Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports

[christos%zoulas.com@localhost (Christos Zoulas)]

The following reply was made to PR bin/47894; it has been noted by GNATS.

From: christos%zoulas.com@localhost (Christos Zoulas)
To: =?UTF-8?B?RWdlcnbDoXJ5IEdlcmdlbHk=?= <gergely%egervary.hu@localhost>, 
        SUENAGA Hiroki <hsuenaga%iij.ad.jp@localhost>, 
gnats-bugs%NetBSD.org@localhost, 
        gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Cc: 
Subject: Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports
Date: Fri, 20 Jun 2014 12:00:47 -0400

 On Jun 20, 10:42am, gergely%egervary.hu@localhost 
(=?UTF-8?B?RWdlcnbDoXJ5IEdlcmdlbHk=?=) wrote:
 -- Subject: Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports
 
 | > You say:
 | >   "kernel doesn't know its side of negotiation. racoon knows it, but
 | >   there is no API to send the side information to kernel."
 | > 
 | > Probably you should look into the Linuxized racoon code (and the Linux
 | > IPSec code, if required) how it is handled there.
 | 
 | This is the source of the Debianized racoon:
 | 
 | 
ftp://ftp.debian.org/debian/pool/main/i/ipsec-tools/ipsec-tools_0.8.2.orig.tar.gz
 | 
ftp://ftp.hu.debian.org/debian/pool/main/i/ipsec-tools/ipsec-tools_0.8.2-2.debian.tar.xz
 | 
 | It's the same as the NetBSD racoon in ~ 99 percent. The kernel part is
 | completely different, but the API should be the same.
 
 I just looked at the patches (the xz file). There doesn't seem to be anything
 interesting there. Except the EDNS stuff, which is done incorrectly (it should
 be using the new resolver routines).
 
 christos