NetBSD/sys/netipsec
spz 445e6acd20 fix two bugs in the PFKEY interface:
1) RFC2367 says in 2.3.3 Address Extension: "All non-address
   information in the sockaddrs, such as sin_zero for AF_INET sockaddrs,
   and sin6_flowinfo for AF_INET6 sockaddrs, MUST be zeroed out."
   the IPSEC_NAT_T code was expecting the port information it needs
   to be conveyed in the sockaddr instead of exclusively by
   SADB_X_EXT_NAT_T_SPORT and SADB_X_EXT_NAT_T_DPORT,
   and was not zeroing out the port information in the non-nat-traversal
   case.
   Since it was expecting the port information to reside in the sockaddr
   it could get away with (re)setting the ports after starting to use them.
   -> Set the natt ports before setting the SA mature.

2) RFC3947 has two Original Address fields, initiator and responder,
   so we need SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR and not just
   SADB_X_EXT_NAT_T_OA

The change has been created using vanhu's patch for FreeBSD as reference.

Note that establishing actual nat-t sessions has not yet been tested.

Likely fixes the following:
PR bin/41757
PR net/42592
PR net/42606
2010-09-05 06:52:53 +00:00
..
Makefile
ah.h
ah_var.h
esp.h
esp_var.h
files.netipsec
ipcomp.h
ipcomp_var.h
ipip_var.h
ipsec.c Further silence ipsec_attach(). 2010-07-21 20:41:31 +00:00
ipsec.h Adapt FAST_IPSEC to recent KPI changes. 2009-05-10 02:13:07 +00:00
ipsec6.h Adapt FAST_IPSEC to recent KPI changes. 2009-05-10 02:13:07 +00:00
ipsec_input.c Remove extra whitespace added by a stupid tool. 2009-04-18 14:58:02 +00:00
ipsec_mbuf.c
ipsec_netbsd.c
ipsec_osdep.h
ipsec_output.c Cosmetic: fix indentation, change some spaces to tabs. 2009-12-01 01:01:34 +00:00
ipsec_private.h
ipsec_var.h
key.c fix two bugs in the PFKEY interface: 2010-09-05 06:52:53 +00:00
key.h
key_debug.c
key_debug.h
key_var.h
keydb.h trivial comment typo 2010-08-28 07:16:51 +00:00
keysock.c Remove separate mb_map. The nmbclusters is computed at boot time based 2010-02-08 19:02:25 +00:00
keysock.h
xform.h
xform_ah.c Remove extra whitespace added by a stupid tool. 2009-04-18 14:58:02 +00:00
xform_esp.c Correct bungled bcopy() -> memcpy() conversion 2009-03-20 05:26:37 +00:00
xform_ipcomp.c bzero -> memset 2009-03-18 16:00:08 +00:00
xform_ipip.c
xform_tcp.c bzero -> memset 2009-03-18 16:00:08 +00:00