[Openswan dev] freeswan/openswan nat-t port
Ken Bantoft
ken at xelerance.com
Wed Jan 28 09:04:51 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
FYI:
http://www.f34r.com/temp has someone who's already done all of that....
On Wed, 28 Jan 2004, Andreas Gruenbacher wrote:
> Hello,
>
> I have started to port NAT-Traversal-0.6-freeswan-2.00-x509-1.3.5.diff
> to Freeswan 2.04. The critical area is the split of pluto's kernel.c
> into into kernel{,_netlink,_pfkey}.c, and the netlink code reuiqred for
> nat-t. Having learned that the openswan port contains a port of that
> patch as well, I checked and compared your code with mine.
>
> My current version of the port against Freeswan-2.04+x509 can be found
> at http://www.suse.de/~agruen/freeswan/.
>
> There are some differences: You have introduced a new update_esp_sa
> kernel_op. I noticed that the existing version of pfkey_add_ss() does
> the same thing as pfkey_update_esp_sa() is supposed to do. This makes
> me think that update_esp_sa is not necessary. For using add_sa directly,
> setup_half_ipsec_sa() needs a little refactoring, though. (Please see
> the patch.)
>
> Both ports are still missing the code required for NAT in
> netlink_add_sa(). Do you have an idea how that code must look like? I
> have no clue about netlink. Thanks.
>
>
> Thanks,
>
- --
Ken Bantoft VP Business Development
ken at xelerance.com Xelerance Corporation
sip://toronto.xelerance.com http://www.xelerance.com
The future is here. It's just not evenly distributed yet.
-- William Gibson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFAF8GGPiOgilmwgkgRAuSMAKCtuVXwWeSbTxUKuHgmbRT253BzdACfYbPK
tOnMotOChWujnLALgedX9Yk=
=3+zD
-----END PGP SIGNATURE-----
More information about the Dev
mailing list