diff options
author | bz <bz@FreeBSD.org> | 2009-06-19 21:01:55 +0000 |
---|---|---|
committer | bz <bz@FreeBSD.org> | 2009-06-19 21:01:55 +0000 |
commit | 55f686804402b9ab9f0b0a61f96997ad8ec34878 (patch) | |
tree | eed84f8d814bd22d6bfb8401d2c742fea9c30d57 /sys | |
parent | 888867acdc7211b6c6703412875edd2511f53679 (diff) | |
download | FreeBSD-src-55f686804402b9ab9f0b0a61f96997ad8ec34878.zip FreeBSD-src-55f686804402b9ab9f0b0a61f96997ad8ec34878.tar.gz |
Move setting of ports from NAT-T below key_getsah() and actually
below key_setsaval().
Without that, the lookup for the SA had failed as we were looking for
a SA with the new, updated port numbers instead of the old ones and
were comparing the ports in key_cmpsaidx().
This makes updating the remote -> local SA on the initiator work again.
Problem introduced with: p4 changeset 152114
Diffstat (limited to 'sys')
-rw-r--r-- | sys/netipsec/key.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index 8f81d83..027d408 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -4991,6 +4991,7 @@ key_update(so, m, mhp) struct sadb_address *src0, *dst0; #ifdef IPSEC_NAT_T struct sadb_x_nat_t_type *type; + struct sadb_x_nat_t_port *sport, *dport; struct sadb_address *iaddr, *raddr; struct sadb_x_nat_t_frag *frag; #endif @@ -5066,7 +5067,6 @@ key_update(so, m, mhp) if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL && mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL && mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) { - struct sadb_x_nat_t_port *sport, *dport; if (mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type) || mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) || @@ -5082,15 +5082,9 @@ key_update(so, m, mhp) mhp->ext[SADB_X_EXT_NAT_T_SPORT]; dport = (struct sadb_x_nat_t_port *) mhp->ext[SADB_X_EXT_NAT_T_DPORT]; - - if (sport) - KEY_PORTTOSADDR(&saidx.src, - sport->sadb_x_nat_t_port_port); - if (dport) - KEY_PORTTOSADDR(&saidx.dst, - dport->sadb_x_nat_t_port_port); } else { type = 0; + sport = dport = 0; } if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL && mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) { @@ -5193,6 +5187,13 @@ key_update(so, m, mhp) if (type) sav->natt_type = type->sadb_x_nat_t_type_type; + if (sport) + KEY_PORTTOSADDR(&sav->sah->saidx.src, + sport->sadb_x_nat_t_port_port); + if (dport) + KEY_PORTTOSADDR(&sav->sah->saidx.dst, + dport->sadb_x_nat_t_port_port); + #if 0 /* * In case SADB_X_EXT_NAT_T_FRAG was not given, leave it at 0. |