summaryrefslogtreecommitdiff
path: root/target/linux/generic-2.6/patches-2.6.23/120-openswan-2.4.0.kernel-2.6-natt.patch
diff options
context:
space:
mode:
Diffstat (limited to 'target/linux/generic-2.6/patches-2.6.23/120-openswan-2.4.0.kernel-2.6-natt.patch')
-rw-r--r--target/linux/generic-2.6/patches-2.6.23/120-openswan-2.4.0.kernel-2.6-natt.patch97
1 files changed, 97 insertions, 0 deletions
diff --git a/target/linux/generic-2.6/patches-2.6.23/120-openswan-2.4.0.kernel-2.6-natt.patch b/target/linux/generic-2.6/patches-2.6.23/120-openswan-2.4.0.kernel-2.6-natt.patch
new file mode 100644
index 0000000..6fcacc4
--- /dev/null
+++ b/target/linux/generic-2.6/patches-2.6.23/120-openswan-2.4.0.kernel-2.6-natt.patch
@@ -0,0 +1,97 @@
+Index: linux-2.6.23-rc7/include/net/xfrmudp.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.23-rc7/include/net/xfrmudp.h 2007-10-02 00:58:05.000000000 +0800
+@@ -0,0 +1,10 @@
++/*
++ * pointer to function for type that xfrm4_input wants, to permit
++ * decoupling of XFRM from udp.c
++ */
++#define HAVE_XFRM4_UDP_REGISTER
++
++typedef int (*xfrm4_rcv_encap_t)(struct sk_buff *skb, __u16 encap_type);
++extern int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
++ , xfrm4_rcv_encap_t *oldfunc);
++extern int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func);
+Index: linux-2.6.23-rc7/net/ipv4/Kconfig
+===================================================================
+--- linux-2.6.23-rc7.orig/net/ipv4/Kconfig 2007-10-02 00:58:02.000000000 +0800
++++ linux-2.6.23-rc7/net/ipv4/Kconfig 2007-10-02 00:58:05.000000000 +0800
+@@ -224,6 +224,12 @@
+ Network), but can be distributed all over the Internet. If you want
+ to do that, say Y here and to "IP multicast routing" below.
+
++config IPSEC_NAT_TRAVERSAL
++ bool "IPSEC NAT-Traversal (KLIPS compatible)"
++ depends on INET
++ ---help---
++ Includes support for RFC3947/RFC3948 NAT-Traversal of ESP over UDP.
++
+ config IP_MROUTE
+ bool "IP: multicast routing"
+ depends on IP_MULTICAST
+Index: linux-2.6.23-rc7/net/ipv4/xfrm4_input.c
+===================================================================
+--- linux-2.6.23-rc7.orig/net/ipv4/xfrm4_input.c 2007-10-02 00:58:02.000000000 +0800
++++ linux-2.6.23-rc7/net/ipv4/xfrm4_input.c 2007-10-02 00:58:33.000000000 +0800
+@@ -15,6 +15,7 @@
+ #include <linux/netfilter_ipv4.h>
+ #include <net/ip.h>
+ #include <net/xfrm.h>
++#include <net/xfrmudp.h>
+
+ static int xfrm4_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq)
+ {
+@@ -161,6 +162,29 @@
+ return 0;
+ }
+
++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
++static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = NULL;
++
++int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func,
++ xfrm4_rcv_encap_t *oldfunc)
++{
++ if(oldfunc != NULL)
++ *oldfunc = xfrm4_rcv_encap_func;
++
++ xfrm4_rcv_encap_func = func;
++ return 0;
++}
++
++int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func)
++{
++ if(xfrm4_rcv_encap_func != func)
++ return -1;
++
++ xfrm4_rcv_encap_func = NULL;
++ return 0;
++}
++#endif /* CONFIG_IPSEC_NAT_TRAVERSAL */
++
+ /* If it's a keepalive packet, then just eat it.
+ * If it's an encapsulated packet, then pass it to the
+ * IPsec xfrm input.
+@@ -251,7 +275,13 @@
+ iph->protocol = IPPROTO_ESP;
+
+ /* process ESP */
++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
++ if(xfrm4_rcv_encap_func == NULL)
++ goto drop;
++ ret = (*xfrm4_rcv_encap_func)(skb, up->encap_type);
++#else
+ ret = xfrm4_rcv_encap(skb, encap_type);
++#endif
+ return ret;
+
+ drop:
+@@ -265,3 +295,8 @@
+ }
+
+ EXPORT_SYMBOL(xfrm4_rcv);
++
++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
++EXPORT_SYMBOL(udp4_register_esp_rcvencap);
++EXPORT_SYMBOL(udp4_unregister_esp_rcvencap);
++#endif