Added support for NAT-Traversal (RFC 3948) in IPsec stack.

Thanks to (no special order) Emmanuel Dreyfus (manu@netbsd.org), Larry Baird (lab@gta.com), gnn, bz, and other FreeBSD devs, Julien Vanherzeele (julien.vanherzeele@netasq.com, for years of bug reporting), the PFSense team, and all people who used / tried the NAT-T patch for years and reported bugs, patches, etc... X-MFC: never Reviewed by: bz Approved by: gnn(mentor) Obtained from: NETASQ
author: vanhu <vanhu@FreeBSD.org> 2009-06-12 15:44:35 +0000
committer: vanhu <vanhu@FreeBSD.org> 2009-06-12 15:44:35 +0000
commit: 16c1346b9a6c737fd054d4d0644bf5104fcb32aa (patch)
tree: e75e977677e2ddd8c5e3a47752c3693ea92b15e3 /sys/netipsec/keydb.h
parent: 76ddf574294a7a39ca62f55ea127233303bcf29e (diff)
download: FreeBSD-src-16c1346b9a6c737fd054d4d0644bf5104fcb32aa.zip
FreeBSD-src-16c1346b9a6c737fd054d4d0644bf5104fcb32aa.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/sys/netipsec/keydb.h b/sys/netipsec/keydb.h
index c9a37e3..35a0122 100644
--- a/sys/netipsec/keydb.h
+++ b/sys/netipsec/keydb.h
@@ -151,6 +151,12 @@ struct secasvar {
 	struct auth_hash *tdb_authalgxform;	/* authentication algorithm */
 	struct comp_algo *tdb_compalgxform;	/* compression algorithm */
 	u_int64_t tdb_cryptoid;		/* crypto session id */
+
+	/*
+	 * NAT-Traversal.
+	 */
+	u_int16_t natt_type;		/* IKE/ESP-marker in output. */
+	u_int16_t natt_esp_frag_len;	/* MTU for payload fragmentation. */
 };
 
 #define	SECASVAR_LOCK_INIT(_sav) \
author	vanhu <vanhu@FreeBSD.org>	2009-06-12 15:44:35 +0000
committer	vanhu <vanhu@FreeBSD.org>	2009-06-12 15:44:35 +0000
commit	16c1346b9a6c737fd054d4d0644bf5104fcb32aa (patch)
tree	e75e977677e2ddd8c5e3a47752c3693ea92b15e3 /sys/netipsec/keydb.h
parent	76ddf574294a7a39ca62f55ea127233303bcf29e (diff)
download	FreeBSD-src-16c1346b9a6c737fd054d4d0644bf5104fcb32aa.zip FreeBSD-src-16c1346b9a6c737fd054d4d0644bf5104fcb32aa.tar.gz