On Mon, Dec 10, 2007 at 09:02:29PM +0530, Dutta Dwaip wrote:
> 
> Are the following IPSec RFCs supported in NetBSD or FreeBSD latest code base:
> RFC 4302  -- Authentication Header
> RFC 4303  -- ESP
>  RFC 4305 -- Cryptographic algorithms support
> 
> Is there any place which clearly tells which RFCs are supported ?

I fear that RFC 4302 and 4303 are not supported. The current
implementation is mostly conform to RFC 2402 / 2406. I'm sure that we
don't support ESN (Extented Sequence Number) and I'm not really sure
about the status of our ipsec and multicast. Concerning 'combined' mode,
I don't think we support them too but I'm not sure it is a requirement
(as RFC 4305 doesn't propose any real combined algorithm). 

Concerning RFC 4305, I think everything is supported in NetBSD/FreeBSD,
at least in fast_ipsec implementation (not check the other one).

You may find informations about what is exactly supported in ipsec(4).

I hope it will be helpful.

-- 
Arnaud Degroote
degroote@netbsd.org