From owner-freebsd-net@FreeBSD.ORG Wed Jan 26 09:23:38 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 69C1716A4CE for ; Wed, 26 Jan 2005 09:23:38 +0000 (GMT) Received: from eddie.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id C5F1343D31 for ; Wed, 26 Jan 2005 09:23:37 +0000 (GMT) (envelope-from simon@eddie.nitro.dk) Received: by eddie.nitro.dk (Postfix, from userid 1000) id A971A119CD9; Wed, 26 Jan 2005 10:23:36 +0100 (CET) Date: Wed, 26 Jan 2005 10:23:36 +0100 From: "Simon L. Nielsen" To: Jeremie Le Hen , Nickolay Kritsky , freebsd-net@freebsd.org Message-ID: <20050126092335.GA21369@eddie.nitro.dk> References: <20050125171120.GH59685@obiwan.tataz.chchile.org> <20050125172049.GL47638@dhcp120.icir.org> <20050125173842.GI59685@obiwan.tataz.chchile.org> <20050126023354.GJ692@empiric.icir.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="PEIAKu/WMn1b1Hv9" Content-Disposition: inline In-Reply-To: <20050126023354.GJ692@empiric.icir.org> User-Agent: Mutt/1.5.6i Subject: enc(4) (was: Re: gif(4) and bpf(4)) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Jan 2005 09:23:38 -0000 --PEIAKu/WMn1b1Hv9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2005.01.26 02:33:54 +0000, Bruce M Simpson wrote: > On Tue, Jan 25, 2005 at 06:38:42PM +0100, Jeremie Le Hen wrote: > > Are you thinking about the enc(4) interface [1] [2] provided with OpenB= SD ? >=20 > Somewhat, although whilst enc(4) provides some of this functionality, its > role as far as I can see is mainly to provide a 'tapping point' for filte= ring > packets as they pass out of the system and into IPSEC (something I believe > we now handle using mbuf tags). I have been looking into porting enc(4) from OpenBSD and have some partial patches at this point. The point of enc(4) AFAIK is to allow packet filtering of IPsec traffic, basically the ipfw "ipsec" keyword more generic, and bpf tapping of traffic in and out of IPsec tunnels. It's not really related to FreeBSD's use of mbuf tags for IPsec handling, since those are not "visible" from userland. Anyone, please correct me if I'm wrong. --=20 Simon L. Nielsen --PEIAKu/WMn1b1Hv9 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFB92GXh9pcDSc1mlERAl4SAJ0ZTirbyYOYqfVaiY89f9OQr31D3gCdHYpy aXGxKoluKT/fTqmjrPe/bPY= =f0zv -----END PGP SIGNATURE----- --PEIAKu/WMn1b1Hv9--