[Openswan dev] freeswan/openswan nat-t port
Andreas Gruenbacher
agruen at suse.de
Wed Jan 28 12:31:38 CET 2004
Hello,
I have started to port NAT-Traversal-0.6-freeswan-2.00-x509-1.3.5.diff
to Freeswan 2.04. The critical area is the split of pluto's kernel.c
into into kernel{,_netlink,_pfkey}.c, and the netlink code reuiqred for
nat-t. Having learned that the openswan port contains a port of that
patch as well, I checked and compared your code with mine.
My current version of the port against Freeswan-2.04+x509 can be found
at http://www.suse.de/~agruen/freeswan/.
There are some differences: You have introduced a new update_esp_sa
kernel_op. I noticed that the existing version of pfkey_add_ss() does
the same thing as pfkey_update_esp_sa() is supposed to do. This makes
me think that update_esp_sa is not necessary. For using add_sa directly,
setup_half_ipsec_sa() needs a little refactoring, though. (Please see
the patch.)
Both ports are still missing the code required for NAT in
netlink_add_sa(). Do you have an idea how that code must look like? I
have no clue about netlink. Thanks.
Thanks,
--
Andreas Gruenbacher <agruen at suse.de>
SUSE Labs, SUSE LINUX AG
More information about the Dev
mailing list