diff options
Diffstat (limited to 'target/linux/generic-2.6/patches-2.6.23/120-openswan-2.4.0.kernel-2.6-natt.patch')
-rw-r--r-- | target/linux/generic-2.6/patches-2.6.23/120-openswan-2.4.0.kernel-2.6-natt.patch | 91 |
1 files changed, 0 insertions, 91 deletions
diff --git a/target/linux/generic-2.6/patches-2.6.23/120-openswan-2.4.0.kernel-2.6-natt.patch b/target/linux/generic-2.6/patches-2.6.23/120-openswan-2.4.0.kernel-2.6-natt.patch deleted file mode 100644 index f29b351bdd..0000000000 --- a/target/linux/generic-2.6/patches-2.6.23/120-openswan-2.4.0.kernel-2.6-natt.patch +++ /dev/null @@ -1,91 +0,0 @@ ---- /dev/null -+++ b/include/net/xfrmudp.h -@@ -0,0 +1,10 @@ -+/* -+ * pointer to function for type that xfrm4_input wants, to permit -+ * decoupling of XFRM from udp.c -+ */ -+#define HAVE_XFRM4_UDP_REGISTER -+ -+typedef int (*xfrm4_rcv_encap_t)(struct sk_buff *skb, __u16 encap_type); -+extern int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func -+ , xfrm4_rcv_encap_t *oldfunc); -+extern int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func); ---- a/net/ipv4/Kconfig -+++ b/net/ipv4/Kconfig -@@ -224,6 +224,12 @@ config NET_IPGRE_BROADCAST - Network), but can be distributed all over the Internet. If you want - to do that, say Y here and to "IP multicast routing" below. - -+config IPSEC_NAT_TRAVERSAL -+ bool "IPSEC NAT-Traversal (KLIPS compatible)" -+ depends on INET -+ ---help--- -+ Includes support for RFC3947/RFC3948 NAT-Traversal of ESP over UDP. -+ - config IP_MROUTE - bool "IP: multicast routing" - depends on IP_MULTICAST ---- a/net/ipv4/xfrm4_input.c -+++ b/net/ipv4/xfrm4_input.c -@@ -15,6 +15,7 @@ - #include <linux/netfilter_ipv4.h> - #include <net/ip.h> - #include <net/xfrm.h> -+#include <net/xfrmudp.h> - - static int xfrm4_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq) - { -@@ -161,6 +162,29 @@ drop: - return 0; - } - -+#ifdef CONFIG_IPSEC_NAT_TRAVERSAL -+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = NULL; -+ -+int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func, -+ xfrm4_rcv_encap_t *oldfunc) -+{ -+ if(oldfunc != NULL) -+ *oldfunc = xfrm4_rcv_encap_func; -+ -+ xfrm4_rcv_encap_func = func; -+ return 0; -+} -+ -+int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func) -+{ -+ if(xfrm4_rcv_encap_func != func) -+ return -1; -+ -+ xfrm4_rcv_encap_func = NULL; -+ return 0; -+} -+#endif /* CONFIG_IPSEC_NAT_TRAVERSAL */ -+ - /* If it's a keepalive packet, then just eat it. - * If it's an encapsulated packet, then pass it to the - * IPsec xfrm input. -@@ -251,7 +275,13 @@ int xfrm4_udp_encap_rcv(struct sock *sk, - iph->protocol = IPPROTO_ESP; - - /* process ESP */ -+#ifdef CONFIG_IPSEC_NAT_TRAVERSAL -+ if(xfrm4_rcv_encap_func == NULL) -+ goto drop; -+ ret = (*xfrm4_rcv_encap_func)(skb, up->encap_type); -+#else - ret = xfrm4_rcv_encap(skb, encap_type); -+#endif - return ret; - - drop: -@@ -265,3 +295,8 @@ int xfrm4_rcv(struct sk_buff *skb) - } - - EXPORT_SYMBOL(xfrm4_rcv); -+ -+#ifdef CONFIG_IPSEC_NAT_TRAVERSAL -+EXPORT_SYMBOL(udp4_register_esp_rcvencap); -+EXPORT_SYMBOL(udp4_unregister_esp_rcvencap); -+#endif |