We agree, but the re-engineering of FreeS/WAN to use ipfilter is going to
take time, and we'd hoped to do an interim release which would work with
the old mechanism. Doing that on the 2.2 kernels is proving unexpectedly
difficult.
(It's also not clear that switching to ipchains/ipfilter would solve all
of Richard's problems. He'd still have the problem of having to fragment
a packet because it has unexpectedly become too big. [Just cranking down
the MTU so that such packets do not get sent is not a viable answer, for
several reasons beyond our control.] However, the circumstances should be
less constraining.)
Henry Spencer
henry@spsystems.net
(henry@zoo.toronto.edu)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/