Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Set IKE ports to 0 in SA when NAT-T is not in use. This fixes problems 

when NAT-T is disabled
This commit is contained in:
manu 2005-07-12 14:14:46 +00:00
parent 929f80643d
commit 4c94bccce3
2 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
crypto/dist/ipsec-tools/ChangeLog vendored
View File

@ -1,3 +1,8 @@
2005-07-12 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/pfkey.c: Set IKE ports to 0 in the SA when NAT-T is not
used.
2005-07-04 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/isakmp_inf.c: safety checks on informational messages

26
crypto/dist/ipsec-tools/src/racoon/pfkey.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: pfkey.c,v 1.4 2005/05/03 21:08:47 manu Exp $ */
/* $NetBSD: pfkey.c,v 1.5 2005/07/12 14:14:46 manu Exp $ */
/* Id: pfkey.c,v 1.31.2.1 2005/02/18 10:01:40 vanhu Exp */
@ -1059,10 +1059,14 @@ pk_sendupdate(iph2)
natt.dport = extract_port (iph2->ph1->local);
natt.oa = NULL; // FIXME: Here comes OA!!!
natt.frag = iph2->ph1->rmconf->esp_frag;
}
else
} else {
memset (&natt, 0, sizeof (natt));
/* Remove port information, that SA doesn't use it */
set_port(src, 0);
set_port(dst, 0);
}
if (pfkey_send_update_nat(
lcconf->sock_pfkey,
satype,
@ -1084,6 +1088,10 @@ pk_sendupdate(iph2)
return -1;
}
#else
/* Remove port information, it is not used without NAT-T */
set_port(src, 0);
set_port(dst, 0);
plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_update\n");
if (pfkey_send_update(
lcconf->sock_pfkey,
@ -1352,10 +1360,14 @@ pk_sendadd(iph2)
natt.dport = extract_port (iph2->ph1->remote);
natt.oa = NULL; // FIXME: Here comes OA!!!
natt.frag = iph2->ph1->rmconf->esp_frag;
}
else
} else {
memset (&natt, 0, sizeof (natt));
/* Remove port information, that SA doesn't use it */
set_port(src, 0);
set_port(dst, 0);
}
if (pfkey_send_add_nat(
lcconf->sock_pfkey,
satype,
@ -1379,6 +1391,10 @@ pk_sendadd(iph2)
#else
plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_add\n");
/* Remove port information, it is not used without NAT-T */
set_port(src, 0);
set_port(dst, 0);
if (pfkey_send_add(
lcconf->sock_pfkey,
satype,