Annotation of embedaddon/ipsec-tools/src/racoon/nattraversal.c, revision 1.1
1.1 ! misho 1: /* $NetBSD: nattraversal.c,v 1.14 2011/03/14 17:18:13 tteras Exp $ */
! 2:
! 3: /*
! 4: * Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany.
! 5: * Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs
! 6: * All rights reserved.
! 7: *
! 8: * Redistribution and use in source and binary forms, with or without
! 9: * modification, are permitted provided that the following conditions
! 10: * are met:
! 11: * 1. Redistributions of source code must retain the above copyright
! 12: * notice, this list of conditions and the following disclaimer.
! 13: * 2. Redistributions in binary form must reproduce the above copyright
! 14: * notice, this list of conditions and the following disclaimer in the
! 15: * documentation and/or other materials provided with the distribution.
! 16: * 3. Neither the name of the project nor the names of its contributors
! 17: * may be used to endorse or promote products derived from this software
! 18: * without specific prior written permission.
! 19: *
! 20: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
! 21: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
! 22: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
! 23: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
! 24: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
! 25: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
! 26: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
! 27: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
! 28: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
! 29: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
! 30: * SUCH DAMAGE.
! 31: */
! 32:
! 33: #include "config.h"
! 34:
! 35: #include <sys/types.h>
! 36: #include <sys/param.h>
! 37:
! 38: #ifdef __linux__
! 39: #include <linux/udp.h>
! 40: #endif
! 41: #if defined(__NetBSD__) || defined (__FreeBSD__)
! 42: #include <netinet/udp.h>
! 43: #endif
! 44:
! 45: #include <stdlib.h>
! 46: #include <stdio.h>
! 47: #include <string.h>
! 48: #include <errno.h>
! 49: #include <ctype.h>
! 50:
! 51: #include "var.h"
! 52: #include "misc.h"
! 53: #include "vmbuf.h"
! 54: #include "plog.h"
! 55: #include "debug.h"
! 56:
! 57: #include "localconf.h"
! 58: #include "remoteconf.h"
! 59: #include "sockmisc.h"
! 60: #include "isakmp_var.h"
! 61: #include "isakmp.h"
! 62: #include "oakley.h"
! 63: #include "ipsec_doi.h"
! 64: #include "vendorid.h"
! 65: #include "handler.h"
! 66: #include "crypto_openssl.h"
! 67: #include "schedule.h"
! 68: #include "nattraversal.h"
! 69: #include "grabmyaddr.h"
! 70:
! 71: struct natt_ka_addrs {
! 72: struct sockaddr *src;
! 73: struct sockaddr *dst;
! 74: unsigned in_use;
! 75:
! 76: TAILQ_ENTRY(natt_ka_addrs) chain;
! 77: };
! 78:
! 79: static TAILQ_HEAD(_natt_ka_addrs, natt_ka_addrs) ka_tree;
! 80: static struct sched sc_natt = SCHED_INITIALIZER();
! 81:
! 82: /*
! 83: * check if the given vid is NAT-T.
