> On Tue, Nov 8, 2011 at 8:24 AM, Peter P Waskiewicz Jr > <peter.p.waskiewicz...@intel.com> wrote: >> On Mon, 2011-11-07 at 19:10 -0800, Daniil Stolnikov wrote: >>> Hello! >>> >>> Found that the stack IPSec in Linux does not support any IP range. Many >>> people ask this question. The archives say strongswan said that their >>> daemon supports a range, but the Linux IPSec stack supports only the >>> subnets. I am writing to you to implement support for IP range in Linux. I >>> think that a lot more people will appreciate this innovation. >> >> It'd be even better if you could write a patch for us to review.
> oh, come on! > changing addr_match() is trivial for ipv4 and easy for ipv6. :-) Is not entirely clear how this function works. It seems that it works again with the subnet bits and comparing the length of the prefix networks. Probably you mean that you need to add back the comparison ranges? If so, what if we use zywall we do not know the format of the range. Well, as I said, I badly oriented in the kernel code. I can tell kettle. A change in the function code certainly entail a change in at least the data types passed to the function. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
