Subject: Re: IPsec vs. OSX
To: Charles M. Hannum <abuse@spamalicious.com>
From: Matthias Drochner <M.Drochner@fz-juelich.de>
List: tech-net
Date: 10/22/2002 14:35:44
abuse@spamalicious.com said:
> 2) There is a serious problem -- I'm not sure whether it's with the
>    stack or racoon(8) -- that sometimes tunnel SAD entries will get
>    entered as transport entries if there is a similar SPD entry

I found a problem a while ago which might be related.
The SPD lookup by the kernel and racoon does not always lead to the
same entry. (I'm asking myself why this code duplication is done
at all instead of passing the SPI up to userland...)
See PR kern/17459.

best regards
Matthias