Date: Mon, 29 Nov 2004 19:08:50 +0100 From: Andre Oppermann <andre@freebsd.org> To: Joost Bekkers <joost@jodocus.org> Cc: freebsd-net@freebsd.org Subject: Re: (review request) ipfw and ipsec processing order for outgoingpackets Message-ID: <41AB65B2.A18534BF@freebsd.org> References: <20041129100949.GA19560@bps.jodocus.org> <41AAF696.6ED81FBF@freebsd.org> <20041129103031.GA19828@bps.jodocus.org> <41AB3A74.8C05601D@freebsd.org> <20041129174954.GA26532@bps.jodocus.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Joost Bekkers wrote: > > On Mon, Nov 29, 2004 at 04:04:20PM +0100, Andre Oppermann wrote: > > Joost Bekkers wrote: > > > > > > On Mon, Nov 29, 2004 at 11:14:46AM +0100, Andre Oppermann wrote: > > > > > > > > > > The attached patch is against 5.3R > > > > > > > > Please post unified diffs. > > > > > > > > > > Ok, here you go. > > > > While this way of 'fixing' the IPSEC problem works it is rather gross > > and not very stylish. I prefer not to have this in the tree as makes > > maintainance a lot harder. > > > > I totaly agree that it is not pretty. I was trying to avoid duplicating > the code (so every change would have to be made twice) and making it a > function didn't sit right for some reason. Hints/tips for dealing with > this kind of situation are welcome, but maybe better off-list. As things currently are with IPSEC code weaved directly into ip_input() and ip_output() there is no better way than what you have proposed. > > I have some stuff wrt [Fast]IPSEC and your problem in the works and > > it should become ready around christmas time (loadable [Fast]IPSEC, at > > least for IPv4). > > > > Looking forward to it. It will solve it much more nicely. :) -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41AB65B2.A18534BF>