Date: Wed, 12 Sep 2012 14:19:27 +0200 From: VANHULLEBUS Yvan <vanhu@FreeBSD.org> To: Andreas Longwitz <longwitz@incore.de> Cc: freebsd-net@freebsd.org Subject: Re: Support for IPSec VPN's: some patches for netipsec/key.c Message-ID: <20120912121927.GA3968@zeninc.net> In-Reply-To: <50474D5C.4020003@incore.de> References: <50474D5C.4020003@incore.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi. On Wed, Sep 05, 2012 at 03:02:20PM +0200, Andreas Longwitz wrote: [...] > The last patch makes it possible for a transport mode client to open a > new connection to the server immediately after closing an old > connection. Without this patch the client must wait for the routers to > forget all there NAT entries. > > @@ -4065,10 +4084,12 @@ > /* > * If NAT-T is enabled, check ports for tunnel mode. > * Do not check ports if they are set to zero in the SPD. > - * Also do not do it for transport mode, as there is no > + * Also do not do it for native transport mode, as there is no > * port information available in the SP. > */ > - if (saidx1->mode == IPSEC_MODE_TUNNEL && > + if ((saidx1->mode == IPSEC_MODE_TUNNEL || > + (saidx1->mode == IPSEC_MODE_TRANSPORT && > + saidx1->proto == IPPROTO_ESP)) && > saidx1->src.sa.sa_family == AF_INET && > saidx1->dst.sa.sa_family == AF_INET && > ((const struct sockaddr_in *)(&saidx1->src))->sin_port && Sorry for the delay, I just commited it on HEAD. Thanks for the patch, I'll try to take time to have a look at your other patches/issues ASAP, feel free to send updated versions, mail me, etc.... Yvan.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120912121927.GA3968>