! 84: */
! 85: int
! 86: natt_vendorid (int vid)
! 87: {
! 88: return (
! 89: #ifdef ENABLE_NATT_00
! 90: vid == VENDORID_NATT_00 ||
! 91: #endif
! 92: #ifdef ENABLE_NATT_01
! 93: vid == VENDORID_NATT_01 ||
! 94: #endif
! 95: #ifdef ENABLE_NATT_02
! 96: vid == VENDORID_NATT_02 ||
! 97: vid == VENDORID_NATT_02_N ||
! 98: #endif
! 99: #ifdef ENABLE_NATT_03
! 100: vid == VENDORID_NATT_03 ||
! 101: #endif
! 102: #ifdef ENABLE_NATT_04
! 103: vid == VENDORID_NATT_04 ||
! 104: #endif
! 105: #ifdef ENABLE_NATT_05
! 106: vid == VENDORID_NATT_05 ||
! 107: #endif
! 108: #ifdef ENABLE_NATT_06
! 109: vid == VENDORID_NATT_06 ||
! 110: #endif
! 111: #ifdef ENABLE_NATT_07
! 112: vid == VENDORID_NATT_07 ||
! 113: #endif
! 114: #ifdef ENABLE_NATT_08
! 115: vid == VENDORID_NATT_08 ||
! 116: #endif
! 117: /* Always enable NATT RFC if ENABLE_NATT
! 118: */
! 119: vid == VENDORID_NATT_RFC);
! 120: }
! 121:
! 122: vchar_t *
! 123: natt_hash_addr (struct ph1handle *iph1, struct sockaddr *addr)
! 124: {
! 125: vchar_t *natd;
! 126: vchar_t *buf;
! 127: char *ptr;
! 128: void *addr_ptr, *addr_port;
! 129: size_t buf_size, addr_size;
! 130: int natt_force = 0;
! 131:
! 132: if (iph1->rmconf != NULL && iph1->rmconf->nat_traversal == NATT_FORCE)
! 133: natt_force = 1;
! 134:
! 135: plog (LLV_INFO, LOCATION, addr, "Hashing %s with algo #%d %s\n",
! 136: saddr2str(addr), iph1->approval->hashtype,
! 137: natt_force?"(NAT-T forced)":"");
! 138:
! 139: if (addr->sa_family == AF_INET) {
! 140: addr_size = sizeof (struct in_addr); /* IPv4 address */
! 141: addr_ptr = &((struct sockaddr_in *)addr)->sin_addr;
! 142: addr_port = &((struct sockaddr_in *)addr)->sin_port;
! 143: }
! 144: else if (addr->sa_family == AF_INET6) {
! 145: addr_size = sizeof (struct in6_addr); /* IPv6 address */
! 146: addr_ptr = &((struct sockaddr_in6 *)addr)->sin6_addr;
! 147: addr_port = &((struct sockaddr_in6 *)addr)->sin6_port;
! 148: }
! 149: else {
! 150: plog (LLV_ERROR, LOCATION, addr, "Unsupported address family #0x%x\n", addr->sa_family);
! 151: return NULL;
! 152: }
! 153:
! 154: buf_size = 2 * sizeof (cookie_t); /* CKY-I + CKY+R */
! 155: buf_size += addr_size + 2; /* Address + Port */
! 156:
! 157: if ((buf = vmalloc (buf_size)) == NULL)
! 158: return NULL;
! 159:
! 160: ptr = buf->v;
! 161:
! 162: /* Copy-in CKY-I */
! 163: memcpy (ptr, iph1->index.i_ck, sizeof (cookie_t));
! 164: ptr += sizeof (cookie_t);
! 165:
! 166: /* Copy-in CKY-I */
! 167: memcpy (ptr, iph1->index.r_ck, sizeof (cookie_t));
! 168: ptr += sizeof (cookie_t);
! 169:
! 170: /* Copy-in Address (or zeroes if NATT_FORCE) */
! 171: if (natt_force)
! 172: memset (ptr, 0, addr_size);
! 173: else
! 174: memcpy (ptr, addr_ptr, addr_size);
! 175: ptr += addr_size;
! 176:
! 177: /* Copy-in Port number */
! 178: memcpy (ptr, addr_port, 2);
! 179:
! 180: natd = oakley_hash (buf, iph1);
! 181: vfree(buf);
! 182:
! 183: return natd;
! 184: }
! 185:
! 186: int
! 187: natt_compare_addr_hash (struct ph1handle *iph1, vchar_t *natd_received,
! 188: int natd_seq)
