Thanks for the reply! I think we're getting closer to an answer here,
but I'm still quite lost on one key aspect.
On 10/4/19 7:15 AM, Miika Komu wrote:
In the legacy HIP NAT traversal (RFC5770), we have third protocol
(STUN) on the same port and it does not follow RFC7401 conventions
because it was not designed with IPsec in mind. As a result,*all*
packets need to be diverted to an userland daemon in order to separate
the STUN packets from HIP/ESP.
I can't figure out why this diversion is necessary. What prevents
characterization of packets in kernel space?
/a
_______________________________________________
Hipsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/hipsec
