1 Index: linux-2.6.23.17/include/net/xfrmudp.h
2 ===================================================================
4 +++ linux-2.6.23.17/include/net/xfrmudp.h
7 + * pointer to function for type that xfrm4_input wants, to permit
8 + * decoupling of XFRM from udp.c
10 +#define HAVE_XFRM4_UDP_REGISTER
12 +typedef int (*xfrm4_rcv_encap_t)(struct sk_buff *skb, __u16 encap_type);
13 +extern int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
14 + , xfrm4_rcv_encap_t *oldfunc);
15 +extern int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func);
16 Index: linux-2.6.23.17/net/ipv4/Kconfig
17 ===================================================================
18 --- linux-2.6.23.17.orig/net/ipv4/Kconfig
19 +++ linux-2.6.23.17/net/ipv4/Kconfig
20 @@ -224,6 +224,12 @@ config NET_IPGRE_BROADCAST
21 Network), but can be distributed all over the Internet. If you want
22 to do that, say Y here and to "IP multicast routing" below.
24 +config IPSEC_NAT_TRAVERSAL
25 + bool "IPSEC NAT-Traversal (KLIPS compatible)"
28 + Includes support for RFC3947/RFC3948 NAT-Traversal of ESP over UDP.
31 bool "IP: multicast routing"
32 depends on IP_MULTICAST
33 Index: linux-2.6.23.17/net/ipv4/xfrm4_input.c
34 ===================================================================
35 --- linux-2.6.23.17.orig/net/ipv4/xfrm4_input.c
36 +++ linux-2.6.23.17/net/ipv4/xfrm4_input.c
38 #include <linux/netfilter_ipv4.h>
41 +#include <net/xfrmudp.h>
43 static int xfrm4_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq)
45 @@ -161,6 +162,29 @@ drop:
49 +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
50 +static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = NULL;
52 +int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func,
53 + xfrm4_rcv_encap_t *oldfunc)
56 + *oldfunc = xfrm4_rcv_encap_func;
58 + xfrm4_rcv_encap_func = func;
62 +int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func)
64 + if(xfrm4_rcv_encap_func != func)
67 + xfrm4_rcv_encap_func = NULL;
70 +#endif /* CONFIG_IPSEC_NAT_TRAVERSAL */
72 /* If it's a keepalive packet, then just eat it.
73 * If it's an encapsulated packet, then pass it to the
75 @@ -251,7 +275,13 @@ int xfrm4_udp_encap_rcv(struct sock *sk,
76 iph->protocol = IPPROTO_ESP;
79 +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
80 + if(xfrm4_rcv_encap_func == NULL)
82 + ret = (*xfrm4_rcv_encap_func)(skb, up->encap_type);
84 ret = xfrm4_rcv_encap(skb, encap_type);
89 @@ -265,3 +295,8 @@ int xfrm4_rcv(struct sk_buff *skb)
92 EXPORT_SYMBOL(xfrm4_rcv);
94 +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
95 +EXPORT_SYMBOL(udp4_register_esp_rcvencap);
96 +EXPORT_SYMBOL(udp4_unregister_esp_rcvencap);