[Openswan dev] [PATCH] Add NON-IKE support for 26sec

Tue Jun 1 22:18:08 CEST 2004

Hi:

Suse recently added NON-IKE support to 26sec.  So I've removed the
espinudp flag hack that I used originally.  The following patch makes
openswan detect NON-IKE support at run-time.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email:  Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-------------- next part --------------
Index: programs/pluto/kernel.h
===================================================================
RCS file: /public/cvs/openswan-2/programs/pluto/kernel.h,v
retrieving revision 1.41
diff -u -r1.41 kernel.h

--- a/programs/pluto/kernel.h	21 Mar 2004 23:22:14 -0000	1.41
+++ b/programs/pluto/kernel.h	1 Jun 2004 11:18:27 -0000
@@ -80,9 +80,6 @@
 	} type;
 	bool inbound_eroute;
 	bool policy_lifetime;
-#ifdef NAT_TRAVERSAL
-	bool espinudp_with_non_ike;
-#endif
 	int *async_fdp;
 
 	void (*init)(void);
Index: programs/pluto/kernel_netlink.c
===================================================================
RCS file: /public/cvs/openswan-2/programs/pluto/kernel_netlink.c,v
retrieving revision 1.18
diff -u -r1.18 kernel_netlink.c
--- a/programs/pluto/kernel_netlink.c	14 May 2004 22:25:10 -0000	1.18
+++ b/programs/pluto/kernel_netlink.c	1 Jun 2004 11:18:30 -0000
@@ -1079,9 +1079,6 @@
 	type: KERNEL_TYPE_LINUX,
 	inbound_eroute: 1,
 	policy_lifetime: 1,
-#ifdef NAT_TRAVERSAL
-	espinudp_with_non_ike: 0,
-#endif
 	async_fdp: &netlink_bcast_fd,
 
 	init: init_netlink,
Index: programs/pluto/kernel_noklips.c
===================================================================
RCS file: /public/cvs/openswan-2/programs/pluto/kernel_noklips.c,v
retrieving revision 1.7
diff -u -r1.7 kernel_noklips.c
--- a/programs/pluto/kernel_noklips.c	15 Mar 2004 16:05:57 -0000	1.7
+++ b/programs/pluto/kernel_noklips.c	1 Jun 2004 11:18:30 -0000
@@ -111,9 +111,6 @@
 
 const struct kernel_ops noklips_kernel_ops = {
 	type: KERNEL_TYPE_NONE,
-#ifdef NAT_TRAVERSAL
-	espinudp_with_non_ike: 0,
-#endif
 	async_fdp: NULL,
 
 	init: init_noklips,
Index: programs/pluto/kernel_pfkey.c
===================================================================
RCS file: /public/cvs/openswan-2/programs/pluto/kernel_pfkey.c,v
retrieving revision 1.13
diff -u -r1.13 kernel_pfkey.c
--- a/programs/pluto/kernel_pfkey.c	29 Apr 2004 03:59:32 -0000	1.13
+++ b/programs/pluto/kernel_pfkey.c	1 Jun 2004 11:18:32 -0000
@@ -933,9 +933,6 @@
 
 const struct kernel_ops klips_kernel_ops = {
 	type: KERNEL_TYPE_KLIPS,
-#ifdef NAT_TRAVERSAL
-	espinudp_with_non_ike: 1,
-#endif
 	async_fdp: &pfkeyfd,
 
 	pfkey_register: klips_pfkey_register,
Index: programs/pluto/nat_traversal.c
===================================================================
RCS file: /public/cvs/openswan-2/programs/pluto/nat_traversal.c,v
retrieving revision 1.8
diff -u -r1.8 nat_traversal.c
--- a/programs/pluto/nat_traversal.c	29 Apr 2004 03:59:32 -0000	1.8
+++ b/programs/pluto/nat_traversal.c	1 Jun 2004 11:18:35 -0000
@@ -78,6 +78,7 @@
 #define DEFAULT_KEEP_ALIVE_PERIOD  20
 
 bool nat_traversal_enabled = FALSE;
+bool nat_traversal_support_non_ike = FALSE;
 bool nat_traversal_support_port_floating = FALSE;
 
 static unsigned int _kap = 0;
@@ -90,6 +91,7 @@
 	bool fka, bool spf)
 {
 	nat_traversal_enabled = activate;
+	nat_traversal_support_non_ike = activate;
 #ifdef NAT_T_SUPPORT_LAST_DRAFTS
 	nat_traversal_support_port_floating = activate ? spf : FALSE;
 #endif
@@ -101,10 +103,16 @@
 		activate & !spf ? " [Port Floating disabled]" : "");
 }
 
