[Openswan dev] Re: [PATCH] Openswan and OS X with NAT-T
paul at xelerance.com
Thu Oct 6 04:02:13 CEST 2005
On Thu, 29 Sep 2005, Peter Van der Beken wrote:
> Bah! Looking at the debugging info on both ends confirms that they inverted
> the messages for the hashes, they send the hash for the local side first and
> then the hash for the remote side, whereas the RFC specifies that the
> receiver should get the local side first and then the remote side. I attached
> an updated patch that handles this bug too (still 2.3.1, sorry!). It's
> getting uglier with every iteration :-(.
> I do think that http://bugs.xelerance.com/view.php?id=442 is right, in
> nat_traversal_add_natd the hash for the second packet is computed using
> &(md->iface->ip_addr) and ntohs(st->st_remoteport), I think that last one
> should be ntohs(st->st_localport).
Patch has been queued up at http://bugs.xelerance.com/view.php?id=462
"Happiness is never grand"
--- Mustapha Mond, World Controller (Brave New World)
More information about the Dev