summaryrefslogtreecommitdiff
path: root/package/linux/kernel-patches/311-ipsec-nat-traversal
diff options
context:
space:
mode:
Diffstat (limited to 'package/linux/kernel-patches/311-ipsec-nat-traversal')
-rw-r--r--package/linux/kernel-patches/311-ipsec-nat-traversal140
1 files changed, 140 insertions, 0 deletions
diff --git a/package/linux/kernel-patches/311-ipsec-nat-traversal b/package/linux/kernel-patches/311-ipsec-nat-traversal
new file mode 100644
index 0000000000..fc4c29d27e
--- /dev/null
+++ b/package/linux/kernel-patches/311-ipsec-nat-traversal
@@ -0,0 +1,140 @@
+packaging/utils/nattpatch 2.4
+--- linux/include/net/sock.h 2002/02/06 15:25:10 1.1
++++ linux/include/net/sock.h 2002/05/22 12:14:56
+@@ -488,7 +488,13 @@
+ } bictcp;
+ };
+
+-
++#if 1
++#define UDP_OPT_IN_SOCK 1
++struct udp_opt {
++ __u32 esp_in_udp;
++};
++#endif
++
+ /*
+ * This structure really needs to be cleaned up.
+ * Most of it is for TCP, and not used by any of
+@@ -655,6 +661,9 @@
+ #if defined(CONFIG_SPX) || defined (CONFIG_SPX_MODULE)
+ struct spx_opt af_spx;
+ #endif /* CONFIG_SPX */
++#if 1
++ struct udp_opt af_udp;
++#endif
+
+ } tp_pinfo;
+
+--- linux/net/Config.in.orig Fri Feb 9 14:34:13 2001
++++ linux/net/Config.in Thu Feb 22 19:40:08 2001
+@@ -88,3 +88,5 @@
+ endmenu
+
++bool 'IPSEC NAT-Traversal' CONFIG_IPSEC_NAT_TRAVERSAL
++
+ endmenu
+--- linux/net/ipv4/udp.c.1 Wed Jan 28 15:57:05 2004
++++ linux/net/ipv4/udp.c Wed Jan 28 15:58:56 2004
+@@ -787,6 +787,9 @@
+
+ static int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
+ {
++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
++ struct udp_opt *tp = &(sk->tp_pinfo.af_udp);
++#endif
+ /*
+ * Charge it to the socket, dropping if the queue is full.
+ */
+@@ -804,6 +807,40 @@
+ }
+ #endif
+
++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
++ if (tp->esp_in_udp) {
++ /*
++ * Set skb->sk and xmit packet to ipsec_rcv.
++ *
++ * If ret != 0, ipsec_rcv refused the packet (not ESPinUDP),
++ * restore skb->sk and fall back to sock_queue_rcv_skb
++ */
++ struct inet_protocol *esp = NULL;
++
++#if defined(CONFIG_KLIPS) && !defined(CONFIG_KLIPS_MODULE)
++ /* optomize only when we know it is statically linked */
++ extern struct inet_protocol esp_protocol;
++ esp = &esp_protocol;
++#else
++ for (esp = (struct inet_protocol *)inet_protos[IPPROTO_ESP & (MAX_INET_PROTOS - 1)];
++ (esp) && (esp->protocol != IPPROTO_ESP);
++ esp = esp->next);
++#endif
++
++ if (esp && esp->handler) {
++ struct sock *sav_sk = skb->sk;
++ skb->sk = sk;
++ if (esp->handler(skb) == 0) {
++ skb->sk = sav_sk;
++ /*not sure we might count ESPinUDP as UDP...*/
++ UDP_INC_STATS_BH(UdpInDatagrams);
++ return 0;
++ }
++ skb->sk = sav_sk;
++ }
++ }
++#endif
++
+ if (sock_queue_rcv_skb(sk,skb)<0) {
+ UDP_INC_STATS_BH(UdpInErrors);
+ IP_INC_STATS_BH(IpInDiscards);
+@@ -1027,13 +1064,49 @@
+ return len;
+ }
+
++static int udp_setsockopt(struct sock *sk, int level, int optname,
++ char *optval, int optlen)
++{
++ struct udp_opt *tp = &(sk->tp_pinfo.af_udp);
++ int val;
++ int err = 0;
++
++ if (level != SOL_UDP)
++ return ip_setsockopt(sk, level, optname, optval, optlen);
++
++ if(optlen<sizeof(int))
++ return -EINVAL;
++
++ if (get_user(val, (int *)optval))
++ return -EFAULT;
++
++ lock_sock(sk);
++
++ switch(optname) {
++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
++#ifndef UDP_ESPINUDP
++#define UDP_ESPINUDP 100
++#endif
++ case UDP_ESPINUDP:
++ tp->esp_in_udp = val;
++ break;
++#endif
++ default:
++ err = -ENOPROTOOPT;
++ break;
++ }
++
++ release_sock(sk);
++ return err;
++}
++
+ struct proto udp_prot = {
+ name: "UDP",
+ close: udp_close,
+ connect: udp_connect,
+ disconnect: udp_disconnect,
+ ioctl: udp_ioctl,
+- setsockopt: ip_setsockopt,
++ setsockopt: udp_setsockopt,
+ getsockopt: ip_getsockopt,
+ sendmsg: udp_sendmsg,
+ recvmsg: udp_recvmsg,