Subject: Re: Try again, itojun, patches need more work.
To: Jason Thorpe <firstname.lastname@example.org>
From: None <email@example.com>
Date: 07/01/2003 09:49:16
>> for the backward compatibility's sake classification engine in IPsec
>> will stay. (there are ipsec.conf written for the current classification
>> if i have time i might transition classification engine to pf
>> internally, but ipsec.conf syntax will need to stay.
>I would like to see everything use the same classification engine
>internally. Merged syntax/config is secondary for me.
we can't pass rulesets to pf_test() - PF runs on ruleset configured by
ioctl. to do the 2nd paragraph of mine above, i guess we need to
(1) be able to pass ruleset to PF (2) then run classification
(3) get result as a tag, rule line # that matched, or whatever.
current PF tagging works fine as long as ipsec.conf uses new syntax
(spdadd tagged "tag").