Print this page
Current snapshot of OpenSolaris port.
Checkpoint
Checkpoint
Merge from parent.
Merge with WIDE update.
Pull from WIDE.
Pull from WIDE.
Checkpoint
Re-update.
blah
WIDE update
Update from WIDE.
| Split |
Close |
| Expand all |
| Collapse all |
--- old/iked/ikev1/ikev1_natt.c
+++ new/iked/ikev1/ikev1_natt.c
1 1 /*
2 2 * Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany.
3 3 * Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs
4 4 * All rights reserved.
5 5 *
6 6 * Redistribution and use in source and binary forms, with or without
7 7 * modification, are permitted provided that the following conditions
8 8 * are met:
9 9 * 1. Redistributions of source code must retain the above copyright
10 10 * notice, this list of conditions and the following disclaimer.
11 11 * 2. Redistributions in binary form must reproduce the above copyright
12 12 * notice, this list of conditions and the following disclaimer in the
13 13 * documentation and/or other materials provided with the distribution.
14 14 * 3. Neither the name of the project nor the names of its contributors
15 15 * may be used to endorse or promote products derived from this software
16 16 * without specific prior written permission.
17 17 *
18 18 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
19 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
22 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 28 * SUCH DAMAGE.
29 29 */
30 30
31 31 #include <config.h>
32 32
33 33 #include <sys/types.h>
34 34 #include <sys/param.h>
35 35
36 36 #include <netinet/in.h>
37 37 #ifdef __linux__
38 38 #include <linux/udp.h>
|
↓ open down ↓ |
38 lines elided |
↑ open up ↑ |
39 39 #endif
40 40 #if defined(__NetBSD__) || defined (__FreeBSD__)
41 41 #include <netinet/udp.h>
42 42 #endif
43 43
44 44 #include <stdlib.h>
45 45 #include <stdio.h>
46 46 #include <string.h>
47 47 #include <errno.h>
48 48
49 +#ifdef sun /* XXX KEBE SAYS OpenSolaris extras */
50 +#define UDP_ENCAP_ESPINUDP_NON_IKE 1
51 +#define UDP_ENCAP_ESPINUDP 2
52 +#endif
53 +
49 54 #include "racoon.h"
50 55
51 56 #include "var.h"
52 57 /* #include "misc.h" */
53 58 /* #include "vmbuf.h" */
54 59 #include "plog.h"
55 60 #include "debug.h"
56 61
57 62 /* #include "localconf.h" */
58 63 #include "remoteconf.h"
59 64 #include "sockmisc.h"
60 65 #include "isakmp.h"
61 66 #include "isakmp_var.h"
62 67 #include "isakmp_impl.h"
63 68 #include "ikev1_impl.h"
64 69 #include "oakley.h"
65 70 #include "ipsec_doi.h"
66 71 #include "vendorid.h"
67 72 #include "handler.h"
68 73 #include "crypto_impl.h"
69 74 #include "ikev1_natt.h"
70 75 /* #include "grabmyaddr.h" */
71 76
72 77 #include "ike_conf.h"
73 78
74 79 int ikev1_natt_ka_interval = IKEV1_DEFAULT_NATK_INTERVAL;
75 80
76 81 struct natt_ka_addrs {
77 82 struct sockaddr *src;
78 83 struct sockaddr *dst;
79 84 unsigned in_use;
80 85
81 86 TAILQ_ENTRY(natt_ka_addrs) chain;
82 87 };
83 88
84 89 static TAILQ_HEAD(_natt_ka_addrs, natt_ka_addrs) ka_tree;
85 90
86 91 /*
87 92 * check if the given vid is NAT-T.
