We know that we have an issue with the actual way of dealing with
NAT-T ports through PFKey.
Some patches have already been commited for various parts of the code,
but most of the work still needs to be done.
As some people (including me !!) wants it to be cleaned up before
NAT-T patchset is included in FreeBSD's repository, and as I want this
commit to happen soon, I started to do the massive cleanup.
Here is a first patch for public review, which should help things
working better on Linux systems (as I understood it, Linux's PFKey
implementation is RFC compliant for NAT-T ports).
It shouldn't change anything for FreeBSD/NetBSD, as it just takes
SADB_X_EXT_NAT_T_SPORT informations if present.
Patch is for HEAD, but at least applies / compiles on 0.7.x.
Please note that the work is NOT complete: there are still (at least)
some userland->kernel PFKey messages which have not been fixed, and
that part of the job will be more complex as we'll have to known how
to send ports to the kernel (and we'll have to support both ways of
If someone wants to also works on that stuff, please tell it to me
first, so we won't do the same job twice and we'll agree first on the
way it should be done !
This patch will probably NOT be commited as is, I'd like to commit the
whole stuff at the same time unless there's good reasons to commit
just that part.