[Openswan Users] [Openswan dev] [PATCH] klips + nat-t on 2.6.23

David McCullough David_Mccullough at securecomputing.com
Thu Nov 8 22:26:55 EST 2007

Jivin Paul Wouters lays it down ...
> On Fri, 9 Nov 2007, David McCullough wrote:
> > Here a patch for 2.6.23 that should give you working nat-t.
> > I have done some limited testing,  all seems to be working.
> > Let me know if you have any problems,
> I'll have a look at it, but I don't think it is what we wanted.

Thats ok.

> We wanted to hook into xfrm4_input without requiring to modify
> udp.c as you did. Similar to pppol2tp. That way, people can
> compile klips as module without requiring to recompile the
> entire kernel.

Ok,  there seemed to be a much nicer way waiting to happenr.
I was trying not to mess to much with things for now.  I might have a
look around and see if I can do better.

> We did preliminary work for #testing, but we need to pass
> the new icotl from pluto to the kernel to mark the socket
> as an encap socket.

I figured this gets 2.4.10 working without modifying 2.4.10 ;-)

> Though I guess this patch works against 2.6.23, so I'll
> verify and put the patch up on the ftp server.


David McCullough,  david_mccullough at securecomputing.com,   Ph:+61 734352815
Secure Computing - SnapGear  http://www.uCdot.org http://www.cyberguard.com

More information about the Users mailing list