We'll be happy to use existing tunnel machinery if we can... but it will
take some careful study to establish that we indeed can. IPSEC imposes a
number of constraints; in particular, we have a requirement to do certain
types of checking on an incoming packet *after* it emerges from the
tunnel. (We aren't currently doing this, but that is a bug.) We may be
able to do it using the new routing machinery, but that needs to be
confirmed.
Henry Spencer
henry@spsystems.net
(henry@zoo.toronto.edu)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/