Author: vanhu
Date: Wed Sep 12 12:14:50 2012
New Revision: 240392
URL: http://svn.freebsd.org/changeset/base/240392
Log:
In NAT-T transport mode, allow a client to open a new connection just after
closing another.
It worked only in tunnel mode before.
Submitted by: Andreas Longwitz <longw...@incore.de>
MFC after: 1M
Modified:
head/sys/netipsec/key.c
Modified: head/sys/netipsec/key.c
==============================================================================
--- head/sys/netipsec/key.c Wed Sep 12 11:41:03 2012 (r240391)
+++ head/sys/netipsec/key.c Wed Sep 12 12:14:50 2012 (r240392)
@@ -4055,10 +4055,12 @@ key_cmpsaidx(
/*
* If NAT-T is enabled, check ports for tunnel mode.
* Do not check ports if they are set to zero in the SPD.
- * Also do not do it for transport mode, as there is no
- * port information available in the SP.
+ * Also do not do it for native transport mode, as there
+ * is no port information available in the SP.
*/
- if (saidx1->mode == IPSEC_MODE_TUNNEL &&
+ if ((saidx1->mode == IPSEC_MODE_TUNNEL ||
+ (saidx1->mode == IPSEC_MODE_TRANSPORT &&
+ saidx1->proto == IPPROTO_ESP)) &&
saidx1->src.sa.sa_family == AF_INET &&
saidx1->dst.sa.sa_family == AF_INET &&
((const struct sockaddr_in *)(&saidx1->src))->sin_port &&
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
