From 57700c9e4d58b2523a67ea5622a588db71d8dfb8 Mon Sep 17 00:00:00 2001 From: "Bjoern A. Zeeb" Date: Fri, 19 Jun 2009 21:01:55 +0000 Subject: [PATCH] Move setting of ports from NAT-T below key_getsah() and actually below key_setsaval(). Without that, the lookup for the SA had failed as we were looking for a SA with the new, updated port numbers instead of the old ones and were comparing the ports in key_cmpsaidx(). This makes updating the remote -> local SA on the initiator work again. Problem introduced with: p4 changeset 152114 --- sys/netipsec/key.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index 8f81d8364fe..027d408c578 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -4991,6 +4991,7 @@ key_update(so, m, mhp) struct sadb_address *src0, *dst0; #ifdef IPSEC_NAT_T struct sadb_x_nat_t_type *type; + struct sadb_x_nat_t_port *sport, *dport; struct sadb_address *iaddr, *raddr; struct sadb_x_nat_t_frag *frag; #endif @@ -5066,7 +5067,6 @@ key_update(so, m, mhp) if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL && mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL && mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) { - struct sadb_x_nat_t_port *sport, *dport; if (mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type) || mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) || @@ -5082,15 +5082,9 @@ key_update(so, m, mhp) mhp->ext[SADB_X_EXT_NAT_T_SPORT]; dport = (struct sadb_x_nat_t_port *) mhp->ext[SADB_X_EXT_NAT_T_DPORT]; - - if (sport) - KEY_PORTTOSADDR(&saidx.src, - sport->sadb_x_nat_t_port_port); - if (dport) - KEY_PORTTOSADDR(&saidx.dst, - dport->sadb_x_nat_t_port_port); } else { type = 0; + sport = dport = 0; } if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL && mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) { @@ -5193,6 +5187,13 @@ key_update(so, m, mhp) if (type) sav->natt_type = type->sadb_x_nat_t_type_type; + if (sport) + KEY_PORTTOSADDR(&sav->sah->saidx.src, + sport->sadb_x_nat_t_port_port); + if (dport) + KEY_PORTTOSADDR(&sav->sah->saidx.dst, + dport->sadb_x_nat_t_port_port); + #if 0 /* * In case SADB_X_EXT_NAT_T_FRAG was not given, leave it at 0.