From owner-freebsd-net@FreeBSD.ORG Tue Jul 22 15:41:13 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9DD24106568B; Tue, 22 Jul 2008 15:41:13 +0000 (UTC) (envelope-from sam@freebsd.org) Received: from ebb.errno.com (ebb.errno.com [69.12.149.25]) by mx1.freebsd.org (Postfix) with ESMTP id 53E5F8FC16; Tue, 22 Jul 2008 15:41:13 +0000 (UTC) (envelope-from sam@freebsd.org) Received: from trouble.errno.com (trouble.errno.com [10.0.0.248]) (authenticated bits=0) by ebb.errno.com (8.13.6/8.12.6) with ESMTP id m6MFfCnn031054 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 22 Jul 2008 08:41:13 -0700 (PDT) (envelope-from sam@freebsd.org) Message-ID: <4885FF98.4090507@freebsd.org> Date: Tue, 22 Jul 2008 08:41:12 -0700 From: Sam Leffler Organization: FreeBSD Project User-Agent: Thunderbird 2.0.0.9 (X11/20071125) MIME-Version: 1.0 To: VANHULLEBUS Yvan References: <20080630040103.94730.qmail@mailgate.gta.com> <486A45AB.2080609@freebsd.org> <487EC62A.3070301@freebsd.org> <20080721083110.GA21786@zen.inc> <20080721141327.GA24677@zen.inc> <4884AC65.7020605@freebsd.org> <20080722095230.GA14962@zen.inc> In-Reply-To: <20080722095230.GA14962@zen.inc> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-DCC-Rhyolite-Metrics: ebb.errno.com; whitelist Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD NAT-T patch integration [CFR/CFT] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jul 2008 15:41:13 -0000 VANHULLEBUS Yvan wrote: > On Mon, Jul 21, 2008 at 08:33:57AM -0700, Sam Leffler wrote: > >> VANHULLEBUS Yvan wrote: >> > [....] > >>> After some more testing, I found another issue: in udp4_espdecap(), >>> when payload <= sizeof(uint64_t) + sizeof(struct esp), packet should >>> not be discarded, but just returned for normal processing. >>> >>> >> Please edit the sam_nat_t branch in p4 or send a patch I can apply. >> > > As Perforce is really really new for me, here is the patch: > > --- sys/netinet/udp_usrreq.c Tue Jul 22 11:04:30 2008 > +++ sys/netinet/udp_usrreq.c Mon Jul 21 21:30:52 2008 > @@ -797,8 +797,8 @@ udp_ctloutput(struct socket *so, struct > if (INP_CHECK_SOCKAF(so, AF_INET6)) { > INP_WUNLOCK(inp); > error = ip6_ctloutput(so, sopt); > -#endif > } else { > +#endif > INP_WUNLOCK(inp); > error = ip_ctloutput(so, sopt); > #ifdef INET6 > @@ -846,7 +846,9 @@ udp_ctloutput(struct socket *so, struct > case SOPT_GET: > switch (sopt->sopt_name) { > case UDP_ENCAP: > +#ifdef IPSEC_NAT_T > optval = inp->inp_flags & INP_ESPINUDP_ALL; > +#endif > INP_WUNLOCK(inp); > error = sooptcopyout(sopt, &optval, sizeof optval); > break; > @@ -1236,11 +1238,9 @@ udp4_espdecap(struct socket *so, struct > } else { > uint64_t marker; > > - if (payload <= sizeof(uint64_t) + sizeof(struct esp)) { > - udpstat.udps_hdrops++; /* XXX? */ > - m_freem(m); > - return NULL; /* discard */ > - } > + if (payload <= sizeof(uint64_t) + sizeof(struct esp)) > + return m; /* NB: no decap */ > + > bcopy(data + off, &marker, sizeof(uint64_t)); > if (marker != 0) > return m; /* NB: no decap */ > > > <<< end of diff > > There is an extra #ifdef, which I noticed yesterday when I tried to > compile using a wrong kernel conf file (without NAT_T support). > Please send patches as attachments so I can apply them directly. I have hand-transcribed the above. Thank you. Sam