[Openswan Users] support for at&t network dialer
Jochen Eisinger
jochen at penguin-breeder.org
Sat Jul 24 18:34:08 CEST 2004
Hi,
there exists an at&t network dialer that can utilize the kernel ipsec
(both native and *swan). However, this vpn client sends an heartbeat
packet which isn't part of the standard.
To add support for this "heartbeat", it's just needed to recognize this
packet type (see attached patch against openswan 2.1.4). The hearbeat
packets are basically the same as other IPIP packets.
Is it possible to include this patch in the distribution?
kind regards
-- jochen
-------------- next part --------------
--- ipsec_rcv.c.orig 2004-07-21 12:09:15.000000000 +0200
+++ ipsec_rcv.c 2004-07-24 17:06:32.000000000 +0200
@@ -651,6 +651,7 @@
|| ipsnext->ips_inext)
#endif /* CONFIG_IPSEC_IPCOMP */
&& ipp->protocol != IPPROTO_IPIP
+ && ipp->protocol != 0xFE /* added to support heartbeats to AT&T SIG/GIG */
) {
KLIPS_PRINT(debug_rcv,
"klips_debug:ipsec_rcv: "
@@ -1222,7 +1223,8 @@
if(ipsnext) {
ipsp = ipsnext;
irs.sa_len = satot(&irs.said, 0, irs.sa, sizeof(irs.sa));
- if(ipp->protocol != IPPROTO_IPIP) {
+ if((ipp->protocol != IPPROTO_IPIP) &&
+ ( 0xFE != ipp->protocol)) { /* added to support AT&T heartbeats to SIG/GIG */
spin_unlock(&tdb_lock);
KLIPS_PRINT(debug_rcv,
"klips_debug:ipsec_rcv: "
@@ -1263,6 +1265,8 @@
}
}
+ if(ipp->protocol == IPPROTO_IPIP) /* added to support AT&T heartbeats to SIG/GIG */
+ {
/*
* XXX this needs to be locked from when it was first looked
* up in the decapsulation loop. Perhaps it is better to put
@@ -1309,6 +1313,7 @@
"klips_debug:ipsec_rcv: "
"IPIP tunnel stripped.\n");
KLIPS_IP_PRINT(debug_rcv & DB_RX_PKTRX, ipp);
+ }
if(sysctl_ipsec_inbound_policy_check
/*
More information about the Users
mailing list