Wow, someone besides me actually using fast ipsec! :)
At least two of us, besides you...
Packets are tagged once they've been processed on input. I think you can do a similar check with something like:
if (m_tag_find(PACKET_TAG_IPSEC_IN_DONE) != NULL) goto pass;
Long term, I intend is to associate packets with an enc device so there's a way to identify these packets when writing firewall rules.
That would be really helpful.
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
