Subject: Re: Try again, itojun, patches need more work.
To: None <firstname.lastname@example.org>
From: Manuel Bouyer <email@example.com>
Date: 07/01/2003 07:48:20
On Tue, Jul 01, 2003 at 09:49:16AM +0900, firstname.lastname@example.org wrote:
> we can't pass rulesets to pf_test() - PF runs on ruleset configured by
> ioctl. to do the 2nd paragraph of mine above, i guess we need to
> (1) be able to pass ruleset to PF (2) then run classification
> (3) get result as a tag, rule line # that matched, or whatever.
> current PF tagging works fine as long as ipsec.conf uses new syntax
> (spdadd tagged "tag").
This looks good enouth for me. Keep the ipsec classification engine
for the next release, for config file syntax compatibility, and then
BTW I'd like to see the same for altq
Manuel Bouyer, LIP6, Universite Paris VI. Manuel.Bouyer@lip6.fr
NetBSD: 24 ans d'experience feront toujours la difference