d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

In NAT-T transport mode, allow a client to open a new connection just after

Browse Source 
closing another.
It worked only in tunnel mode before.

Submitted by:	Andreas Longwitz <longwitz@incore.de>
MFC after: 1M
This commit is contained in:
VANHULLEBUS Yvan 2012-09-12 12:14:50 +00:00
parent de0bfe73b9
commit d1b835208a
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=240392
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sys/netipsec/key.c
View File

@ -4055,10 +4055,12 @@ key_cmpsaidx(
/*
* If NAT-T is enabled, check ports for tunnel mode.
* Do not check ports if they are set to zero in the SPD.
* Also do not do it for transport mode, as there is no
* port information available in the SP.
* Also do not do it for native transport mode, as there
* is no port information available in the SP.
*/
if (saidx1->mode == IPSEC_MODE_TUNNEL &&
if ((saidx1->mode == IPSEC_MODE_TUNNEL ||
(saidx1->mode == IPSEC_MODE_TRANSPORT &&
saidx1->proto == IPPROTO_ESP)) &&
saidx1->src.sa.sa_family == AF_INET &&
saidx1->dst.sa.sa_family == AF_INET &&
((const struct sockaddr_in *)(&saidx1->src))->sin_port &&