88 93 */
89 94 int
90 95 natt_vendorid(int vid)
91 96 {
92 97 return (
93 98 #ifdef ENABLE_NATT_00
94 99 vid == VENDORID_NATT_00 ||
95 100 #endif
96 101 #ifdef ENABLE_NATT_01
97 102 vid == VENDORID_NATT_01 ||
98 103 #endif
99 104 #ifdef ENABLE_NATT_02
100 105 vid == VENDORID_NATT_02 ||
101 106 vid == VENDORID_NATT_02_N ||
102 107 #endif
103 108 #ifdef ENABLE_NATT_03
104 109 vid == VENDORID_NATT_03 ||
105 110 #endif
106 111 #ifdef ENABLE_NATT_04
107 112 vid == VENDORID_NATT_04 ||
108 113 #endif
109 114 #ifdef ENABLE_NATT_05
110 115 vid == VENDORID_NATT_05 ||
111 116 #endif
112 117 #ifdef ENABLE_NATT_06
113 118 vid == VENDORID_NATT_06 ||
114 119 #endif
115 120 #ifdef ENABLE_NATT_07
116 121 vid == VENDORID_NATT_07 ||
117 122 #endif
118 123 #ifdef ENABLE_NATT_08
119 124 vid == VENDORID_NATT_08 ||
120 125 #endif
121 126 /* Always enable NATT RFC if ENABLE_NATT
122 127 */
123 128 vid == VENDORID_NATT_RFC);
124 129 }
125 130
126 131 rc_vchar_t *
127 132 ikev1_natt_hash_addr(struct ph1handle *iph1, struct sockaddr *addr)
128 133 {
129 134 rc_vchar_t *natd;
130 135 rc_vchar_t *buf;
131 136 char *ptr;
132 137 void *addr_ptr, *addr_port;
133 138 size_t buf_size, addr_size;
134 139
135 140 plog(PLOG_INFO, PLOGLOC, 0, "Hashing %s with algo #%d %s\n",
136 141 rcs_sa2str(addr), iph1->approval->hashtype,
137 142 ikev1_nat_traversal(iph1->rmconf) ==
138 143 NATT_FORCE ? "(NAT-T forced)" : "");
139 144
140 145 if (addr->sa_family == AF_INET) {
141 146 addr_size = sizeof(struct in_addr); /* IPv4 address */
142 147 addr_ptr = &((struct sockaddr_in *)addr)->sin_addr;
143 148 addr_port = &((struct sockaddr_in *)addr)->sin_port;
144 149 } else if (addr->sa_family == AF_INET6) {
145 150 addr_size = sizeof(struct in6_addr); /* IPv6 address */
146 151 addr_ptr = &((struct sockaddr_in6 *)addr)->sin6_addr;
147 152 addr_port = &((struct sockaddr_in6 *)addr)->sin6_port;
148 153 } else {
149 154 plog(PLOG_INTERR, PLOGLOC, 0,
150 155 "Unsupported address family #0x%x\n", addr->sa_family);
151 156 return NULL;
152 157 }
153 158
154 159 buf_size = 2 * sizeof(isakmp_cookie_t); /* CKY-I + CKY+R */
155 160 buf_size += addr_size + 2; /* Address + Port */
156 161
157 162 if ((buf = rc_vmalloc(buf_size)) == NULL)
158 163 return NULL;
159 164
160 165 ptr = buf->v;
161 166
162 167 /* Copy-in CKY-I */
163 168 memcpy(ptr, iph1->index.i_ck, sizeof(isakmp_cookie_t));
164 169 ptr += sizeof(isakmp_cookie_t);
165 170
166 171 /* Copy-in CKY-I */
167 172 memcpy(ptr, iph1->index.r_ck, sizeof(isakmp_cookie_t));
168 173 ptr += sizeof(isakmp_cookie_t);
169 174
170 175 /* Copy-in Address (or zeroes if NATT_FORCE) */
171 176 if (ikev1_nat_traversal(iph1->rmconf) == NATT_FORCE)
172 177 memset(ptr, 0, addr_size);
173 178 else
174 179 memcpy(ptr, addr_ptr, addr_size);
175 180
176 181 ptr += addr_size;
177 182
178 183 /* Copy-in Port number */
179 184 memcpy(ptr, addr_port, 2);
180 185
181 186 natd = oakley_hash(buf, iph1);
182 187 rc_vfree(buf);
183 188
184 189 return natd;
185 190 }
186 191
