[Openswan dev] [PATCH] Fix NAT-T support for Linux 2.6
Herbert Xu
herbert at gondor.apana.org.au
Mon Mar 15 22:04:55 CET 2004
Hi:
This patch is a merge of my NAT-T patch against SuperFreeSWAN onto
OpenSWAN. It should make NAT-T under Linux 2.6 work again.
It's against 2.1.0rc1.
Cheers,
--
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-------------- next part --------------
Index: programs/pluto/kernel.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/openswan/programs/pluto/kernel.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- programs/pluto/kernel.c 9 Feb 2004 22:00:53 -0000 1.1.1.1
+++ programs/pluto/kernel.c 15 Mar 2004 11:01:57 -0000 1.2
@@ -2850,7 +2850,7 @@
sa.natt_dport = natt_dport;
sa.transid = st->st_esp.attrs.transid;
- return kernel_ops->update_esp_sa(&sa);
+ return kernel_ops->add_sa(&sa, TRUE);
}
#endif
Index: programs/pluto/kernel.h
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/openswan/programs/pluto/kernel.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- programs/pluto/kernel.h 10 Dec 2003 01:58:06 -0000 1.1.1.1
+++ programs/pluto/kernel.h 15 Mar 2004 11:01:57 -0000 1.2
@@ -80,6 +80,9 @@
} type;
bool inbound_eroute;
bool policy_lifetime;
+#ifdef NAT_TRAVERSAL
+ bool espinudp_with_non_ike;
+#endif
int *async_fdp;
void (*init)(void);
@@ -103,7 +106,6 @@
bool (*grp_sa)(const struct kernel_sa *sa_outer,
const struct kernel_sa *sa_inner);
bool (*del_sa)(const struct kernel_sa *sa);
- bool (*update_esp_sa)(const struct kernel_sa *sa);
ipsec_spi_t (*get_spi)(const ip_address *src,
const ip_address *dst,
int proto,
Index: programs/pluto/kernel_netlink.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/openswan/programs/pluto/kernel_netlink.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- programs/pluto/kernel_netlink.c 17 Feb 2004 00:42:04 -0000 1.1.1.1
+++ programs/pluto/kernel_netlink.c 15 Mar 2004 11:01:57 -0000 1.2
@@ -1011,6 +1011,9 @@
type: KERNEL_TYPE_LINUX,
inbound_eroute: 1,
policy_lifetime: 1,
+#ifdef NAT_TRAVERSAL
+ espinudp_with_non_ike: 0,
+#endif
async_fdp: &netlink_bcast_fd,
init: init_netlink,
@@ -1023,6 +1026,5 @@
process_queue: NULL,
grp_sa: NULL,
get_spi: netlink_get_spi,
- update_esp_sa: NULL,
};
#endif /* linux && KLIPS */
Index: programs/pluto/kernel_noklips.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/openswan/programs/pluto/kernel_noklips.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- programs/pluto/kernel_noklips.c 10 Dec 2003 05:20:11 -0000 1.1.1.1
+++ programs/pluto/kernel_noklips.c 15 Mar 2004 11:01:57 -0000 1.2
@@ -111,6 +111,9 @@
const struct kernel_ops noklips_kernel_ops = {
type: KERNEL_TYPE_NONE,
+#ifdef NAT_TRAVERSAL
+ espinudp_with_non_ike: 0,
+#endif
async_fdp: NULL,
init: init_noklips,
@@ -125,5 +128,4 @@
get_spi: NULL,
inbound_eroute: FALSE,
policy_lifetime: FALSE,
- update_esp_sa: NULL,
};
Index: programs/pluto/kernel_pfkey.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/openswan/programs/pluto/kernel_pfkey.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- programs/pluto/kernel_pfkey.c 22 Dec 2003 21:36:05 -0000 1.1.1.1
+++ programs/pluto/kernel_pfkey.c 15 Mar 2004 11:01:57 -0000 1.2
@@ -901,43 +901,6 @@
&& finish_pfkey_msg(extensions, "Delete SA", sa->text_said, NULL);
}
-#ifdef NAT_TRAVERSAL
-static bool
-pfkey_update_esp_sa(const struct kernel_sa *sa)
-{
- struct sadb_ext *extensions[SADB_EXT_MAX + 1];
