>>>>> "Sam" == Sam Leffler <[EMAIL PROTECTED]> writes:
Sam> Wow, someone besides me actually using fast ipsec! :) You're not alone ;) Sam> Packets are tagged once they've been processed on input. I think Sam> you can do a similar check with something like: Ok patch against 4.8-RELEASE attached. Sam> Long term, I intend is to associate packets with an enc device so Sam> there's a way to identify these packets when writing firewall Sam> rules. Fine. Thanks a lot Eric Masson -- > Nous recherchons une streap-teaseuse confirmée pour animer des dîners > dansants en région parisienne. Cette offre est sérieuse. Email pour > premier contact : [EMAIL PROTECTED] Tél Philippe : 0142458XXX -+- PG in Guide du Neuneu Usenet - Le premeir contact sera le bon -+-
*** ip_input.c.orig Wed Apr 2 16:50:54 2003 --- ip_input.c Wed Apr 2 16:18:57 2003 *************** *** 432,437 **** --- 432,445 ---- goto pass; #endif + #if defined(FAST_IPSEC) && !defined(IPSEC_FILTERGIF) + /* + * Bypass packet filtering for packets from a tunnel (gif). + */ + if (m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL) != NULL) + goto pass; + #endif + /* * IpHack's section. * Right now when no processing on packet has done
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
