From owner-freebsd-questions Fri Oct 30 07:32:26 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA21523 for freebsd-questions-outgoing; Fri, 30 Oct 1998 07:32:26 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from horst.bfd.com (horst.bfd.com [12.9.219.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA21517 for ; Fri, 30 Oct 1998 07:32:25 -0800 (PST) (envelope-from ejs@bfd.com) Received: from HARLIE.bfd.com (bastion.bfd.com [12.9.219.14]) by horst.bfd.com (8.9.1/8.9.1) with ESMTP id HAA07182; Fri, 30 Oct 1998 07:32:18 -0800 (PST) (envelope-from ejs@bfd.com) Date: Fri, 30 Oct 1998 07:32:18 -0800 (PST) From: "Eric J. Schwertfeger" To: Matthew Reimer cc: freebsd-questions@FreeBSD.ORG Subject: Re: SKIP and NAT on tun0? In-Reply-To: <36393409.CF5E0DAE@vpop.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 29 Oct 1998, Matthew Reimer wrote: > Has anyone been able to make SKIP and NAT work on the same interface? No, and after a good bit of digging, I know exactly why, too. Basically, SKIP uses a flag in the MBUF for the packet to signal that it has seen a given packet. NATD, being user space, doesn't get to see the MBUF, so when it reinjects the packet, the MBUF doesn't have the flag set, so SKIP sees the packet as being unencrypted coming from a host that should only be talking encryption, so it discards the packet. Both of the patents that cover SKIP 1.0 are expired, so if someone with more time wants to implement their own version, feel free. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message