- return (!(pfkey_msg_start(SADB_UPDATE, SADB_SATYPE_ESP
- , "pfkey_msg_hdr Update ESP SA", sa->text_said, extensions)
-
- && pfkey_build(pfkey_sa_build(&extensions[SADB_EXT_SA]
- , SADB_EXT_SA
- , sa->spi /* in network order */
- , 0, SADB_SASTATE_MATURE, sa->authalg /* dummy, not used */,
- sa->transid /* dummy, not used */, 0)
- , "pfkey_sa Update ESP SA", sa->text_said, extensions)
-
- && pfkeyext_address(SADB_EXT_ADDRESS_SRC, sa->src
- , "pfkey_addr_s Update ESP SA", sa->text_said, extensions)
-
- && pfkeyext_address(SADB_EXT_ADDRESS_DST, sa->dst
- , "pfkey_addr_d Update ESP SA", sa->text_said, extensions)
-
- && pfkey_build(pfkey_x_nat_t_port_build(
- &extensions[SADB_X_EXT_NAT_T_SPORT], SADB_X_EXT_NAT_T_SPORT,
- sa->natt_sport), "pfkey_nat_t_sport Update ESP SA", sa->text_said,
- extensions)
-
- && pfkey_build(pfkey_x_nat_t_port_build(
- &extensions[SADB_X_EXT_NAT_T_DPORT], SADB_X_EXT_NAT_T_DPORT,
- sa->natt_dport), "pfkey_nat_t_dport Update ESP SA", sa->text_said,
- extensions)
-
- && finish_pfkey_msg(extensions, "Update ESP SA", sa->text_said, NULL)));
-
-}
-
-#endif
-
void
pfkey_close(void)
{
@@ -955,6 +918,9 @@
const struct kernel_ops klips_kernel_ops = {
type: KERNEL_TYPE_KLIPS,
+#ifdef NAT_TRAVERSAL
+ espinudp_with_non_ike: 1,
+#endif
async_fdp: &pfkeyfd,
pfkey_register: klips_pfkey_register,
@@ -965,11 +931,6 @@
add_sa: pfkey_add_sa,
grp_sa: pfkey_grp_sa,
del_sa: pfkey_del_sa,
-#ifdef NAT_TRAVERSAL
- update_esp_sa: pfkey_update_esp_sa,
-#else
- update_esp_sa: NULL,
-#endif
get_spi: NULL,
inbound_eroute: FALSE,
policy_lifetime: FALSE,
Index: programs/pluto/nat_traversal.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/openswan/programs/pluto/nat_traversal.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- programs/pluto/nat_traversal.c 19 Jan 2004 02:01:08 -0000 1.1.1.1
+++ programs/pluto/nat_traversal.c 15 Mar 2004 11:01:57 -0000 1.2
@@ -176,7 +176,9 @@
if (r) r = out_vendorid(np, outs, VID_NATT_IETF_03);
if (r) r = out_vendorid(np, outs, VID_NATT_IETF_02);
}
- if (r) r = out_vendorid(np, outs, VID_NATT_IETF_00);
+ if (kernel_ops->espinudp_with_non_ike) {
+ if (r) r = out_vendorid(np, outs, VID_NATT_IETF_00);
+ }
return r;
}
Index: programs/pluto/server.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/openswan/programs/pluto/server.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- programs/pluto/server.c 30 Dec 2003 06:53:54 -0000 1.1.1.1
+++ programs/pluto/server.c 15 Mar 2004 11:01:57 -0000 1.2
@@ -668,7 +668,9 @@
}
#ifdef NAT_TRAVERSAL
- if (nat_traversal_enabled) {
+ if (nat_traversal_enabled
+ && kernel_ops->espinudp_with_non_ike)
+ {
nat_traversal_espinudp_socket(fd, ESPINUDP_WITH_NON_IKE);
}
#endif
Index: programs/pluto/vendor.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/openswan/programs/pluto/vendor.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- programs/pluto/vendor.c 8 Jan 2004 22:19:56 -0000 1.1.1.1
+++ programs/pluto/vendor.c 15 Mar 2004 11:01:57 -0000 1.2
@@ -38,6 +38,7 @@
#include "whack.h"
#include "vendor.h"
#include "quirks.h"
+#include "kernel.h"
#ifdef NAT_TRAVERSAL
#include "nat_traversal.h"
@@ -300,6 +301,8 @@
* Note: most recent == higher id in vendor.h
*/
case VID_NATT_IETF_00:
+ if (!kernel_ops->espinudp_with_non_ike)
+ break;
vid_usefull = 1;
if ((nat_traversal_enabled) && (!md->quirks.nat_traversal_vid)) {
md->quirks.nat_traversal_vid = vid->id;
More information about the Dev
mailing list