! 189: {
! 190: vchar_t *natd_computed;
! 191: u_int32_t flag;
! 192: int verified = 0;
! 193:
! 194: if (iph1->rmconf != NULL &&
! 195: iph1->rmconf->nat_traversal == NATT_FORCE)
! 196: return verified;
! 197:
! 198: if (natd_seq == 0) {
! 199: natd_computed = natt_hash_addr (iph1, iph1->local);
! 200: flag = NAT_DETECTED_ME;
! 201: }
! 202: else {
! 203: natd_computed = natt_hash_addr (iph1, iph1->remote);
! 204: flag = NAT_DETECTED_PEER;
! 205: }
! 206:
! 207: if (natd_computed == NULL) {
! 208: plog(LLV_ERROR, LOCATION, NULL, "natd_computed allocation failed\n");
! 209: return verified; /* XXX should abort */
! 210: }
! 211:
! 212: if (natd_received->l == natd_computed->l &&
! 213: memcmp (natd_received->v, natd_computed->v, natd_received->l) == 0) {
! 214: iph1->natt_flags &= ~flag;
! 215: verified = 1;
! 216: }
! 217:
! 218: vfree (natd_computed);
! 219:
! 220: return verified;
! 221: }
! 222:
! 223: int
! 224: natt_udp_encap (int encmode)
! 225: {
! 226: return (encmode == IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_RFC ||
! 227: encmode == IPSECDOI_ATTR_ENC_MODE_UDPTRNS_RFC ||
! 228: encmode == IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_DRAFT ||
! 229: encmode == IPSECDOI_ATTR_ENC_MODE_UDPTRNS_DRAFT);
! 230: }
! 231:
! 232: int
! 233: natt_fill_options (struct ph1natt_options *opts, int version)
! 234: {
! 235: if (! opts)
! 236: return -1;
! 237:
! 238: opts->version = version;
! 239:
! 240: switch (version) {
! 241: case VENDORID_NATT_00:
! 242: case VENDORID_NATT_01:
! 243: opts->float_port = 0; /* No port floating for those drafts */
! 244: opts->payload_nat_d = ISAKMP_NPTYPE_NATD_DRAFT;
! 245: opts->payload_nat_oa = ISAKMP_NPTYPE_NATOA_DRAFT;
! 246: opts->mode_udp_tunnel = IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_DRAFT;
! 247: opts->mode_udp_transport = IPSECDOI_ATTR_ENC_MODE_UDPTRNS_DRAFT;
! 248: opts->encaps_type = UDP_ENCAP_ESPINUDP_NON_IKE;
! 249: break;
! 250:
! 251: case VENDORID_NATT_02:
! 252: case VENDORID_NATT_02_N:
! 253: case VENDORID_NATT_03:
! 254: opts->float_port = lcconf->port_isakmp_natt;
! 255: opts->payload_nat_d = ISAKMP_NPTYPE_NATD_DRAFT;
! 256: opts->payload_nat_oa = ISAKMP_NPTYPE_NATOA_DRAFT;
! 257: opts->mode_udp_tunnel = IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_DRAFT;
! 258: opts->mode_udp_transport = IPSECDOI_ATTR_ENC_MODE_UDPTRNS_DRAFT;
! 259: opts->encaps_type = UDP_ENCAP_ESPINUDP;
! 260: break;
! 261: case VENDORID_NATT_04:
! 262: case VENDORID_NATT_05:
! 263: case VENDORID_NATT_06:
! 264: case VENDORID_NATT_07:
! 265: case VENDORID_NATT_08:
! 266: opts->float_port = lcconf->port_isakmp_natt;
! 267: opts->payload_nat_d = ISAKMP_NPTYPE_NATD_BADDRAFT;
! 268: opts->payload_nat_oa = ISAKMP_NPTYPE_NATOA_BADDRAFT;
! 269: opts->mode_udp_tunnel = IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_RFC;
! 270: opts->mode_udp_transport = IPSECDOI_ATTR_ENC_MODE_UDPTRNS_RFC;
! 271: opts->encaps_type = UDP_ENCAP_ESPINUDP;
! 272: break;
! 273: case VENDORID_NATT_RFC:
