[Openswan dev] Re: [PATCH] Openswan and OS X with NAT-T

Paul Wouters paul at xelerance.com
Thu Oct 6 04:02:13 CEST 2005


On Thu, 29 Sep 2005, Peter Van der Beken wrote:

> Bah! Looking at the debugging info on both ends confirms that they inverted 
> the messages for the hashes, they send the hash for the local side first and 
> then the hash for the remote side, whereas the RFC specifies that the 
> receiver should get the local side first and then the remote side. I attached 
> an updated patch that handles this bug too (still 2.3.1, sorry!). It's 
> getting uglier with every iteration :-(.
>
> I do think that http://bugs.xelerance.com/view.php?id=442 is right, in 
> nat_traversal_add_natd the hash for the second packet is computed using 
> &(md->iface->ip_addr) and ntohs(st->st_remoteport), I think that last one 
> should be ntohs(st->st_localport).

Patch has been queued up at http://bugs.xelerance.com/view.php?id=462

Paul
-- 

"Happiness is never grand"

 	--- Mustapha Mond, World Controller (Brave New World)


More information about the Dev mailing list