On Mon, Jul 21, 2008 at 10:31:10AM +0200, VANHULLEBUS Yvan wrote:
> On Wed, Jul 16, 2008 at 09:10:18PM -0700, Sam Leffler wrote:
> [...]
> > Please test/review the following patch against HEAD:
> >
> > http://people.freebsd.org/~sam/nat_t-20080616.patch
>
> I have tested the RELENG7 version of the patch, and it works well.
>
>
> But I noticed a misplaced #endif at the beginning of udp_ctloutput(),
> which will generate problems if INET6 is not defined:
[....]
After some more testing, I found another issue: in udp4_espdecap(),
when payload <= sizeof(uint64_t) + sizeof(struct esp), packet should
not be discarded, but just returned for normal processing.
And I also have doubts about a change in udp_ctloutput(), in the
switch statement which process optval and searches for an
UDP_ENCAP_ESPINUDP* flag.
The way you changed it forces a flags cleanup anytime.
I don't see why someone would set both UDP_ENCAP_ESPINUDP and
UDP_ENCAP_ESPINUDP_NON_IKE, but as I was tracking down a problem, I
changed it again to be processed "the old way" to ensure it was not
the source of the issue.
Sam, did you have a good reason to change that part of the code, or
was it mostly to have a more compliant coding style ?
Updated patches are available for HEAD, RELENG7 and RELENG63 (yeah :-)
here:
http://people.freebsd.org/~vanhu/NAT-T/
Please all notice that there is still the word "test" in patches
names.....
Yvan.