Re: FAST_IPSEC is now IPSEC, please be advised...

---

• From: Randall Stewart <rrs@xxxxxxxxx>
• Date: Tue, 03 Jul 2007 11:07:07 -0400

---

Great work George.. :-D

R

gnn@xxxxxxxxxxx wrote:

Hi,

My most recent check-in moves FreeBSD HEAD, soon to be 7.0 into the
post Kame era. What was once FAST_IPSEC has been made into IPSEC and
the Kame IPsec code has been removed from the tree. We will continue
to use and update the Kame IPv6 code but of course there will be no
more drops of code from the Kame project as it ended a year ago.

Some things about the new IPsec:

1) Hardware Offload Support

Support for several vendors hardware accelerators is available by
using the new IPsec code.

2) Fine Grained Locking (SMP)

One of the major reasons to move to the new codebase and to deprecate
the Kame code was that we needed an IPsec stack that was locked for
our SMP kernel architecture.

3) Full IPv6 Support

One of the missing features of the old FAST_IPSEC code was IPv6
support. IPv6 is now fully supported.


The code has been tested in my lab using both home grown tests and the
TAHI test suite (http://www.tahi.org) as well by some FreeBSD
Developers, notably Bjoern Zeeb, who is also responsible for the user
land fixes, as well as numerous patches to the kernel.

Please forward problems, and patches to me, or this list.

Best,
George

_______________________________________________
freebsd-current@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@xxxxxxxxxxx"

--
Randall Stewart
NSSTG - Cisco Systems Inc.
803-345-0369 <or> 803-317-4952 (cell)
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

---

• References:
  • FAST_IPSEC is now IPSEC, please be advised...
    • From: gnn

• Prev by Date: FAST_IPSEC is now IPSEC, please be advised...
• Next by Date: Re: kern/112710: [re] if_re driver detects incorrect b243a405a405 MAC address on SMC9452TX-1 pci gigabit cards
• Previous by thread: FAST_IPSEC is now IPSEC, please be advised...
• Next by thread: Re: FAST_IPSEC is now IPSEC, please be advised...
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: [fw-wiz] IPv6 and IPSec ... > require IPSec? ... And "support" can be a nebulus thing. ... all of IPv4 in toto. ... And something like 40 million IPv6 networks are routable in the ... (Firewall-Wizards) Re: FAST_IPSEC is now IPSEC, please be advised... ... the Kame IPsec code has been removed from the tree. ... Hardware Offload Support ... Full IPv6 Support ... (freebsd-current) Re: [fw-wiz] IPv6 and IPSec ... > the security stuff is tightly marshalled over IPv6. ... Tunnels have always been an issue for protected networks. ... You don't have to support IPSec to be IPv4 compliant, ... (Firewall-Wizards) Re: ipv6 question ... It only mandates the SUPPORT of IPsec. ... To be IPv6 compliant you must support it. ... If they say it's a mandatory requirement TO USE (not ... (Fedora) FAST_IPSEC is now IPSEC, please be advised... ... the Kame IPsec code has been removed from the tree. ... Hardware Offload Support ... Full IPv6 Support ... (freebsd-current)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Mailing-Lists  > FreeBSD  > net  > 2007-07