Re: performance of TIS Gauntlet

[Rick Murphy <rmurphy () itm-inst com>]

At 12:43 PM 1/26/98 -0500, James Croall wrote:
> I'm not too familiar with the kernel changes in the Gauntlet kernel, but
> as far as I can tell it uses swIPe to provide the VPN support. swIPe has
> been ported to NetBSD and FreeBSD, and could be ported to some of the
> other BSD unices out there. Of course, you can always drop in your
> favourite IPsec implementation and have even stronger encryption.
The VPN support is swIPe that works (there's a bug in the stuff
floating around the net that will cause packet corruption when it's
used over unreliable networks; the original SunOS version didn't
have the problem.)
> The only other serious kernel modification that I know of is the code to
> provide transparent proxy support, and there are patches available to
> add this to the various 4.4BSD unices out there.
The significant kernel mod is to add a system call for transparency
support. If this system call isn't available, the proxies won't function.
The FWTK transparency patches that I've seen do things very differently.
There is also a packet screening device driver that amongst other things
blocks ICMP.

> Although if you're this die-hard about doing it yourself..
Well, I *did* do it myself.. when I worked for TIS ;-)
        -Rick