Subject: Re: packet handling for IPsec NAT-T
To: Jason Thorpe <thorpej@shagadelic.org>
From: Emmanuel Dreyfus <manu@netbsd.org>
List: tech-kern
Date: 09/25/2004 09:53:24
Jason Thorpe <thorpej@shagadelic.org> wrote:

> Err, not just "might".  From my vague recollection from IPSEC WG 
> meetings a few years go, this would be a socket that normally carries
> IKE traffic for the IKE daemon, right?

It does. My kernel code is already able to pass the non ESP traffic to
the IKE daemon. That part works enough to complete phase 1 and 2.
Trouble start when I get ESP over UDP packets.

-- 
Emmanuel Dreyfus
Il y a 10 sortes de personnes dans le monde: ceux qui comprennent 
le binaire et ceux qui ne le comprennent pas.
manu@netbsd.org