Kelly Yancey wrote: > Just FYI, when we implemented the enc interface for FreeBSD 4.10 for > one of our products at work, we encountered a similar issue. The > problem is that you need to add a flag to the sockaddr_in passed to the > divert(4) consumer; when that consumer re-injects the packets into the > network stack, ip_output() needs to check for the flag and goto > skip_ipsec to avoid re-encapsulation. The next issue is that > there is no room in the sockaddr_in structure for such a flag.
Another problem with divert is described in detail here: http://freebsd.rambler.ru/bsdmail/freebsd-net_2004/msg01736.html In short: divert of a packet removes multicast options that it may have and bad things happen with RIPv2 multicast packets. Eugene _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
