Date: Sat, 11 Feb 2012 20:43:01 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r231532 - head/lib/libipsec Message-ID: <201202112043.q1BKh1tP047243@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bz Date: Sat Feb 11 20:43:01 2012 New Revision: 231532 URL: http://svn.freebsd.org/changeset/base/231532 Log: MFp4 204292: Ignore the NAT_T extension types so we can at least dump the SADB from the in-base libipsec/setkey without error when NAT_T support is present in the kernel, though not printing the additional information yet. However in case there is no NAT_T support in kernel still consider them to be an error. MFC after: 8 weeks Modified: head/lib/libipsec/pfkey.c Modified: head/lib/libipsec/pfkey.c ============================================================================== --- head/lib/libipsec/pfkey.c Sat Feb 11 20:37:08 2012 (r231531) +++ head/lib/libipsec/pfkey.c Sat Feb 11 20:43:01 2012 (r231532) @@ -1778,6 +1778,18 @@ pfkey_align(msg, mhp) case SADB_X_EXT_SA2: mhp[ext->sadb_ext_type] = (caddr_t)ext; break; + case SADB_X_EXT_NAT_T_TYPE: + case SADB_X_EXT_NAT_T_SPORT: + case SADB_X_EXT_NAT_T_DPORT: + /* case SADB_X_EXT_NAT_T_OA: is OAI */ + case SADB_X_EXT_NAT_T_OAI: + case SADB_X_EXT_NAT_T_OAR: + case SADB_X_EXT_NAT_T_FRAG: + if (feature_present("ipsec_natt")) { + mhp[ext->sadb_ext_type] = (caddr_t)ext; + break; + } + /* FALLTHROUGH */ default: __ipsec_errcode = EIPSEC_INVAL_EXTTYPE; return -1;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201202112043.q1BKh1tP047243>