Subject: Re: Take #3 - final proposed patch for ipsec/bpf/ipfilter integration
To: NetBSD Networking Technical Discussion List <tech-net@NetBSD.ORG>
From: Greg A. Woods <woods@weird.com>
List: tech-net
Date: 05/14/2003 13:16:35
[ On Wednesday, May 14, 2003 at 23:20:12 (+1000), Darren Reed wrote: ]
> Subject: Re: Take #3 - final proposed patch for ipsec/bpf/ipfilter integration
>
> I had thoughts of achieving this same goal in other ways but all were
> more trouble. In some ways, i find this a very good model. Afterall,
> there is nothing that requires it still to be IP traffic that is
> associated with the virtual interface.
Indeed! Regardless of how it's actually implemented under the hood, I
agree this idea of having "virtual" interfaces for each "endpoint" in a
VPN environment is a very good model. It solves the same kind of
problem in the same kind of way for every tool that already deals with
these issues by identifying a specific interface, including IP Filter,
BPF, and maybe even routing and bridging.
--
Greg A. Woods
+1 416 218-0098; <g.a.woods@ieee.org>; <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>