Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: heads-up: IPSEC is now FAST_IPSEC

Mindaugas Rasiukevicius <> writes:

> Matthias Drochner <> wrote:
>> I've just made FAST_IPSEC the default implementation which gets
>> used if the IPSEC kernel option is present.
>> <...>
>> The old KAME implementation is still available through
>> the KAME_IPSEC kernel option. The old IPSEC_ESP option
>> is meaningless with (FAST_)IPSEC (ESP is always enabled)
>> but still in effect with KAME_IPSEC.
> Thanks a lot for working on this.  Are you planning to remove old IPSEC
> code?  It would bring simplifications, clean-up and would make further work
> on network stack less painful.  I think post-netbsd-6 branch (or even now?)
> would be a very good time.

Removing the code so it isn't in NetBSD 6 seems premature.  There
shouldn't be much simplification/cleanup etc. on the branch.  And I
don't know what fraction of people who use IPsec at all use FAST_IPSEC
vs IPSEC - I would suspect that the new code has been exposed to only a
small fraction of the use cases.

Attachment: pgpHHxWVZk4f9.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index