[src/netbsd-3]: src/sys/netkey Pull up revision 1.135 (requested by manu in t...

[tron <tron%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/2a367a2dae9a
branches:  netbsd-3
changeset: 576566:2a367a2dae9a
user:      tron <tron%NetBSD.org@localhost>
date:      Mon Jul 11 15:04:29 2005 +0000

description:
Pull up revision 1.135 (requested by manu in ticket #575):
Another NAT-T fix: don't check for port information in transport mode, as there
is no port information.

diffstat:

 sys/netkey/key.c |  17 +++++++++++------
 1 files changed, 11 insertions(+), 6 deletions(-)

diffs (46 lines):

diff -r bbd403e90739 -r 2a367a2dae9a sys/netkey/key.c
--- a/sys/netkey/key.c  Mon Jul 11 12:12:11 2005 +0000
+++ b/sys/netkey/key.c  Mon Jul 11 15:04:29 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: key.c,v 1.129.2.4 2005/05/11 18:19:11 tron Exp $       */
+/*     $NetBSD: key.c,v 1.129.2.5 2005/07/11 15:04:29 tron Exp $       */
 /*     $KAME: key.c,v 1.310 2003/09/08 02:23:44 itojun Exp $   */
 
 /*
@@ -35,7 +35,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.129.2.4 2005/05/11 18:19:11 tron Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.129.2.5 2005/07/11 15:04:29 tron Exp $");
 
 #include "opt_inet.h"
 #include "opt_ipsec.h"
@@ -4290,11 +4290,7 @@
 key_cmpsaidx_withmode(saidx0, saidx1)
        struct secasindex *saidx0, *saidx1;
 {
-#ifdef IPSEC_NAT_T
-       int chkport = 1;
-#else
        int chkport = 0;
-#endif
 
        /* sanity */
        if (saidx0 == NULL && saidx1 == NULL)
@@ -4307,6 +4303,15 @@
                return 0;
 
        /*
+        * If NAT-T is enabled, check ports for tunnel mode.
+        * Don't do it for transport mode, as there is no
+        * port information available in the SP.
+        */
+#ifdef IPSEC_NAT_T
+       if (saidx1->mode == IPSEC_MODE_TUNNEL)
+               chkport = 1;
+#endif
+       /*
         * If reqid of SPD is non-zero, unique SA is required.
         * The result must be of same reqid in this case.
         */