[Openswan dev] [PATCH] Forget about NAT-T in DPD activity check

Wed Sep 28 11:44:19 CEST 2005

Hi Michael:

I noticed that the DPD activity check became conditional on NAT-T.
This is unnecessary because NAT-T already has its own keep-alive
packets which are sent every 20 seconds.  In fact, if anything we
should modify NAT-T's keep-alive to take into account traffic
travelling in the same direction as the keep-alive before sending
it.

So here is a patch to remove the NAT-T check from DPD's activity check.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-------------- next part --------------
Index: programs/pluto/dpd.c
===================================================================
RCS file: /public/cvs/openswan-2/programs/pluto/dpd.c,v
retrieving revision 1.32
diff -u -r1.32 dpd.c

--- programs/pluto/dpd.c	26 Aug 2005 13:41:16 -0000	1.32
+++ programs/pluto/dpd.c	28 Sep 2005 00:39:00 -0000
@@ -114,11 +114,6 @@
  * Note that the EVENT_DPD are attached to phase 2s (typically), while the
  * EVENT_DPD_TIMEOUT are attached to phase 1s only.
  *
- * Finally, if the connection is using NAT-T, then we ignore the phase 2
- * activity check, because in the case of a unidirectional stream (VoIP for
- * a conference call, for instance), we may not send enough traffic to keep
- * the NAT port mapping valid.
- *
  */ 
 
 stf_status
@@ -259,8 +254,8 @@
      * check the phase 2, if we are supposed to,
      * and return if it is active recently 
      */
-    if(eroute_care && !st->hidden_variables.st_nat_traversal) {
-      
+    if (eroute_care)
+    {
 	eroute_idle = was_eroute_idle(st, delay);
 	if(!eroute_idle) {
 	    DBG(DBG_DPD, DBG_log("dpd out event not sent, phase 2 active"));
