[Openswan Users] NAT-T Patch

Toby Heywood th at tobyheywood.co.uk
Sun Mar 4 18:31:18 EST 2007 

Hi,

No I have yet to find a solution to this issue.  If I had the knowledge 
I would happily edit the file(s) but alas this is not something I am 
able to do at this time.

I read somewhere that this was quite a common problem with minor kernel 
releases.

Given my simplistic view on such things as the kernel, surely the 
kernel doesn't change that drastically between a major release and its 
child minor releases?

If any one can shed some light on this it would be greatly appeciated.

Regards

Toby H

> I am stuck exactly here too,
> has any resolution been found?
>
> I suppose I could just go in and hand edit the file to
> resemble what it should be, but if its supposed to work,
> seems to indicate something has gone wrong?
>
> -tl
>
>
> On Wed, 2007-02-28 at 15:44 +0000, Toby Heywood wrote:
>> Paul Wouters wrote:
>> > use 2.4.8rc1 instead.
>> >
>> Thanks for the quick response.  Successfully downloaded and extract
>> 2.4.8rc1.
>> >
>> > That tree already has some version of the patch applied to it.
>> > Start with a clean tree.
>> >
>> I have now deleted the existing /usr/usr/linux directory and recreated
>> from kernel source downloaded from kernel.org (currently 2.6.20.1).
>>
>> Unfortunately I'm still getting strange error messages.  See below for
>> what I did and what I got...
>>
>> theywood at plank:/usr/src$ unlink linux
>> theywood at plank:/usr/src$ rm -fr linux-2.6.20.1
>> theywood at plank:/usr/src$ tar jxf linux-2.6.20.1.tar.bz2
>> theywood at plank:/usr/src$ ln -s /usr/src/linux-2.6.20.1 linux
>> theywood at plank:/usr/src$ cd ~/src/openswan-2.4.8rc1
>> theywood at plank:~/src/openswan-2.4.8rc1$ KERNELSRC=/usr/src/linux
>> theywood at plank:~/src/openswan-2.4.8rc1$ make nattpatch
>> > /usr/src/openswan-ipsec.natt.patch
>> theywood at plank:~/src/openswan-2.4.8rc1$ cd /usr/src/linux
>> theywood at plank:/usr/src/linux$ cat /usr/src/openswan-ipsec.natt.patch
>> | patch -p1 -s
>> 2 out of 6 hunks FAILED -- saving rejects to file net/ipv4/udp.c.rej
>>
>> Not sure if it will help but I have attached the net/ipv4/udp.c.rej
>> file.
>>
>> Thank you for your help.
>>
>> Regards
>>
>> Toby
>> plain text document attachment (udp.c.rej)
>> ***************
>> *** 1038,1046 ****
>>    */
>>   static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
>>   {
>> - #ifndef CONFIG_XFRM
>>   	return 1;
>> - #else
>>   	struct udp_sock *up = udp_sk(sk);
>>     	struct udphdr *uh = skb->h.uh;
>>   	struct iphdr *iph;
>> --- 1077,1085 ----
>>    */
>>   static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
>>   {
>> + #if !defined(CONFIG_XFRM) && !defined(CONFIG_IPSEC_NAT_TRAVERSAL)
>>   	return 1;
>> + #else /* either CONFIG_XFRM or CONFIG_IPSEC_NAT_TRAVERSAL */
>>   	struct udp_sock *up = udp_sk(sk);
>>     	struct udphdr *uh = skb->h.uh;
>>   	struct iphdr *iph;
>> ***************
>> *** 1158,1167 ****
>>   			return 0;
>>   		}
>>   		if (ret < 0) {
>> - 			/* process the ESP packet */
>> - 			ret = xfrm4_rcv_encap(skb, up->encap_type);
>> - 			UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
>> - 			return -ret;
>>   		}
>>   		/* FALLTHROUGH -- it's a UDP Packet */
>>   	}
>> --- 1197,1210 ----
>>   			return 0;
>>   		}
>>   		if (ret < 0) {
>> +  			if(xfrm4_rcv_encap_func != NULL) {
>> +  			  ret = (*xfrm4_rcv_encap_func)(skb, up->encap_type);
>> +  			  UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
>> +  			} else {
>> +  			  UDP_INC_STATS_BH(UDP_MIB_INERRORS);
>> +  			  ret = 1;
>> +  			}
>> + 			return ret;
>>   		}
>>   		/* FALLTHROUGH -- it's a UDP Packet */
>>   	}
>> ***************
>> *** 1251,1257 ****
>>   /*
>>    *	All we need to do is get the socket, and then do a checksum.
>>    */
>> -
>>   int udp_rcv(struct sk_buff *skb)
>>   {
>>     	struct sock *sk;
>> --- 1294,1299 ----
>>   /*
>>    *	All we need to do is get the socket, and then do a checksum.
>>    */
>>   int udp_rcv(struct sk_buff *skb)
>>   {
>>     	struct sock *sk;
>> ***************
>> *** 1708,1710 ****
>>   EXPORT_SYMBOL(udp_proc_register);
>>   EXPORT_SYMBOL(udp_proc_unregister);
>>   #endif
>> --- 1750,1758 ----
>>   EXPORT_SYMBOL(udp_proc_register);
>>   EXPORT_SYMBOL(udp_proc_unregister);
>>   #endif
>> +
>> + #if defined(CONFIG_IPSEC_NAT_TRAVERSAL)
>> + EXPORT_SYMBOL(udp4_register_esp_rcvencap);
>> + EXPORT_SYMBOL(udp4_unregister_esp_rcvencap);
>> + #endif
>> +
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>


----- End message from tleslie at tcn.net -----



----------------------------------------------------------------
This message was sent using webmail powered by hdotcom.
http://www.hdotcom.net/

More information about the Users mailing list