445e6acd20
1) RFC2367 says in 2.3.3 Address Extension: "All non-address information in the sockaddrs, such as sin_zero for AF_INET sockaddrs, and sin6_flowinfo for AF_INET6 sockaddrs, MUST be zeroed out." the IPSEC_NAT_T code was expecting the port information it needs to be conveyed in the sockaddr instead of exclusively by SADB_X_EXT_NAT_T_SPORT and SADB_X_EXT_NAT_T_DPORT, and was not zeroing out the port information in the non-nat-traversal case. Since it was expecting the port information to reside in the sockaddr it could get away with (re)setting the ports after starting to use them. -> Set the natt ports before setting the SA mature. 2) RFC3947 has two Original Address fields, initiator and responder, so we need SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR and not just SADB_X_EXT_NAT_T_OA The change has been created using vanhu's patch for FreeBSD as reference. Note that establishing actual nat-t sessions has not yet been tested. Likely fixes the following: PR bin/41757 PR net/42592 PR net/42606 |
||
|---|---|---|
| .. | ||
| Makefile | ||
| key.c | ||
| key.h | ||
| key_debug.c | ||
| key_debug.h | ||
| key_private.h | ||
| key_var.h | ||
| keydb.c | ||
| keydb.h | ||
| keysock.c | ||
| keysock.h | ||