From: Ken Bantoft (ken_at_freeswan.ca)
Date: Thu Dec 26 2002 - 03:41:00 CET
-----BEGIN PGP SIGNED MESSAGE-----
Note to self: Full read every line of code before patching it into the
tree. I made the mistake of trusting patch/diff too much this time.
Thanks for debugging this Stephen, it certianly makes my life simpler.
I've fixed it in CVS, and cut a kb4 release for testing.
I'm going to try and give it some testing tonight/tomorrow, but if anyone
else has time/interest, feel free. I changed the orders in
klips/net/ipsec/pfkey_v2_parser.c:ext_processors and
lib/pfkey_v2_parse.c:ext_default_parsers, so it always comes after the
NAT-T definitions.
On Wed, 25 Dec 2002, Stephen J. Bevan wrote:
> Ken Bantoft writes:
> > So yes, Stephen, you're somewhat off the hook, since Andreas has merged
> > your code into 0.9.17. Unfortunatly, there's now a conflict between the
> > X.509 patch and NAT-T 0.4 patches, specifically in the pfkey area. Ugly.
>
> Looking at _kb3 I think the problem is in the manual patching you had
> to do in order to merge X.509 0.9.17 and NAT 0.4. The order of the
> arrays klips/net/ipsec/pfkey_v2_parser.c:ext_processors and
> lib/pfkey_v2_parse.c:ext_default_parsers must match the order of the
> SADB_X definitions in lib/pfkeyv2.h. They are out of whack in _kb3.
> In the SuperFreeS/WAN patch I created (<http://www.prevoy.com/resources.html>)
> I put the selector stuff consistently after the NAT-T stuff since
> that was the easiest change to make. When Andreas merged the
> selectors into X.509 there is no NAT-T stuff so he just put it at the
> end. When the NAT-T stuff is added then it either needs to go
> consistently before or consistently after the selectors. In _kb3
> SADB_X_EXT_PROTOCOL comes after the NAT-T stuff in lib/pfkeyv2.h but
> in the arrays the protocol function is listed before the NAT-T functions.
> This means that if you try and call the selector stuff you end up
> calling a NAT-T function and vice versa, hence the EINVAL errors.
- --
Ken Bantoft The Unoffical FreeS/WAN Site:
ken_at_freeswan.ca http://www.freeswan.ca
PGP Key: finger ken_at_bantoft.org
"We can factor the number 15 with quantum computers. We
can also factor the number 15 with a dog trained to bark
three times." -- Robert Harley, 5/12/01, Sci.crypt
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBPgpsPliWUusaxGxpAQF0JQP+OBLQRivV/UTmTSqSh0pCoSXONdOrD+V+
w1C+b2+MKJTuWF2cd231rClq8JQFEduVTwYcHvD2vQWvVOyZKWPC7X/nbmy22bQy
0EYf8R7kG5LU77AZ/OyhNMms6CwpmxHpfumF3lVHSCJG9p3TUdQfSwRA96MZPz0E
Q0ip2II7qC0=
=vu2p
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Fri Dec 27 2002 - 05:21:17 CET