[Openswan dev] IPSECPOLICY flag in Makefile.inc

[Michael Richardson]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Herbert" == Herbert Xu <herbert at gondor.apana.org.au> writes:
    >> You can say, "I want this secure", and you can say "I want to
    >> form a tunnel with FOO", but you can not specify what the
    >> identity of the remote system is supposed to be.

    Herbert> You mean the identity of the remote security gateway? No
    Herbert> that can't be specified beyond the IP address as it is.
   
  Exactly.

    >> The sockopt interface is pretty limited.

    Herbert> Perhaps.  But the current form can be easily extended since
    Herbert> the interface is based on arbitrary strings parsed by each
    Herbert> interface module.

  Yes, the intention of the API is that it can be implemented using
KAME-like setsockopt(), or via some other trusted IPC if desired.

  setsockopt() is a pain to implement for many stacks.

- --
]     "Elmo went to the wrong fundraiser" - The Simpson         |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQOcMK4qHRg3pndX9AQE1ZgP6A+ydg3rStLwD3FzY/IA4PtFcSccu4f4b
/iCqcWF/kMezG91s1fOeJuRW7Rpqfg9BWCNT9UtYeNNOmqeAStzyQwCYN97D2/+x
A0dq/a9FER43rOo1ToZINTAl1I/5K/KKhcG/d7N6ncdxX7Z/qyzq+TSEnHM/8S0U
w81TciPzfT0=
=URxK
-----END PGP SIGNATURE-----