Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 30 Oct 1998 07:32:18 -0800 (PST)
From:      "Eric J. Schwertfeger" <ejs@bfd.com>
To:        Matthew Reimer <mreimer@vpop.net>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: SKIP and NAT on tun0?
Message-ID:  <Pine.BSF.4.05.9810300729050.23308-100000@harlie.bfd.com>
In-Reply-To: <36393409.CF5E0DAE@vpop.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 29 Oct 1998, Matthew Reimer wrote:

> Has anyone been able to make SKIP and NAT work on the same interface?

No, and after a good bit of digging, I know exactly why, too.  Basically,
SKIP uses a flag in the MBUF for the packet to signal that it has seen a
given packet.  NATD, being user space, doesn't get to see the MBUF, so
when it reinjects the packet, the MBUF doesn't have the flag set, so SKIP
sees the packet as being unencrypted coming from a host that should only
be talking encryption, so it discards the packet.

Both of the patents that cover SKIP 1.0 are expired, so if someone with
more time wants to implement their own version, feel free.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9810300729050.23308-100000>