On Tue, Feb 21, 2006 at 09:08:43PM -0500, Christos Zoulas wrote:
> On Feb 21,  3:50pm, thorpej@shagadelic.org (Jason Thorpe) wrote:
> -- Subject: Re: IPSEC in GENERIC
> 
> Here's a patch to provide a fast path for both IPSEC and FAST_IPSEC.
> The IPSEC code works fine. The FAST_IPSEC prints errors, but the code
> has been rotting; i.e. it does not even compile with other IPSEC options
> such as IPSEC_NAT_T.

That's an unfair characterization; the author of the IPSEC_NAT_T code
chose to implement it only for the KAME stack.  None of the other IPSEC_X
or IPSEC_Y options are relevant to the FAST_IPSEC stack at all and it is
well documented that you can't have both in your kernel.

There are many users of the FAST_IPSEC code, including a number of
machines run by The NetBSD Foundation itself.

Thor