! 274: opts->float_port = lcconf->port_isakmp_natt;
! 275: opts->payload_nat_d = ISAKMP_NPTYPE_NATD_RFC;
! 276: opts->payload_nat_oa = ISAKMP_NPTYPE_NATOA_RFC;
! 277: opts->mode_udp_tunnel = IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_RFC;
! 278: opts->mode_udp_transport = IPSECDOI_ATTR_ENC_MODE_UDPTRNS_RFC;
! 279: opts->encaps_type = UDP_ENCAP_ESPINUDP;
! 280: break;
! 281: default:
! 282: plog(LLV_ERROR, LOCATION, NULL,
! 283: "unsupported NAT-T version: %s\n",
! 284: vid_string_by_id(version));
! 285: return -1;
! 286: }
! 287:
! 288: opts->mode_udp_diff = opts->mode_udp_tunnel - IPSECDOI_ATTR_ENC_MODE_TUNNEL;
! 289:
! 290: return 0;
! 291: }
! 292:
! 293: void
! 294: natt_float_ports (struct ph1handle *iph1)
! 295: {
! 296: if (! (iph1->natt_flags & NAT_DETECTED) )
! 297: return;
! 298: if (! iph1->natt_options->float_port){
! 299: /* Drafts 00 / 01, just schedule keepalive */
! 300: natt_keepalive_add_ph1 (iph1);
! 301: return;
! 302: }
! 303:
! 304: set_port (iph1->local, iph1->natt_options->float_port);
! 305: set_port (iph1->remote, iph1->natt_options->float_port);
! 306: iph1->natt_flags |= NAT_PORTS_CHANGED | NAT_ADD_NON_ESP_MARKER;
! 307:
! 308: natt_keepalive_add_ph1 (iph1);
! 309: }
! 310:
! 311: static int
! 312: natt_is_enabled (struct remoteconf *rmconf, void *args)
! 313: {
! 314: if (rmconf->nat_traversal)
! 315: return 1;
! 316: return 0;
! 317: }
! 318:
! 319: void
! 320: natt_handle_vendorid (struct ph1handle *iph1, int vid_numeric)
! 321: {
! 322: if (iph1->rmconf == NULL) {
! 323: /* Check if any candidate remote conf allows nat-t */
! 324: struct rmconfselector rmconf;
! 325: rmconf_selector_from_ph1(&rmconf, iph1);
! 326: if (enumrmconf(&rmconf, natt_is_enabled, NULL) == 0)
! 327: return;
! 328: } else {
! 329: if (!iph1->rmconf->nat_traversal)
! 330: return;
! 331: }
! 332:
! 333: if (! iph1->natt_options)
! 334: iph1->natt_options = racoon_calloc (1, sizeof (*iph1->natt_options));
! 335:
! 336: if (! iph1->natt_options) {
! 337: plog (LLV_ERROR, LOCATION, NULL,
! 338: "Allocating memory for natt_options failed!\n");
! 339: return;
! 340: }
! 341:
! 342: if (iph1->natt_options->version < vid_numeric)
! 343: if (natt_fill_options (iph1->natt_options, vid_numeric) == 0)
! 344: iph1->natt_flags |= NAT_ANNOUNCED;
! 345: }
! 346:
! 347: static void
! 348: natt_keepalive_delete (struct natt_ka_addrs *ka)
! 349: {
! 350: TAILQ_REMOVE (&ka_tree, ka, chain);
! 351: racoon_free (ka->src);
! 352: racoon_free (ka->dst);
! 353: racoon_free (ka);
! 354: }
! 355:
! 356: /* NAT keepalive functions */
! 357: static void
! 358: natt_keepalive_send (struct sched *param)
! 359: {
! 360: struct natt_ka_addrs *ka, *next = NULL;
! 361: char keepalive_packet[] = { 0xff };
! 362: size_t len;
! 363: int s;
! 364:
! 365: for (ka = TAILQ_FIRST(&ka_tree); ka; ka = next) {
! 366: next = TAILQ_NEXT(ka, chain);
! 367:
! 368: s = myaddr_getfd(ka->src);
! 369: if (s == -1) {
! 370: natt_keepalive_delete(ka);
! 371: continue;
! 372: }
