At Tue, 25 Sep 2007 07:21:29 +0200,
Michael van Elst <mlelstv@serpens.de> wrote:

> > I didn't know IPSELSRC, but does the source address selection
> > mechanism based on RFC3484 satisfy your need?  The (current) NetBSD
> > kernel already supports the framework, although the configuration tool
> > (called ip6addrctl in FreeBSD) seems to be missing.
> 
> If I read RFC3484 correctly you can configure a 'policy table'
> with a best precedence value assigned to the single IP address
> that you want to use when talking to some network by giving the
> single address and the network the same distinguished label.

That's correct.

> That seems to be sufficient.

> Is the RFC3484 support implemented for KAME and for FAST_IPSEC?

For KAME, yes.  And as I explained in the previous message, the kernel
part implementation has already been incorporated to the NetBSD kernel.
The only missing part is the userland utility (ip6addrctl), which is
available in KAME snapshots and should be easily merged to NetBSD.

I don't understand how the (FAST_)IPSEC implementation relates to
RFC3484, but I don't know the answer anyway.


					JINMEI, Tatuya
					Communication Platform Lab.
					Corporate R&D Center, Toshiba Corp.
					jinmei@isl.rdc.toshiba.co.jp