added mysterious UDP encapsulation socket option to get encapsulation working
authorMartin Willi <martin@strongswan.org>
Thu, 22 Jun 2006 12:57:49 +0000 (12:57 -0000)
committerMartin Willi <martin@strongswan.org>
Thu, 22 Jun 2006 12:57:49 +0000 (12:57 -0000)
src/charon/network/socket.c

index dc5aff8..0cd57aa 100644 (file)
 #define IP_IPSEC_POLICY 16
 #endif /*IP_IPSEC_POLICY*/
 
+/* from linux/udp.h */
+#ifndef UDP_ENCAP
+#define UDP_ENCAP 100
+#endif /*UDP_ENCAP*/
+
+#ifndef UDP_ENCAP_ESPINUDP
+#define UDP_ENCAP_ESPINUDP 2
+#endif /*UDP_ENCAP_ESPINUDP*/
+
 typedef struct private_socket_t private_socket_t;
 
 /**
@@ -380,6 +389,17 @@ static status_t initialize(private_socket_t *this)
        {
                this->logger->log(this->logger, ERROR, "unable to setup send socket on port %d!", this->natt_port);
                return FAILED;
+       } else {
+               int type = UDP_ENCAP_ESPINUDP;
+               if (setsockopt(this->natt_fd, SOL_UDP, UDP_ENCAP, &type, sizeof(type)) < 0 
+                   && errno == ENOPROTOOPT)
+               {
+                       this->logger->log(this->logger, ERROR, "unable to set UDP_ENCAP on natt send socket!");
+                       close(this->natt_fd);
+                       close(this->send_fd);
+                       close(this->raw_fd);
+                       return FAILED;
+               }
        }
 
        return SUCCESS;