[Openswan Users] NAT-T Patch

[Toby Heywood]

Paul Wouters wrote:
> use 2.4.8rc1 instead.
>   
Thanks for the quick response.  Successfully downloaded and extract
2.4.8rc1.
>
> That tree already has some version of the patch applied to it.
> Start with a clean tree.
>   
I have now deleted the existing /usr/usr/linux directory and recreated
from kernel source downloaded from kernel.org (currently 2.6.20.1).

Unfortunately I'm still getting strange error messages.  See below for
what I did and what I got...

theywood at plank:/usr/src$ unlink linux
theywood at plank:/usr/src$ rm -fr linux-2.6.20.1
theywood at plank:/usr/src$ tar jxf linux-2.6.20.1.tar.bz2
theywood at plank:/usr/src$ ln -s /usr/src/linux-2.6.20.1 linux
theywood at plank:/usr/src$ cd ~/src/openswan-2.4.8rc1
theywood at plank:~/src/openswan-2.4.8rc1$ KERNELSRC=/usr/src/linux
theywood at plank:~/src/openswan-2.4.8rc1$ make nattpatch >
/usr/src/openswan-ipsec.natt.patch
theywood at plank:~/src/openswan-2.4.8rc1$ cd /usr/src/linux
theywood at plank:/usr/src/linux$ cat /usr/src/openswan-ipsec.natt.patch |
patch -p1 -s
2 out of 6 hunks FAILED -- saving rejects to file net/ipv4/udp.c.rej

Not sure if it will help but I have attached the net/ipv4/udp.c.rej file.

Thank you for your help.

Regards

Toby
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070228/1bd2cbae/attachment.html 
-------------- next part --------------
***************
*** 1038,1046 ****
   */
  static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
  {
- #ifndef CONFIG_XFRM
  	return 1; 
- #else
  	struct udp_sock *up = udp_sk(sk);
    	struct udphdr *uh = skb->h.uh;
  	struct iphdr *iph;
--- 1077,1085 ----
   */
  static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
  {
+ #if !defined(CONFIG_XFRM) && !defined(CONFIG_IPSEC_NAT_TRAVERSAL)
  	return 1; 
+ #else /* either CONFIG_XFRM or CONFIG_IPSEC_NAT_TRAVERSAL */
  	struct udp_sock *up = udp_sk(sk);
    	struct udphdr *uh = skb->h.uh;
  	struct iphdr *iph;
***************
*** 1158,1167 ****
  			return 0;
  		}
  		if (ret < 0) {
- 			/* process the ESP packet */
- 			ret = xfrm4_rcv_encap(skb, up->encap_type);
- 			UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
- 			return -ret;
  		}
  		/* FALLTHROUGH -- it's a UDP Packet */
  	}
--- 1197,1210 ----
  			return 0;
  		}
  		if (ret < 0) {
+  			if(xfrm4_rcv_encap_func != NULL) {
+  			  ret = (*xfrm4_rcv_encap_func)(skb, up->encap_type);
+  			  UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
+  			} else {
+  			  UDP_INC_STATS_BH(UDP_MIB_INERRORS);
+  			  ret = 1;
+  			}
+ 			return ret;
  		}
  		/* FALLTHROUGH -- it's a UDP Packet */
  	}
***************
*** 1251,1257 ****
  /*
   *	All we need to do is get the socket, and then do a checksum. 
   */
-  
  int udp_rcv(struct sk_buff *skb)
  {
    	struct sock *sk;
--- 1294,1299 ----
  /*
   *	All we need to do is get the socket, and then do a checksum. 
   */
  int udp_rcv(struct sk_buff *skb)
  {
    	struct sock *sk;
***************
*** 1708,1710 ****
  EXPORT_SYMBOL(udp_proc_register);
  EXPORT_SYMBOL(udp_proc_unregister);
  #endif
--- 1750,1758 ----
  EXPORT_SYMBOL(udp_proc_register);
  EXPORT_SYMBOL(udp_proc_unregister);
  #endif
+ 
+ #if defined(CONFIG_IPSEC_NAT_TRAVERSAL)
+ EXPORT_SYMBOL(udp4_register_esp_rcvencap);
+ EXPORT_SYMBOL(udp4_unregister_esp_rcvencap);
+ #endif
+