Andre Oppermann <andre@freebsd.org>
Cc:        freebsd-net@freebsd.org
Subject:   Re: (review request) ipfw and ipsec processing order for outgoingpackets
Message-ID:  <20041206134315.GF79919@obiwan.tataz.chchile.org>
In-Reply-To: <41AB65B2.A18534BF@freebsd.org>
References:  <20041129100949.GA19560@bps.jodocus.org> <41AAF696.6ED81FBF@freebsd.org> <20041129103031.GA19828@bps.jodocus.org> <41AB3A74.8C05601D@freebsd.org> <20041129174954.GA26532@bps.jodocus.org> <41AB65B2.A18534BF@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
> > > > I have some stuff wrt [Fast]IPSEC and your problem in the works and
> > > > it should become ready around christmas time (loadable [Fast]IPSEC, at
> > > > least for IPv4).
> > >
> > > While this way of 'fixing' the IPSEC problem works it is rather gross
> > > and not very stylish.  I prefer not to have this in the tree as makes
> > > maintainance a lot harder.
> > 
> > I totaly agree that it is not pretty. I was trying to avoid duplicating
> > the code (so every change would have to be made twice) and making it a
> > function didn't sit right for some reason. Hints/tips for dealing with
> > this kind of situation are welcome, but maybe better off-list.
> 
> As things currently are with IPSEC code weaved directly into ip_input()
> and ip_output() there is no better way than what you have proposed.
> 
> It will solve it much more nicely. :)

If I understand correctly, either Joost's patch or your nice changes
that-should-appear-before-christmas will achieve what the OpenBSD enc(4)
interface provides [1].  It would be really wonderful.  But I may be
missing something because I can see no way in firewall rules to
distinguish between the before IPSec processing hook and the after IPSec
processing one.  Could you clarify this for me please ?

Thanks in advance.
Best regards,
-- 
Jeremie Le Hen
jeremie@le-hen.org

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041206134315.GF79919>