Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet/udp_usrreq.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet/udp_usrreq.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.132 retrieving revision 1.134.2.2 diff -u -p -r1.132 -r1.134.2.2 --- src/sys/netinet/udp_usrreq.c 2005/03/09 05:07:19 1.132 +++ src/sys/netinet/udp_usrreq.c 2005/04/28 10:53:40 1.134.2.2 @@ -1,4 +1,4 @@ -/* $NetBSD: udp_usrreq.c,v 1.132 2005/03/09 05:07:19 atatat Exp $ */ +/* $NetBSD: udp_usrreq.c,v 1.134.2.2 2005/04/28 10:53:40 tron Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.132 2005/03/09 05:07:19 atatat Exp $"); +__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.134.2.2 2005/04/28 10:53:40 tron Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -1365,6 +1365,9 @@ udp4_espinudp(m, off, src, so) size_t iphdrlen; struct ip *ip; struct mbuf *n; + struct m_tag *tag; + struct udphdr *udphdr; + u_int16_t sport, dport; /* * Collapse the mbuf chain if the first mbuf is too short @@ -1415,6 +1418,14 @@ udp4_espinudp(m, off, src, so) } /* + * Get the UDP ports. They are handled in network + * order everywhere in IPSEC_NAT_T code. + */ + udphdr = (struct udphdr *)(data - skip); + sport = udphdr->uh_sport; + dport = udphdr->uh_dport; + + /* * Remove the UDP header (and possibly the non ESP marker) * IP header lendth is iphdrlen * Before: @@ -1447,6 +1458,21 @@ udp4_espinudp(m, off, src, so) return 0; } + /* + * Add a PACKET_TAG_IPSEC_NAT_T_PORT tag to remember + * the source UDP port. This is required if we want + * to select the right SPD for multiple hosts behind + * same NAT + */ + if ((tag = m_tag_get(PACKET_TAG_IPSEC_NAT_T_PORTS, + sizeof(sport) + sizeof(dport), M_DONTWAIT)) == NULL) { + printf("udp4_espinudp: m_tag_get failed\n"); + return 0; + } + ((u_int16_t *)(tag + 1))[0] = sport; + ((u_int16_t *)(tag + 1))[1] = dport; + m_tag_prepend(n, tag); + esp4_input(n, iphdrlen); /* We handled it, it shoudln't be handled by UDP */