]>
Commit | Line | Data |
---|---|---|
376e42ce MT |
1 | packaging/utils/nattpatch 2.6 |
2 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
3 | +++ nat-t/include/net/xfrmudp.h Mon Feb 9 13:51:03 2004 | |
4 | @@ -0,0 +1,10 @@ | |
5 | +/* | |
6 | + * pointer to function for type that xfrm4_input wants, to permit | |
7 | + * decoupling of XFRM from udp.c | |
8 | + */ | |
9 | +#define HAVE_XFRM4_UDP_REGISTER | |
10 | + | |
11 | +typedef int (*xfrm4_rcv_encap_t)(struct sk_buff *skb, __u16 encap_type); | |
12 | +extern int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func | |
13 | + , xfrm4_rcv_encap_t *oldfunc); | |
14 | +extern int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func); | |
15 | --- /distros/kernel/linux-2.6.11.2/net/ipv4/Kconfig 2005-03-09 03:12:33.000000000 -0500 | |
16 | +++ swan26/net/ipv4/Kconfig 2005-04-04 18:46:13.000000000 -0400 | |
17 | @@ -351,2 +351,8 @@ | |
18 | ||
19 | +config IPSEC_NAT_TRAVERSAL | |
20 | + bool "IPSEC NAT-Traversal (KLIPS compatible)" | |
21 | + depends on INET | |
22 | + ---help--- | |
23 | + Includes support for RFC3947/RFC3948 NAT-Traversal of ESP over UDP. | |
24 | + | |
25 | config IP_TCPDIAG | |
26 | --- plain26/net/ipv4/udp.c.orig 2006-01-02 22:21:10.000000000 -0500 | |
27 | +++ plain26/net/ipv4/udp.c 2006-01-10 20:07:21.000000000 -0500 | |
28 | @@ -108,11 +108,14 @@ | |
29 | #include <net/inet_common.h> | |
30 | #include <net/checksum.h> | |
31 | #include <net/xfrm.h> | |
32 | +#include <net/xfrmudp.h> | |
33 | ||
34 | /* | |
35 | * Snmp MIB for the UDP layer | |
36 | */ | |
37 | ||
38 | +static xfrm4_rcv_encap_t xfrm4_rcv_encap_func; | |
39 | + | |
40 | DEFINE_SNMP_STAT(struct udp_mib, udp_statistics) __read_mostly; | |
41 | ||
42 | struct hlist_head udp_hash[UDP_HTABLE_SIZE]; | |
43 | @@ -894,6 +897,42 @@ | |
44 | sk_common_release(sk); | |
45 | } | |
46 | ||
47 | +#if defined(CONFIG_XFRM) || defined(CONFIG_IPSEC_NAT_TRAVERSAL) | |
48 | + | |
49 | +/* if XFRM isn't a module, then register it directly. */ | |
50 | +#if 0 && !defined(CONFIG_XFRM_MODULE) && !defined(CONFIG_IPSEC_NAT_TRAVERSAL) | |
51 | +static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = xfrm4_rcv_encap; | |
52 | +#else | |
53 | +static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = NULL; | |
54 | +#endif | |
55 | + | |
56 | +int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func | |
57 | + , xfrm4_rcv_encap_t *oldfunc) | |
58 | +{ | |
59 | + if(oldfunc != NULL) { | |
60 | + *oldfunc = xfrm4_rcv_encap_func; | |
61 | + } | |
62 | + | |
63 | +#if 0 | |
64 | + if(xfrm4_rcv_encap_func != NULL) | |
65 | + return -1; | |
66 | +#endif | |
67 | + | |
68 | + xfrm4_rcv_encap_func = func; | |
69 | + return 0; | |
70 | +} | |
71 | + | |
72 | +int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func) | |
73 | +{ | |
74 | + if(xfrm4_rcv_encap_func != func) | |
75 | + return -1; | |
76 | + | |
