[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

options FAST_IPSEC & tunnels

Subject: options FAST_IPSEC & tunnels
From: e-masson at kisoft-services.com (Eric Masson)
Date: Tue Apr 1 08:15:38 2003

Hello

I'm using IPSEC tunnels to join different gateways over the Internet.

I've made some trials with FAST_IPSEC today (I've received a Soekris
VPN1201) and i'm facing a problem with incoming packets.

The following code snippet from /sys/netinet/ip_input.c permits
detunneled packets to flow without being filtered by ipf/ipfw :

#if defined(IPSEC) && !defined(IPSEC_FILTERGIF)
	/*
	 * Bypass packet filtering for packets from a tunnel (gif).
	 */
	if (ipsec_gethist(m, NULL))
		goto pass;
#endif

Is there any counterpart for FAST_IPSEC (I've dug thru the code, but no
luck atm) ?

Regards.

Eric Masson

-- 
 je me suis cr?? un tas d'amis virtuels. Pourquoi cette sympathie? le
 flux peut-?tre magn?tique que je d?gage, vu que je gu?ris les br?lures
 par pression de mes mains sur les plaies et cloques. Et c'est vrai.
 -+- DD in <http://www.le-gnu.net> C'est vrai je l'ai lu sur usenet -+-

Follow-Ups:
- options FAST_IPSEC & tunnels
  - From: Sam Leffler

Prev by Date: FreeBSD 5.0 dual-stack server
Next by Date: FreeBSD 5.0 dual-stack server
Previous by thread: FreeBSD 5.0 dual-stack server
Next by thread: options FAST_IPSEC & tunnels
Index(es):
- Date
- Thread

Visit your host, monkey.org