> On 4/1/2003 11:03 AM, Sam Leffler wrote:
> >
> > Long term, I intend is to associate packets with an enc device so
> > there's a way to identify these packets when writing firewall rules.
>
> Alternatively (and already working), you can replace IPsec tunnel mode
> with IPIP (gif) tunnels and tran
On 4/1/2003 11:03 AM, Sam Leffler wrote:
Long term, I intend is to associate packets with an enc device so
there's a way to identify these packets when writing firewall rules.
Alternatively (and already working), you can replace IPsec tunnel mode
with IPIP (gif) tunnels and transport mode, and the
Sam Leffler wrote:
Wow, someone besides me actually using fast ipsec! :)
At least two of us, besides you...
Packets are tagged once they've been processed on input. I think you can do
a similar check with something like:
if (m_tag_find(PACKET_TAG_IPSEC_IN_DONE) != NULL)
goto pass;
Long term,
> I'm using IPSEC tunnels to join different gateways over the Internet.
>
> I've made some trials with FAST_IPSEC today (I've received a Soekris
> VPN1201) and i'm facing a problem with incoming packets.
>
> The following code snippet from /sys/netinet/ip_input.c permits
> detunneled packets to flo
Hajimu UMEMOTO wrote:
> boote> This seems to contradict the recommendation in RFC 3493 (which I realize
> boote> is only informational)... I've been doing a web search to try and find
> boote> some kind of record for the rational used for making this default to
> boote> v6only. I haven't found anyt
Hello
I'm using IPSEC tunnels to join different gateways over the Internet.
I've made some trials with FAST_IPSEC today (I've received a Soekris
VPN1201) and i'm facing a problem with incoming packets.
The following code snippet from /sys/netinet/ip_input.c permits
detunneled packets to flow wit
Hi,
> On Sun, 30 Mar 2003 13:11:24 -0700
> "Jeff W. Boote" <[EMAIL PROTECTED]> said:
boote> Hmm. So the trade-off is calling select or using IN6_IS_ADDR_V4MAPPED?
Yes.
boote> (My applications need to understand the addresses at a pretty detailed
boote> level anyway - I'll probably stick
