[Openswan Users] Openswan 1.0.0 and RHES3
mcr at sandelman.ottawa.on.ca
Sat Jan 3 19:39:27 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
In general, the NAT-T patch is going to start showing up.
For OSW 2.1.0, I've been trying to decide exactly what to do.
1) you can not build a standalone module that does NAT-T as it stands.
2) if you are building static kernel, and NAT-T is already there,
then it fails.
3) if you have a kernel that is already patched, then the module build
ought to support it.
Ideally, I'd like to not care if the NAT-T patch is there. There is already
some code to deal with this.
One solution is to get rid of the different traversal methods. That gets rid
of the need for ipsec_rcv() to know which method was used, and therefore the
sock.h patch, which is the most annoying part.
A solution to the udp.c patch is to have a netfilter module to do the same
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the Users