From owner-freebsd-net@FreeBSD.ORG Sat Apr 7 17:01:19 2007 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8FC8A16A402; Sat, 7 Apr 2007 17:01:19 +0000 (UTC) (envelope-from sam@errno.com) Received: from ebb.errno.com (ebb.errno.com [69.12.149.25]) by mx1.freebsd.org (Postfix) with ESMTP id 653B113C44B; Sat, 7 Apr 2007 17:01:19 +0000 (UTC) (envelope-from sam@errno.com) Received: from [10.0.0.178] ([10.0.0.178]) (authenticated bits=0) by ebb.errno.com (8.13.6/8.12.6) with ESMTP id l37GXU0w060449 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 7 Apr 2007 09:33:31 -0700 (PDT) (envelope-from sam@errno.com) Message-ID: <4617C7DD.8050704@errno.com> Date: Sat, 07 Apr 2007 09:33:33 -0700 From: Sam Leffler Organization: Errno Consulting User-Agent: Thunderbird 1.5.0.10 (Macintosh/20070221) MIME-Version: 1.0 To: Jeremie Le Hen References: <46171DB2.6070705@FreeBSD.org> <20070407101600.GF11297@obiwan.tataz.chchile.org> In-Reply-To: <20070407101600.GF11297@obiwan.tataz.chchile.org> X-Enigmail-Version: 0.94.2.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: gnn@freebsd.org, "Bruce M. Simpson" , net@freebsd.org Subject: Re: A radical restructuring of IPsec... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Apr 2007 17:01:19 -0000 Jeremie Le Hen wrote: > Hi, Bruce, > > On Sat, Apr 07, 2007 at 05:27:30AM +0100, Bruce M. Simpson wrote: >> I'm all for this in principle. I believe that the case for FAST_IPSEC >> over KAME IPSEC is fairly clear for those of us who have read the USENIX >> paper. Qualitatively speaking I can say FAST_IPSEC has been more >> pleasant to work with when introducing the TCP-MD5 support. > > Would you point out the paper you're talking about please ? He's probably talking about my old Usenix BSDCon paper about fast ipsec. Look at the Usenix web site. > > > > George, > > Thank you for your work! > > I'm a little sorrowful to see KAME's work going to be forgotten, but > well, this is Darwin's law :-). > > BTW, a couple of years ago, I've tried KAME's snapshot against my > RELENG_4's tree. There was a number of features that weren't in the > base system and I'm pretty sure this is still the case. I can't > remember them all but one: NAT-PT (RFC2766) (IPv4<->IPv6 translation). > Do you have any idea what those features will become in later days ? It's easier to add features when there's a single code base to add them too. Some stuff exists in netbsd's fast ipsec code base and can be brought over with minimal effort. Sam