svn commit: r235696 - stable/9/lib/libipsec

[Bjoern A. Zeeb]

Author: bz
Date: Sun May 20 20:25:22 2012
New Revision: 235696
URL: http://svn.freebsd.org/changeset/base/235696

Log:
  MFC r231532:
  
   MFp4 204292:
  
   Ignore the NAT_T extension types so we can at least dump the SADB from
   the in-base libipsec/setkey without error when NAT_T support is present
   in the kernel, though not printing the additional information yet.
   However in case there is no NAT_T support in kernel still consider them
   to be an error.

Modified:
  stable/9/lib/libipsec/pfkey.c
Directory Properties:
  stable/9/lib/libipsec/   (props changed)

Modified: stable/9/lib/libipsec/pfkey.c
==============================================================================
--- stable/9/lib/libipsec/pfkey.c       Sun May 20 18:25:45 2012        
(r235695)
+++ stable/9/lib/libipsec/pfkey.c       Sun May 20 20:25:22 2012        
(r235696)
@@ -1778,6 +1778,18 @@ pfkey_align(msg, mhp)
                case SADB_X_EXT_SA2:
                        mhp[ext->sadb_ext_type] = (caddr_t)ext;
                        break;
+               case SADB_X_EXT_NAT_T_TYPE:
+               case SADB_X_EXT_NAT_T_SPORT:
+               case SADB_X_EXT_NAT_T_DPORT:
+               /* case SADB_X_EXT_NAT_T_OA: is OAI */
+               case SADB_X_EXT_NAT_T_OAI:
+               case SADB_X_EXT_NAT_T_OAR:
+               case SADB_X_EXT_NAT_T_FRAG:
+                       if (feature_present("ipsec_natt")) {
+                               mhp[ext->sadb_ext_type] = (caddr_t)ext;
+                               break;
+                       }
+                       /* FALLTHROUGH */
                default:
                        __ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
                        return -1;
_______________________________________________
svn-src-stable-9@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-stable-9
To unsubscribe, send any mail to "svn-src-stable-9-unsubscr...@freebsd.org"