Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports

[christos%zoulas.com@localhost (Christos Zoulas)]

The following reply was made to PR bin/47894; it has been noted by GNATS.

From: christos%zoulas.com@localhost (Christos Zoulas)
To: gnats-bugs%NetBSD.org@localhost, gnats-admin%netbsd.org@localhost, 
netbsd-bugs%netbsd.org@localhost
Cc: 
Subject: Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports
Date: Wed, 5 Jun 2013 09:29:55 -0400

 On Jun 5, 12:35pm, gergely%egervary.hu@localhost 
(gergely%egervary.hu@localhost) wrote:
 -- Subject: bin/47894: racoon w/NAT-T - pfkey update: wrong ports
 
 
 Good debugging. Please see:
 
 
 PR/47886: Dr. Wolfgang Stukenbrock: IPSEC_NAT_T enabled kernels may access
 outdated pointers and pass ESP data to UPD-sockets.
 While here, simplify the code and remove the IPSEC_NAT_T option; always
 compile nat-traversal in so that it does not bitrot.
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r1.218 -r1.219 src/sys/netinet/ip_output.c
 cvs rdiff -u -r1.187 -r1.188 src/sys/netinet/udp_usrreq.c
 cvs rdiff -u -r1.10 -r1.11 src/sys/netipsec/files.netipsec
 cvs rdiff -u -r1.57 -r1.58 src/sys/netipsec/ipsec.c
 cvs rdiff -u -r1.31 -r1.32 src/sys/netipsec/ipsec.h
 cvs rdiff -u -r1.29 -r1.30 src/sys/netipsec/ipsec_input.c \
     src/sys/netipsec/xform_ipcomp.c
 cvs rdiff -u -r1.38 -r1.39 src/sys/netipsec/ipsec_output.c \
     src/sys/netipsec/xform_ah.c
 cvs rdiff -u -r1.79 -r1.80 src/sys/netipsec/key.c
 cvs rdiff -u -r1.11 -r1.12 src/sys/netipsec/key.h
 cvs rdiff -u -r1.12 -r1.13 src/sys/netipsec/keydb.h
 cvs rdiff -u -r1.41 -r1.42 src/sys/netipsec/xform_esp.c
 
 And the following commit.
 
 christos