On 2005.01.26 02:33:54 +0000, Bruce M Simpson wrote: > On Tue, Jan 25, 2005 at 06:38:42PM +0100, Jeremie Le Hen wrote: > > Are you thinking about the enc(4) interface [1] [2] provided with OpenBSD ? > > Somewhat, although whilst enc(4) provides some of this functionality, its > role as far as I can see is mainly to provide a 'tapping point' for filtering > packets as they pass out of the system and into IPSEC (something I believe > we now handle using mbuf tags).
I have been looking into porting enc(4) from OpenBSD and have some partial patches at this point. The point of enc(4) AFAIK is to allow packet filtering of IPsec traffic, basically the ipfw "ipsec" keyword more generic, and bpf tapping of traffic in and out of IPsec tunnels. It's not really related to FreeBSD's use of mbuf tags for IPsec handling, since those are not "visible" from userland. Anyone, please correct me if I'm wrong. -- Simon L. Nielsen
pgprTsjHzT28l.pgp
Description: PGP signature
