diff options
Diffstat (limited to 'packages/linux/linux-mtx-2-2.4.27/12-openswan-2.2.0-nat-t.diff')
-rw-r--r-- | packages/linux/linux-mtx-2-2.4.27/12-openswan-2.2.0-nat-t.diff | 143 |
1 files changed, 143 insertions, 0 deletions
diff --git a/packages/linux/linux-mtx-2-2.4.27/12-openswan-2.2.0-nat-t.diff b/packages/linux/linux-mtx-2-2.4.27/12-openswan-2.2.0-nat-t.diff new file mode 100644 index 0000000000..2a18d605bf --- /dev/null +++ b/packages/linux/linux-mtx-2-2.4.27/12-openswan-2.2.0-nat-t.diff @@ -0,0 +1,143 @@ +diff -Nurb linux-08/include/net/sock.h linux/include/net/sock.h +--- linux-08/include/net/sock.h 2004-11-19 11:37:23.376715120 +0100 ++++ linux/include/net/sock.h 2004-11-19 11:39:29.874484536 +0100 +@@ -256,6 +256,13 @@ + __u32 end_seq; + }; + ++#if 1 ++#define UDP_OPT_IN_SOCK 1 ++struct udp_opt { ++ __u32 esp_in_udp; ++}; ++#endif ++ + struct tcp_opt { + int tcp_header_len; /* Bytes of tcp header to send */ + +@@ -648,6 +655,9 @@ + #if defined(CONFIG_SPX) || defined (CONFIG_SPX_MODULE) + struct spx_opt af_spx; + #endif /* CONFIG_SPX */ ++#if 1 ++ struct udp_opt af_udp; ++#endif + + } tp_pinfo; + +diff -Nurb linux-08/net/Config.in linux/net/Config.in +--- linux-08/net/Config.in 2004-11-19 11:37:23.770655232 +0100 ++++ linux/net/Config.in 2004-11-19 11:39:29.874484536 +0100 +@@ -102,4 +102,6 @@ + dep_tristate 'Packet Generator (USE WITH CAUTION)' CONFIG_NET_PKTGEN $CONFIG_PROC_FS + endmenu + ++bool 'IPSEC NAT-Traversal' CONFIG_IPSEC_NAT_TRAVERSAL ++ + endmenu +diff -Nurb linux-08/net/ipv4/udp.c linux/net/ipv4/udp.c +--- linux-08/net/ipv4/udp.c 2004-11-19 11:37:23.897635928 +0100 ++++ linux/net/ipv4/udp.c 2004-11-19 11:39:29.875484384 +0100 +@@ -810,6 +810,9 @@ + + static int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb) + { ++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL ++ struct udp_opt *tp = &(sk->tp_pinfo.af_udp); ++#endif + /* + * Charge it to the socket, dropping if the queue is full. + */ +@@ -827,6 +830,40 @@ + } + #endif + ++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL ++ if (tp->esp_in_udp) { ++ /* ++ * Set skb->sk and xmit packet to ipsec_rcv. ++ * ++ * If ret != 0, ipsec_rcv refused the packet (not ESPinUDP), ++ * restore skb->sk and fall back to sock_queue_rcv_skb ++ */ ++ struct inet_protocol *esp = NULL; ++ ++#if defined(CONFIG_IPSEC) && !defined(CONFIG_IPSEC_MODULE) ++ /* optomize only when we know it is statically linked */ ++ extern struct inet_protocol esp_protocol; ++ esp = &esp_protocol; ++#else ++ for (esp = (struct inet_protocol *)inet_protos[IPPROTO_ESP & (MAX_INET_PROTOS - 1)]; ++ (esp) && (esp->protocol != IPPROTO_ESP); ++ esp = esp->next); ++#endif ++ ++ if (esp && esp->handler) { ++ struct sock *sav_sk = skb->sk; ++ skb->sk = sk; ++ if (esp->handler(skb) == 0) { ++ skb->sk = sav_sk; ++ /*not sure we might count ESPinUDP as UDP...*/ ++ UDP_INC_STATS_BH(UdpInDatagrams); ++ return 0; ++ } ++ skb->sk = sav_sk; ++ } ++ } ++#endif ++ + if (sock_queue_rcv_skb(sk,skb)<0) { + UDP_INC_STATS_BH(UdpInErrors); + IP_INC_STATS_BH(IpInDiscards); +@@ -1050,13 +1087,49 @@ + return len; + } + ++static int udp_setsockopt(struct sock *sk, int level, int optname, ++ char *optval, int optlen) ++{ ++ struct udp_opt *tp = &(sk->tp_pinfo.af_udp); ++ int val; ++ int err = 0; ++ ++ if (level != SOL_UDP) ++ return ip_setsockopt(sk, level, optname, optval, optlen); ++ ++ if(optlen<sizeof(int)) ++ return -EINVAL; ++ ++ if (get_user(val, (int *)optval)) ++ return -EFAULT; ++ ++ lock_sock(sk); ++ ++ switch(optname) { ++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL ++#ifndef UDP_ESPINUDP ++#define UDP_ESPINUDP 100 ++#endif ++ case UDP_ESPINUDP: ++ tp->esp_in_udp = val; ++ break; ++#endif ++ default: ++ err = -ENOPROTOOPT; ++ break; ++ } ++ ++ release_sock(sk); ++ return err; ++} ++ + struct proto udp_prot = { + name: "UDP", + close: udp_close, + connect: udp_connect, + disconnect: udp_disconnect, + ioctl: udp_ioctl, +- setsockopt: ip_setsockopt, ++ setsockopt: udp_setsockopt, + getsockopt: ip_getsockopt, + sendmsg: udp_sendmsg, + recvmsg: udp_recvmsg, + |