! 373: plog (LLV_DEBUG, LOCATION, NULL, "KA: %s\n",
! 374: saddr2str_fromto("%s->%s", ka->src, ka->dst));
! 375: len = sendfromto(s, keepalive_packet, sizeof (keepalive_packet),
! 376: ka->src, ka->dst, 1);
! 377: if (len == -1)
! 378: plog(LLV_ERROR, LOCATION, NULL, "KA: sendfromto failed: %s\n",
! 379: strerror (errno));
! 380: }
! 381:
! 382: sched_schedule (&sc_natt, lcconf->natt_ka_interval, natt_keepalive_send);
! 383: }
! 384:
! 385: void
! 386: natt_keepalive_init (void)
! 387: {
! 388: TAILQ_INIT(&ka_tree);
! 389:
! 390: /* To disable sending KAs set natt_ka_interval=0 */
! 391: if (lcconf->natt_ka_interval > 0)
! 392: sched_schedule (&sc_natt, lcconf->natt_ka_interval, natt_keepalive_send);
! 393: }
! 394:
! 395: int
! 396: natt_keepalive_add (struct sockaddr *src, struct sockaddr *dst)
! 397: {
! 398: struct natt_ka_addrs *ka = NULL, *new_addr;
! 399:
! 400: TAILQ_FOREACH (ka, &ka_tree, chain) {
! 401: if (cmpsaddr(ka->src, src) == CMPSADDR_MATCH &&
! 402: cmpsaddr(ka->dst, dst) == CMPSADDR_MATCH) {
! 403: ka->in_use++;
! 404: plog (LLV_INFO, LOCATION, NULL, "KA found: %s (in_use=%u)\n",
! 405: saddr2str_fromto("%s->%s", src, dst), ka->in_use);
! 406: return 0;
! 407: }
! 408: }
! 409:
! 410: plog (LLV_INFO, LOCATION, NULL, "KA list add: %s\n", saddr2str_fromto("%s->%s", src, dst));
! 411:
! 412: new_addr = (struct natt_ka_addrs *)racoon_malloc(sizeof(*new_addr));
! 413: if (! new_addr) {
! 414: plog (LLV_ERROR, LOCATION, NULL, "Can't allocate new KA list item\n");
! 415: return -1;
! 416: }
! 417:
! 418: if ((new_addr->src = dupsaddr(src)) == NULL) {
! 419: racoon_free(new_addr);
! 420: plog (LLV_ERROR, LOCATION, NULL, "Can't allocate new KA list item\n");
! 421: return -1;
! 422: }
! 423: if ((new_addr->dst = dupsaddr(dst)) == NULL) {
! 424: racoon_free(new_addr);
! 425: plog (LLV_ERROR, LOCATION, NULL, "Can't allocate new KA list item\n");
! 426: return -1;
! 427: }
! 428: new_addr->in_use = 1;
! 429: TAILQ_INSERT_TAIL(&ka_tree, new_addr, chain);
! 430:
! 431: return 0;
! 432: }
! 433:
! 434: int
! 435: natt_keepalive_add_ph1 (struct ph1handle *iph1)
! 436: {
! 437: int ret = 0;
! 438:
! 439: /* Should only the NATed host send keepalives?
! 440: If yes, add '(iph1->natt_flags & NAT_DETECTED_ME)'
! 441: to the following condition. */
! 442: if (iph1->natt_flags & NAT_DETECTED &&
! 443: ! (iph1->natt_flags & NAT_KA_QUEUED)) {
! 444: ret = natt_keepalive_add (iph1->local, iph1->remote);
! 445: if (ret == 0)
! 446: iph1->natt_flags |= NAT_KA_QUEUED;
! 447: }
! 448:
! 449: return ret;
! 450: }
! 451:
! 452: void
! 453: natt_keepalive_remove (struct sockaddr *src, struct sockaddr *dst)
! 454: {
! 455: struct natt_ka_addrs *ka, *next = NULL;
! 456:
! 457: plog (LLV_INFO, LOCATION, NULL, "KA remove: %s\n", saddr2str_fromto("%s->%s", src, dst));
! 458:
! 459: for (ka = TAILQ_FIRST(&ka_tree); ka; ka = next) {
! 460: next = TAILQ_NEXT(ka, chain);
! 461:
! 462: plog (LLV_DEBUG, LOCATION, NULL, "KA tree dump: %s (in_use=%u)\n",
! 463: saddr2str_fromto("%s->%s", src, dst), ka->in_use);
