Mindaugas Rasiukevicius <rmind%netbsd.org@localhost> writes: > Matthias Drochner <M.Drochner%fz-juelich.de@localhost> wrote: >> >> I've just made FAST_IPSEC the default implementation which gets >> used if the IPSEC kernel option is present. >> <...> >> >> The old KAME implementation is still available through >> the KAME_IPSEC kernel option. The old IPSEC_ESP option >> is meaningless with (FAST_)IPSEC (ESP is always enabled) >> but still in effect with KAME_IPSEC. > > Thanks a lot for working on this. Are you planning to remove old IPSEC > code? It would bring simplifications, clean-up and would make further work > on network stack less painful. I think post-netbsd-6 branch (or even now?) > would be a very good time. Removing the code so it isn't in NetBSD 6 seems premature. There shouldn't be much simplification/cleanup etc. on the branch. And I don't know what fraction of people who use IPsec at all use FAST_IPSEC vs IPSEC - I would suspect that the new code has been exposed to only a small fraction of the use cases.
Description: PGP signature