Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netinet6 Use NAT-T ports for AH and IPcomp too.
details: https://anonhg.NetBSD.org/src/rev/e728eb5da3b5
branches: trunk
changeset: 581007:e728eb5da3b5
user: manu <manu%NetBSD.org@localhost>
date: Fri May 20 01:25:17 2005 +0000
description:
Use NAT-T ports for AH and IPcomp too.
diffstat:
sys/netinet6/ah_input.c | 19 ++++++++++++++++---
sys/netinet6/ipcomp_input.c | 18 +++++++++++++++---
2 files changed, 31 insertions(+), 6 deletions(-)
diffs (106 lines):
diff -r dae9ab3e8719 -r e728eb5da3b5 sys/netinet6/ah_input.c
--- a/sys/netinet6/ah_input.c Fri May 20 01:22:48 2005 +0000
+++ b/sys/netinet6/ah_input.c Fri May 20 01:25:17 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ah_input.c,v 1.46 2005/04/29 10:39:09 yamt Exp $ */
+/* $NetBSD: ah_input.c,v 1.47 2005/05/20 01:25:17 manu Exp $ */
/* $KAME: ah_input.c,v 1.64 2001/09/04 08:43:19 itojun Exp $ */
/*
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ah_input.c,v 1.46 2005/04/29 10:39:09 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ah_input.c,v 1.47 2005/05/20 01:25:17 manu Exp $");
#include "opt_inet.h"
@@ -109,12 +109,25 @@
int off, proto;
va_list ap;
size_t stripsiz = 0;
+ u_int16_t sport = 0;
+ u_int16_t dport = 0;
+#ifdef IPSEC_NAT_T
+ struct m_tag *tag = NULL;
+#endif
va_start(ap, m);
off = va_arg(ap, int);
proto = va_arg(ap, int);
va_end(ap);
+#ifdef IPSEC_NAT_T
+ /* find the source port for NAT-T */
+ if ((tag = m_tag_find(m, PACKET_TAG_IPSEC_NAT_T_PORTS, NULL)) != NULL) {
+ sport = ((u_int16_t *)(tag + 1))[0];
+ dport = ((u_int16_t *)(tag + 1))[1];
+ }
+#endif
+
ip = mtod(m, struct ip *);
IP6_EXTHDR_GET(ah, struct ah *, m, off, sizeof(struct newah));
if (ah == NULL) {
@@ -131,7 +144,7 @@
if ((sav = key_allocsa(AF_INET,
(caddr_t)&ip->ip_src, (caddr_t)&ip->ip_dst,
- IPPROTO_AH, spi, 0, 0)) == 0) {
+ IPPROTO_AH, spi, sport, dport)) == 0) {
ipseclog((LOG_WARNING,
"IPv4 AH input: no key association found for spi %u\n",
(u_int32_t)ntohl(spi)));
diff -r dae9ab3e8719 -r e728eb5da3b5 sys/netinet6/ipcomp_input.c
--- a/sys/netinet6/ipcomp_input.c Fri May 20 01:22:48 2005 +0000
+++ b/sys/netinet6/ipcomp_input.c Fri May 20 01:25:17 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipcomp_input.c,v 1.24 2005/04/29 10:39:09 yamt Exp $ */
+/* $NetBSD: ipcomp_input.c,v 1.25 2005/05/20 01:25:17 manu Exp $ */
/* $KAME: ipcomp_input.c,v 1.29 2001/09/04 08:43:19 itojun Exp $ */
/*
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipcomp_input.c,v 1.24 2005/04/29 10:39:09 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipcomp_input.c,v 1.25 2005/05/20 01:25:17 manu Exp $");
#include "opt_inet.h"
@@ -103,6 +103,11 @@
struct secasvar *sav = NULL;
int off, proto;
va_list ap;
+ u_int16_t sport = 0;
+ u_int16_t dport = 0;
+#ifdef IPSEC_NAT_T
+ struct m_tag *tag = NULL;
+#endif
va_start(ap, m);
off = va_arg(ap, int);
@@ -115,6 +120,13 @@
ipsecstat.in_inval++;
goto fail;
}
+#ifdef IPSEC_NAT_T
+ /* find the source port for NAT-T */
+ if ((tag = m_tag_find(m, PACKET_TAG_IPSEC_NAT_T_PORTS, NULL)) != NULL) {
+ sport = ((u_int16_t *)(tag + 1))[0];
+ dport = ((u_int16_t *)(tag + 1))[1];
+ }
+#endif
md = m_pulldown(m, off, sizeof(*ipcomp), NULL);
if (!md) {
@@ -138,7 +150,7 @@
if (cpi >= IPCOMP_CPI_NEGOTIATE_MIN) {
sav = key_allocsa(AF_INET, (caddr_t)&ip->ip_src,
(caddr_t)&ip->ip_dst, IPPROTO_IPCOMP, htonl(cpi),
- 0, 0);
+ sport, dport);
if (sav != NULL &&
(sav->state == SADB_SASTATE_MATURE ||
sav->state == SADB_SASTATE_DYING)) {
Home |
Main Index |
Thread Index |
Old Index