From: Dan M. <da...@su...> - 2006-01-26 16:46:23
|
On Thu, Jan 26, 2006 at 05:38:16PM +0100, VANHULLEBUS Yvan wrote: > On Thu, Jan 26, 2006 at 07:02:34AM -0500, Dan McDonald wrote: > > Okay - dumb question time. > > Thanks to warn us about that :-) I aim to please. > > - Could one port ipsec-tools to OpenSolaris assuming it had all of > > the requisite kernel support? > > Give me a working UltraSparc, Solaris kernel documentation and I'll do > it :-) Why UltraSPARC? We work perfectly well on garden-variety x86 boxes too! (And have for some time - S9 "suspension" of x86 be damned.) I'm sure you have a few of those lying around. > And yes, ipsec-tools can (probably) be ported to "quite anything" > which have a kernel IPSec stack and a PFKeyV2 interface.... that is > for "basic features", some advanced features will need further kernel > works (NAT-T encapsulation, etc....). Remember that KAME augments PF_KEYv2 beyond 2367 - as does OpenSolaris. Pity we did them in two completely different manners. (I'm assuming Linux copied KAME's PF_KEY changes - please keep that in mind.) OpenSolaris is funny in that it doesn't support (for now) Tunnel Mode per 2401. We're fixing this, but we do support NAT-T. I will engage this list more completely when Tunnel Reform (the Tunnel-Mode fixes) is complete. Thanks, I'm going back into my hole and write more code. Dan |