NAT Traversal Patches ...
Matthew Grooms
All,
I understand that FreeBSD is a volunteer project, but does anyone
have any information regarding the status of the IPsec NAT Traversal
patches and their inclusion with FeeBSD? I have seen them floating
around this list for a few years now. At one point, there was an
objection that concerned a possible legal issue related to patents. This
can't be too much of a road block as Linux, OpenBSD and NetBSD all
include support for NATT in official stable kernel sources. Fedora Core
6 even has the feature enabled by default in the generic kernel. Another
objection I have seen was related to the patch only offering support for
the KAME stack. But the most recent patch set also offers support for
the Fast IPsec stack as well.
Is the patch lacking sponsorship by a FreeBSD developer sponsor
since the author does not have commit access? Maybe a developer looking
at the patch is just short on time at the moment? If so, is there
another developer that could maybe help out? Is there a technical reason
why the patches have not been committed? If so, I don't think the
author is aware so a little communication is required?
Lastly, is there anything the community can do to help out? Maybe
donating to a FreeBSD Foundation project that sponsors IPsec related
work?
Thanks,
-Matthew
Alfred Perlstein
discussion. It may just be a matter of integration manpower...
> _______________________________________________
> freeb...@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net...@freebsd.org"
--
- Alfred Perlstein
Matthew Grooms
> Matthew, can you provide links to the patches and surrounding
> discussion. It may just be a matter of integration manpower...
>
Here is a link to the 6.x patch set. I'm not sure where the most recent
patches are for head. Yvan will probably be willing to point us in the
right direction.
http://ipsec-tools.sf.net/freebsd6-natt.diff
As for the surrounding discussion, I haven't seen anything recently
about why the changes haven't been integrated. I was hoping my post
would seed a new discussion regarding this.
Here is a link to a few older threads regarding patents and fast-ipsec
support.
http://lists.freebsd.org/mailman/htdig/freebsd-net/2005-August/007986.html
http://lists.freebsd.org/mailman/htdig/freebsd-net/2006-March/010164.html
VANHULLEBUS Yvan
On Sat, May 12, 2007 at 01:14:08AM -0500, Matthew Grooms wrote:
> Alfred Perlstein wrote:
> >Matthew, can you provide links to the patches and surrounding
> >discussion. It may just be a matter of integration manpower...
> >
>
> Here is a link to the 6.x patch set. I'm not sure where the most recent
> patches are for head. Yvan will probably be willing to point us in the
> right direction.
>
> http://ipsec-tools.sf.net/freebsd6-natt.diff
As the file name says, this patch is up to date for FreeBSD6, but does
not apply directly for FreeBSD's HEAD (well, it may apply but it won't
compile).
I just put the up to date patch for HEAD here:
http://vanhu.free.fr/patch-natt-freebsd-HEAD-new.diff
(thanks to Emmanuel Dreyfus from NetBSD project and Larry Baird from
GTA, this patch is a team effort !)
but I couldn't re-test it recently (I'll restart a FreeBSD 7 station
this evening).
> As for the surrounding discussion, I haven't seen anything recently
> about why the changes haven't been integrated. I was hoping my post
> would seed a new discussion regarding this.
I exchanged private mails with Sam Leffler and George V. Neville-Neil
some months ago.
George told me he was interested in the patch and would have a look at
it, but he also told me that he had some other stuff, and looks like
we also had some lost mails (I know that at least two of my mails were
sent back by some mailer daemons on the way).
George, I guess you're reading the thread, if you didn't get my mail
with the latest version of the patch... well, you also have the URL,
now !
Yvan.
--
NETASQ
http://www.netasq.com