d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MFp4 204292:

Browse Source 
Ignore the NAT_T extension types so we can at least dump the SADB from
the in-base libipsec/setkey without error when NAT_T support is present
in the kernel, though not printing the additional information yet.
However in case there is no NAT_T support in kernel still consider them
to be an error.

MFC after:	8 weeks
This commit is contained in:
Bjoern A. Zeeb 2012-02-11 20:43:01 +00:00
parent 71d8432f98
commit fb53b9cf56
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/libipsec/pfkey.c
View File

@ -1778,6 +1778,18 @@ pfkey_align(msg, mhp)
case SADB_X_EXT_SA2:
mhp[ext->sadb_ext_type] = (caddr_t)ext;
break;
case SADB_X_EXT_NAT_T_TYPE:
case SADB_X_EXT_NAT_T_SPORT:
case SADB_X_EXT_NAT_T_DPORT:
/* case SADB_X_EXT_NAT_T_OA: is OAI */
case SADB_X_EXT_NAT_T_OAI:
case SADB_X_EXT_NAT_T_OAR:
case SADB_X_EXT_NAT_T_FRAG:
if (feature_present("ipsec_natt")) {
mhp[ext->sadb_ext_type] = (caddr_t)ext;
break;
}
/* FALLTHROUGH */
default:
__ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
return -1;