Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/dist/ipsec-tools Set IKE ports to 0 in SA when NAT-T ...
details: https://anonhg.NetBSD.org/src/rev/57527d038d3b
branches: trunk
changeset: 582958:57527d038d3b
user: manu <manu%NetBSD.org@localhost>
date: Tue Jul 12 14:14:46 2005 +0000
description:
Set IKE ports to 0 in SA when NAT-T is not in use. This fixes problems
when NAT-T is disabled
diffstat:
crypto/dist/ipsec-tools/ChangeLog | 5 +++++
crypto/dist/ipsec-tools/src/racoon/pfkey.c | 26 +++++++++++++++++++++-----
2 files changed, 26 insertions(+), 5 deletions(-)
diffs (75 lines):
diff -r 5184d8deb6bc -r 57527d038d3b crypto/dist/ipsec-tools/ChangeLog
--- a/crypto/dist/ipsec-tools/ChangeLog Tue Jul 12 14:13:10 2005 +0000
+++ b/crypto/dist/ipsec-tools/ChangeLog Tue Jul 12 14:14:46 2005 +0000
@@ -1,3 +1,8 @@
+2005-07-12 Emmanuel Dreyfus <manu%netbsd.org@localhost>
+
+ * src/racoon/pfkey.c: Set IKE ports to 0 in the SA when NAT-T is not
+ used.
+
2005-07-04 Emmanuel Dreyfus <manu%netbsd.org@localhost>
* src/racoon/isakmp_inf.c: safety checks on informational messages
diff -r 5184d8deb6bc -r 57527d038d3b crypto/dist/ipsec-tools/src/racoon/pfkey.c
--- a/crypto/dist/ipsec-tools/src/racoon/pfkey.c Tue Jul 12 14:13:10 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/pfkey.c Tue Jul 12 14:14:46 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pfkey.c,v 1.4 2005/05/03 21:08:47 manu Exp $ */
+/* $NetBSD: pfkey.c,v 1.5 2005/07/12 14:14:46 manu Exp $ */
/* Id: pfkey.c,v 1.31.2.1 2005/02/18 10:01:40 vanhu Exp */
@@ -1059,9 +1059,13 @@
natt.dport = extract_port (iph2->ph1->local);
natt.oa = NULL; // FIXME: Here comes OA!!!
natt.frag = iph2->ph1->rmconf->esp_frag;
+ } else {
+ memset (&natt, 0, sizeof (natt));
+
+ /* Remove port information, that SA doesn't use it */
+ set_port(src, 0);
+ set_port(dst, 0);
}
- else
- memset (&natt, 0, sizeof (natt));
if (pfkey_send_update_nat(
lcconf->sock_pfkey,
@@ -1084,6 +1088,10 @@
return -1;
}
#else
+ /* Remove port information, it is not used without NAT-T */
+ set_port(src, 0);
+ set_port(dst, 0);
+
plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_update\n");
if (pfkey_send_update(
lcconf->sock_pfkey,
@@ -1352,9 +1360,13 @@
natt.dport = extract_port (iph2->ph1->remote);
natt.oa = NULL; // FIXME: Here comes OA!!!
natt.frag = iph2->ph1->rmconf->esp_frag;
+ } else {
+ memset (&natt, 0, sizeof (natt));
+
+ /* Remove port information, that SA doesn't use it */
+ set_port(src, 0);
+ set_port(dst, 0);
}
- else
- memset (&natt, 0, sizeof (natt));
if (pfkey_send_add_nat(
lcconf->sock_pfkey,
@@ -1379,6 +1391,10 @@
#else
plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_add\n");
+ /* Remove port information, it is not used without NAT-T */
+ set_port(src, 0);
+ set_port(dst, 0);
+
if (pfkey_send_add(
lcconf->sock_pfkey,
satype,
Home |
Main Index |
Thread Index |
Old Index