Hi

Still having problems with NAT-T...

The kernel receives an ESP over UDP packet. It should strip the UDP header 
and reinject the packet for normal ESP handling.

Here is my code to do that. m is the mbuf containing the data, skip is the
UDP header length, and off is the offset of the UDP payload (that is, the
ESP header), len is the length of the UDP payload.

        if (m->m_len < m->m_pkthdr.len) {
                if ((m = m_pullup(m, m->m_pkthdr.len)) == NULL) {
                        printf("m_pullup failed\n");
                        return 0;
                }
        }

        memmove(mtod(m, caddr_t) + off - skip, mtod(m, caddr_t) + off, len);
        m->m_len -= skip; 
        m->m_pkthdr.len -= skip;

        ip = mtod(m, struct ip *);
        ip->ip_len = htons(ntohs(ip->ip_len) - skip);
        ip->ip_p = IPPROTO_ESP;
        
        esp4_input(m, off - skip);

The packet is accepted and decrypted by esp4_input. As it is a tunnel, 
the decrypted packet is reinjected using IF_ENQUEUE.

But:
- I never see that packet getting out
- after a while, the kernel crashes because of a page fault in fxp_add_rfabuf

Any idea? Is there something obviously wrong in my code?
-- 
Emmanuel Dreyfus
manu@netbsd.org