Fix NAT-T plus IPcomp

2005-05-20 01:28:13 +00:00 · 2005-05-20 01:28:13 +00:00 · 48fade8581
commit 48fade8581
parent 7c6ffb8ab4
4 changed files with 25 additions and 6 deletions
--- a/crypto/dist/ipsec-tools/ChangeLog
+++ b/crypto/dist/ipsec-tools/ChangeLog
@ -1,5 +1,10 @@
 2005-05-20  Emmanuel Dreyfus  <manu@netbsd.org>

+	* src/libipsec/pfkey.c src/racoon/ipsec_doi.c: Fix NAT-T + IPcomp
+
+	From hgates <hgates.lists@gmail.com>
+	* src/racoon/proposal.c: fix SPI size test for IPcomp
+
 	From Larry Baird <lab@gta.com>
 	* src/racoon/{handler.c|ipsec_doi.c|remoteconf.h|remoteconf.c}: When 
 	  altering lifetime, duplicate the proposal instead of modifying 
--- a/crypto/dist/ipsec-tools/src/libipsec/pfkey.c
+++ b/crypto/dist/ipsec-tools/src/libipsec/pfkey.c
@ -1,4 +1,4 @@
-/*	$NetBSD: pfkey.c,v 1.2 2005/04/10 21:20:55 manu Exp $	*/
+/*	$NetBSD: pfkey.c,v 1.3 2005/05/20 01:28:13 manu Exp $	*/

 /*	$KAME: pfkey.c,v 1.47 2003/10/02 19:52:12 itojun Exp $	*/

@ -1305,9 +1305,14 @@ pfkey_send_x1(so, type, satype, mode, src, dst, spi, reqid, wsize,
 #ifdef SADB_X_EXT_NAT_T_TYPE
 	/* add nat-t packets */
 	if (l_natt_type) {
-		if (satype != SADB_SATYPE_ESP) {
+		switch(satype) {
+		case SADB_SATYPE_ESP:
+		case SADB_X_SATYPE_IPCOMP:
+			break;
+		default:
 			__ipsec_errcode = EIPSEC_NO_ALGS;
 			return -1;
+			break;
 		}

 		len += sizeof(struct sadb_x_nat_t_type);
--- a/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c
+++ b/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_doi.c,v 1.5 2005/05/20 00:54:55 manu Exp $	*/
+/*	$NetBSD: ipsec_doi.c,v 1.6 2005/05/20 01:28:13 manu Exp $	*/

 /* Id: ipsec_doi.c,v 1.26.2.1 2005/02/17 13:19:18 vanhu Exp */

@ -2434,6 +2434,15 @@ check_attr_ipcomp(trns)
 			case IPSECDOI_ATTR_ENC_MODE_TUNNEL:
 			case IPSECDOI_ATTR_ENC_MODE_TRNS:
 				break;
+#ifdef ENABLE_NATT
+			case IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_RFC:
+			case IPSECDOI_ATTR_ENC_MODE_UDPTRNS_RFC:
+			case IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_DRAFT:
+			case IPSECDOI_ATTR_ENC_MODE_UDPTRNS_DRAFT:
+				plog(LLV_DEBUG, LOCATION, NULL,
+				     "UDP encapsulation requested\n");
+				break;
+#endif
 			default:
 				plog(LLV_ERROR, LOCATION, NULL,
 					"invalid encryption mode=%u.\n",
--- a/crypto/dist/ipsec-tools/src/racoon/proposal.c
+++ b/crypto/dist/ipsec-tools/src/racoon/proposal.c
@ -1,4 +1,4 @@
-/*	$NetBSD: proposal.c,v 1.2 2005/05/10 09:23:36 manu Exp $	*/
+/*	$NetBSD: proposal.c,v 1.3 2005/05/20 01:28:13 manu Exp $	*/

 /* Id: proposal.c,v 1.13 2004/09/13 14:09:19 ludvigm Exp */

@ -372,8 +372,8 @@ cmpsaprop_alloc(ph1, pp1, pp2, side)
 			if (pr1->spisize == sizeof(u_int16_t) &&
 			    pr2->spisize == sizeof(u_int32_t)) {
 				spisizematch = 1;
-			} else if (pr1->spisize == sizeof(u_int16_t) &&
-				 pr2->spisize == sizeof(u_int32_t)) {
+			} else if (pr2->spisize == sizeof(u_int16_t) &&
+				 pr1->spisize == sizeof(u_int32_t)) {
 				spisizematch = 1;
 			}
 			if (spisizematch) {