[Openswan dev] [PATCH] klips + nat-t on 2.6.23
David_Mccullough at securecomputing.com
Thu Nov 8 22:26:55 EST 2007
Jivin Paul Wouters lays it down ...
> On Fri, 9 Nov 2007, David McCullough wrote:
> > Here a patch for 2.6.23 that should give you working nat-t.
> > I have done some limited testing, all seems to be working.
> > Let me know if you have any problems,
> I'll have a look at it, but I don't think it is what we wanted.
> We wanted to hook into xfrm4_input without requiring to modify
> udp.c as you did. Similar to pppol2tp. That way, people can
> compile klips as module without requiring to recompile the
> entire kernel.
Ok, there seemed to be a much nicer way waiting to happenr.
I was trying not to mess to much with things for now. I might have a
look around and see if I can do better.
> We did preliminary work for #testing, but we need to pass
> the new icotl from pluto to the kernel to mark the socket
> as an encap socket.
I figured this gets 2.4.10 working without modifying 2.4.10 ;-)
> Though I guess this patch works against 2.6.23, so I'll
> verify and put the patch up on the ftp server.
David McCullough, david_mccullough at securecomputing.com, Ph:+61 734352815
Secure Computing - SnapGear http://www.uCdot.org http://www.cyberguard.com
More information about the Dev