Menu
▾
▴
[Ipsec-tools-commits] ipsec-tools/src/racoon isakmp.c,1.62,1.63 isakmp_cfg.c,1.39,1.40 isakmp_inf.c,1.38,1.39
|
From: Emmanuel D. <ma...@us...> - 2005-10-10 08:41:47
|
Update of /cvsroot/ipsec-tools/ipsec-tools/src/racoon In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv17297/src/racoon Modified Files: isakmp.c isakmp_cfg.c isakmp_inf.c Log Message: Add the --enable-broken-natt for kernels implementing NAT-T but unable to cope with IKE ports in SAD and SPD. Index: isakmp_cfg.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/isakmp_cfg.c,v retrieving revision 1.39 retrieving revision 1.40 diff -u -d -r1.39 -r1.40 --- isakmp_cfg.c 21 Sep 2005 14:35:16 -0000 1.39 +++ isakmp_cfg.c 10 Oct 2005 08:41:44 -0000 1.40 @@ -1098,17 +1098,20 @@ iph2->dst = dupsaddr(iph1->remote); iph2->src = dupsaddr(iph1->local); + switch (iph1->remote->sa_family) { case AF_INET: -#ifndef ENABLE_NATT +#if (!defined(ENABLE_NATT)) || (defined(BROKEN_NATT)) ((struct sockaddr_in *)iph2->dst)->sin_port = 0; ((struct sockaddr_in *)iph2->src)->sin_port = 0; #endif break; #ifdef INET6 case AF_INET6: +#if (!defined(ENABLE_NATT)) || (defined(BROKEN_NATT)) ((struct sockaddr_in6 *)iph2->dst)->sin6_port = 0; ((struct sockaddr_in6 *)iph2->src)->sin6_port = 0; +#endif break; #endif default: Index: isakmp.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/isakmp.c,v retrieving revision 1.62 retrieving revision 1.63 diff -u -d -r1.62 -r1.63 --- isakmp.c 11 Aug 2005 14:58:24 -0000 1.62 +++ isakmp.c 10 Oct 2005 08:41:44 -0000 1.63 @@ -1264,13 +1264,13 @@ } switch (iph2->dst->sa_family) { case AF_INET: -#ifndef ENABLE_NATT +#if (!defined(ENABLE_NATT)) || (defined(BROKEN_NATT)) ((struct sockaddr_in *)iph2->dst)->sin_port = 0; #endif break; #ifdef INET6 case AF_INET6: -#ifndef ENABLE_NATT +#if (!defined(ENABLE_NATT)) || (defined(BROKEN_NATT)) ((struct sockaddr_in6 *)iph2->dst)->sin6_port = 0; #endif break; @@ -1289,13 +1289,13 @@ } switch (iph2->src->sa_family) { case AF_INET: -#ifndef ENABLE_NATT +#if (!defined(ENABLE_NATT)) || (defined(BROKEN_NATT)) ((struct sockaddr_in *)iph2->src)->sin_port = 0; #endif break; #ifdef INET6 case AF_INET6: -#ifndef ENABLE_NATT +#if (!defined(ENABLE_NATT)) || (defined(BROKEN_NATT)) ((struct sockaddr_in6 *)iph2->src)->sin6_port = 0; #endif break; Index: isakmp_inf.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/isakmp_inf.c,v retrieving revision 1.38 retrieving revision 1.39 diff -u -d -r1.38 -r1.39 --- isakmp_inf.c 2 Aug 2005 13:24:31 -0000 1.38 +++ isakmp_inf.c 10 Oct 2005 08:41:44 -0000 1.39 @@ -894,15 +894,17 @@ iph2->src = dupsaddr(iph1->local); switch (iph1->remote->sa_family) { case AF_INET: -#ifndef ENABLE_NATT +#if (!defined(ENABLE_NATT)) || (defined(BROKEN_NATT)) ((struct sockaddr_in *)iph2->dst)->sin_port = 0; ((struct sockaddr_in *)iph2->src)->sin_port = 0; #endif break; #ifdef INET6 case AF_INET6: +#if (!defined(ENABLE_NATT)) || (defined(BROKEN_NATT)) ((struct sockaddr_in6 *)iph2->dst)->sin6_port = 0; ((struct sockaddr_in6 *)iph2->src)->sin6_port = 0; +#endif break; #endif default: |