Re: enc0 patch for ipsec

From: "Scott Ullrich" <sullrich@xxxxxxxxx>
Date: Fri, 16 Jun 2006 11:41:27 -0400

On 6/16/06, Max Laier <max@xxxxxxxxxxxxxx> wrote:

I think it should get a "device enc" on its own. Some people might consider
enc(4) to be a security problem so getting it with FAST_IPSEC automatically
isn't preferable.

You have to specifically create the enc0 interface (ifconfig enc0
create) before it becomes active. Otherwise it will not hit the enc
code path unless the device is created.

Scott
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

Follow-Ups:
- Re: enc0 patch for ipsec
  - From: Max Laier

References:
- enc0 patch for ipsec
  - From: Andrew Thompson
- Re: enc0 patch for ipsec
  - From: Max Laier

Prev by Date: Re: enc0 patch for ipsec
Next by Date: Re: enc0 patch for ipsec
Previous by thread: Re: enc0 patch for ipsec
Next by thread: Re: enc0 patch for ipsec
Index(es):
- Date
- Thread

Relevant Pages

Re: enc0 patch for ipsec
... On 6/16/06, Max Laier wrote: ... encto be a security problem so getting it with FAST_IPSEC automatically ... Otherwise it will not hit the enc ... code path unless the device is created. ...
(freebsd-arch)
Re: enc0 patch for ipsec
... Max Laier wrote: ... consider encto be a security problem so getting it with FAST_IPSEC ... Same reason you don't want SADB_FLUSH on by default. ... lost anyway. ...
(freebsd-arch)
Re: enc0 patch for ipsec
... Max Laier wrote: ... consider encto be a security problem so getting it with FAST_IPSEC ... Same reason you don't want SADB_FLUSH on by default. ... lost anyway. ...
(freebsd-net)