i think mixing stable packages with experimental packages is a very bad idea.
[openwrt.git] / openwrt / package / linux / kernel-patches / 311-ipsec-nat-traversal
1 packaging/utils/nattpatch 2.4
2 --- linux/include/net/sock.h 2002/02/06 15:25:10 1.1
3 +++ linux/include/net/sock.h 2002/05/22 12:14:56
4 @@ -488,7 +488,13 @@
5 } bictcp;
6 };
7
8 -
9 +#if 1
10 +#define UDP_OPT_IN_SOCK 1
11 +struct udp_opt {
12 + __u32 esp_in_udp;
13 +};
14 +#endif
15 +
16 /*
17 * This structure really needs to be cleaned up.
18 * Most of it is for TCP, and not used by any of
19 @@ -655,6 +661,9 @@
20 #if defined(CONFIG_SPX) || defined (CONFIG_SPX_MODULE)
21 struct spx_opt af_spx;
22 #endif /* CONFIG_SPX */
23 +#if 1
24 + struct udp_opt af_udp;
25 +#endif
26
27 } tp_pinfo;
28
29 --- linux/net/Config.in.orig Fri Feb 9 14:34:13 2001
30 +++ linux/net/Config.in Thu Feb 22 19:40:08 2001
31 @@ -88,3 +88,5 @@
32 endmenu
33
34 +bool 'IPSEC NAT-Traversal' CONFIG_IPSEC_NAT_TRAVERSAL
35 +
36 endmenu
37 --- linux/net/ipv4/udp.c.1 Wed Jan 28 15:57:05 2004
38 +++ linux/net/ipv4/udp.c Wed Jan 28 15:58:56 2004
39 @@ -787,6 +787,9 @@
40
41 static int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
42 {
43 +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
44 + struct udp_opt *tp = &(sk->tp_pinfo.af_udp);
45 +#endif
46 /*
47 * Charge it to the socket, dropping if the queue is full.
48 */
49 @@ -804,6 +807,40 @@
50 }
51 #endif
52
53 +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
54 + if (tp->esp_in_udp) {
55 + /*
56 + * Set skb->sk and xmit packet to ipsec_rcv.
57 + *
58 + * If ret != 0, ipsec_rcv refused the packet (not ESPinUDP),
59 + * restore skb->sk and fall back to sock_queue_rcv_skb
60 + */
61 + struct inet_protocol *esp = NULL;
62 +
63 +#if defined(CONFIG_KLIPS) && !defined(CONFIG_KLIPS_MODULE)
64 + /* optomize only when we know it is statically linked */
65 + extern struct inet_protocol esp_protocol;
66 + esp = &esp_protocol;
67 +#else
68 + for (esp = (struct inet_protocol *)inet_protos[IPPROTO_ESP & (MAX_INET_PROTOS - 1)];
69 + (esp) && (esp->protocol != IPPROTO_ESP);
70 + esp = esp->next);
71 +#endif
72 +
73 + if (esp && esp->handler) {
74 + struct sock *sav_sk = skb->sk;
75 + skb->sk = sk;
76 + if (esp->handler(skb) == 0) {
77 + skb->sk = sav_sk;
78 + /*not sure we might count ESPinUDP as UDP...*/
79 + UDP_INC_STATS_BH(UdpInDatagrams);
80 + return 0;
81 + }
82 + skb->sk = sav_sk;
83 + }
84 + }
85 +#endif
86 +
87 if (sock_queue_rcv_skb(sk,skb)<0) {
88 UDP_INC_STATS_BH(UdpInErrors);
89 IP_INC_STATS_BH(IpInDiscards);
90 @@ -1027,13 +1064,49 @@
91 return len;
92 }
93
94 +static int udp_setsockopt(struct sock *sk, int level, int optname,
95 + char *optval, int optlen)
96 +{
97 + struct udp_opt *tp = &(sk->tp_pinfo.af_udp);
98 + int val;
99 + int err = 0;
100 +
101 + if (level != SOL_UDP)
102 + return ip_setsockopt(sk, level, optname, optval, optlen);
103 +
104 + if(optlen<sizeof(int))
105 + return -EINVAL;
106 +
107 + if (get_user(val, (int *)optval))
108 + return -EFAULT;
109 +
110 + lock_sock(sk);
111 +
112 + switch(optname) {
113 +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
114 +#ifndef UDP_ESPINUDP
115 +#define UDP_ESPINUDP 100
116 +#endif
117 + case UDP_ESPINUDP:
118 + tp->esp_in_udp = val;
119 + break;
120 +#endif
121 + default:
122 + err = -ENOPROTOOPT;
123 + break;
124 + }
125 +
126 + release_sock(sk);
127 + return err;
128 +}
129 +
130 struct proto udp_prot = {
131 name: "UDP",
132 close: udp_close,
133 connect: udp_connect,
134 disconnect: udp_disconnect,
135 ioctl: udp_ioctl,
136 - setsockopt: ip_setsockopt,
137 + setsockopt: udp_setsockopt,
138 getsockopt: ip_getsockopt,
139 sendmsg: udp_sendmsg,
140 recvmsg: udp_recvmsg,
This page took 0.055993 seconds and 5 git commands to generate.