Date: Mon, 09 Apr 2001 08:57:25 +0900 From: itojun@iijlab.net To: Gunther Schadow <gunther@aurora.regenstrief.org> Cc: snap-users@kame.net, users@ipv6.org, net@freebsd.org, ipfw@freebsd.org Subject: Re: Consolidating KAME SPD rules and IPFW / IPfilter. Message-ID: <2683.986774245@coconut.itojun.org> In-Reply-To: gunther's message of Sun, 08 Apr 2001 05:10:46 GMT. <3ACFF2D6.13219EAB@aurora.regenstrief.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>I am tempted to "outsource" the IPsec functionality away from the >kernel using a demon on a divert socket, just like NATD. This would >be more modular and keeps the kernel from panicing because of bugs >in IPsec -- I did have embarrassing kernel crashes, just when I bragged >about FreeBSD running rock solid :0(. checking - did you have kernel panics in kernel IPsec code (then pls send-pr), or you are just talking about an example? itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2683.986774245>