FreeBSD NAT-T patch integration [CFR/CFT]

Sam Leffler sam at freebsd.org
Mon Jul 21 15:33:58 UTC 2008 

VANHULLEBUS Yvan wrote:
> On Mon, Jul 21, 2008 at 10:31:10AM +0200, VANHULLEBUS Yvan wrote:
>   
>> On Wed, Jul 16, 2008 at 09:10:18PM -0700, Sam Leffler wrote:
>> [...]
>>     
>>> Please test/review the following patch against HEAD:
>>>
>>> http://people.freebsd.org/~sam/nat_t-20080616.patch
>>>       
>> I have tested the RELENG7 version of the patch, and it works well.
>>
>>
>> But I noticed a misplaced #endif at the beginning of udp_ctloutput(),
>> which will generate problems if INET6 is not defined:
>>     
> [....]
>
>
> After some more testing, I found another issue: in udp4_espdecap(),
> when payload <= sizeof(uint64_t) + sizeof(struct esp), packet should
> not be discarded, but just returned for normal processing.
>   

Please edit the sam_nat_t branch in p4 or send a patch I can apply.

> And I also have doubts about a change in udp_ctloutput(), in the
> switch statement which process optval and searches for an
> UDP_ENCAP_ESPINUDP* flag.
>
> The way you changed it forces a flags cleanup anytime.
> I don't see why someone would set both UDP_ENCAP_ESPINUDP and
> UDP_ENCAP_ESPINUDP_NON_IKE, but as I was tracking down a problem, I
> changed it again to be processed "the old way" to ensure it was not
> the source of the issue.
>   

Sorry but I'm not clear on what you are saying.  The code changed the 
behaviour of setting udp encapsulation so that only one of 
UDP_ENCAP_ESPINUDP and UDP_ENCAP_ESPINUDP_NON_IKE can be set a time.  
The original code from you permitted both flags to be set but the code 
that handled the encap/decap assumed only one was set.

> Sam, did you have a good reason to change that part of the code, or
> was it mostly to have a more compliant coding style ?
>   

See above.

>
> Updated patches are available for HEAD, RELENG7 and RELENG63 (yeah :-)
> here:
> http://people.freebsd.org/~vanhu/NAT-T/
>
> Please all notice that there is still the word "test" in patches
> names.....
>   

Sorry again I don't understand what you write.

    Sam

>
>
> Yvan.
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
>
>

More information about the freebsd-net mailing list