[Openswan Users] Problem with NAT-T patch

Paul Wouters paul at xelerance.com
Wed Jan 18 16:14:20 CET 2006


On Wed, 18 Jan 2006, Giovani Moda - MR Informática wrote:

> I know you guys really don't care much about FC2, but when tryng to patch
> kernel-2.6.10-1.771_FC2 with the new NAT-T patch from openswan-2.4.5rc4, I got
> falures in hunks 1 and 3. It did work when I tested with openswan-2.4.5dr3.
> Here are the rejects:

We are trying to make the natt patch as compatible as possible with all
kernel trees, but it is hard. The changes between 15 kernels in 2.6.1 to
2.6.15, plus vendor specific kernels makes it hard.

The latest changes were to support 2.6.14 and 2.6.15. If you can juggle
the patch so it keeps working on those , and on an FC2 kernel, we'll
happilly use it, but we can't really put in the time and effort to
support such old distributions. Sorry.

You can use the nat-t patch from 2.4.5dr if that works for you. In fact,
you hardly ever need to update the nat-t patch if you're updating
openswan klips.

Paul


> ***************
> *** 108,118 ****
>  #include <net/inet_common.h>
>  #include <net/checksum.h>
>  #include <net/xfrm.h>
>
>  /*
>   *    Snmp MIB for the UDP layer
>   */
>
>  DEFINE_SNMP_STAT(struct udp_mib, udp_statistics) __read_mostly;
>
>  struct hlist_head udp_hash[UDP_HTABLE_SIZE];
> --- 108,121 ----
>  #include <net/inet_common.h>
>  #include <net/checksum.h>
>  #include <net/xfrm.h>
> + #include <net/xfrmudp.h>
>
>  /*
>   *    Snmp MIB for the UDP layer
>   */
>
> + static xfrm4_rcv_encap_t xfrm4_rcv_encap_func;
> +
>  DEFINE_SNMP_STAT(struct udp_mib, udp_statistics) __read_mostly;
>
>  struct hlist_head udp_hash[UDP_HTABLE_SIZE];
> ***************
> *** 896,904 ****
>   */
>  static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
>  {
> - #ifndef CONFIG_XFRM
>        return 1;
> - #else
>        struct udp_sock *up = udp_sk(sk);
>        struct udphdr *uh = skb->h.uh;
>        struct iphdr *iph;
> --- 935,943 ----
>   */
>  static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
>  {
> + #if !defined(CONFIG_XFRM) && !defined(CONFIG_IPSEC_NAT_TRAVERSAL)
>        return 1;
> + #else /* either CONFIG_XFRM or CONFIG_IPSEC_NAT_TRAVERSAL */
>        struct udp_sock *up = udp_sk(sk);
>        struct udphdr *uh = skb->h.uh;
>        struct iphdr *iph;
>
> Can it be fixed or I'll need a newer kernel?
>
> BTW, klips patch works fine with this kernel
>
> Giovani
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>

-- 

"Happiness is never grand"

	--- Mustapha Mond, World Controller (Brave New World)


More information about the Users mailing list