Date: Tue, 22 Jul 2008 08:41:12 -0700 From: Sam Leffler <sam@freebsd.org> To: VANHULLEBUS Yvan <vanhu@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD NAT-T patch integration [CFR/CFT] Message-ID: <4885FF98.4090507@freebsd.org> In-Reply-To: <20080722095230.GA14962@zen.inc> References: <20080630040103.94730.qmail@mailgate.gta.com> <486A45AB.2080609@freebsd.org> <487EC62A.3070301@freebsd.org> <20080721083110.GA21786@zen.inc> <20080721141327.GA24677@zen.inc> <4884AC65.7020605@freebsd.org> <20080722095230.GA14962@zen.inc>
next in thread | previous in thread | raw e-mail | index | archive | help
VANHULLEBUS Yvan wrote:
> On Mon, Jul 21, 2008 at 08:33:57AM -0700, Sam Leffler wrote:
>
>> VANHULLEBUS Yvan wrote:
>>
> [....]
>
>>> After some more testing, I found another issue: in udp4_espdecap(),
>>> when payload <= sizeof(uint64_t) + sizeof(struct esp), packet should
>>> not be discarded, but just returned for normal processing.
>>>
>>>
>> Please edit the sam_nat_t branch in p4 or send a patch I can apply.
>>
>
> As Perforce is really really new for me, here is the patch:
>
> --- sys/netinet/udp_usrreq.c Tue Jul 22 11:04:30 2008
> +++ sys/netinet/udp_usrreq.c Mon Jul 21 21:30:52 2008
> @@ -797,8 +797,8 @@ udp_ctloutput(struct socket *so, struct
> if (INP_CHECK_SOCKAF(so, AF_INET6)) {
> INP_WUNLOCK(inp);
> error = ip6_ctloutput(so, sopt);
> -#endif
> } else {
> +#endif
> INP_WUNLOCK(inp);
> error = ip_ctloutput(so, sopt);
> #ifdef INET6
> @@ -846,7 +846,9 @@ udp_ctloutput(struct socket *so, struct
> case SOPT_GET:
> switch (sopt->sopt_name) {
> case UDP_ENCAP:
> +#ifdef IPSEC_NAT_T
> optval = inp->inp_flags & INP_ESPINUDP_ALL;
> +#endif
> INP_WUNLOCK(inp);
> error = sooptcopyout(sopt, &optval, sizeof optval);
> break;
> @@ -1236,11 +1238,9 @@ udp4_espdecap(struct socket *so, struct
> } else {
> uint64_t marker;
>
> - if (payload <= sizeof(uint64_t) + sizeof(struct esp)) {
> - udpstat.udps_hdrops++; /* XXX? */
> - m_freem(m);
> - return NULL; /* discard */
> - }
> + if (payload <= sizeof(uint64_t) + sizeof(struct esp))
> + return m; /* NB: no decap */
> +
> bcopy(data + off, &marker, sizeof(uint64_t));
> if (marker != 0)
> return m; /* NB: no decap */
>
>
> <<< end of diff
>
> There is an extra #ifdef, which I noticed yesterday when I tried to
> compile using a wrong kernel conf file (without NAT_T support).
>
Please send patches as attachments so I can apply them directly. I have
hand-transcribed the above. Thank you.
Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4885FF98.4090507>