Date: Thu, 17 Jul 2008 16:21:41 -0400 From: Larry Baird <lab@gta.com> To: Sam Leffler <sam@freebsd.org> Cc: freebsd-net@freebsd.org, vanhu_bsd@zeninc.net Subject: Re: FreeBSD NAT-T patch integration [CFR/CFT] Message-ID: <20080717202141.GA65940@gta.com> In-Reply-To: <487EC62A.3070301@freebsd.org> References: <20080630040103.94730.qmail@mailgate.gta.com> <486A45AB.2080609@freebsd.org> <487EC62A.3070301@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Sam, > Please test/review the following patch against HEAD: > > http://people.freebsd.org/~sam/nat_t-20080616.patch > > This adds only the kernel portion of the NAT-T support; you must provide > the user-level code from another place. > > The main difference from the patches floating around are in the > ctloutput path (adding proper locking for HEAD) and decap of ESP-in-UDP > frames. Assuming folks are ok w/ these changes I'll commit to HEAD. > Once this stuff goes in we can look at getting the user-mode mods into > the tree. I should have time to begin to look at this tomorrow. I also have an additional patch that needs adding. In sys/netipsec/ipsec_mbuf.c the function m_makespace() has an assert/comment stating "code doesn't handle clusters". If using NAT-T with crypto acceleration you can hit this case. I'll email this patch to you within the next couple of days. Larry -- ------------------------------------------------------------------------ Larry Baird | http://www.gta.com Global Technology Associates, Inc. | Orlando, FL Email: lab@gta.com | TEL 407-380-0220, FAX 407-380-6080
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080717202141.GA65940>