From owner-freebsd-net@FreeBSD.ORG Mon Nov 29 17:49:57 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A46A416A4CE; Mon, 29 Nov 2004 17:49:57 +0000 (GMT) Received: from amsfep18-int.chello.nl (amsfep18-int.chello.nl [213.46.243.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8567343D4C; Mon, 29 Nov 2004 17:49:56 +0000 (GMT) (envelope-from joost@jodocus.org) Received: from bps.jodocus.org ([80.57.157.16]) by amsfep18-int.chello.nl (InterMail vM.6.01.03.04 201-2131-111-106-20040729) with ESMTP id <20041129174954.WWVN7692.amsfep18-int.chello.nl@bps.jodocus.org>; Mon, 29 Nov 2004 18:49:54 +0100 Received: from jodocus.org (localhost [127.0.0.1]) by bps.jodocus.org (8.13.1/8.13.1) with ESMTP id iATHnsRx026832; Mon, 29 Nov 2004 18:49:54 +0100 (CET) (envelope-from joost@jodocus.org) Received: (from joost@localhost) by jodocus.org (8.13.1/8.13.1/Submit) id iATHns1Y026831; Mon, 29 Nov 2004 18:49:54 +0100 (CET) (envelope-from joost) Date: Mon, 29 Nov 2004 18:49:54 +0100 From: Joost Bekkers To: Andre Oppermann Message-ID: <20041129174954.GA26532@bps.jodocus.org> Mail-Followup-To: Joost Bekkers , Andre Oppermann , freebsd-net@freebsd.org References: <20041129100949.GA19560@bps.jodocus.org> <41AAF696.6ED81FBF@freebsd.org> <20041129103031.GA19828@bps.jodocus.org> <41AB3A74.8C05601D@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <41AB3A74.8C05601D@freebsd.org> User-Agent: Mutt/1.4.2.1i cc: freebsd-net@freebsd.org Subject: Re: (review request) ipfw and ipsec processing order for outgoingpackets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Nov 2004 17:49:57 -0000 On Mon, Nov 29, 2004 at 04:04:20PM +0100, Andre Oppermann wrote: > Joost Bekkers wrote: > > > > On Mon, Nov 29, 2004 at 11:14:46AM +0100, Andre Oppermann wrote: > > > > > > > > The attached patch is against 5.3R > > > > > > Please post unified diffs. > > > > > > > Ok, here you go. > > While this way of 'fixing' the IPSEC problem works it is rather gross > and not very stylish. I prefer not to have this in the tree as makes > maintainance a lot harder. > I totaly agree that it is not pretty. I was trying to avoid duplicating the code (so every change would have to be made twice) and making it a function didn't sit right for some reason. Hints/tips for dealing with this kind of situation are welcome, but maybe better off-list. > I have some stuff wrt [Fast]IPSEC and your problem in the works and > it should become ready around christmas time (loadable [Fast]IPSEC, at > least for IPv4). > Looking forward to it. -- greetz Joost joost@jodocus.org