Hi Volker, > this is a patch to support nat traversal draft-ietf-ipsec-nat-t-ike-02 in > strongSwan 5. Comments or suggestions are welcome.
Thanks a lot for the patch. It looks quite nice. In order for us to apply it we'd require you to submit the non-trivial changes (e.g. those in the isakmp_vendor.c file) under the MIT X11 license (see [1] for details). If you are OK with that, please resubmit your updated patch. Then a point regarding the patch itself. It's a bit unfortunate that the ike_extension_t enum gets polluted with new values that are really only needed to respond with the proper vendor ID. An additional EXT_NATT_DRAFT_00_03 (to name it similar to the other enum values - even though it reverses the logic in some of your functions) should be enough, as you could keep track of the selected NAT-T vendor ID directly in the isakmp_vendor task (for responders build() will be called right after process() so you could simply store best_natt_ext on private_isakmp_vendor_t and then use that to send the proper NAT-T VID). Regards, Tobias [1] http://wiki.strongswan.org/projects/strongswan/wiki/Contributions _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
