diff options
Diffstat (limited to 'linux/linux-mtx-1-2.4.24/12-openswan-2.2.0-nat-t.diff')
-rw-r--r-- | linux/linux-mtx-1-2.4.24/12-openswan-2.2.0-nat-t.diff | 143 |
1 files changed, 143 insertions, 0 deletions
diff --git a/linux/linux-mtx-1-2.4.24/12-openswan-2.2.0-nat-t.diff b/linux/linux-mtx-1-2.4.24/12-openswan-2.2.0-nat-t.diff index e69de29bb2..31bcbd8a5a 100644 --- a/linux/linux-mtx-1-2.4.24/12-openswan-2.2.0-nat-t.diff +++ b/linux/linux-mtx-1-2.4.24/12-openswan-2.2.0-nat-t.diff @@ -0,0 +1,143 @@ +diff -Nurb linux-1-11/include/net/sock.h linux/include/net/sock.h +--- linux-1-11/include/net/sock.h 2004-11-18 09:55:07.377211480 +0100 ++++ linux/include/net/sock.h 2004-11-18 09:55:43.605703912 +0100 +@@ -256,6 +256,13 @@ + __u32 end_seq; + }; + ++#if 1 ++#define UDP_OPT_IN_SOCK 1 ++struct udp_opt { ++ __u32 esp_in_udp; ++}; ++#endif ++ + struct tcp_opt { + int tcp_header_len; /* Bytes of tcp header to send */ + +@@ -601,6 +608,9 @@ + #if defined(CONFIG_SPX) || defined (CONFIG_SPX_MODULE) + struct spx_opt af_spx; + #endif /* CONFIG_SPX */ ++#if 1 ++ struct udp_opt af_udp; ++#endif + + } tp_pinfo; + +diff -Nurb linux-1-11/net/Config.in linux/net/Config.in +--- linux-1-11/net/Config.in 2004-11-18 09:55:07.545185944 +0100 ++++ linux/net/Config.in 2004-11-18 09:55:43.627700568 +0100 +@@ -102,4 +102,6 @@ + tristate 'Packet Generator (USE WITH CAUTION)' CONFIG_NET_PKTGEN + endmenu + ++bool 'IPSEC NAT-Traversal' CONFIG_IPSEC_NAT_TRAVERSAL ++ + endmenu +diff -Nurb linux-1-11/net/ipv4/udp.c linux/net/ipv4/udp.c +--- linux-1-11/net/ipv4/udp.c 2004-11-18 09:55:07.958123168 +0100 ++++ linux/net/ipv4/udp.c 2004-11-18 09:55:43.638698896 +0100 +@@ -804,6 +804,9 @@ + + static int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb) + { ++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL ++ struct udp_opt *tp = &(sk->tp_pinfo.af_udp); ++#endif + /* + * Charge it to the socket, dropping if the queue is full. + */ +@@ -821,6 +824,40 @@ + } + #endif + ++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL ++ if (tp->esp_in_udp) { ++ /* ++ * Set skb->sk and xmit packet to ipsec_rcv. ++ * ++ * If ret != 0, ipsec_rcv refused the packet (not ESPinUDP), ++ * restore skb->sk and fall back to sock_queue_rcv_skb ++ */ ++ struct inet_protocol *esp = NULL; ++ ++#if defined(CONFIG_IPSEC) && !defined(CONFIG_IPSEC_MODULE) ++ /* optomize only when we know it is statically linked */ ++ extern struct inet_protocol esp_protocol; ++ esp = &esp_protocol; ++#else ++ for (esp = (struct inet_protocol *)inet_protos[IPPROTO_ESP & (MAX_INET_PROTOS - 1)]; ++ (esp) && (esp->protocol != IPPROTO_ESP); ++ esp = esp->next); ++#endif ++ ++ if (esp && esp->handler) { ++ struct sock *sav_sk = skb->sk; ++ skb->sk = sk; ++ if (esp->handler(skb) == 0) { ++ skb->sk = sav_sk; ++ /*not sure we might count ESPinUDP as UDP...*/ ++ UDP_INC_STATS_BH(UdpInDatagrams); ++ return 0; ++ } ++ skb->sk = sav_sk; ++ } ++ } ++#endif ++ + if (sock_queue_rcv_skb(sk,skb)<0) { + UDP_INC_STATS_BH(UdpInErrors); + IP_INC_STATS_BH(IpInDiscards); +@@ -1044,13 +1081,49 @@ + return len; + } + ++static int udp_setsockopt(struct sock *sk, int level, int optname, ++ char *optval, int optlen) ++{ ++ struct udp_opt *tp = &(sk->tp_pinfo.af_udp); ++ int val; ++ int err = 0; ++ ++ if (level != SOL_UDP) ++ return ip_setsockopt(sk, level, optname, optval, optlen); ++ ++ if(optlen<sizeof(int)) ++ return -EINVAL; ++ ++ if (get_user(val, (int *)optval)) ++ return -EFAULT; ++ ++ lock_sock(sk); ++ ++ switch(optname) { ++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL ++#ifndef UDP_ESPINUDP ++#define UDP_ESPINUDP 100 ++#endif ++ case UDP_ESPINUDP: ++ tp->esp_in_udp = val; ++ break; ++#endif ++ default: ++ err = -ENOPROTOOPT; ++ break; ++ } ++ ++ release_sock(sk); ++ return err; ++} ++ + struct proto udp_prot = { + name: "UDP", + close: udp_close, + connect: udp_connect, + disconnect: udp_disconnect, + ioctl: udp_ioctl, +- setsockopt: ip_setsockopt, ++ setsockopt: udp_setsockopt, + getsockopt: ip_getsockopt, + sendmsg: udp_sendmsg, + recvmsg: udp_recvmsg, + |