Discussion:
fast_ipsec code review
(too old to reply)
DEGROOTE Arnaud
2006-11-14 13:24:00 UTC
Permalink
Hi list

First news : I have add the support of extension header in fast_ipsec
so fast_ipsec now can handle correctly any ipv6 packet.

Now, the support of ipv6 is quite complete. So it would be great if
some people can review the current code. I have attached a diff
against current, and you can retrieve all the code in the cvs / cvsweb
associated with the project (
http://netbsd-soc.cvs.sourceforge.net/netbsd-soc/ipsec6/ ).

It would be nice too if some people can test the code in more real
cases and report success and failure. I can provide a
GENERIC.FAST_IPSEC if someone needs it.

Take cares.

PS : Please CC me on reply

--
Arnaud Degroote



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
DEGROOTE Arnaud
2006-11-14 20:29:02 UTC
Permalink
Sorry the patch seems to be broken ( due to this crappy webmail ) , you can
retrieve it on http://zulzul.free.fr/fast_ipsec.diff.

Please excuse me for this.

Take cares.
--
Degroote Arnaud
ENSEIRB Informatique
***@enseirb.fr

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Christos Zoulas
2006-11-15 18:49:12 UTC
Permalink
-=-=-=-=-=-
Hi list
First news : I have add the support of extension header in fast_ipsec
so fast_ipsec now can handle correctly any ipv6 packet.
This is great news! I look forward to the whole thing being committed
and dropping the kame ipsec code.
Now, the support of ipv6 is quite complete. So it would be great if
some people can review the current code. I have attached a diff
against current, and you can retrieve all the code in the cvs / cvsweb
associated with the project (
http://netbsd-soc.cvs.sourceforge.net/netbsd-soc/ipsec6/ ).
There are many KNF issues with the code as far as indentation and white-space
is concerned, but they should be easily fixable. Also at this point the
code should use ansi prototypes...
It would be nice too if some people can test the code in more real
cases and report success and failure. I can provide a
GENERIC.FAST_IPSEC if someone needs it.
Take cares.
PS : Please CC me on reply
Unfortunately it will be difficult for me to test ipv6 because my provider
does not use it, but I can definitely check ipv4.

christos


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Jonathan A. Kollasch
2006-11-15 19:32:39 UTC
Permalink
Post by Christos Zoulas
Post by DEGROOTE Arnaud
~~~~
It would be nice too if some people can test the code in more real
cases and report success and failure. I can provide a
GENERIC.FAST_IPSEC if someone needs it.
Take cares.
PS : Please CC me on reply
Unfortunately it will be difficult for me to test ipv6 because my provider
does not use it, but I can definitely check ipv4.
Actually, there are any number of ways to get connectivity to that
Internet, 6to4, a tunnel broker, maybe Teredo. Anyway, you could
always use a RFC 4193 address block.

I should build this and throw it on my test boxes. If only racoon
were a bit more stable for me while using GSSAPI, oh well, there's
always PSK.

Jonathan Kollasch

Loading...