Subject: Re: ipv6 source address selection
To: Michael van Elst <>
From: Stone <>
List: tech-net
Date: 09/25/2007 14:52:06
In message <>Michael van Elst writes
>On Tue, Sep 25, 2007 at 01:55:26PM -0700, Jonathan Stone wrote:

>I wanted to know wether the NetBSD kernel supports RFC3484 when I
>build it with the FAST_IPSEC option.

I have no idea.  The FAST_IPSEC in released versions of NetBSD
used to not work with IPv6 at all. If you try to configure
Ipv6 and FAST_IPSEC, you used to get a panic.

I beleive the NetSBD-4 branch contains some small kludges which
allows FAST_IPSEC and IPv6 to coexist at compile-time.  But the
last time I remember trying, sending an IPsec'ed IPv6 packe to
such a kernel would cause a panic.

>Currently FAST_IPSEC supports IPv6, but I don't know what part
>of KAME IPv6 it interferes with. The source suggests that it
>only replaces the IPSEC related parts.

The intent was to replace only the IPsec portions of KAME's Ipv6.
But I have no idea what heppens in -current with IPv6 and FAST_IPSEC.