On Wed, Apr 16, 2008 at 11:47:40AM -0400, [EMAIL PROTECTED] wrote:
<SNIP!>
> Location of table:
> http://cr.opensolaris.org/~sowmini/ndd.html
Thank you so much for gathering this list. Some quick comments on the
existing ones:
ipsec_override_persocket_policy
- It is defined but not used, but its functionality needs to exist
*somewhere*. Please note that it needs to migrate to
ipsecinit.conf or, more appropriately, as a property of the
network/ipsec/{policy,something-new?} service.
*_accept_clear_messages
- Agreed.
ipsec_policy_log_interval
- Agreed.
And I hate to dump on you, but you forgot that /dev/ipsec{ah,esp} have
ndd tunables too.
ipsec{ah,esp}_debug
- Treat like other *_debug tunables.
ipsec{ah,esp}_age_interval
ipsec{ah,esp}_reap_delay
ipsec{ah,esp}_replay_size
ipsec{ah,esp}_acquire_timeout
ipsec{ah,esp}_larval_timeout
ipsec{ah,esp}_default_{hard,soft}_{bytes,addtime,usetime}
ipsec{ah,esp}_log_unknown_spi
- These can all become IPsec-wide (vs. having an AH version and an
ESP version), and should probably land wherever
previously-suggested NDD changes like *_accept_clear_messages land.
ipsecesp_padding_check
ipsecesp_nat_keepalive_interval
- These are ESP-specific, but should still probably land where the
previous IPsec tunables go.
Dan
_______________________________________________
networking-discuss mailing list
[email protected]
