Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 12 Sep 2012 12:14:50 +0000 (UTC)
From:      VANHULLEBUS Yvan <vanhu@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r240392 - head/sys/netipsec
Message-ID:  <201209121214.q8CCEovr064664@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: vanhu
Date: Wed Sep 12 12:14:50 2012
New Revision: 240392
URL: http://svn.freebsd.org/changeset/base/240392

Log:
  In NAT-T transport mode, allow a client to open a new connection just after
  closing another.
  It worked only in tunnel mode before.
  
  Submitted by:	Andreas Longwitz <longwitz@incore.de>
  MFC after: 1M

Modified:
  head/sys/netipsec/key.c

Modified: head/sys/netipsec/key.c
==============================================================================
--- head/sys/netipsec/key.c	Wed Sep 12 11:41:03 2012	(r240391)
+++ head/sys/netipsec/key.c	Wed Sep 12 12:14:50 2012	(r240392)
@@ -4055,10 +4055,12 @@ key_cmpsaidx(
 		/*
 		 * If NAT-T is enabled, check ports for tunnel mode.
 		 * Do not check ports if they are set to zero in the SPD.
-		 * Also do not do it for transport mode, as there is no
-		 * port information available in the SP.
+		 * Also do not do it for native transport mode, as there
+		 * is no port information available in the SP.
 		 */
-		if (saidx1->mode == IPSEC_MODE_TUNNEL &&
+		if ((saidx1->mode == IPSEC_MODE_TUNNEL ||
+		     (saidx1->mode == IPSEC_MODE_TRANSPORT &&
+		      saidx1->proto == IPPROTO_ESP)) &&
 		    saidx1->src.sa.sa_family == AF_INET &&
 		    saidx1->dst.sa.sa_family == AF_INET &&
 		    ((const struct sockaddr_in *)(&saidx1->src))->sin_port &&



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209121214.q8CCEovr064664>