Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?

On Sun, Nov 02, 2008 at 01:06:38AM +0100, Frank Kardel wrote:
> Hi,
> when changing key_cmpsaidx_exactly to key_cmpsaidx_withmode in 
> netkey/key.c:key_getsah()
> negotiations work again. This change is inspired by the code found in 
> netipsec/key.c where
> key_getsah().
> Caution: I have not deeply looked into the issue - thus this change be 
> be completely wrong, but it gives
> probably a hint at whats wrong.
> My rules refer to any protocol - so exact comparisons for specific 
> protocols probably don't match
> in the key_cmpsaidx_exactly function.

Yes, the problem is directly linked to the way ports are handled, and
they are somme isssues withe the actual way it's done.

Doing this change is probably not the good solution (you may get some
unwanted SAs, and I should have a look at the code to ensore you won't
also have some situations where you'll miss the right SA), and cheanup
of the whole stuff is in progress...


Home | Main Index | Thread Index | Old Index