187 192 int
188 193 ikev1_natt_compare_addr_hash(struct ph1handle *iph1, rc_vchar_t *natd_received,
189 194 int natd_seq)
190 195 {
191 196 rc_vchar_t *natd_computed;
192 197 uint32_t flag;
193 198 int verified = 0;
194 199
195 200 if (ikev1_nat_traversal(iph1->rmconf) == NATT_FORCE)
196 201 return verified;
197 202
198 203 if (natd_seq == 0) {
199 204 natd_computed = ikev1_natt_hash_addr(iph1, iph1->local);
200 205 flag = NAT_DETECTED_ME;
201 206 } else {
202 207 natd_computed = ikev1_natt_hash_addr(iph1, iph1->remote);
203 208 flag = NAT_DETECTED_PEER;
204 209 }
205 210
206 211 if (natd_received->l == natd_computed->l &&
207 212 memcmp(natd_received->v, natd_computed->v, natd_received->l) == 0) {
208 213 iph1->natt_flags &= ~flag;
209 214 verified = 1;
210 215 }
211 216
212 217 rc_vfree(natd_computed);
213 218
214 219 return verified;
215 220 }
216 221
217 222 int
218 223 ikev1_natt_udp_encap(int encmode)
219 224 {
220 225 return (encmode == IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_RFC ||
221 226 encmode == IPSECDOI_ATTR_ENC_MODE_UDPTRNS_RFC ||
222 227 encmode == IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_DRAFT ||
223 228 encmode == IPSECDOI_ATTR_ENC_MODE_UDPTRNS_DRAFT);
224 229 }
225 230
226 231 static int
227 232 natt_fill_options(struct ph1natt_options *opts, int version)
228 233 {
229 234 uint16_t port_isakmp_natt = PORT_ISAKMP_NATT;
230 235
231 236 if (!opts)
232 237 return -1;
233 238
234 239 opts->version = version;
235 240
236 241 switch (version) {
237 242 case VENDORID_NATT_00:
238 243 case VENDORID_NATT_01:
239 244 opts->float_port = 0; /* No port floating for those drafts */
240 245 opts->payload_nat_d = ISAKMP_NPTYPE_NATD_DRAFT;
241 246 opts->payload_nat_oa = ISAKMP_NPTYPE_NATOA_DRAFT;
242 247 opts->mode_udp_tunnel = IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_DRAFT;
243 248 opts->mode_udp_transport = IPSECDOI_ATTR_ENC_MODE_UDPTRNS_DRAFT;
244 249 opts->encaps_type = UDP_ENCAP_ESPINUDP_NON_IKE;
245 250 break;
246 251
247 252 case VENDORID_NATT_02:
248 253 case VENDORID_NATT_02_N:
249 254 case VENDORID_NATT_03:
250 255 opts->float_port = port_isakmp_natt;
251 256 opts->payload_nat_d = ISAKMP_NPTYPE_NATD_DRAFT;
252 257 opts->payload_nat_oa = ISAKMP_NPTYPE_NATOA_DRAFT;
253 258 opts->mode_udp_tunnel = IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_DRAFT;
254 259 opts->mode_udp_transport = IPSECDOI_ATTR_ENC_MODE_UDPTRNS_DRAFT;
255 260 opts->encaps_type = UDP_ENCAP_ESPINUDP;
256 261 break;
257 262
258 263 case VENDORID_NATT_04:
259 264 case VENDORID_NATT_05:
260 265 case VENDORID_NATT_06:
261 266 case VENDORID_NATT_07:
262 267 case VENDORID_NATT_08:
263 268 opts->float_port = port_isakmp_natt;
264 269 opts->payload_nat_d = ISAKMP_NPTYPE_NATD_BADDRAFT;
265 270 opts->payload_nat_oa = ISAKMP_NPTYPE_NATOA_BADDRAFT;
266 271 opts->mode_udp_tunnel = IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_RFC;
267 272 opts->mode_udp_transport = IPSECDOI_ATTR_ENC_MODE_UDPTRNS_RFC;
