[Openswan dev] NAT-T patch
Paul Wouters
paul at xelerance.com
Wed May 20 12:05:52 EDT 2009
On Wed, 20 May 2009, David McCullough wrote:
> but the L2TP version:
>
> UDP_ENCAP_L2TPINUDP
>
> doesn't. When XFRM is in the kernel, xfrm4_udp_encap_rcv does almost
> exactly, line for line, what klips26_udp_encap_rcv does. When XRM is not in
> the kernel you get an empty function stub, so basically, klips needs to
> provide it's own version of xfrm4_udp_encap_rcv, and that is
> klips26_udp_encap_rcv.
I had thought we could just load one of the xfrm modules that dealt with
this, that was seperate enough from the esp4 module to not interfere with us.
I thought the whole l2tp addition cause them to seperate xfrm4_udp_encap_rcv
from the IPsec code.
> Had a quick look at what L2TP is doing. It still has it's own encap_rcv
> function. Not as heavy as the ipsec versions for some reason, but it is
> doing everything in a similar way to xfrm and now klips.
Then the next question is, can we deal with that in one pass, so that if
we use ipsec+l2tp, that we can decap the l2tp data packets as well (and
send the l2tp control packets to userland for processing)
Paul
More information about the Dev
mailing list