VANHULLEBUS Yvan wrote:
On Mon, Jul 21, 2008 at 08:33:57AM -0700, Sam Leffler wrote:
VANHULLEBUS Yvan wrote:
[....]
After some more testing, I found another issue: in udp4_espdecap(),
when payload <= sizeof(uint64_t) + sizeof(struct esp), packet should
not be discarded, but just returned for normal processing.
Please edit the sam_nat_t branch in p4 or send a patch I can apply.
As Perforce is really really new for me, here is the patch:
--- sys/netinet/udp_usrreq.c Tue Jul 22 11:04:30 2008
+++ sys/netinet/udp_usrreq.c Mon Jul 21 21:30:52 2008
@@ -797,8 +797,8 @@ udp_ctloutput(struct socket *so, struct
if (INP_CHECK_SOCKAF(so, AF_INET6)) {
INP_WUNLOCK(inp);
error = ip6_ctloutput(so, sopt);
-#endif
} else {
+#endif
INP_WUNLOCK(inp);
error = ip_ctloutput(so, sopt);
#ifdef INET6
@@ -846,7 +846,9 @@ udp_ctloutput(struct socket *so, struct
case SOPT_GET:
switch (sopt->sopt_name) {
case UDP_ENCAP:
+#ifdef IPSEC_NAT_T
optval = inp->inp_flags & INP_ESPINUDP_ALL;
+#endif
INP_WUNLOCK(inp);
error = sooptcopyout(sopt, &optval, sizeof optval);
break;
@@ -1236,11 +1238,9 @@ udp4_espdecap(struct socket *so, struct
} else {
uint64_t marker;
- if (payload <= sizeof(uint64_t) + sizeof(struct esp)) {
- udpstat.udps_hdrops++; /* XXX? */
- m_freem(m);
- return NULL; /* discard */
- }
+ if (payload <= sizeof(uint64_t) + sizeof(struct esp))
+ return m; /* NB: no decap */
+
bcopy(data + off, &marker, sizeof(uint64_t));
if (marker != 0)
return m; /* NB: no decap */
<<< end of diff
There is an extra #ifdef, which I noticed yesterday when I tried to
compile using a wrong kernel conf file (without NAT_T support).
Please send patches as attachments so I can apply them directly. I have
hand-transcribed the above. Thank you.
Sam
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
