svn commit: r231532 - head/lib/libipsec
Bjoern A. Zeeb
bz at FreeBSD.org
Sat Feb 11 20:43:02 UTC 2012
Author: bz
Date: Sat Feb 11 20:43:01 2012
New Revision: 231532
URL: http://svn.freebsd.org/changeset/base/231532
Log:
MFp4 204292:
Ignore the NAT_T extension types so we can at least dump the SADB from
the in-base libipsec/setkey without error when NAT_T support is present
in the kernel, though not printing the additional information yet.
However in case there is no NAT_T support in kernel still consider them
to be an error.
MFC after: 8 weeks
Modified:
head/lib/libipsec/pfkey.c
Modified: head/lib/libipsec/pfkey.c
==============================================================================
--- head/lib/libipsec/pfkey.c Sat Feb 11 20:37:08 2012 (r231531)
+++ head/lib/libipsec/pfkey.c Sat Feb 11 20:43:01 2012 (r231532)
@@ -1778,6 +1778,18 @@ pfkey_align(msg, mhp)
case SADB_X_EXT_SA2:
mhp[ext->sadb_ext_type] = (caddr_t)ext;
break;
+ case SADB_X_EXT_NAT_T_TYPE:
+ case SADB_X_EXT_NAT_T_SPORT:
+ case SADB_X_EXT_NAT_T_DPORT:
+ /* case SADB_X_EXT_NAT_T_OA: is OAI */
+ case SADB_X_EXT_NAT_T_OAI:
+ case SADB_X_EXT_NAT_T_OAR:
+ case SADB_X_EXT_NAT_T_FRAG:
+ if (feature_present("ipsec_natt")) {
+ mhp[ext->sadb_ext_type] = (caddr_t)ext;
+ break;
+ }
+ /* FALLTHROUGH */
default:
__ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
return -1;
More information about the svn-src-head
mailing list