Re: [Ipsec-tools-devel] Policies on sockets under *BSD
Brought to you by:
mit_warlord,
netbsd
From: <ma...@ne...> - 2004-11-22 20:58:50
|
Aidas Kasparas <a.k...@gm...> wrote: > In linux it is possible to set up policy which is effective just for > one socket. This is what racoon does for it's sockets and this is why > there are couple of policies matching any packet for every address > racoon is listening in setkey -D output. > > These policies are given to racoon via PF_KEY interface as a regular > policy without any indication that it is socket only policy. The only > method how to distinguish them under linux is take remainder from > division of spidx by 8 and decide by that value. > 0:in; 1:out; 2:fwd; 3:socket in; 4: socket out; 5 socket fwd (which does > not make sense); 6, 7 not in use AFAIK. > > I would like to ask you *BSD folks, is there anything similar in BSD land? Not AFAIK. The change would be rather intrusive, woulnd't it? Maybe Jason Thrope will have a good answer on this topic. Jason? -- Emmanuel Dreyfus Il y a 10 sortes de personnes dans le monde: ceux qui comprennent le binaire et ceux qui ne le comprennent pas. ma...@ne... |