Subject: Re: IPsec policy cache hint
To: Jason Thorpe <>
From: Jonathan Stone <>
List: tech-net
Date: 03/16/2004 16:04:36
A couple of weeks ago, Jason committed his back-port of the KAME PCB
policy-cache code to sys/netipsec a cpiu[l.  All the changes to
sys/netipsec were inside #ifdef __NetBSD__.

I'm in the midst of merging that into my own copy, which contains
other FreeBSD-derived code (including the TCP-md5 check, and various
baby-steps towards INET6.) and I'd I'd like to change all the
PCB-cache related ``#ifdef __NetBSD__'' tests to ``#ifdef
IPSEC_PCBCACHE'', to separate them from truly NetBSD-specific code and
so the PCB cache can be turned on for FreeBSD.

On NetBSD, sys/netipsedc/ipsec_osdep.h would define IPSEC_PCBCACHE;
IPSEC_PCBCACHE can later be garbage-collected.

If anyone objects to this idea, please yell now.