On Mon, Jun 30, 2003 at 11:56:31AM -0700, Jason Thorpe wrote:
> Well...
> 
> If you think about it, IPsec and an IP firewall package have exactly 
> the same needs when it comes to classification.  Maybe it's because I 
> see the "rule" that matches a packet as orthogonal to the "action" 
> taken when a match is found.
> 
> It just seems silly to me to have two sets of code that parse IP 
> headers in order to then tell a "classification engine" to assign a 
> pre-determined name to the packet.  Really, the act of parsing those 
> headers *IS* the classification step!

But from what I understood, Itojun will move the IPsec classification
to PF. Or is it just part of the IPsec classification ?

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 24 ans d'experience feront toujours la difference
--