! 464:
! 465: if (cmpsaddr(ka->src, src) == CMPSADDR_MATCH &&
! 466: cmpsaddr(ka->dst, dst) == CMPSADDR_MATCH &&
! 467: -- ka->in_use <= 0) {
! 468:
! 469: plog (LLV_DEBUG, LOCATION, NULL, "KA removing this one...\n");
! 470:
! 471: natt_keepalive_delete (ka);
! 472: /* Should we break here? Every pair of addresses should
! 473: be inserted only once, but who knows :-) Lets traverse
! 474: the whole list... */
! 475: }
! 476: }
! 477: }
! 478:
! 479: static int
! 480: natt_enabled_in_rmconf_stub (struct remoteconf *rmconf, void *data)
! 481: {
! 482: return rmconf->nat_traversal ? 1 : 0;
! 483: }
! 484:
! 485: int
! 486: natt_enabled_in_rmconf ()
! 487: {
! 488: return enumrmconf(NULL, natt_enabled_in_rmconf_stub, NULL) != 0;
! 489: }
! 490:
! 491:
! 492: struct payload_list *
! 493: isakmp_plist_append_natt_vids (struct payload_list *plist, vchar_t *vid_natt[MAX_NATT_VID_COUNT]){
! 494: int i, vid_natt_i = 0;
! 495:
! 496: if(vid_natt == NULL)
! 497: return NULL;
! 498:
! 499: for (i = 0; i < MAX_NATT_VID_COUNT; i++)
! 500: vid_natt[i]=NULL;
! 501:
! 502: /* Puts the olders VIDs last, as some implementations may choose the first
! 503: * NATT VID given
! 504: */
! 505:
! 506: /* Always set RFC VID
! 507: */
! 508: if ((vid_natt[vid_natt_i] = set_vendorid(VENDORID_NATT_RFC)) != NULL)
! 509: vid_natt_i++;
! 510: #ifdef ENABLE_NATT_08
! 511: if ((vid_natt[vid_natt_i] = set_vendorid(VENDORID_NATT_08)) != NULL)
! 512: vid_natt_i++;
! 513: #endif
! 514: #ifdef ENABLE_NATT_07
! 515: if ((vid_natt[vid_natt_i] = set_vendorid(VENDORID_NATT_07)) != NULL)
! 516: vid_natt_i++;
! 517: #endif
! 518: #ifdef ENABLE_NATT_06
! 519: if ((vid_natt[vid_natt_i] = set_vendorid(VENDORID_NATT_06)) != NULL)
! 520: vid_natt_i++;
! 521: #endif
! 522: #ifdef ENABLE_NATT_05
! 523: if ((vid_natt[vid_natt_i] = set_vendorid(VENDORID_NATT_05)) != NULL)
! 524: vid_natt_i++;
! 525: #endif
! 526: #ifdef ENABLE_NATT_04
! 527: if ((vid_natt[vid_natt_i] = set_vendorid(VENDORID_NATT_04)) != NULL)
! 528: vid_natt_i++;
! 529: #endif
! 530: #ifdef ENABLE_NATT_03
! 531: if ((vid_natt[vid_natt_i] = set_vendorid(VENDORID_NATT_03)) != NULL)
! 532: vid_natt_i++;
! 533: #endif
! 534: #ifdef ENABLE_NATT_02
! 535: if ((vid_natt[vid_natt_i] = set_vendorid(VENDORID_NATT_02)) != NULL)
! 536: vid_natt_i++;
! 537: if ((vid_natt[vid_natt_i] = set_vendorid(VENDORID_NATT_02_N)) != NULL)
! 538: vid_natt_i++;
! 539: #endif
! 540: #ifdef ENABLE_NATT_01
! 541: if ((vid_natt[vid_natt_i] = set_vendorid(VENDORID_NATT_01)) != NULL)
! 542: vid_natt_i++;
! 543: #endif
! 544: #ifdef ENABLE_NATT_00
! 545: if ((vid_natt[vid_natt_i] = set_vendorid(VENDORID_NATT_00)) != NULL)
! 546: vid_natt_i++;
! 547: #endif
! 548: /* set VID payload for NAT-T */
! 549: for (i = 0; i < vid_natt_i; i++)
! 550: plist = isakmp_plist_append(plist, vid_natt[i], ISAKMP_NPTYPE_VID);
! 551:
! 552: return plist;
! 553: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to nattraversal.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon