From: VANHULLEBUS Y. <va...@us...> - 2005-07-19 15:25:49
|
Update of /cvsroot/ipsec-tools/ipsec-tools/src/racoon In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv31133/src/racoon Modified Files: isakmp.c Log Message: Checks in isakmp_ph1begin_r() if we got the packet from NAT-T port, and set up the NAT_PORTS_CHANGED in that case Index: isakmp.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/isakmp.c,v retrieving revision 1.57 retrieving revision 1.58 diff -u -d -r1.57 -r1.58 --- isakmp.c 14 Jul 2005 12:05:50 -0000 1.57 +++ isakmp.c 19 Jul 2005 15:25:32 -0000 1.58 @@ -1119,6 +1119,15 @@ #endif iph1->approval = NULL; +#ifdef ENABLE_NATT + /* RFC3947 says that we MUST accept new phases1 on NAT-T floated port. + * We have to setup this flag now to correctly generate the first reply. + * Don't know if a better check could be done for that ? + */ + if(extract_port(local) == lcconf->port_isakmp_natt) + iph1->natt_flags |= (NAT_PORTS_CHANGED); +#endif + /* copy remote address */ if (copy_ph1addresses(iph1, rmconf, remote, local) < 0) return -1; |