From owner-freebsd-net@FreeBSD.ORG Tue Jul 22 09:52:35 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 550B3106567C for ; Tue, 22 Jul 2008 09:52:35 +0000 (UTC) (envelope-from vanhu@zeninc.net) Received: from smtp.zeninc.net (smtp.zeninc.net [80.67.176.25]) by mx1.freebsd.org (Postfix) with ESMTP id 033548FC1A for ; Tue, 22 Jul 2008 09:52:34 +0000 (UTC) (envelope-from vanhu@zeninc.net) Received: by smtp.zeninc.net (smtpd, from userid 1000) id 006B53F7B; Tue, 22 Jul 2008 11:52:30 +0200 (CEST) Date: Tue, 22 Jul 2008 11:52:30 +0200 From: VANHULLEBUS Yvan To: freebsd-net@freebsd.org Message-ID: <20080722095230.GA14962@zen.inc> References: <20080630040103.94730.qmail@mailgate.gta.com> <486A45AB.2080609@freebsd.org> <487EC62A.3070301@freebsd.org> <20080721083110.GA21786@zen.inc> <20080721141327.GA24677@zen.inc> <4884AC65.7020605@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4884AC65.7020605@freebsd.org> User-Agent: All mail clients suck. This one just sucks less. Subject: Re: FreeBSD NAT-T patch integration [CFR/CFT] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jul 2008 09:52:35 -0000 On Mon, Jul 21, 2008 at 08:33:57AM -0700, Sam Leffler wrote: > VANHULLEBUS Yvan wrote: [....] > >After some more testing, I found another issue: in udp4_espdecap(), > >when payload <= sizeof(uint64_t) + sizeof(struct esp), packet should > >not be discarded, but just returned for normal processing. > > > > Please edit the sam_nat_t branch in p4 or send a patch I can apply. As Perforce is really really new for me, here is the patch: --- sys/netinet/udp_usrreq.c Tue Jul 22 11:04:30 2008 +++ sys/netinet/udp_usrreq.c Mon Jul 21 21:30:52 2008 @@ -797,8 +797,8 @@ udp_ctloutput(struct socket *so, struct if (INP_CHECK_SOCKAF(so, AF_INET6)) { INP_WUNLOCK(inp); error = ip6_ctloutput(so, sopt); -#endif } else { +#endif INP_WUNLOCK(inp); error = ip_ctloutput(so, sopt); #ifdef INET6 @@ -846,7 +846,9 @@ udp_ctloutput(struct socket *so, struct case SOPT_GET: switch (sopt->sopt_name) { case UDP_ENCAP: +#ifdef IPSEC_NAT_T optval = inp->inp_flags & INP_ESPINUDP_ALL; +#endif INP_WUNLOCK(inp); error = sooptcopyout(sopt, &optval, sizeof optval); break; @@ -1236,11 +1238,9 @@ udp4_espdecap(struct socket *so, struct } else { uint64_t marker; - if (payload <= sizeof(uint64_t) + sizeof(struct esp)) { - udpstat.udps_hdrops++; /* XXX? */ - m_freem(m); - return NULL; /* discard */ - } + if (payload <= sizeof(uint64_t) + sizeof(struct esp)) + return m; /* NB: no decap */ + bcopy(data + off, &marker, sizeof(uint64_t)); if (marker != 0) return m; /* NB: no decap */ <<< end of diff There is an extra #ifdef, which I noticed yesterday when I tried to compile using a wrong kernel conf file (without NAT_T support). [...] > The original code from you permitted both flags to be set but the code > that handled the encap/decap assumed only one was set. > > >Sam, did you have a good reason to change that part of the code, or > >was it mostly to have a more compliant coding style ? > > See above. Ok, removed from my sources ang got back to your version of that code. > >Updated patches are available for HEAD, RELENG7 and RELENG63 (yeah :-) > >here: > >http://people.freebsd.org/~vanhu/NAT-T/ > > > >Please all notice that there is still the word "test" in patches > >names..... > > > > Sorry again I don't understand what you write. That was for other people who may be interested in those patches. Yvan.