I'm having problems with racoon on current, and am confused about how
we're dealing with the ipsec-tools code and its current state.  The
entry in src/doc/3RDPARTY seems out of date.  I'd like to see
src/crypto/dist/ipsec-tools/README.CVS or something similar to explain
the plan.

My problem: on -current (i386), racoon fails to start complaining that
it doesn't have any addresses.  If I add a listen-address directive, it
works fine.  I have never before needed a listen-address directive in
all my years of running racoon.  This is awkward on a machine that
changes addresses.

On netbsd-4, racoon works as it has.

I went to src/crypto/dist/ipsec-tools, and it seems that for live
branches relevant to this discussion there is (version #s from README to
show structure)

HEAD: 1.1
ipsec-tools-0_7-branch: 1.1.1.2.0.8
netbsd-4: 1.1.1.2.0.4

So, I'm unclear on what the head of ipsec-tools the project is,
separately from the part of ipsec-tools that's been merged to -current.

This diff:

  cvs diff -r netbsd-4 -r ipsec-tools-0_7-branch

looks like a lot of cleanups, and I'm inclined to try it on netbsd-4.

This diff:

  diff -r netbsd-4 -r HEAD

seems to mostly consist of PATH_IPSEC_H cleanups, plus some 0/NULL/!=
NULL cleanups, a few apparent bugfixes, and some pam changes.

Plus this in session.c:

 
                if (lcconf->rtsock >= 0 && FD_ISSET(lcconf->rtsock, &rfds)) {
                        if (update_myaddrs() && lcconf->autograbaddr)
-                               sched_new(5, check_rtsock, NULL);
-                       initfds();
+                               check_rtsock(NULL);
+                       else
+                               initfds();
                }
        }
 }


which seems like it could possibly be the cause of my problem.

So it seems that current has a few of the changes from the 0_7 branch,
but is still pretty far from 0_7.

Is there a ipsec-tools-head sort of branch, or is the 0_7 branch the
effective head of ipsec-tools work?