From: Daniil Stolnikov Subject: Re: Add IPSec IP Range in Linux kernel Date: Wed, 9 Nov 2011 10:32:07 +0800 Message-ID: <552673196.20111109103207@mail.ru> References: <20111108.121620.2044664919065812135.davem@davemloft.net> <1289495586.20111109093607@mail.ru> <20111108.204253.891598837549584662.davem@davemloft.net> Reply-To: Daniil Stolnikov Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1251 Content-Transfer-Encoding: 8BIT Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org, , , , , , To: David Miller Return-path: Received: from smtp24.mail.ru ([94.100.176.177]:35610 "EHLO smtp24.mail.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751141Ab1KICcS convert rfc822-to-8bit (ORCPT ); Tue, 8 Nov 2011 21:32:18 -0500 In-Reply-To: <20111108.204253.891598837549584662.davem@davemloft.net> Sender: linux-crypto-owner@vger.kernel.org List-ID: > Like I said, if you want address ranges, ask the userland IPSEC daemon > authors to synthesize it. In this letter, the mailing list http://marc.info/?l=strongswan-users&m=130613736616488&w=4 strongswan-users say that their product has support for IP ranges, but the stack of Linux is based on network masks. So I do not understand how this would work without the support at the kernel level? How will coordination of policies?