Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 868101 Details for
Bug 1070356
openswan breaks NAT-T draft clients (and possibly ike fragmentation)
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
patch for NAT-T draft payloads
openswan-2.6.32-20140225-fixup.patch (text/plain), 6.22 KB, created by
Paul Wouters
on 2014-02-26 16:35:52 UTC
(
hide
)
Description:
patch for NAT-T draft payloads
Filename:
MIME Type:
Creator:
Paul Wouters
Created:
2014-02-26 16:35:52 UTC
Size:
6.22 KB
patch
obsolete
>diff -Naur openswan-2.6.32-27.2/include/ietf_constants.h openswan-2.6.32-27.2b/include/ietf_constants.h >--- openswan-2.6.32-27.2/include/ietf_constants.h 2014-02-25 12:49:37.764000000 -0500 >+++ openswan-2.6.32-27.2b/include/ietf_constants.h 2014-02-25 15:32:00.837000000 -0500 >@@ -354,10 +354,15 @@ > ISAKMP_NEXT_D = 12, /* Delete */ > ISAKMP_NEXT_VID = 13, /* Vendor ID */ > ISAKMP_NEXT_ATTR = 14, /* Mode config Attribute */ >- ISAKMP_NEXT_NATD_BADDRAFTS =15, /* NAT-Traversal: NAT-D (bad drafts) */ >- /* !!! Conflicts with RFC 3547 */ >- ISAKMP_NEXT_NATD_RFC = 20, /* NAT-Traversal: NAT-D (rfc) */ >- ISAKMP_NEXT_NATOA_RFC = 21, /* NAT-Traversal: NAT-OA (rfc) */ >+ ISAKMP_NEXT_SAK = 15, /* SA KEK Payload - RFC 6407 */ >+ ISAKMP_NEXT_TEK = 16, /* SA TEK Payload - RFC 6407 */ >+ ISAKMP_NEXT_KD = 17, /* Key Download - RFC 3547 */ >+ ISAKMP_NEXT_SEQ = 18, /* Sequence Number - RFC 3547 */ >+ ISAKMP_NEXT_POP = 19, /* Proof of Possession - RFC 3547 */ >+ ISAKMP_NEXT_NATD_RFC = 20, /* NAT-Traversal: NAT-D RFC 3947 */ >+ ISAKMP_NEXT_NATOA_RFC = 21, /* NAT-Traversal: NAT-OA RFC 3947 */ >+ ISAKMP_NEXT_GAP = 22, /* Group Associated Policy = RFC 6407 */ >+ /* 23-127 Unassigned for IKEv1 */ > > ISAKMP_NEXT_v2SA = 33, /* security association */ > ISAKMP_NEXT_v2KE = 34, /* key exchange payload */ >diff -Naur openswan-2.6.32-27.2/include/names_constant.h openswan-2.6.32-27.2b/include/names_constant.h >--- openswan-2.6.32-27.2/include/names_constant.h 2014-02-25 12:49:37.759000000 -0500 >+++ openswan-2.6.32-27.2b/include/names_constant.h 2014-02-25 15:49:18.628000000 -0500 >@@ -33,7 +33,6 @@ > extern enum_names payload_names_ikev2; > extern const char *const payload_name[]; > extern const char *const payload_name_ikev2[]; >-extern const char *const payload_name_ikev2_main[]; > extern enum_names attr_msg_type_names; > extern enum_names modecfg_attr_names; > extern enum_names xauth_type_names; >diff -Naur openswan-2.6.32-27.2/lib/libopenswan/constants.c openswan-2.6.32-27.2b/lib/libopenswan/constants.c >--- openswan-2.6.32-27.2/lib/libopenswan/constants.c 2014-02-25 12:49:37.759000000 -0500 >+++ openswan-2.6.32-27.2b/lib/libopenswan/constants.c 2014-02-25 15:40:45.800000000 -0500 >@@ -147,18 +147,19 @@ > "ISAKMP_NEXT_D", > "ISAKMP_NEXT_VID", > "ISAKMP_NEXT_MODECFG", /* 14 */ >- "ISAKMP_NEXT_NAT-D", >- "ISAKMP_NEXT_16", >- "ISAKMP_NEXT_17", >- "ISAKMP_NEXT_18", >- "ISAKMP_NEXT_19", >- "ISAKMP_NEXT_NAT-D", >- "ISAKMP_NEXT_NAT-OA", >+ "ISAKMP_NEXT_SAK", >+ "ISAKMP_NEXT_TEK", >+ "ISAKMP_NEXT_KD", >+ "ISAKMP_NEXT_SEQ", >+ "ISAKMP_NEXT_POP", >+ "ISAKMP_NEXT_NAT-D_RFC", >+ "ISAKMP_NEXT_NAT-OA_RFC", >+ "ISAKMP_NEXT_GAP", > NULL > }; > > /* dual-use: for enum_name and for bitnamesof */ >-const char *const payload_name_ikev2_main[] = { >+const char *const payload_name_ikev2[] = { > "ISAKMP_NEXT_v2SA", /* 33 */ > "ISAKMP_NEXT_v2KE", > "ISAKMP_NEXT_v2IDi", >@@ -178,21 +179,27 @@ > NULL /* termination for bitnamesof() */ > }; > >-static enum_names payload_names_ikev2_main = >-{ ISAKMP_NEXT_v2SA, ISAKMP_NEXT_v2EAP, payload_name_ikev2_main, >- NULL }; >- >-const char *const payload_name_ikev2[] = { >- "ISAKMP_NEXT_v2NONE", /* 33 */ >+static const char *const payload_name_private_use[] = { >+ "ISAKMP_NEXT_NATD_DRAFTS", /* 130 */ >+ "ISAKMP_NEXT_NATOA_DRAFTS", >+ "ISAKMP_NEXT_IKE_FRAGMENTATION", /* >+ * proprietary Cisco/Microsoft >+ * IKE fragmented payload >+ */ >+}; >+static enum_names payload_names_private_use = >+{ ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_IKE_FRAGMENTATION, >+ payload_name_private_use, >+ NULL > }; > > enum_names payload_names_ikev2 = >-{ ISAKMP_NEXT_NONE, ISAKMP_NEXT_NONE, payload_name_ikev2, >- &payload_names_ikev2_main }; >+{ ISAKMP_NEXT_v2SA, ISAKMP_NEXT_v2EAP, payload_name_ikev2, >+ &payload_names_private_use }; > > enum_names payload_names = >-{ ISAKMP_NEXT_NONE, ISAKMP_NEXT_NATOA_RFC, payload_name, &payload_names_ikev2_main }; >- >+{ ISAKMP_NEXT_NONE, ISAKMP_NEXT_GAP, payload_name, >+ &payload_names_ikev2 }; > > /* Exchange types (note: two discontinuous ranges) */ > >diff -Naur openswan-2.6.32-27.2/programs/pluto/ikev1.c openswan-2.6.32-27.2b/programs/pluto/ikev1.c >--- openswan-2.6.32-27.2/programs/pluto/ikev1.c 2014-02-25 12:49:37.761000000 -0500 >+++ openswan-2.6.32-27.2b/programs/pluto/ikev1.c 2014-02-25 15:42:26.594000000 -0500 >@@ -1753,6 +1753,7 @@ > sd = payload_desc(np); > break; > >+#if 0 > case ISAKMP_NEXT_NATD_BADDRAFTS: > if (st && (st->hidden_variables.st_nat_traversal & NAT_T_WITH_NATD_BADDRAFT_VALUES)) { > /* >@@ -1764,6 +1765,7 @@ > break; > } > #endif >+#endif > default: > loglog(RC_LOG_SERIOUS, "%smessage ignored because it contains an unknown or" > " unexpected payload type (%s) at the outermost level" >diff -Naur openswan-2.6.32-27.2/programs/pluto/ikev2.c openswan-2.6.32-27.2b/programs/pluto/ikev2.c >--- openswan-2.6.32-27.2/programs/pluto/ikev2.c 2014-02-25 12:49:37.761000000 -0500 >+++ openswan-2.6.32-27.2b/programs/pluto/ikev2.c 2014-02-25 15:45:01.131000000 -0500 >@@ -359,7 +359,7 @@ > /* improperly repeated payload */ > loglog(RC_LOG_SERIOUS, > "missing payload(s) (%s). Message dropped.", >- bitnamesof(payload_name_ikev2_main, req_payloads & ~seen)); >+ bitnamesof(payload_name_ikev2, req_payloads & ~seen)); > return STF_FAIL + INVALID_SYNTAX; > } > >diff -Naur openswan-2.6.32-27.2/programs/pluto/nat_traversal.c openswan-2.6.32-27.2b/programs/pluto/nat_traversal.c >--- openswan-2.6.32-27.2/programs/pluto/nat_traversal.c 2014-02-25 12:49:37.712000000 -0500 >+++ openswan-2.6.32-27.2b/programs/pluto/nat_traversal.c 2014-02-25 15:44:37.300000000 -0500 >@@ -377,10 +377,8 @@ > > DBG(DBG_EMITTING, DBG_log("sending NATD payloads")); > >- nat_np = (st->hidden_variables.st_nat_traversal & NAT_T_WITH_RFC_VALUES >- ? ISAKMP_NEXT_NATD_RFC >- : (st->hidden_variables.st_nat_traversal & NAT_T_WITH_NATD_BADDRAFT_VALUES >- ? ISAKMP_NEXT_NATD_BADDRAFTS : ISAKMP_NEXT_NATD_DRAFTS)); >+ nat_np = (st->hidden_variables.st_nat_traversal & NAT_T_WITH_RFC_VALUES) >+ ? ISAKMP_NEXT_NATD_RFC : ISAKMP_NEXT_NATD_DRAFTS; > if (!out_modify_previous_np(nat_np, outs)) { > return FALSE; > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=868101">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1070356
: 868101