svn commit: r194513 - head/sys/netipsec

Bjoern A. Zeeb bz at FreeBSD.org
Fri Jun 19 21:01:56 UTC 2009 

Author: bz
Date: Fri Jun 19 21:01:55 2009
New Revision: 194513
URL: http://svn.freebsd.org/changeset/base/194513

Log:
  Move setting of ports from NAT-T below key_getsah() and actually
  below key_setsaval().
  Without that, the lookup for the SA had failed as we were looking for
  a SA with the new, updated port numbers instead of the old ones and
  were comparing the ports in key_cmpsaidx().
  This makes updating the remote -> local SA on the initiator work again.
  
  Problem introduced with:	p4 changeset 152114

Modified:
  head/sys/netipsec/key.c

Modified: head/sys/netipsec/key.c
==============================================================================
--- head/sys/netipsec/key.c	Fri Jun 19 20:31:44 2009	(r194512)
+++ head/sys/netipsec/key.c	Fri Jun 19 21:01:55 2009	(r194513)
@@ -4991,6 +4991,7 @@ key_update(so, m, mhp)
 	struct sadb_address *src0, *dst0;
 #ifdef IPSEC_NAT_T
 	struct sadb_x_nat_t_type *type;
+	struct sadb_x_nat_t_port *sport, *dport;
 	struct sadb_address *iaddr, *raddr;
 	struct sadb_x_nat_t_frag *frag;
 #endif
@@ -5066,7 +5067,6 @@ key_update(so, m, mhp)
 	if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL &&
 	    mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL &&
 	    mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) {
-		struct sadb_x_nat_t_port *sport, *dport;
 
 		if (mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type) ||
 		    mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) ||
@@ -5082,15 +5082,9 @@ key_update(so, m, mhp)
 		    mhp->ext[SADB_X_EXT_NAT_T_SPORT];
 		dport = (struct sadb_x_nat_t_port *)
 		    mhp->ext[SADB_X_EXT_NAT_T_DPORT];
-
-		if (sport)
-			KEY_PORTTOSADDR(&saidx.src,
-			    sport->sadb_x_nat_t_port_port);
-		if (dport)
-			KEY_PORTTOSADDR(&saidx.dst,
-			    dport->sadb_x_nat_t_port_port);
 	} else {
 		type = 0;
+		sport = dport = 0;
 	}
 	if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL &&
 	    mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) {
@@ -5193,6 +5187,13 @@ key_update(so, m, mhp)
 	if (type)
 		sav->natt_type = type->sadb_x_nat_t_type_type;
 
+	if (sport)
+		KEY_PORTTOSADDR(&sav->sah->saidx.src,
+		    sport->sadb_x_nat_t_port_port);
+	if (dport)
+		KEY_PORTTOSADDR(&sav->sah->saidx.dst,
+		    dport->sadb_x_nat_t_port_port);
+
 #if 0
 	/*
 	 * In case SADB_X_EXT_NAT_T_FRAG was not given, leave it at 0.

More information about the svn-src-all mailing list