diff options
| author | bz <bz@FreeBSD.org> | 2012-02-11 20:43:01 +0000 |
|---|---|---|
| committer | bz <bz@FreeBSD.org> | 2012-02-11 20:43:01 +0000 |
| commit | 51f3dcc0bd6e354eab16e3f6b3fb7228f1581047 (patch) | |
| tree | 6acfb6118a8f1d83722d44820ded27a5c0301fc3 /lib | |
| parent | 6d383df7bbf4128ee89ccfd6cf0af3ab50607ab2 (diff) | |
| download | FreeBSD-src-51f3dcc0bd6e354eab16e3f6b3fb7228f1581047.zip FreeBSD-src-51f3dcc0bd6e354eab16e3f6b3fb7228f1581047.tar.gz | |
MFp4 204292:
Ignore the NAT_T extension types so we can at least dump the SADB from
the in-base libipsec/setkey without error when NAT_T support is present
in the kernel, though not printing the additional information yet.
However in case there is no NAT_T support in kernel still consider them
to be an error.
MFC after: 8 weeks
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libipsec/pfkey.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/lib/libipsec/pfkey.c b/lib/libipsec/pfkey.c index 4cd58a7..234e7c8 100644 --- a/lib/libipsec/pfkey.c +++ b/lib/libipsec/pfkey.c @@ -1778,6 +1778,18 @@ pfkey_align(msg, mhp) case SADB_X_EXT_SA2: mhp[ext->sadb_ext_type] = (caddr_t)ext; break; + case SADB_X_EXT_NAT_T_TYPE: + case SADB_X_EXT_NAT_T_SPORT: + case SADB_X_EXT_NAT_T_DPORT: + /* case SADB_X_EXT_NAT_T_OA: is OAI */ + case SADB_X_EXT_NAT_T_OAI: + case SADB_X_EXT_NAT_T_OAR: + case SADB_X_EXT_NAT_T_FRAG: + if (feature_present("ipsec_natt")) { + mhp[ext->sadb_ext_type] = (caddr_t)ext; + break; + } + /* FALLTHROUGH */ default: __ipsec_errcode = EIPSEC_INVAL_EXTTYPE; return -1; |
