summaryrefslogtreecommitdiffstats
path: root/lib/libipsec
diff options
context:
space:
mode:
authorbz <bz@FreeBSD.org>2012-02-11 20:43:01 +0000
committerbz <bz@FreeBSD.org>2012-02-11 20:43:01 +0000
commit51f3dcc0bd6e354eab16e3f6b3fb7228f1581047 (patch)
tree6acfb6118a8f1d83722d44820ded27a5c0301fc3 /lib/libipsec
parent6d383df7bbf4128ee89ccfd6cf0af3ab50607ab2 (diff)
downloadFreeBSD-src-51f3dcc0bd6e354eab16e3f6b3fb7228f1581047.zip
FreeBSD-src-51f3dcc0bd6e354eab16e3f6b3fb7228f1581047.tar.gz
MFp4 204292:
Ignore the NAT_T extension types so we can at least dump the SADB from the in-base libipsec/setkey without error when NAT_T support is present in the kernel, though not printing the additional information yet. However in case there is no NAT_T support in kernel still consider them to be an error. MFC after: 8 weeks
Diffstat (limited to 'lib/libipsec')
-rw-r--r--lib/libipsec/pfkey.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/lib/libipsec/pfkey.c b/lib/libipsec/pfkey.c
index 4cd58a7..234e7c8 100644
--- a/lib/libipsec/pfkey.c
+++ b/lib/libipsec/pfkey.c
@@ -1778,6 +1778,18 @@ pfkey_align(msg, mhp)
case SADB_X_EXT_SA2:
mhp[ext->sadb_ext_type] = (caddr_t)ext;
break;
+ case SADB_X_EXT_NAT_T_TYPE:
+ case SADB_X_EXT_NAT_T_SPORT:
+ case SADB_X_EXT_NAT_T_DPORT:
+ /* case SADB_X_EXT_NAT_T_OA: is OAI */
+ case SADB_X_EXT_NAT_T_OAI:
+ case SADB_X_EXT_NAT_T_OAR:
+ case SADB_X_EXT_NAT_T_FRAG:
+ if (feature_present("ipsec_natt")) {
+ mhp[ext->sadb_ext_type] = (caddr_t)ext;
+ break;
+ }
+ /* FALLTHROUGH */
default:
__ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
return -1;
OpenPOWER on IntegriCloud