From owner-freebsd-net@FreeBSD.ORG  Wed Apr  2 06:55:29 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 244F037B401
	for <freebsd-net@freebsd.org>; Wed,  2 Apr 2003 06:55:29 -0800 (PST)
Received: from musique.teaser.net (musique.teaser.net [213.91.2.11])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 591D343F3F
	for <freebsd-net@freebsd.org>; Wed,  2 Apr 2003 06:55:27 -0800 (PST)
	(envelope-from e-masson@kisoft-services.com)
Received: from notbsdems.interne.kisoft-services.com
	(nantes.kisoft-services.com [193.56.60.243])
	by musique.teaser.net (Postfix) with ESMTP
	id C44FC72512; Wed,  2 Apr 2003 16:55:24 +0200 (CEST)
Received: by notbsdems.interne.kisoft-services.com (Postfix, from userid 1001)
	id 0CAA75AA43; Wed,  2 Apr 2003 16:55:14 +0200 (CEST)
To: "Sam Leffler" <sam@errno.com>
From: Eric Masson <e-masson@kisoft-services.com>
In-Reply-To: <05b901c2f881$67e907f0$52557f42@errno.com> (Sam Leffler's
 message of "Tue, 1 Apr 2003 11:03:05 -0800")
References: <86pto6mbxj.fsf@notbsdems.interne.kisoft-services.com>
	<05b901c2f881$67e907f0$52557f42@errno.com>
X-Operating-System: FreeBSD 4.8-RC i386
Date: Wed, 02 Apr 2003 16:55:13 +0200
Message-ID: <8665pxrlta.fsf@notbsdems.interne.kisoft-services.com>
User-Agent: Gnus/5.090017 (Oort Gnus v0.17) XEmacs/21.4 (Common Lisp,
 berkeley-unix)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
cc: Mailing List FreeBSD Network <freebsd-net@freebsd.org>
Subject: Re: options FAST_IPSEC & tunnels
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Apr 2003 14:55:29 -0000

--=-=-=
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

>>>>> "Sam" == Sam Leffler <sam@errno.com> writes:

 Sam> Wow, someone besides me actually using fast ipsec! :)

You're not alone ;)

 Sam> Packets are tagged once they've been processed on input. I think
 Sam> you can do a similar check with something like:

Ok patch against 4.8-RELEASE attached.

 Sam> Long term, I intend is to associate packets with an enc device so
 Sam> there's a way to identify these packets when writing firewall
 Sam> rules.

Fine.

Thanks a lot

Eric Masson

-- 
 > Nous recherchons une streap-teaseuse confirmée pour animer des dîners
 > dansants en région parisienne. Cette offre est sérieuse. Email pour
 > premier contact : gxxxx@club-internet.fr Tél Philippe : 0142458XXX
 -+- PG in Guide du Neuneu Usenet - Le premeir contact sera le bon -+-

--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment; filename=ip_input.c.diff

*** ip_input.c.orig	Wed Apr  2 16:50:54 2003
--- ip_input.c	Wed Apr  2 16:18:57 2003
***************
*** 432,437 ****
--- 432,445 ----
  		goto pass;
  #endif
  
+ #if defined(FAST_IPSEC) && !defined(IPSEC_FILTERGIF)
+ 	/*
+ 	 * Bypass packet filtering for packets from a tunnel (gif).
+ 	 */
+ 	if (m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL) != NULL)
+ 		goto pass;
+ #endif
+  
  	/*
  	 * IpHack's section.
  	 * Right now when no processing on packet has done

--=-=-=--