Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 01 Apr 2003 12:19:43 -0800
From:      Michael Sierchio <kudzu@tenebras.com>
To:        Sam Leffler <sam@errno.com>
Cc:        Mailing List FreeBSD Network <freebsd-net@freebsd.org>
Subject:   Re: options FAST_IPSEC & tunnels
Message-ID:  <3E89F45F.1060506@tenebras.com>
In-Reply-To: <05b901c2f881$67e907f0$52557f42@errno.com>
References:  <86pto6mbxj.fsf@notbsdems.interne.kisoft-services.com> <05b901c2f881$67e907f0$52557f42@errno.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Sam Leffler wrote:

> Wow, someone besides me actually using fast ipsec! :)

At least two of us, besides you...

> 
> Packets are tagged once they've been processed on input.  I think you can do
> a similar check with something like:
> 
> if (m_tag_find(PACKET_TAG_IPSEC_IN_DONE) != NULL)
>     goto pass;
> 
> Long term, I intend is to associate packets with an enc device so there's a
> way to identify these packets when writing firewall rules.

That would be really helpful.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E89F45F.1060506>