From 1689ee86bc3fa326abebc58ace13705c8fc4698d Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Mon, 18 Apr 2005 21:28:26 +0000 Subject: [PATCH] add ipsec nat traversal patch SVN-Revision: 678 --- .../kernel-patches/311-ipsec-nat-traversal | 140 ++++++++++++++++++ openwrt/package/linux/linux.config | 79 +++++++++- 2 files changed, 218 insertions(+), 1 deletion(-) create mode 100644 openwrt/package/linux/kernel-patches/311-ipsec-nat-traversal diff --git a/openwrt/package/linux/kernel-patches/311-ipsec-nat-traversal b/openwrt/package/linux/kernel-patches/311-ipsec-nat-traversal new file mode 100644 index 0000000000..fc4c29d27e --- /dev/null +++ b/openwrt/package/linux/kernel-patches/311-ipsec-nat-traversal @@ -0,0 +1,140 @@ +packaging/utils/nattpatch 2.4 +--- linux/include/net/sock.h 2002/02/06 15:25:10 1.1 ++++ linux/include/net/sock.h 2002/05/22 12:14:56 +@@ -488,7 +488,13 @@ + } bictcp; + }; + +- ++#if 1 ++#define UDP_OPT_IN_SOCK 1 ++struct udp_opt { ++ __u32 esp_in_udp; ++}; ++#endif ++ + /* + * This structure really needs to be cleaned up. + * Most of it is for TCP, and not used by any of +@@ -655,6 +661,9 @@ + #if defined(CONFIG_SPX) || defined (CONFIG_SPX_MODULE) + struct spx_opt af_spx; + #endif /* CONFIG_SPX */ ++#if 1 ++ struct udp_opt af_udp; ++#endif + + } tp_pinfo; + +--- linux/net/Config.in.orig Fri Feb 9 14:34:13 2001 ++++ linux/net/Config.in Thu Feb 22 19:40:08 2001 +@@ -88,3 +88,5 @@ + endmenu + ++bool 'IPSEC NAT-Traversal' CONFIG_IPSEC_NAT_TRAVERSAL ++ + endmenu +--- linux/net/ipv4/udp.c.1 Wed Jan 28 15:57:05 2004 ++++ linux/net/ipv4/udp.c Wed Jan 28 15:58:56 2004 +@@ -787,6 +787,9 @@ + + static int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb) + { ++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL ++ struct udp_opt *tp = &(sk->tp_pinfo.af_udp); ++#endif + /* + * Charge it to the socket, dropping if the queue is full. + */ +@@ -804,6 +807,40 @@ + } + #endif + ++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL ++ if (tp->esp_in_udp) { ++ /* ++ * Set skb->sk and xmit packet to ipsec_rcv. ++ * ++ * If ret != 0, ipsec_rcv refused the packet (not ESPinUDP), ++ * restore skb->sk and fall back to sock_queue_rcv_skb ++ */ ++ struct inet_protocol *esp = NULL; ++ ++#if defined(CONFIG_KLIPS) && !defined(CONFIG_KLIPS_MODULE) ++ /* optomize only when we know it is statically linked */ ++ extern struct inet_protocol esp_protocol; ++ esp = &esp_protocol; ++#else ++ for (esp = (struct inet_protocol *)inet_protos[IPPROTO_ESP & (MAX_INET_PROTOS - 1)]; ++ (esp) && (esp->protocol != IPPROTO_ESP); ++ esp = esp->next); ++#endif ++ ++ if (esp && esp->handler) { ++ struct sock *sav_sk = skb->sk; ++ skb->sk = sk; ++ if (esp->handler(skb) == 0) { ++ skb->sk = sav_sk; ++ /*not sure we might count ESPinUDP as UDP...*/ ++ UDP_INC_STATS_BH(UdpInDatagrams); ++ return 0; ++ } ++ skb->sk = sav_sk; ++ } ++ } ++#endif ++ + if (sock_queue_rcv_skb(sk,skb)<0) { + UDP_INC_STATS_BH(UdpInErrors); + IP_INC_STATS_BH(IpInDiscards); +@@ -1027,13 +1064,49 @@ + return len; + } + ++static int udp_setsockopt(struct sock *sk, int level, int optname, ++ char *optval, int optlen) ++{ ++ struct udp_opt *tp = &(sk->tp_pinfo.af_udp); ++ int val; ++ int err = 0; ++ ++ if (level != SOL_UDP) ++ return ip_setsockopt(sk, level, optname, optval, optlen); ++ ++ if(optlenesp_in_udp = val; ++ break; ++#endif ++ default: ++ err = -ENOPROTOOPT; ++ break; ++ } ++ ++ release_sock(sk); ++ return err; ++} ++ + struct proto udp_prot = { + name: "UDP", + close: udp_close, + connect: udp_connect, + disconnect: udp_disconnect, + ioctl: udp_ioctl, +- setsockopt: ip_setsockopt, ++ setsockopt: udp_setsockopt, + getsockopt: ip_getsockopt, + sendmsg: udp_sendmsg, + recvmsg: udp_recvmsg, diff --git a/openwrt/package/linux/linux.config b/openwrt/package/linux/linux.config index 9a7d190d2b..d09d69f691 100644 --- a/openwrt/package/linux/linux.config +++ b/openwrt/package/linux/linux.config @@ -1,5 +1,5 @@ # -# Automatically generated by make menuconfig: don't edit +# Automatically generated make config: don't edit # CONFIG_MIPS=y CONFIG_MIPS32=y @@ -181,6 +181,10 @@ CONFIG_MTD_PARTITIONS=y # CONFIG_MTD_CONCAT is not set # CONFIG_MTD_REDBOOT_PARTS is not set # CONFIG_MTD_CMDLINE_PARTS is not set + +# +# User Modules And Translation Layers +# CONFIG_MTD_CHAR=y CONFIG_MTD_BLOCK=y # CONFIG_FTL is not set @@ -246,6 +250,10 @@ CONFIG_MTD_BCM947XX=y # CONFIG_MTD_SLRAM is not set # CONFIG_MTD_MTDRAM is not set # CONFIG_MTD_BLKMTD is not set + +# +# Disk-On-Chip Device Drivers +# # CONFIG_MTD_DOC1000 is not set # CONFIG_MTD_DOC2000 is not set # CONFIG_MTD_DOC2001 is not set @@ -432,6 +440,10 @@ CONFIG_IP6_NF_TARGET_MARK=m # CONFIG_IP_SCTP is not set # CONFIG_ATM is not set CONFIG_VLAN_8021Q=y + +# +# +# # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_DECNET is not set @@ -498,6 +510,7 @@ CONFIG_NET_CLS_POLICE=y # Network testing # # CONFIG_NET_PKTGEN is not set +CONFIG_IPSEC_NAT_TRAVERSAL=y # # Telephony Support @@ -516,12 +529,20 @@ CONFIG_NET_CLS_POLICE=y # SCSI support # CONFIG_SCSI=m + +# +# SCSI support type (disk, tape, CD-ROM) +# CONFIG_BLK_DEV_SD=m CONFIG_SD_EXTRA_DEVS=5 # CONFIG_CHR_DEV_ST is not set # CONFIG_CHR_DEV_OSST is not set # CONFIG_BLK_DEV_SR is not set CONFIG_CHR_DEV_SG=m + +# +# Some SCSI devices (e.g. CD jukebox) support multiple LUNs +# # CONFIG_SCSI_DEBUG_QUEUES is not set # CONFIG_SCSI_MULTI_LUN is not set # CONFIG_SCSI_CONSTANTS is not set @@ -741,6 +762,10 @@ CONFIG_NET_RADIO=y # CONFIG_PLX_HERMES is not set # CONFIG_TMD_HERMES is not set # CONFIG_PCI_HERMES is not set + +# +# Prism54 PCI/PCMCIA GT/Duette Driver - 802.11(a/b/g) +# # CONFIG_PRISM54 is not set CONFIG_NET_WIRELESS=y @@ -812,6 +837,14 @@ CONFIG_PRINTER=m # Joysticks # # CONFIG_INPUT_GAMEPORT is not set + +# +# Input core support is needed for gameports +# + +# +# Input core support is needed for joysticks +# # CONFIG_QIC02_TAPE is not set # CONFIG_IPMI_HANDLER is not set # CONFIG_IPMI_PANIC_EVENT is not set @@ -1041,12 +1074,24 @@ CONFIG_NLS_DEFAULT="iso8859-1" # CONFIG_USB=m # CONFIG_USB_DEBUG is not set + +# +# Miscellaneous USB options +# CONFIG_USB_DEVICEFS=y # CONFIG_USB_BANDWIDTH is not set + +# +# USB Host Controller Drivers +# CONFIG_USB_EHCI_HCD=m # CONFIG_USB_UHCI is not set CONFIG_USB_UHCI_ALT=m CONFIG_USB_OHCI=m + +# +# USB Device Class drivers +# # CONFIG_USB_AUDIO is not set # CONFIG_USB_EMI26 is not set # CONFIG_USB_BLUETOOTH is not set @@ -1063,7 +1108,15 @@ CONFIG_USB_STORAGE_SDDR55=y CONFIG_USB_STORAGE_JUMPSHOT=y # CONFIG_USB_ACM is not set CONFIG_USB_PRINTER=m + +# +# USB Human Interface Devices (HID) +# # CONFIG_USB_HID is not set + +# +# Input core support is needed for USB HID input layer or HIDBP support +# # CONFIG_USB_HIDINPUT is not set # CONFIG_USB_HIDDEV is not set # CONFIG_USB_KBD is not set @@ -1072,23 +1125,47 @@ CONFIG_USB_PRINTER=m # CONFIG_USB_WACOM is not set # CONFIG_USB_KBTAB is not set # CONFIG_USB_POWERMATE is not set + +# +# USB Imaging devices +# # CONFIG_USB_DC2XX is not set # CONFIG_USB_MDC800 is not set # CONFIG_USB_SCANNER is not set # CONFIG_USB_MICROTEK is not set # CONFIG_USB_HPUSBSCSI is not set + +# +# USB Multimedia devices +# + +# +# Video4Linux support is needed for USB Multimedia device support +# + +# +# USB Network adaptors +# # CONFIG_USB_PEGASUS is not set # CONFIG_USB_RTL8150 is not set # CONFIG_USB_KAWETH is not set # CONFIG_USB_CATC is not set # CONFIG_USB_CDCETHER is not set # CONFIG_USB_USBNET is not set + +# +# USB port drivers +# # CONFIG_USB_USS720 is not set # # USB Serial Converter support # # CONFIG_USB_SERIAL is not set + +# +# USB Miscellaneous drivers +# # CONFIG_USB_RIO500 is not set # CONFIG_USB_AUERSWALD is not set # CONFIG_USB_TIGL is not set