Subject: Re: ipv6 source address selection
To: Stone <>
From: Arnaud Degroote <>
List: tech-net
Date: 09/26/2007 10:37:08
On Tue, Sep 25, 2007 at 02:52:06PM -0700, Stone wrote:
> In message <>Michael van Elst writes
> >On Tue, Sep 25, 2007 at 01:55:26PM -0700, Jonathan Stone wrote:
> [...]
> >I wanted to know wether the NetBSD kernel supports RFC3484 when I
> >build it with the FAST_IPSEC option.
> I have no idea.  The FAST_IPSEC in released versions of NetBSD
> used to not work with IPv6 at all. If you try to configure
> Ipv6 and FAST_IPSEC, you used to get a panic.
> I beleive the NetSBD-4 branch contains some small kludges which
> allows FAST_IPSEC and IPv6 to coexist at compile-time.  But the
> last time I remember trying, sending an IPsec'ed IPv6 packe to
> such a kernel would cause a panic.

In NetBSD-4, you can use FAST_IPSEC and IPv6. I have pullup most of the
current change into NetBSD-4 a long time ago.  There are still some
issues in the implementation (the implementation doesn't work correctly
with extension header in transport mode). Of course, the code needs to
be tested, tested and retested in real configuration and I wait for any
feedback good or bad :).
Arnaud Degroote