[Openswan Users] NAT-T Patch
tleslie
tleslie at tcn.net
Sat Mar 3 18:59:08 EST 2007
I am stuck exactly here too,
has any resolution been found?
I suppose I could just go in and hand edit the file to
resemble what it should be, but if its supposed to work,
seems to indicate something has gone wrong?
-tl
On Wed, 2007-02-28 at 15:44 +0000, Toby Heywood wrote:
> Paul Wouters wrote:
> > use 2.4.8rc1 instead.
> >
> Thanks for the quick response. Successfully downloaded and extract
> 2.4.8rc1.
> >
> > That tree already has some version of the patch applied to it.
> > Start with a clean tree.
> >
> I have now deleted the existing /usr/usr/linux directory and recreated
> from kernel source downloaded from kernel.org (currently 2.6.20.1).
>
> Unfortunately I'm still getting strange error messages. See below for
> what I did and what I got...
>
> theywood at plank:/usr/src$ unlink linux
> theywood at plank:/usr/src$ rm -fr linux-2.6.20.1
> theywood at plank:/usr/src$ tar jxf linux-2.6.20.1.tar.bz2
> theywood at plank:/usr/src$ ln -s /usr/src/linux-2.6.20.1 linux
> theywood at plank:/usr/src$ cd ~/src/openswan-2.4.8rc1
> theywood at plank:~/src/openswan-2.4.8rc1$ KERNELSRC=/usr/src/linux
> theywood at plank:~/src/openswan-2.4.8rc1$ make nattpatch
> > /usr/src/openswan-ipsec.natt.patch
> theywood at plank:~/src/openswan-2.4.8rc1$ cd /usr/src/linux
> theywood at plank:/usr/src/linux$ cat /usr/src/openswan-ipsec.natt.patch
> | patch -p1 -s
> 2 out of 6 hunks FAILED -- saving rejects to file net/ipv4/udp.c.rej
>
> Not sure if it will help but I have attached the net/ipv4/udp.c.rej
> file.
>
> Thank you for your help.
>
> Regards
>
> Toby
> plain text document attachment (udp.c.rej)
> ***************
> *** 1038,1046 ****
> */
> static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
> {
> - #ifndef CONFIG_XFRM
> return 1;
> - #else
> struct udp_sock *up = udp_sk(sk);
> struct udphdr *uh = skb->h.uh;
> struct iphdr *iph;
> --- 1077,1085 ----
> */
> static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
> {
> + #if !defined(CONFIG_XFRM) && !defined(CONFIG_IPSEC_NAT_TRAVERSAL)
> return 1;
> + #else /* either CONFIG_XFRM or CONFIG_IPSEC_NAT_TRAVERSAL */
> struct udp_sock *up = udp_sk(sk);
> struct udphdr *uh = skb->h.uh;
> struct iphdr *iph;
> ***************
> *** 1158,1167 ****
> return 0;
> }
> if (ret < 0) {
> - /* process the ESP packet */
> - ret = xfrm4_rcv_encap(skb, up->encap_type);
> - UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
> - return -ret;
> }
> /* FALLTHROUGH -- it's a UDP Packet */
> }
> --- 1197,1210 ----
> return 0;
> }
> if (ret < 0) {
> + if(xfrm4_rcv_encap_func != NULL) {
> + ret = (*xfrm4_rcv_encap_func)(skb, up->encap_type);
> + UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
> + } else {
> + UDP_INC_STATS_BH(UDP_MIB_INERRORS);
> + ret = 1;
> + }
> + return ret;
> }
> /* FALLTHROUGH -- it's a UDP Packet */
> }
> ***************
> *** 1251,1257 ****
> /*
> * All we need to do is get the socket, and then do a checksum.
> */
> -
> int udp_rcv(struct sk_buff *skb)
> {
> struct sock *sk;
> --- 1294,1299 ----
> /*
> * All we need to do is get the socket, and then do a checksum.
> */
> int udp_rcv(struct sk_buff *skb)
> {
> struct sock *sk;
> ***************
> *** 1708,1710 ****
> EXPORT_SYMBOL(udp_proc_register);
> EXPORT_SYMBOL(udp_proc_unregister);
> #endif
> --- 1750,1758 ----
> EXPORT_SYMBOL(udp_proc_register);
> EXPORT_SYMBOL(udp_proc_unregister);
> #endif
> +
> + #if defined(CONFIG_IPSEC_NAT_TRAVERSAL)
> + EXPORT_SYMBOL(udp4_register_esp_rcvencap);
> + EXPORT_SYMBOL(udp4_unregister_esp_rcvencap);
> + #endif
> +
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list