Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 16 Jun 2006 17:35:27 +0200
From:      Max Laier <max@love2party.net>
To:        freebsd-net@freebsd.org
Cc:        arch@freebsd.org, Andrew Thompson <thompsa@freebsd.org>, net@freebsd.org
Subject:   Re: enc0 patch for ipsec
Message-ID:  <200606161735.33801.max@love2party.net>
In-Reply-To: <20060615225312.GB64552@heff.fud.org.nz>
References:  <20060615225312.GB64552@heff.fud.org.nz>
next in thread | previous in thread | raw e-mail | index | archive | help 
--nextPart2154621.EIZNAYH37s
Content-Type: text/plain;
  charset="iso-8859-6"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Friday 16 June 2006 00:53, Andrew Thompson wrote:
> I have a patch attached that implements the much requested feature of
> packet filtering ipsec connections.
>
> This is a device to expose packets going in/out of ipsec and comes
> from OpenBSD. There are two functions, a bpf tap which has a basic
> header with the SPI number which our current tcpdump knows how to
> display, and handoff to pfil(9) for packet filtering.
>
> They way I have hooked it in is compiling it in with fast_ipsec and
> the extra work is only done when the enc0 interface is created. The
> interface is not created by default so its a minimal hit, the user
> will need to 'ifconfig enc0 create' in order to activate it. I
> believe the locking is correct so it can be created and destroyed at
> runtime.

I think it should get a "device enc" on its own.  Some people might conside=
r=20
enc(4) to be a security problem so getting it with FAST_IPSEC automatically=
=20
isn't preferable.

Other than that, great news.  Thanks a lot.

> PRs 98219 and 94829 are requesting this feature.
>
>
>
> Andrew

=2D-=20
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

--nextPart2154621.EIZNAYH37s
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQBEks/FXyyEoT62BG0RAtKgAJ4tmOL2iMvLf7KaAmyUB23gT0gAPgCaAyv9
JCyNxxVv06CA/LSaRXMX2d0=
=Mtlo
-----END PGP SIGNATURE-----

--nextPart2154621.EIZNAYH37s--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200606161735.33801.max>