1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
packaging/utils/nattpatch 2.6
--- /dev/null Tue Mar 11 13:02:56 2003
+++ nat-t/include/net/xfrmudp.h Mon Feb 9 13:51:03 2004
@@ -0,0 +1,10 @@
+/*
+ * pointer to function for type that xfrm4_input wants, to permit
+ * decoupling of XFRM from udp.c
+ */
+#define HAVE_XFRM4_UDP_REGISTER
+
+typedef int (*xfrm4_rcv_encap_t)(struct sk_buff *skb, __u16 encap_type);
+extern int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
+ , xfrm4_rcv_encap_t *oldfunc);
+extern int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func);
--- /distros/kernel/linux-2.6.11.2/net/ipv4/Kconfig 2005-03-09 03:12:33.000000000 -0500
+++ swan26/net/ipv4/Kconfig 2005-04-04 18:46:13.000000000 -0400
@@ -351,2 +351,8 @@
+config IPSEC_NAT_TRAVERSAL
+ bool "IPSEC NAT-Traversal (KLIPS compatible)"
+ depends on INET
+ ---help---
+ Includes support for RFC3947/RFC3948 NAT-Traversal of ESP over UDP.
+
config IP_TCPDIAG
--- /distros/kernel/linux-2.6.11.2/./net/ipv4/udp.c 2005-03-09 03:11:09.000000000 -0500
+++ ./net/ipv4/udp.c 2005-04-09 20:46:46.000000000 -0400
@@ -109,2 +109,3 @@
#include <net/xfrm.h>
+#include <net/xfrmudp.h>
@@ -114,2 +115,4 @@
+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func;
+
DEFINE_SNMP_STAT(struct udp_mib, udp_statistics);
@@ -894,2 +897,38 @@
+#if defined(CONFIG_XFRM) || defined(CONFIG_IPSEC_NAT_TRAVERSAL)
+
+/* if XFRM isn't a module, then register it directly. */
+#if 0 && !defined(CONFIG_XFRM_MODULE) && !defined(CONFIG_IPSEC_NAT_TRAVERSAL)
+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = xfrm4_rcv_encap;
+#else
+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = NULL;
+#endif
+
+int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
+ , xfrm4_rcv_encap_t *oldfunc)
+{
+ if(oldfunc != NULL) {
+ *oldfunc = xfrm4_rcv_encap_func;
+ }
+
+#if 0
+ if(xfrm4_rcv_encap_func != NULL)
+ return -1;
+#endif
+
+ xfrm4_rcv_encap_func = func;
+ return 0;
+}
+
+int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func)
+{
+ if(xfrm4_rcv_encap_func != func)
+ return -1;
+
+ xfrm4_rcv_encap_func = NULL;
+ return 0;
+}
+#endif /* CONFIG_XFRM_MODULE || CONFIG_IPSEC_NAT_TRAVERSAL */
+
+
/* return:
@@ -901,5 +940,5 @@
{
-#ifndef CONFIG_XFRM
+#if !defined(CONFIG_XFRM) && !defined(CONFIG_IPSEC_NAT_TRAVERSAL)
return 1;
-#else
+#else /* either CONFIG_XFRM or CONFIG_IPSEC_NAT_TRAVERSAL */
struct udp_sock *up = udp_sk(sk);
@@ -915,3 +954,3 @@
if (udpdata > skb->tail)
- return 1;
+ return 2;
@@ -919,3 +958,3 @@
if (!encap_type)
- return 1;
+ return 3;
@@ -934,3 +973,3 @@
/* Must be an IKE packet.. pass it through */
- return 1;
+ return 4;
break;
@@ -947,3 +986,3 @@
/* Must be an IKE packet.. pass it through */
- return 1;
+ return 5;
break;
@@ -956,2 +995,4 @@
*/
+ if (skb_cloned(skb) && pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
+ return 0;
@@ -1019,5 +1060,9 @@
if (ret < 0) {
- /* process the ESP packet */
- ret = xfrm4_rcv_encap(skb, up->encap_type);
- UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
+ if(xfrm4_rcv_encap_func != NULL) {
+ ret = (*xfrm4_rcv_encap_func)(skb, up->encap_type);
+ UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
+ } else {
+ UDP_INC_STATS_BH(UDP_MIB_INERRORS);
+ ret = 1;
+ }
return -ret;
@@ -1574 +1619,7 @@
#endif
+
+#if defined(CONFIG_IPSEC_NAT_TRAVERSAL)
+EXPORT_SYMBOL(udp4_register_esp_rcvencap);
+EXPORT_SYMBOL(udp4_unregister_esp_rcvencap);
+#endif
+
|
