From owner-freebsd-security Tue Nov 28 07:38:57 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id HAA12615 for security-outgoing; Tue, 28 Nov 1995 07:38:57 -0800 Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.freebsd.org (8.6.12/8.6.6) with SMTP id HAA12599 for ; Tue, 28 Nov 1995 07:38:30 -0800 Received: by halloran-eldar.lcs.mit.edu; (5.65/1.1.8.2/19Aug95-0530PM) id AA03560; Tue, 28 Nov 1995 10:38:08 -0500 Date: Tue, 28 Nov 1995 10:38:08 -0500 From: "Garrett A. Wollman" Message-Id: <9511281538.AA03560@halloran-eldar.lcs.mit.edu> To: Michael Smith Cc: security@freebsd.org Subject: Re: I wonder how much trouble something like this would be to do? :) In-Reply-To: <199511250241.CAA02783@genesis.atrad.adelaide.edu.au> References: <199511241604.SAA13149@office.elvisti.kiev.ua> <199511250241.CAA02783@genesis.atrad.adelaide.edu.au> Sender: owner-security@freebsd.org Precedence: bulk < said: > It uses the tun device, and raw IP sockets for its transport. (What's > the point of wrapping IP in TCP? IP is unreliable anyway 8)) It would be better to copy the style of the `eon' network interface, and use IPsec and IP-in-IP encapsulation. I built something similar (without security) about three years ago in an ill-fated attempt to completely redesign the IP multicast support. (Hint: IP multicast includes support for tunneling already.) -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant