From: mlafon_at_arkoon.net
Date: Thu Dec 26 2002 - 12:24:52 CET
> I'm going to try and give it some testing tonight/tomorrow, but if anyone
> else has time/interest, feel free. I changed the orders in
> klips/net/ipsec/pfkey_v2_parser.c:ext_processors and
> lib/pfkey_v2_parse.c:ext_default_parsers, so it always comes after the
> NAT-T definitions.
There is another merging problem in send_packet: special return for keep-alive
packets must be done only when sendto fail and after 'restore port'.
Here is a patch :
--- _demux.c Thu Dec 26 12:16:59 2002
+++ demux.c Thu Dec 26 12:17:24 2002
@@ -819,16 +819,16 @@
, sockaddrof(&c->that.host_addr)
, sockaddrlenof(&c->that.host_addr)) != (ssize_t)st->st_tpacket.len;
#endif
-#ifdef NAT_TRAVERSAL
- /* do not log NAT-T Keep Alive packets */
- if (!verbose)
- return FALSE;
-#endif
/* restore port */
setportof(port_buf, &c->that.host_addr);
if (err)
{
+#ifdef NAT_TRAVERSAL
+ /* do not log NAT-T Keep Alive packets */
+ if (!verbose)
+ return FALSE;
+#endif
log_errno((e, "sendto on %s to %s:%u failed in %s"
, c->interface->rname
, ip_str(&c->that.host_addr)
-- Mathieu Lafon - Arkoon Network Security _______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Fri Dec 27 2002 - 05:21:17 CET