[Openswan dev] freeswan/openswan nat-t port

Ken Bantoft ken at xelerance.com
Wed Jan 28 09:04:51 CET 2004

Hash: SHA1


http://www.f34r.com/temp has someone who's already done all of that....

On Wed, 28 Jan 2004, Andreas Gruenbacher wrote:

> Hello,
> I have started to port NAT-Traversal-0.6-freeswan-2.00-x509-1.3.5.diff
> to Freeswan 2.04. The critical area is the split of pluto's kernel.c
> into into kernel{,_netlink,_pfkey}.c, and the netlink code reuiqred for
> nat-t. Having learned that the openswan port contains a port of that
> patch as well, I checked and compared your code with mine.
> My current version of the port against Freeswan-2.04+x509 can be found
> at http://www.suse.de/~agruen/freeswan/.
> There are some differences: You have introduced a new update_esp_sa
> kernel_op. I noticed that the existing version of pfkey_add_ss() does
> the same thing as pfkey_update_esp_sa() is supposed to do. This makes
> me think that update_esp_sa is not necessary. For using add_sa directly,
> setup_half_ipsec_sa() needs a little refactoring, though. (Please see
> the patch.)
> Both ports are still missing the code required for NAT in
> netlink_add_sa(). Do you have an idea how that code must look like? I
> have no clue about netlink. Thanks.
> Thanks,

- -- 
Ken Bantoft			VP Business Development
ken at xelerance.com		Xelerance Corporation
sip://toronto.xelerance.com	http://www.xelerance.com

The future is here. It's just not evenly distributed yet. 
        -- William Gibson

Version: GnuPG v1.0.7 (GNU/Linux)


More information about the Dev mailing list