-static void disable_nat_traversal (void)
+static void disable_nat_traversal(int type)
 {
-	nat_traversal_enabled = FALSE; 
-	nat_traversal_support_port_floating = FALSE;
+	if (type == ESPINUDP_WITH_NON_IKE)
+		nat_traversal_support_non_ike = FALSE;
+	else
+		nat_traversal_support_port_floating = FALSE;
+
+	if (!nat_traversal_support_non_ike &&
+	    !nat_traversal_support_port_floating)
+		nat_traversal_enabled = FALSE; 
 }
 
 static void _natd_hash(const struct hash_desc *hasher, char *hash,
@@ -174,7 +182,7 @@
 		if (r) r = out_vendorid(np, outs, VID_NATT_IETF_03);
 		if (r) r = out_vendorid(np, outs, VID_NATT_IETF_02);
 	}
-	if (kernel_ops->espinudp_with_non_ike) {
+	if (nat_traversal_support_non_ike) {
 		if (r) r = out_vendorid(np, outs, VID_NATT_IETF_00);
 	}
 	return r;
@@ -529,7 +537,7 @@
 		loglog(RC_LOG_SERIOUS,
 			"NAT-Traversal: ESPINUDP(%d) not supported by kernel -- "
 			"NAT-T disabled", type);
-		disable_nat_traversal();
+		disable_nat_traversal(type);
 	}
 	return r;
 }
Index: programs/pluto/nat_traversal.h
===================================================================
RCS file: /public/cvs/openswan-2/programs/pluto/nat_traversal.h,v
retrieving revision 1.1
diff -u -r1.1 nat_traversal.h
--- a/programs/pluto/nat_traversal.h	10 Dec 2003 01:58:06 -0000	1.1
+++ b/programs/pluto/nat_traversal.h	1 Jun 2004 11:18:35 -0000
@@ -73,6 +73,7 @@
 	bool fka, bool spf);
 
 extern bool nat_traversal_enabled;
+extern bool nat_traversal_support_non_ike;
 extern bool nat_traversal_support_port_floating;
 
 /**
Index: programs/pluto/server.c
===================================================================
RCS file: /public/cvs/openswan-2/programs/pluto/server.c,v
retrieving revision 1.95
diff -u -r1.95 server.c
--- a/programs/pluto/server.c	29 Apr 2004 03:59:32 -0000	1.95
+++ b/programs/pluto/server.c	1 Jun 2004 11:18:38 -0000
@@ -668,8 +668,7 @@
 		    }
 
 #ifdef NAT_TRAVERSAL
-		    if (nat_traversal_enabled
-		    && kernel_ops->espinudp_with_non_ike)
+		    if (nat_traversal_enabled)
 		    {
 			nat_traversal_espinudp_socket(fd, ESPINUDP_WITH_NON_IKE);
 		    }
Index: programs/pluto/vendor.c
===================================================================
RCS file: /public/cvs/openswan-2/programs/pluto/vendor.c,v
retrieving revision 1.14
diff -u -r1.14 vendor.c
--- a/programs/pluto/vendor.c	10 May 2004 20:21:54 -0000	1.14
+++ b/programs/pluto/vendor.c	1 Jun 2004 11:18:39 -0000
@@ -323,7 +323,7 @@
 		 * Note: most recent == higher id in vendor.h
 		 */
 		case VID_NATT_IETF_00:
-			if (!kernel_ops->espinudp_with_non_ike)
+			if (!nat_traversal_support_non_ike)
 			    break;
 			vid_usefull = 1;
 			if ((nat_traversal_enabled) && (!md->quirks.nat_traversal_vid)) {
