add generic 2.6.23 patches and config
[openwrt/svn-archive/archive.git] / target / linux / generic-2.6 / patches-2.6.23 / 120-openswan-2.4.0.kernel-2.6-natt.patch
1 Index: linux-2.6.23-rc7/include/net/xfrmudp.h
2 ===================================================================
3 --- /dev/null 1970-01-01 00:00:00.000000000 +0000
4 +++ linux-2.6.23-rc7/include/net/xfrmudp.h 2007-10-02 00:58:05.000000000 +0800
5 @@ -0,0 +1,10 @@
6 +/*
7 + * pointer to function for type that xfrm4_input wants, to permit
8 + * decoupling of XFRM from udp.c
9 + */
10 +#define HAVE_XFRM4_UDP_REGISTER
11 +
12 +typedef int (*xfrm4_rcv_encap_t)(struct sk_buff *skb, __u16 encap_type);
13 +extern int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
14 + , xfrm4_rcv_encap_t *oldfunc);
15 +extern int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func);
16 Index: linux-2.6.23-rc7/net/ipv4/Kconfig
17 ===================================================================
18 --- linux-2.6.23-rc7.orig/net/ipv4/Kconfig 2007-10-02 00:58:02.000000000 +0800
19 +++ linux-2.6.23-rc7/net/ipv4/Kconfig 2007-10-02 00:58:05.000000000 +0800
20 @@ -224,6 +224,12 @@
21 Network), but can be distributed all over the Internet. If you want
22 to do that, say Y here and to "IP multicast routing" below.
23
24 +config IPSEC_NAT_TRAVERSAL
25 + bool "IPSEC NAT-Traversal (KLIPS compatible)"
26 + depends on INET
27 + ---help---
28 + Includes support for RFC3947/RFC3948 NAT-Traversal of ESP over UDP.
29 +
30 config IP_MROUTE
31 bool "IP: multicast routing"
32 depends on IP_MULTICAST
33 Index: linux-2.6.23-rc7/net/ipv4/xfrm4_input.c
34 ===================================================================
35 --- linux-2.6.23-rc7.orig/net/ipv4/xfrm4_input.c 2007-10-02 00:58:02.000000000 +0800
36 +++ linux-2.6.23-rc7/net/ipv4/xfrm4_input.c 2007-10-02 00:58:33.000000000 +0800
37 @@ -15,6 +15,7 @@
38 #include <linux/netfilter_ipv4.h>
39 #include <net/ip.h>
40 #include <net/xfrm.h>
41 +#include <net/xfrmudp.h>
42
43 static int xfrm4_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq)
44 {
45 @@ -161,6 +162,29 @@
46 return 0;
47 }
48
49 +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
50 +static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = NULL;
51 +
52 +int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func,
53 + xfrm4_rcv_encap_t *oldfunc)
54 +{
55 + if(oldfunc != NULL)
56 + *oldfunc = xfrm4_rcv_encap_func;
57 +
58 + xfrm4_rcv_encap_func = func;
59 + return 0;
60 +}
61 +
62 +int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func)
63 +{
64 + if(xfrm4_rcv_encap_func != func)
65 + return -1;
66 +
67 + xfrm4_rcv_encap_func = NULL;
68 + return 0;
69 +}
70 +#endif /* CONFIG_IPSEC_NAT_TRAVERSAL */
71 +
72 /* If it's a keepalive packet, then just eat it.
73 * If it's an encapsulated packet, then pass it to the
74 * IPsec xfrm input.
75 @@ -251,7 +275,13 @@
76 iph->protocol = IPPROTO_ESP;
77
78 /* process ESP */
79 +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
80 + if(xfrm4_rcv_encap_func == NULL)
81 + goto drop;
82 + ret = (*xfrm4_rcv_encap_func)(skb, up->encap_type);
83 +#else
84 ret = xfrm4_rcv_encap(skb, encap_type);
85 +#endif
86 return ret;
87
88 drop:
89 @@ -265,3 +295,8 @@
90 }
91
92 EXPORT_SYMBOL(xfrm4_rcv);
93 +
94 +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
95 +EXPORT_SYMBOL(udp4_register_esp_rcvencap);
96 +EXPORT_SYMBOL(udp4_unregister_esp_rcvencap);
97 +#endif