tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: heads-up: IPSEC is now FAST_IPSEC

Matthias Drochner <> wrote:
> > I think post-netbsd-6 branch (or even now?)
> > would be a very good time.
> Post-6-branch would be OK if no serious problems show up.

Do you have plans to remove old IPSEC since netbsd-6 was branched now?
It would make further work on network stack easier.

> Policy lookup is actually something which could need some
> improvement, because it is performance critical even is
> IPSEC is not used for the connection in question. OpenBSD
> has integrated this with the routing framework, but using
> a packet filter as packet classifier would also be
> a conceivable option. What are your plans with npf?

I think routing code needs some rework for policy routing.  We can still
use mbuf tags as a generic mechanism to communicate between different
components in the network stack, and thus perform routing based on tags.


Home | Main Index | Thread Index | Old Index