Support for IPSec VPN's: some patches for netipsec/key.c
VANHULLEBUS Yvan
vanhu at FreeBSD.org
Wed Sep 12 12:19:35 UTC 2012
Hi.
On Wed, Sep 05, 2012 at 03:02:20PM +0200, Andreas Longwitz wrote:
[...]
> The last patch makes it possible for a transport mode client to open a
> new connection to the server immediately after closing an old
> connection. Without this patch the client must wait for the routers to
> forget all there NAT entries.
>
> @@ -4065,10 +4084,12 @@
> /*
> * If NAT-T is enabled, check ports for tunnel mode.
> * Do not check ports if they are set to zero in the SPD.
> - * Also do not do it for transport mode, as there is no
> + * Also do not do it for native transport mode, as there is no
> * port information available in the SP.
> */
> - if (saidx1->mode == IPSEC_MODE_TUNNEL &&
> + if ((saidx1->mode == IPSEC_MODE_TUNNEL ||
> + (saidx1->mode == IPSEC_MODE_TRANSPORT &&
> + saidx1->proto == IPPROTO_ESP)) &&
> saidx1->src.sa.sa_family == AF_INET &&
> saidx1->dst.sa.sa_family == AF_INET &&
> ((const struct sockaddr_in *)(&saidx1->src))->sin_port &&
Sorry for the delay, I just commited it on HEAD.
Thanks for the patch, I'll try to take time to have a look at your
other patches/issues ASAP, feel free to send updated versions, mail
me, etc....
Yvan.
More information about the freebsd-net
mailing list