77 | + xfrm4_rcv_encap_func = NULL; | |
78 | + return 0; | |
79 | +} | |
80 | +#endif /* CONFIG_XFRM_MODULE || CONFIG_IPSEC_NAT_TRAVERSAL */ | |
81 | + | |
82 | + | |
83 | /* return: | |
84 | * 1 if the the UDP system should process it | |
85 | * 0 if we should drop this packet | |
86 | @@ -901,9 +940,9 @@ | |
87 | */ | |
88 | static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb) | |
89 | { | |
90 | -#ifndef CONFIG_XFRM | |
91 | +#if !defined(CONFIG_XFRM) && !defined(CONFIG_IPSEC_NAT_TRAVERSAL) | |
92 | return 1; | |
93 | -#else | |
94 | +#else /* either CONFIG_XFRM or CONFIG_IPSEC_NAT_TRAVERSAL */ | |
95 | struct udp_sock *up = udp_sk(sk); | |
96 | struct udphdr *uh = skb->h.uh; | |
97 | struct iphdr *iph; | |
98 | @@ -915,11 +954,11 @@ | |
99 | ||
100 | /* if we're overly short, let UDP handle it */ | |
101 | len = skb->len - sizeof(struct udphdr); | |
102 | if (len <= 0) | |
103 | - return 1; | |
104 | + return 2; | |
105 | ||
106 | /* if this is not encapsulated socket, then just return now */ | |
107 | if (!encap_type) | |
108 | - return 1; | |
109 | + return 3; | |
110 | ||
111 | len = skb->tail - udpdata; | |
112 | @@ -934,7 +973,7 @@ | |
113 | len = sizeof(struct udphdr); | |
114 | } else | |
115 | /* Must be an IKE packet.. pass it through */ | |
116 | - return 1; | |
117 | + return 4; | |
118 | break; | |
119 | case UDP_ENCAP_ESPINUDP_NON_IKE: | |
120 | /* Check if this is a keepalive packet. If so, eat it. */ | |
121 | @@ -947,7 +986,7 @@ | |
122 | len = sizeof(struct udphdr) + 2 * sizeof(u32); | |
123 | } else | |
124 | /* Must be an IKE packet.. pass it through */ | |
125 | - return 1; | |
126 | + return 5; | |
127 | break; | |
128 | } | |
129 | ||
130 | @@ -1021,10 +1060,14 @@ | |
131 | return 0; | |
132 | } | |
133 | if (ret < 0) { | |
134 | - /* process the ESP packet */ | |
135 | - ret = xfrm4_rcv_encap(skb, up->encap_type); | |
136 | - UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS); | |
137 | - return -ret; | |
138 | + if(xfrm4_rcv_encap_func != NULL) { | |
139 | + ret = (*xfrm4_rcv_encap_func)(skb, up->encap_type); | |
140 | + UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS); | |
141 | + } else { | |
142 | + UDP_INC_STATS_BH(UDP_MIB_INERRORS); | |
143 | + ret = 1; | |
144 | + } | |
145 | + return ret; | |
146 | } | |
147 | /* FALLTHROUGH -- it's a UDP Packet */ | |
148 | } | |
149 | @@ -1114,7 +1157,6 @@ | |
150 | /* | |
151 | * All we need to do is get the socket, and then do a checksum. | |
152 | */ | |
153 | - | |
154 | int udp_rcv(struct sk_buff *skb) | |
155 | { | |
156 | struct sock *sk; | |
157 | @@ -1571,3 +1613,9 @@ | |
158 | EXPORT_SYMBOL(udp_proc_register); | |
159 | EXPORT_SYMBOL(udp_proc_unregister); | |
160 | #endif | |
161 | + | |
162 | +#if defined(CONFIG_IPSEC_NAT_TRAVERSAL) | |
163 | +EXPORT_SYMBOL(udp4_register_esp_rcvencap); | |
164 | +EXPORT_SYMBOL(udp4_unregister_esp_rcvencap); | |
165 | +#endif | |
166 | + |