> I noticed this too. But the only situation that I could think of where a
> valid ISAKMP packet will be smaller than this is a NAT-T keep-alive.
> These are handled previously in the code path so I don't think there is
> an issue from a functional standpoint.
That's what I also supposed when I noticed that, but I was tracking
down a negotiation problem (as an initiator, responder's first
exchange in Main mode was seen on tcpdump but not on racoon's log),
and it has been solved by fixing that part of the code....
Sounds reasonable.
> On a related note, I noticed the patch unconditionally uses a source
> port of 500 when processing outbound Draft 00/01 packets. Should this
> value be obtained from the SAD NAT-T mapping to support an IKE daemon
> bound to a non standard port?
It should really really not happen..... but yes, it would be cleaner
to get it from SAD than setting 500 anytime.
Well, its really really supported by all the IKE daemons I have seen in
the ports collection. Someone is bound to try this and then spend a lot
of time scratching their head. If this situation can be easily avoided,
it should be.
-Matthew
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
