On Fri, Apr 06, 2007 at 04:49:01PM +0200, Ivan Voras wrote: > [EMAIL PROTECTED] wrote: > > >The patch removes Kame derived IPsec from the tree, and adds v6 > >support to FAST_IPSEC. The IPSEC kernel option is removed, but the > >FAST_IPSEC option remains. This is a test patch and has a known > >problem with routing packets through a node. Nodes can operate in a > >host mode, that is they are the endpoint of a tunnel. > > Just a quick question: Is the reason for this simplification, > performance, cleanup (I see spl...() functions removed), or something else?
KAME IPSEC is both giant-locked and lower performance than fast IPSEC (which also integrates with crypto hardware devices). The missing piece from the latter is what George has implemented, namely IPv6 support. Kris
pgpxtWhVeGGKz.pgp
Description: PGP signature
