| To: | Richard Guy Briggs <rgb@xxxxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: FreeS/WAN redesign thoughts (KLIPS, IPSEC) |
| From: | Wes Hardaker <wes@xxxxxxxxxxxxx> |
| Date: | 22 Feb 2001 07:46:17 -0800 |
| Cc: | Linux Ipsec mailing list <linux-ipsec@xxxxxxxxxxxx>, NetFilter mailing list <netfilter-devel@xxxxxxxxxxxxx>, Linux Network Development mailing list <netdev@xxxxxxxxxxx>, Hugh Daniel <hugh@xxxxxxxx>, John Gilmore <gnu@xxxxxxxx>, Hugh Redelmeier <hugh@xxxxxxxxxx>, Henry Spencer <henry@xxxxxxxxxxxxx> |
| In-reply-to: | <20010221024203.H9886@grendel.conscoop.ottawa.on.ca> (Richard Guy Briggs's message of "Wed, 21 Feb 2001 02:42:03 -0500") |
| Organization: | Network Associates - NAI Labs |
| References: | <20010221024203.H9886@grendel.conscoop.ottawa.on.ca> |
| Sender: | owner-netdev@xxxxxxxxxxx |
| User-agent: | Gnus/5.090001 (Oort Gnus v0.01) XEmacs/21.2 (Terspichore) |
[lots of stuff deleted] Richard> Treat incoming IPSEC encapsulation as an enhancement of the Richard> layer 2 protocol and decapsulate it at the NF_IP_PRE_ROUTING Richard> hook. This option is less favourable as it stands since it Richard> involves creating our own SPDB engine. As long as the filtering rules of the linux kernel meet the minimum requirements put forth in section 4.4.1 of RFC2401 (Which describes the SPDB), then reusing the existing kernel infrastructure is probably a very good thing from purely a reuse standpoint. -- Wes Hardaker NAI Labs Network Associates |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [PATCH] SO_ORIGINAL_DST and sockaddr_in, horape |
|---|---|
| Next by Date: | Re: net packet queue scheduler, packet_type and proto handlers, Krzysztof Halasa |
| Previous by Thread: | FreeS/WAN redesign thoughts (KLIPS, IPSEC), Richard Guy Briggs |
| Next by Thread: | Re: FreeS/WAN redesign thoughts (KLIPS, IPSEC), Richard Guy Briggs |
| Indexes: | [Date] [Thread] [Top] [All Lists] |