Herbert Xu wrote:
quoted text
> On Thu, Jan 22, 2009 at 08:39:35AM +0200, Timo Teräs wrote:
>> There hasn't been new release for ipsec-tools for a while.
>> It's been in ipsec-tools CVS since 2007-12-12. And I know many
>> who are using the CVS code in production.
> 
> If they've had it since 2007 and only just realised that it
> doesn't work then it sounds like it doesn't really matter anyway.

That ipsec-tools feature works on *BSD. Works on Linux too
as kernel does not (yet) use that for anything except reporting
it back. Other OSes might use it already to e.g. fix-up the
packet checksums in transport mode SAs; I believe Linux just
recalculates the checksum.

The future patch I have in my mind I've been talking about,
does make use of NAT-OA. So that's why I noticed it only
just now. Btw, could someone comment on the idea of passing
NAT-OA to neighbour cache and make xfrm use it when choosing
which xfrm state to use?

- Timo

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html