From owner-freebsd-net Sun Apr 8 16:57:38 2001 Delivered-To: freebsd-net@freebsd.org Received: from coconut.itojun.org (coconut.itojun.org [210.160.95.97]) by hub.freebsd.org (Postfix) with ESMTP id D47D337B422; Sun, 8 Apr 2001 16:57:29 -0700 (PDT) (envelope-from itojun@coconut.itojun.org) Received: from coconut.itojun.org (localhost [127.0.0.1]) by coconut.itojun.org (Postfix) with ESMTP id 667694B0B; Mon, 9 Apr 2001 08:57:25 +0900 (JST) To: Gunther Schadow Cc: snap-users@kame.net, users@ipv6.org, net@freebsd.org, ipfw@freebsd.org In-reply-to: gunther's message of Sun, 08 Apr 2001 05:10:46 GMT. <3ACFF2D6.13219EAB@aurora.regenstrief.org> X-Template-Reply-To: itojun@itojun.org X-Template-Return-Receipt-To: itojun@itojun.org X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD 90 5F B4 60 79 54 16 E2 Subject: Re: Consolidating KAME SPD rules and IPFW / IPfilter. From: itojun@iijlab.net Date: Mon, 09 Apr 2001 08:57:25 +0900 Message-ID: <2683.986774245@coconut.itojun.org> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >I am tempted to "outsource" the IPsec functionality away from the >kernel using a demon on a divert socket, just like NATD. This would >be more modular and keeps the kernel from panicing because of bugs >in IPsec -- I did have embarrassing kernel crashes, just when I bragged >about FreeBSD running rock solid :0(. checking - did you have kernel panics in kernel IPsec code (then pls send-pr), or you are just talking about an example? itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message