>>>>> "Pekka" == Pekka Nikander <[EMAIL PROTECTED]> writes:
Pekka> Now, as a small step to that direction I made the following Pekka> small hack to netinet6/esp_input.c It changes the ESP tunneled Pekka> packets to look like they were coming from the loopback Pekka> interface. And it works like charm. However, this is not a Pekka> proper fix, and a better one might be to increment NLOOP and use Pekka> loif[1] instead of loif[0]. Opinions? Seems pretty close to what OpenBSD has implemented, except they don't use the stock loopback interface. Their enc(4) driver is a software loopback interface : http://www.openbsd.org/cgi-bin/man.cgi?query=enc&sektion=4&arch=i386&apropos=0&manpath=OpenBSD+Current It's used in src/sys/netinet/ipsec_input.c to impersonate the incoming interface just as you did in your patch. I'd like to know whether there would be any interest in associating a different interface to each incoming SPD entry or just use only one interface for all incoming SPD entries ? Regards Eric Masson -- «Comme annoncé dans fr.usenet.forums.annonces récemment, le vote pour la destruction/remplacement du groupe fr.comp.os.linux a reussi et est donc detruit.» -+- Control in Guide du linuxien pervers - "BSD a encore frappé" -+- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
