Date: Mon, 29 Nov 2004 11:14:46 +0100 From: Andre Oppermann <andre@freebsd.org> To: Joost Bekkers <joost@jodocus.org> Cc: freebsd-net@freebsd.org Subject: Re: (review request) ipfw and ipsec processing order for outgoingpackets Message-ID: <41AAF696.6ED81FBF@freebsd.org> References: <20041129100949.GA19560@bps.jodocus.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Joost Bekkers wrote: > > Hi > > A while ago there was a discussion about passing packet through pfil before > they are processed by ipsec. I've posted a rough patch back then and I've > finally had time to polish it. > > Although the changes seem very invasive at first glance, the .o files created > are identical as long as IPSEC_FILTERGIF is not defined. With FAST_IPSEC diff(1) > will tell you otherwise, but that is due to changed linenumbers which are used > as arguments in two places. I've checked for differences by disassembling (objdump -d) > the .o files. > > The attached patch is against 5.3R Please post unified diffs. > I'm running it myself with FAST_IPSEC. The combination of this patch and the kame > ipsec could do with some more testing. -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41AAF696.6ED81FBF>