[vpnc-devel] svn commit: vpnc r290 - /trunk/tunip.c
vpnc at unix-ag.uni-kl.de
vpnc at unix-ag.uni-kl.de
Wed Jun 11 08:15:25 CEST 2008
Author: Joerg Mayer
Date: Wed Jun 11 08:15:24 2008
New Revision: 290
Log:
Johan Fischer <jfischer at cmss-systems.com>
Following the previous patch about some NAT-T keepalive UDP packets received
during the session setup, it seems the netscreen is also sending those packets
when the tunnel is Idle. With the current code, the vpnc is logging in syslog
some alerts messages about packets too short and dropped.
The attached patch will detect the NAT packet and just log an INFO message in
the syslog (you can remove that logging) and reduce the noise of vpnc during
Idle times. the logic is not changed (still returning -1 when seen) and this is
mostly a cosmetic change.
Modified:
trunk/tunip.c
Modified: trunk/tunip.c
==============================================================================
--- trunk/tunip.c (original)
+++ trunk/tunip.c Wed Jun 11 08:15:24 2008
@@ -177,7 +177,7 @@
return -1;
}
if (r < (p->ip_hl << 2) + s->ipsec.em->fixed_header_size) {
- syslog(LOG_ALERT, "packet too short");
+ syslog(LOG_ALERT, "packet too short. got %d, expected %d", r, (p->ip_hl << 2) + s->ipsec.em->fixed_header_size);
return -1;
}
@@ -210,9 +210,14 @@
r -= 8;
memmove(buf, buf + 8, r);
}
+ if( r == 1 && *buf == 0xff )
+ {
+ syslog(LOG_INFO, "UDP NAT keepalive packet received" );
+ return -1;
+ }
if (r < s->ipsec.em->fixed_header_size) {
- syslog(LOG_ALERT, "packet too short from %s",
- inet_ntoa(s->dst));
+ syslog(LOG_ALERT, "packet too short from %s. got %d, expected %d",
+ inet_ntoa(s->dst), r, s->ipsec.em->fixed_header_size);
return -1;
}
More information about the vpnc-devel
mailing list