Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 4 Feb 2004 14:04:34 -0800
From:      "Crist J. Clark" <cristjc@comcast.net>
To:        Guido van Rooij <guido@gvr.org>
Cc:        current@freebsd.org
Subject:   Re: ipsec changes in 5.2R
Message-ID:  <20040204220434.GB33050@blossom.cjclark.org>
In-Reply-To: <20040204213651.GA43137@gvr.gvr.org>
References:  <1074650025.701.82.camel@itouch-1011.prv.au.itouchnet.net> <20040122110929.GA767@gvr.gvr.org> <20040203070435.GB46486@blossom.cjclark.org> <20040203155309.GA22676@gvr.gvr.org> <1075893572.29017.1.camel@oblivion> <20040204212147.GA32947@blossom.cjclark.org> <20040204213651.GA43137@gvr.gvr.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Feb 04, 2004 at 10:36:51PM +0100, Guido van Rooij wrote:
> On Wed, Feb 04, 2004 at 01:21:47PM -0800, Crist J. Clark wrote:
> > On Wed, Feb 04, 2004 at 10:19:33PM +1100, Andrew Thomson wrote:
> > > Thanks, that worked a treat for me too.. everything back to normal!
> > > 
> > > So what's the go with this fast_ipsec business. Is this going to be the
> > > main implementation for Freebsd?
> > 
> > I believe the main reason FAST_IPSEC came to be is support for crypto
> > hardware.
> > 
> > However, FAST_IPSEC cannot replace KAME IPsec. FAST_IPSEC is IPv4-only
> > whereas KAME is IPv6 with its required IPsec abilities "back-ported"
> > into the IPv4 stack.
> > 
> > It would be really, really nice to get this bug out of KAME IPsec
> > before 5.2.1, but if 5.2 didn't wait...
> 
> 
> True. Is KAME aware of this problem or is it FBSD specific?

I believe it's FreeBSD specific, but I also believe it is a result of
the effort to sync up the KAME stuff in the FreeBSD repository with
more recent KAME SNAPs.

There was quite a bit of chatter on the list about fixing some IPsec
panics. I thought the same people were looking into this too, but when
5.2 passed by without a lot of concern... ? There have been commits to
KAME IPsec code in the last day or so, but I haven't reviewed them or
tried them out to see if they have anything to do with these issues.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040204220434.GB33050>