From owner-freebsd-net@FreeBSD.ORG  Tue Jul  1 14:56:46 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A561D1065672
	for <freebsd-net@freebsd.org>; Tue,  1 Jul 2008 14:56:46 +0000 (UTC)
	(envelope-from sam@freebsd.org)
Received: from ebb.errno.com (ebb.errno.com [69.12.149.25])
	by mx1.freebsd.org (Postfix) with ESMTP id 80A538FC20
	for <freebsd-net@freebsd.org>; Tue,  1 Jul 2008 14:56:46 +0000 (UTC)
	(envelope-from sam@freebsd.org)
Received: from trouble.errno.com (trouble.errno.com [10.0.0.248])
	(authenticated bits=0)
	by ebb.errno.com (8.13.6/8.12.6) with ESMTP id m61EuhNP060632
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Tue, 1 Jul 2008 07:56:44 -0700 (PDT) (envelope-from sam@freebsd.org)
Message-ID: <486A45AB.2080609@freebsd.org>
Date: Tue, 01 Jul 2008 07:56:43 -0700
From: Sam Leffler <sam@freebsd.org>
Organization: FreeBSD Project
User-Agent: Thunderbird 2.0.0.9 (X11/20071125)
MIME-Version: 1.0
To: Larry Baird <lab@gta.com>
References: <20080630040103.94730.qmail@mailgate.gta.com>
In-Reply-To: <20080630040103.94730.qmail@mailgate.gta.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-DCC--Metrics: ebb.errno.com; whitelist
Cc: freebsd-net@freebsd.org, vanhu_bsd@zeninc.net
Subject: Re: FreeBSD NAT-T patch integration
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Jul 2008 14:56:46 -0000

Larry Baird wrote:
>> And how do I know that it works ?
>> Well, when it doesn't work, I do know it, quite quickly most of the
>> time !
>>     
> I have to chime in here.  I did most of the initial porting of the
> NAT-T patches from Kame IPSec to FAST_IPSEC.  I did look at every
> line of code during this process.  I found no security problems during
> the port.  Like Yvan, my company uses the NAT-T patches commercially.
> Like he says, if it had problems, we would hear about it.  If the patches
> don't get commited, I highly suspect Yvan or myself would try to keep the
> patches up todate.  So far I have done FAST_IPSEC pacthes for FreeBSD 4,5,6.  
> Yvan did 7 and 8 by himself.  Keeping up gets to be a pain after a while.  
> I do plan to look at the FreeBSD 7 patches soon, but it sure would be nice
> to see it commited.
>
>   
This whole issue seems ridiculous.  I've been trying to get the NAT-T 
patches committed for a while but since I'm not setup to do any IPSEC 
testing have deferred to others.  If we need to break a logjam I'll 
pitch in.

    Sam