268 273 opts->encaps_type = UDP_ENCAP_ESPINUDP;
269 274 break;
270 275
271 276 case VENDORID_NATT_RFC:
272 277 opts->float_port = port_isakmp_natt;
273 278 opts->payload_nat_d = ISAKMP_NPTYPE_NATD_RFC;
274 279 opts->payload_nat_oa = ISAKMP_NPTYPE_NATOA_RFC;
275 280 opts->mode_udp_tunnel = IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_RFC;
276 281 opts->mode_udp_transport = IPSECDOI_ATTR_ENC_MODE_UDPTRNS_RFC;
277 282 opts->encaps_type = UDP_ENCAP_ESPINUDP;
278 283 break;
279 284
280 285 default:
281 286 plog(PLOG_INTERR, PLOGLOC, NULL,
282 287 "unsupported NAT-T version: %s\n",
283 288 vid_string_by_id(version));
284 289 return -1;
285 290 }
286 291
287 292 opts->mode_udp_diff =
288 293 opts->mode_udp_tunnel - IPSECDOI_ATTR_ENC_MODE_TUNNEL;
|
↓ open down ↓ |
230 lines elided |
↑ open up ↑ |
289 294
290 295 return 0;
291 296 }
292 297
293 298 void
294 299 ikev1_natt_float_ports(struct ph1handle *iph1)
295 300 {
296 301 if (!(iph1->natt_flags && NAT_DETECTED))
297 302 return;
298 303 if (!iph1->natt_options->float_port) {
304 +#ifndef sun /* XXX KEBE SAYS OpenSolaris does keepalives in-kernel. */
299 305 /* Drafts 00 / 01, just schedule keepalive */
300 306 natt_keepalive_add_ph1(iph1);
307 +#endif
301 308 return;
302 309 }
303 310
304 311 set_port(iph1->local, iph1->natt_options->float_port);
305 312 set_port(iph1->remote, iph1->natt_options->float_port);
306 - iph1->natt_flags |= NAT_PORTS_CHANGED | NAT_ADD_NON_ESP_MARKER;
307 313
314 + iph1->natt_flags |= NAT_PORTS_CHANGED;
315 +
316 +#ifndef sun
317 + /*
318 + * XXX KEBE SAYS OpenSolaris does keepalives in-kernel.
319 + * Also, we have in-kernel zero-spi addition.
320 + */
321 + iph1->natt_flags |= NAT_ADD_NON_ESP_MARKER;
322 +
308 323 natt_keepalive_add_ph1(iph1);
324 +#endif
309 325 }
310 326
311 327 void
312 328 ikev1_natt_handle_vendorid(struct ph1handle *iph1, int vid_numeric)
313 329 {
314 330 if (!iph1->natt_options)
315 331 iph1->natt_options =
316 332 racoon_calloc(1, sizeof(*iph1->natt_options));
317 333
318 334 if (!iph1->natt_options) {
319 335 plog(PLOG_INTERR, PLOGLOC, NULL,
320 336 "Allocating memory for natt_options failed!\n");
321 337 return;
322 338 }
323 339
324 340 if (iph1->natt_options->version < vid_numeric)
325 341 if (natt_fill_options(iph1->natt_options, vid_numeric) == 0)
326 342 iph1->natt_flags |= NAT_ANNOUNCED;
327 343 }
328 344
345 +#ifndef sun /* XXX KEBE SAYS OpenSolaris does keepalives in-kernel. */
329 346 /* NAT keepalive functions */
330 347 static void
331 348 natt_keepalive_send(void *param)
332 349 {
333 350 struct natt_ka_addrs *ka, *next = NULL;
334 351 char keepalive_packet[] = { 0xff };
335 352 int len;
336 353 int s;
337 354
338 355 for (ka = TAILQ_FIRST(&ka_tree); ka; ka = next) {
339 356 next = TAILQ_NEXT(ka, chain);
340 357
341 358 s = getsockmyaddr(ka->src);
342 359 if (s == -1) {
343 360 TAILQ_REMOVE(&ka_tree, ka, chain);
344 361 racoon_free(ka);
345 362 continue;
346 363 }
347 364 plog(PLOG_DEBUG, PLOGLOC, NULL, "KA: %s->%s\n",
