Subject: Re: Reminder that we are supporting two parallel IPsec
To: firstname.lastname@example.org, Jonathan Stone <jonathan@DSG.Stanford.EDU>
From: Sam Leffler <email@example.com>
Date: 09/12/2003 08:41:01
>>> i don't understand why sys/netipsec has to have another PF_KEY
>>> implementation. could you tell me why?
>> Sam Leffler's fast-ipsec is a rework in detail, to improve performance
>> The re-implemenetation of PF_KEY is part and parcel of that "rework in
>> detail". I understand the rework is ongoing (that is, more performance
>> enhancments are planned), but you'd be better off asking Sam.
> i looked at the diff between netipsec/key* and netkey/key*.
> the changes are minimal. i will remove the former and put #ifdef
> FAST_IPSEC into the former.
I'm not sure this is a good idea. I intentionally duplicated all KAME code
because I intended to change it significantly. (I also wanted to insure
neither code base affected the other.)
In this case I'm close to working on the PF_KEY implementation s.t. it will
diverge from the KAME implementation. If netbsd wants to track this work
then doing the above will be wasted effort.