[Openswan dev] NAT-T draft-00/01 broken in Openswan-1

Tue May 4 15:37:31 CEST 2004

NAT-T support for draft-00/01 (no port floating) is broken in
Openswan-1 (I have not checked Openswan-2).

nat_traversal_espinudp_socket(fd, ESPINUDP_WITH_NON_IKE) call was
never launched due to an incomplete if statement.

Index: server.c
===================================================================
RCS file: /datas/cvs/arkoon_v3/kernel/openswan/pluto/server.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4

--- server.c    22 Mar 2004 13:58:05 -0000      1.3
+++ server.c    4 May 2004 12:24:27 -0000       1.4
@@ -618,6 +618,7 @@
                    /* matches nothing -- create a new entry */
                    int fd = create_socket(ifp, v->name, pluto_port);
                    if (fd < 0)
+                       break;
 
 #ifdef NAT_TRAVERSAL
                    if (nat_traversal_enabled) {


-- 
Mathieu Lafon - Arkoon Network Security
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nat_t_00_01_broken.diff
Type: application/octet-stream
Size: 520 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20040504/e631d5b5/nat_t_00_01_broken.obj
