From owner-freebsd-net@FreeBSD.ORG Tue Jul 1 14:56:46 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A561D1065672 for ; Tue, 1 Jul 2008 14:56:46 +0000 (UTC) (envelope-from sam@freebsd.org) Received: from ebb.errno.com (ebb.errno.com [69.12.149.25]) by mx1.freebsd.org (Postfix) with ESMTP id 80A538FC20 for ; Tue, 1 Jul 2008 14:56:46 +0000 (UTC) (envelope-from sam@freebsd.org) Received: from trouble.errno.com (trouble.errno.com [10.0.0.248]) (authenticated bits=0) by ebb.errno.com (8.13.6/8.12.6) with ESMTP id m61EuhNP060632 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 1 Jul 2008 07:56:44 -0700 (PDT) (envelope-from sam@freebsd.org) Message-ID: <486A45AB.2080609@freebsd.org> Date: Tue, 01 Jul 2008 07:56:43 -0700 From: Sam Leffler Organization: FreeBSD Project User-Agent: Thunderbird 2.0.0.9 (X11/20071125) MIME-Version: 1.0 To: Larry Baird References: <20080630040103.94730.qmail@mailgate.gta.com> In-Reply-To: <20080630040103.94730.qmail@mailgate.gta.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-DCC--Metrics: ebb.errno.com; whitelist Cc: freebsd-net@freebsd.org, vanhu_bsd@zeninc.net Subject: Re: FreeBSD NAT-T patch integration X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jul 2008 14:56:46 -0000 Larry Baird wrote: >> And how do I know that it works ? >> Well, when it doesn't work, I do know it, quite quickly most of the >> time ! >> > I have to chime in here. I did most of the initial porting of the > NAT-T patches from Kame IPSec to FAST_IPSEC. I did look at every > line of code during this process. I found no security problems during > the port. Like Yvan, my company uses the NAT-T patches commercially. > Like he says, if it had problems, we would hear about it. If the patches > don't get commited, I highly suspect Yvan or myself would try to keep the > patches up todate. So far I have done FAST_IPSEC pacthes for FreeBSD 4,5,6. > Yvan did 7 and 8 by himself. Keeping up gets to be a pain after a while. > I do plan to look at the FreeBSD 7 patches soon, but it sure would be nice > to see it commited. > > This whole issue seems ridiculous. I've been trying to get the NAT-T patches committed for a while but since I'm not setup to do any IPSEC testing have deferred to others. If we need to break a logjam I'll pitch in. Sam