[Openswan dev] NAT-T patch

Paul Wouters paul at xelerance.com
Wed May 20 12:05:52 EDT 2009

On Wed, 20 May 2009, David McCullough wrote:

> but the L2TP version:
> doesn't.  When XFRM is in the kernel,  xfrm4_udp_encap_rcv does almost
> exactly, line for line, what klips26_udp_encap_rcv does.  When XRM is not in
> the kernel you get an empty function stub, so basically,  klips needs to
> provide it's own version of xfrm4_udp_encap_rcv,  and that is
> klips26_udp_encap_rcv.

I had thought we could just load one of the xfrm modules that dealt with
this, that was seperate enough from the esp4 module to not interfere with us.
I thought the whole l2tp addition cause them to seperate xfrm4_udp_encap_rcv
from the IPsec code.

> Had a quick look at what L2TP is doing.  It still has it's own encap_rcv
> function.  Not as heavy as the ipsec versions for some reason,  but it is
> doing everything in a similar way to xfrm and now klips.

Then the next question is, can we deal with that in one pass, so that if
we use ipsec+l2tp, that we can decap the l2tp data packets as well (and
send the l2tp control packets to userland for processing)


More information about the Dev mailing list