348 365 rcs_sa2str(ka->src), rcs_sa2str(ka->dst));
349 366 len = sendfromto(s, keepalive_packet, sizeof(keepalive_packet),
350 367 ka->src, ka->dst, 1);
351 368 if (len == -1)
352 369 plog(PLOG_INTERR, PLOGLOC, NULL,
353 370 "KA: sendfromto failed: %s\n", strerror(errno));
354 371 }
355 372
356 373 sched_new(ikev1_natt_ka_interval, natt_keepalive_send, NULL);
357 374 }
358 375
359 376 void
360 377 natt_keepalive_init(void)
361 378 {
362 379 TAILQ_INIT(&ka_tree);
363 380
364 381 /* To disable sending KAs set natt_ka_interval=0 */
365 382 if (ikev1_natt_ka_interval > 0)
366 383 sched_new(ikev1_natt_ka_interval, natt_keepalive_send, NULL);
367 384 }
368 385
369 386 int
370 387 natt_keepalive_add(struct sockaddr *src, struct sockaddr *dst)
371 388 {
372 389 struct natt_ka_addrs *ka = NULL, *new_addr;
373 390
374 391 TAILQ_FOREACH(ka, &ka_tree, chain) {
375 392 if (rcs_cmpsa(ka->src, src) == 0 &&
376 393 rcs_cmpsa(ka->dst, dst) == 0) {
377 394 ka->in_use++;
378 395 plog(PLOG_INFO, PLOGLOC, NULL,
379 396 "KA found: %s->%s (in_use=%u)\n", rcs_sa2str(src),
380 397 rcs_sa2str(dst), ka->in_use);
381 398 return 0;
382 399 }
383 400 }
384 401
385 402 plog(PLOG_INFO, PLOGLOC, NULL, "KA list add: %s->%s\n",
386 403 rcs_sa2str(src), rcs_sa2str(dst));
387 404
388 405 new_addr = (struct natt_ka_addrs *)racoon_malloc(sizeof(*new_addr));
389 406 if (!new_addr) {
390 407 plog(PLOG_INTERR, PLOGLOC, NULL,
391 408 "Can't allocate new KA list item\n");
392 409 return -1;
393 410 }
394 411
395 412 new_addr->src = rcs_sadup(src);
396 413 new_addr->dst = rcs_sadup(dst);
397 414 new_addr->in_use = 1;
398 415 TAILQ_INSERT_TAIL(&ka_tree, new_addr, chain);
399 416
400 417 return 0;
401 418 }
402 419
403 420 int
404 421 natt_keepalive_add_ph1(struct ph1handle *iph1)
405 422 {
406 423 int ret = 0;
407 424
408 425 /* Should only the NATed host send keepalives?
409 426 * If yes, add '(iph1->natt_flags & NAT_DETECTED_ME)'
410 427 * to the following condition. */
411 428 if (iph1->natt_flags & NAT_DETECTED &&
412 429 !(iph1->natt_flags & NAT_KA_QUEUED)) {
413 430 ret = natt_keepalive_add(iph1->local, iph1->remote);
414 431 if (ret == 0)
415 432 iph1->natt_flags |= NAT_KA_QUEUED;
416 433 }
417 434
418 435 return ret;
419 436 }
420 437
421 438 void
422 439 natt_keepalive_remove(struct sockaddr *src, struct sockaddr *dst)
423 440 {
424 441 struct natt_ka_addrs *ka, *next = NULL;
425 442
426 443 plog(PLOG_INFO, PLOGLOC, NULL, "KA remove: %s->%s\n",
427 444 rcs_sa2str(src), rcs_sa2str(dst));
428 445
429 446 for (ka = TAILQ_FIRST(&ka_tree); ka; ka = next) {
430 447 next = TAILQ_NEXT(ka, chain);
431 448
432 449 plog(PLOG_DEBUG, PLOGLOC, NULL,
433 450 "KA tree dump: %s->%s (in_use=%u)\n", rcs_sa2str(src),
434 451 rcs_sa2str(dst), ka->in_use);
435 452
436 453 if (rcs_cmpsa(ka->src, src) == 0 &&
437 454 rcs_cmpsa(ka->dst, dst) == 0 && --ka->in_use <= 0) {
438 455
439 456 plog(PLOG_DEBUG, PLOGLOC, NULL,
|
↓ open down ↓ |
101 lines elided |
↑ open up ↑ |
440 457 "KA removing this one...\n");
