[Openswan Users] Backing out the 2.6ipsec code from the RHELv3 kernel

Ken Bantoft ken at xelerance.com
Sun Jan 4 20:36:06 CET 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Sun, 4 Jan 2004, Dax Kelson wrote:

> On Sun, 2004-01-04 at 12:49, Paul Wouters wrote:
> > On Sat, 3 Jan 2004, Dax Kelson wrote:
> > 
> > > Attached is the extracted patch that adds ESP-over-UDP to udp.c. Notice
> > > that it also adds HW checksumming for UDP and sendfile() on UDP. 
> > 
> > Again, you'd want to use the 2.6 backported UDP_ENCAP instead of the ESPinUDP
> > stuff, so that you don't need to change the kernel image itself, and can just
> > use an additional ipsec.o module.
> > 
> > Paul 
> 
> That would be ideal. I'm sure somebody can pull it off so you can build
> a modular Openswan v1.0.0 with the stock, unmodified RHEL kernel. 

IMHO, that's a waste of time.  I'd rather see developer effort on the 2.x 
branch, rather than backporting everything to the 1.x tree.  The amount of 
effort needed to extract the 2.6 af_key support from FreeS/WAN 2.x and 
port it back to Openswan is comparable to porting up the required 
feature(s) from 1.x into a 2.x tree.

> This would be good interim solution until Openswan v2.1 comes out.

I'm trying to get 2.0.0 final shipped within the next 1-2 weeks.  After 
that's out the door, 2.1.x snapshots will appear.  The current stopping 
issue is time.

Currently, mcr is doing the bulk of the integration work.  We've had 
support from JuanJo (who's prepared AES for 2.1.0) and Dr{Who} (IRC nick) 
who ported up both NAT-T and our XAUTH patches to FreeS/WAN 2.04.  
Andreas keeps us current on the X.509 patch now, which has been merged 
for a few weeks.  I'm doing release/packaging/testing/PR stuff at the 
moment.  Currently, getting test-cases for the new features is a bit of a 
priority.  The 2.x tree has a *very* helpfull regression suite - something 
1.x lacks.  This prevents us from making seamingly small changes that 
break expected behaviour - ask Tuomo how many minor changes I've made on 
the Super FreeS/WAN 1.99 trees that broke one or more of his configs, but 
didn't break mine.

We'd welcome further assistance in getting 2.1.x ready for release - note 
that the "no US code" restriction placed on FreeS/WAN does not apply to 
Openswan.


- -- 
Ken Bantoft			VP Business Development
ken at xelerance.com		Xelerance Corporation
sip://toronto.xelerance.com	http://www.xelerance.com

The future is here. It's just not evenly distributed yet. 
        -- William Gibson

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/+L+JPiOgilmwgkgRAuV6AKCyRWtKa3N4Urtt4pNpmAcHm+1P6ACgkDHO
KqTgDze2MqtFy71ou36YOCk=
=WgFu
-----END PGP SIGNATURE-----

More information about the Users mailing list