[Openswan Users] support for at&t network dialer

[Jochen Eisinger]

Hi,

there exists an at&t network dialer that can utilize the kernel ipsec
(both native and *swan). However, this vpn client sends an heartbeat
packet which isn't part of the standard.

To add support for this "heartbeat", it's just needed to recognize this
packet type (see attached patch against openswan 2.1.4). The hearbeat
packets are basically the same as other IPIP packets.

Is it possible to include this patch in the distribution?

kind regards
-- jochen
-------------- next part --------------
--- ipsec_rcv.c.orig	2004-07-21 12:09:15.000000000 +0200
+++ ipsec_rcv.c	2004-07-24 17:06:32.000000000 +0200
@@ -651,6 +651,7 @@
 				    || ipsnext->ips_inext)
 #endif /* CONFIG_IPSEC_IPCOMP */
 				&& ipp->protocol != IPPROTO_IPIP
+				&& ipp->protocol != 0xFE  /* added to support heartbeats to AT&T SIG/GIG */
 				) {
 				KLIPS_PRINT(debug_rcv,
 					    "klips_debug:ipsec_rcv: "
@@ -1222,7 +1223,8 @@
 	if(ipsnext) {
 		ipsp = ipsnext;
 		irs.sa_len = satot(&irs.said, 0, irs.sa, sizeof(irs.sa));
-		if(ipp->protocol != IPPROTO_IPIP) {
+		if((ipp->protocol != IPPROTO_IPIP) && 
+                   ( 0xFE != ipp->protocol)) {        /* added to support AT&T heartbeats to SIG/GIG */
 			spin_unlock(&tdb_lock);
 			KLIPS_PRINT(debug_rcv,
 				    "klips_debug:ipsec_rcv: "
@@ -1263,6 +1265,8 @@
 			}
 		}
 
+  if(ipp->protocol == IPPROTO_IPIP)  /* added to support AT&T heartbeats to SIG/GIG */
+  {  
 		/*
 		 * XXX this needs to be locked from when it was first looked
 		 * up in the decapsulation loop.  Perhaps it is better to put
@@ -1309,6 +1313,7 @@
 			    "klips_debug:ipsec_rcv: "
 			    "IPIP tunnel stripped.\n");
 		KLIPS_IP_PRINT(debug_rcv & DB_RX_PKTRX, ipp);
+  }
 
 		if(sysctl_ipsec_inbound_policy_check
 		   /*