tech-kern: Re: packet handling for IPsec NAT-T

Subject: Re: packet handling for IPsec NAT-T
To: Emmanuel Dreyfus <manu@netbsd.org>
From: Jason Thorpe <thorpej@shagadelic.org>
List: tech-kern
Date: 09/24/2004 15:27:40

--Apple-Mail-22--353939772
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; format=flowed


On Sep 24, 2004, at 3:09 PM, Emmanuel Dreyfus wrote:

> The userlevel socket owner might want to get non ESP traffic on the
> socket. In that case the sender has to add a non ESP market at the
> beginning of the UDP payload. The kernel will detect that and the 
> packet
> will be handed to userlevel instead of being sent to esp4_input.

Err, not just "might".  From my vague recollection from IPSEC WG 
meetings a few years go, this would be a socket that normally carries 
IKE traffic for the IKE daemon, right?

         -- Jason R. Thorpe <thorpej@shagadelic.org>


--Apple-Mail-22--353939772
content-type: application/pgp-signature; x-mac-type=70674453;
	name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQFBVJ9cOpVKkaBm8XkRAtZEAJ9i4jmiyWmW5Xw4irU8xQSl2PWQ2QCdFSfj
R561uL60/tJ7Roxokgf/lu8=
=mTNM
-----END PGP SIGNATURE-----

--Apple-Mail-22--353939772--