[Openswan dev] A question about NAT-OA

Kevin Wilson wkevils at gmail.com
Mon Nov 29 14:04:38 EST 2010

Thanks, Paul,

   I should have phrased my question better. What I was wondering here
is that I don't see anywhere in the kernel usage of the NAT-OA
and as far as I understand, the kernel should have take this NAT-OA
addresses for computing of checsum. Grepping under the kernel
tree , we will find a member called encap_oa in xfrm_encap_tmpl,
but nobody uses it. Strange,

On Mon, Nov 29, 2010 at 6:41 PM, Paul Wouters <paul at xelerance.com> wrote:
> On Sun, 28 Nov 2010, Kevin Wilson wrote:
>> Hello,
>>  I saw that when working in transport mode and
>> using NAT-traversal, you should send in the two first Quick mode IKE
>> message
>> the OA (original address) of one side. This should be received by the
>> other side and used for checksum calculation (since the original address
>> was changed by a NAT).
>> My question is: where is this checksum calculation done ? is it done
>> in the kernel ? I tried for hours to find where is the Linux kernel
>> stack this is done, and I could not find anything.
>> I would appreciate if somebody can point me.
> I guess the UDP 4500 packet checksum is dealth with in the regular udp.c
> code? the ESP payload will be checked to validate, but I am not sure if
> there is any further checksum checking.
> Paul

More information about the Dev mailing list