Hi,
Thanks, Timo.

But isn't something wrong here ?

According to RFC 3948:
...
3.1.2.  Transport Mode Decapsulation NAT Procedure

When a transport mode has been used to transmit packets, contained
   TCP or UDP headers will have incorrect checksums due to the change of
   parts of the IP header during transit.  This procedure defines how to
   fix these checksums
...
incrementally recompute the
       TCP/UDP checksum:

       *  Subtract the IP source address in the received packet from the
          checksum.
       *  Add the real IP source address received via IKE to the
          checksum (obtained from the NAT-OA)
...

So where do we pass the NAT-OA, received from IKE messages,  to this
checksum recalculation process, which should be done in the kernel
(layer 4 TCP/UDP I suppose) ?

Should'nt this process be done in the kernel ?

Isn't there something missing here ?

Rgs,
DS

2010/11/29 Timo Teräs <timo.teras@iki.fi>:
quoted text
> On 01/-10/-28163 09:59 PM, David Shwatrz wrote:
>> Hi,
>>  The patch removes unused member in xfrm_encap_tmpl.
>>
>> Regards,
>> David Shwartz
>>
>>
>> Signed-off-by: David Shwartz <dshwatrz@gmail.com>
>>
>>
>> diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
>> index b971e38..7312707 100644
>> --- a/include/linux/xfrm.h
>> +++ b/include/linux/xfrm.h
>> @@ -235,7 +235,6 @@ struct xfrm_encap_tmpl {
>>       __u16           encap_type;
>>       __be16          encap_sport;
>>       __be16          encap_dport;
>> -     xfrm_address_t  encap_oa;
>>  };
>>
>>  /* AEVENT flags  */
>
> struct xfrm_encap_tmpl is exposed to userland via netlink. This would
> break ABI.
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html