441 458
442 459 TAILQ_REMOVE(&ka_tree, ka, chain);
443 460 racoon_free(ka);
444 461 /* Should we break here? Every pair of addresses should
445 462 * be inserted only once, but who knows :-) Lets traverse
446 463 * the whole list... */
447 464 }
448 465 }
449 466 }
467 +#endif
450 468
451 469 #ifdef notyet
452 470 static struct remoteconf *
453 471 natt_enabled_in_rmconf_stub(struct remoteconf *rmconf, void *data)
454 472 {
455 473 return (ikev1_nat_traversal(rmconf) == NATT_OFF ? NULL : rmconf);
456 474 }
457 475
458 476 int
459 477 natt_enabled_in_rmconf()
460 478 {
461 479 return foreachrmconf(natt_enabled_in_rmconf_stub, NULL) != NULL;
462 480 }
463 481 #endif
464 482
465 483 struct payload_list *
466 484 isakmp_plist_append_natt_vids(struct payload_list *plist,
467 485 rc_vchar_t *vid_natt[MAX_NATT_VID_COUNT])
468 486 {
469 487 int i, vid_natt_i = 0;
470 488
471 489 if (vid_natt == NULL)
472 490 return NULL;
473 491
474 492 for (i = 0; i < MAX_NATT_VID_COUNT; i++)
475 493 vid_natt[i] = NULL;
476 494
477 495 /*
478 496 * Puts the olders VIDs last, as some implementations may choose
479 497 * the first NATT VID given.
480 498 */
481 499
482 500 /* Always set RFC VID
483 501 */
484 502 if ((vid_natt[vid_natt_i] = set_vendorid(VENDORID_NATT_RFC)) != NULL)
485 503 vid_natt_i++;
486 504 #ifdef ENABLE_NATT_08
487 505 if ((vid_natt[vid_natt_i] = set_vendorid(VENDORID_NATT_08)) != NULL)
488 506 vid_natt_i++;
489 507 #endif
490 508 #ifdef ENABLE_NATT_07
491 509 if ((vid_natt[vid_natt_i] = set_vendorid(VENDORID_NATT_07)) != NULL)
492 510 vid_natt_i++;
493 511 #endif
494 512 #ifdef ENABLE_NATT_06
495 513 if ((vid_natt[vid_natt_i] = set_vendorid(VENDORID_NATT_06)) != NULL)
496 514 vid_natt_i++;
497 515 #endif
498 516 #ifdef ENABLE_NATT_05
499 517 if ((vid_natt[vid_natt_i] = set_vendorid(VENDORID_NATT_05)) != NULL)
500 518 vid_natt_i++;
501 519 #endif
502 520 #ifdef ENABLE_NATT_04
503 521 if ((vid_natt[vid_natt_i] = set_vendorid(VENDORID_NATT_04)) != NULL)
504 522 vid_natt_i++;
505 523 #endif
506 524 #ifdef ENABLE_NATT_03
507 525 if ((vid_natt[vid_natt_i] = set_vendorid(VENDORID_NATT_03)) != NULL)
508 526 vid_natt_i++;
509 527 #endif
510 528 #ifdef ENABLE_NATT_02
511 529 if ((vid_natt[vid_natt_i] = set_vendorid(VENDORID_NATT_02)) != NULL)
512 530 vid_natt_i++;
513 531 if ((vid_natt[vid_natt_i] = set_vendorid(VENDORID_NATT_02_N)) != NULL)
514 532 vid_natt_i++;
515 533 #endif
516 534 #ifdef ENABLE_NATT_01
517 535 if ((vid_natt[vid_natt_i] = set_vendorid(VENDORID_NATT_01)) != NULL)
518 536 vid_natt_i++;
519 537 #endif
520 538 #ifdef ENABLE_NATT_00
521 539 if ((vid_natt[vid_natt_i] = set_vendorid(VENDORID_NATT_00)) != NULL)
522 540 vid_natt_i++;
523 541 #endif
524 542 /* set VID payload for NAT-T */
525 543 for (i = 0; i < vid_natt_i; i++)
526 544 plist = isakmp_plist_append(plist, vid_natt[i],
527 545 ISAKMP_NPTYPE_VID);
528 546
529 547 return plist;
530 548 }
|
↓ open down ↓ |
71 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX