FreeBSD NAT-T patch integration [CFR/CFT]
Larry Baird
lab at gta.com
Thu Jul 17 20:21:42 UTC 2008
Sam,
> Please test/review the following patch against HEAD:
>
> http://people.freebsd.org/~sam/nat_t-20080616.patch
>
> This adds only the kernel portion of the NAT-T support; you must provide
> the user-level code from another place.
>
> The main difference from the patches floating around are in the
> ctloutput path (adding proper locking for HEAD) and decap of ESP-in-UDP
> frames. Assuming folks are ok w/ these changes I'll commit to HEAD.
> Once this stuff goes in we can look at getting the user-mode mods into
> the tree.
I should have time to begin to look at this tomorrow. I also have
an additional patch that needs adding. In sys/netipsec/ipsec_mbuf.c
the function m_makespace() has an assert/comment stating "code doesn't
handle clusters". If using NAT-T with crypto acceleration you can hit
this case. I'll email this patch to you within the next couple of days.
Larry
--
------------------------------------------------------------------------
Larry Baird | http://www.gta.com
Global Technology Associates, Inc. | Orlando, FL
Email: lab at gta.com | TEL 407-380-0220, FAX 407-380-6080
More information about the freebsd-net
mailing list