Diego Beltrami <diego.beltrami@xxxxxxx> wrote:
>
> we have been working for three months to implement a new IPsec mode,
> the "BEET" mode, for Linux. Below is a link to the BEET specification
> and
> the abstract:
>
> http://www.ietf.org/internet-drafts/draft-nikander-esp-beet-mode-03.txt
Thanks for the patch guys, this is really interesting.
> extern int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type);
> diff -urN linux-2.6.12.2/net/ipv4/esp4.c
> linux-beet-2.6.12.2/net/ipv4/esp4.c
> --- linux-2.6.12.2/net/ipv4/esp4.c 2005-06-30 02:00:53.000000000 +0300
> +++ linux-beet-2.6.12.2/net/ipv4/esp4.c 2005-07-25 14:39:11.000000000
Although the document only talks about ESP, as far as I can see
the encapsulation can be applied to AH/IPComp just as well.
So how about moving this stuff to the generic xfrm_input/xfrm_output
functions?
Also, if you're going to do cross-family transforms, it should be
done for both BEET and plain tunnel-mode.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
|