FreeBSD NAT-T patch integration [CFR/CFT]
Sam Leffler
sam at freebsd.org
Tue Jul 22 15:41:13 UTC 2008
VANHULLEBUS Yvan wrote:
> On Mon, Jul 21, 2008 at 08:33:57AM -0700, Sam Leffler wrote:
>
>> VANHULLEBUS Yvan wrote:
>>
> [....]
>
>>> After some more testing, I found another issue: in udp4_espdecap(),
>>> when payload <= sizeof(uint64_t) + sizeof(struct esp), packet should
>>> not be discarded, but just returned for normal processing.
>>>
>>>
>> Please edit the sam_nat_t branch in p4 or send a patch I can apply.
>>
>
> As Perforce is really really new for me, here is the patch:
>
> --- sys/netinet/udp_usrreq.c Tue Jul 22 11:04:30 2008
> +++ sys/netinet/udp_usrreq.c Mon Jul 21 21:30:52 2008
> @@ -797,8 +797,8 @@ udp_ctloutput(struct socket *so, struct
> if (INP_CHECK_SOCKAF(so, AF_INET6)) {
> INP_WUNLOCK(inp);
> error = ip6_ctloutput(so, sopt);
> -#endif
> } else {
> +#endif
> INP_WUNLOCK(inp);
> error = ip_ctloutput(so, sopt);
> #ifdef INET6
> @@ -846,7 +846,9 @@ udp_ctloutput(struct socket *so, struct
> case SOPT_GET:
> switch (sopt->sopt_name) {
> case UDP_ENCAP:
> +#ifdef IPSEC_NAT_T
> optval = inp->inp_flags & INP_ESPINUDP_ALL;
> +#endif
> INP_WUNLOCK(inp);
> error = sooptcopyout(sopt, &optval, sizeof optval);
> break;
> @@ -1236,11 +1238,9 @@ udp4_espdecap(struct socket *so, struct
> } else {
> uint64_t marker;
>
> - if (payload <= sizeof(uint64_t) + sizeof(struct esp)) {
> - udpstat.udps_hdrops++; /* XXX? */
> - m_freem(m);
> - return NULL; /* discard */
> - }
> + if (payload <= sizeof(uint64_t) + sizeof(struct esp))
> + return m; /* NB: no decap */
> +
> bcopy(data + off, &marker, sizeof(uint64_t));
> if (marker != 0)
> return m; /* NB: no decap */
>
>
> <<< end of diff
>
> There is an extra #ifdef, which I noticed yesterday when I tried to
> compile using a wrong kernel conf file (without NAT_T support).
>
Please send patches as attachments so I can apply them directly. I have
hand-transcribed the above. Thank you.
Sam
More information about the freebsd-net
mailing list