Diego Beltrami <diego.beltrami@xxxxxxx> wrote: > > we have been working for three months to implement a new IPsec mode, > the "BEET" mode, for Linux. Below is a link to the BEET specification > and > the abstract: > > http://www.ietf.org/internet-drafts/draft-nikander-esp-beet-mode-03.txt Thanks for the patch guys, this is really interesting. > extern int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type); > diff -urN linux-2.6.12.2/net/ipv4/esp4.c > linux-beet-2.6.12.2/net/ipv4/esp4.c > --- linux-2.6.12.2/net/ipv4/esp4.c 2005-06-30 02:00:53.000000000 +0300 > +++ linux-beet-2.6.12.2/net/ipv4/esp4.c 2005-07-25 14:39:11.000000000 Although the document only talks about ESP, as far as I can see the encapsulation can be applied to AH/IPComp just as well. So how about moving this stuff to the generic xfrm_input/xfrm_output functions? Also, if you're going to do cross-family transforms, it should be done for both BEET and plain tunnel-mode. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt