summaryrefslogtreecommitdiff
path: root/sbin/isakmpd/nat_traversal.c
diff options
context:
space:
mode:
authorHakan Olsson <ho@cvs.openbsd.org>2004-06-21 23:27:11 +0000
committerHakan Olsson <ho@cvs.openbsd.org>2004-06-21 23:27:11 +0000
commit19361778431fa0cc1cf73abf7ffecf3142793f9b (patch)
treebd35225f6031d82bef0fce4af0afd5dfd17fc49e /sbin/isakmpd/nat_traversal.c
parentc35a3cc1f50889911a74c83ea50c365a41f09b11 (diff)
Implement NAT-T keepalive messages.
Diffstat (limited to 'sbin/isakmpd/nat_traversal.c')
-rw-r--r--sbin/isakmpd/nat_traversal.c54
1 files changed, 53 insertions, 1 deletions
diff --git a/sbin/isakmpd/nat_traversal.c b/sbin/isakmpd/nat_traversal.c
index 50b1c12c8c7..11950d9c8bb 100644
--- a/sbin/isakmpd/nat_traversal.c
+++ b/sbin/isakmpd/nat_traversal.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: nat_traversal.c,v 1.2 2004/06/20 17:17:35 ho Exp $ */
+/* $OpenBSD: nat_traversal.c,v 1.3 2004/06/21 23:27:10 ho Exp $ */
/*
* Copyright (c) 2004 Håkan Olsson. All rights reserved.
@@ -29,6 +29,7 @@
#include "sysdep.h"
+#include "conf.h"
#include "exchange.h"
#include "hash.h"
#include "ipsec.h"
@@ -41,8 +42,10 @@
#include "nat_traversal.h"
#include "prf.h"
#include "sa.h"
+#include "timer.h"
#include "transport.h"
#include "util.h"
+#include "virtual.h"
/*
* XXX According to draft-ietf-ipsec-nat-t-ike-07.txt, the NAT-T
@@ -62,6 +65,9 @@ static const char *isakmp_nat_t_cap_text[] = {
#endif
};
+/* In seconds. Recommended in draft-ietf-ipsec-udp-encaps-09. */
+#define NAT_T_KEEPALIVE_INTERVAL 20
+
/* The MD5 hashes of the above strings is put in this array. */
static char **nat_t_hashes;
static size_t nat_t_hashsize;
@@ -382,3 +388,49 @@ nat_t_exchange_check_nat_d(struct message *msg)
"nat_t_exchange_check_nat_d: NAT detected"));
return 1;
}
+
+static void
+nat_t_send_keepalive(void *v_arg)
+{
+ struct sa *sa = (struct sa *)v_arg;
+ struct transport *t;
+ struct timeval now;
+ int interval;
+
+ /* Send the keepalive message. */
+ t = ((struct virtual_transport *)sa->transport)->encap;
+ t->vtbl->send_message(NULL, t);
+
+ /* Set new timer. */
+ interval = conf_get_num("General", "NAT-T-Keepalive", 0);
+ if (interval < 1)
+ interval = NAT_T_KEEPALIVE_INTERVAL;
+ gettimeofday(&now, 0);
+ now.tv_sec += interval;
+
+ sa->nat_t_keepalive = timer_add_event("nat_t_send_keepalive",
+ nat_t_send_keepalive, v_arg, &now);
+ if (!sa->nat_t_keepalive)
+ log_print("nat_t_send_keepalive: "
+ "timer_add_event() failed, will send no more keepalives");
+}
+
+void
+nat_t_setup_keepalive(struct sa *sa)
+{
+ struct sockaddr *src;
+ struct timeval now;
+
+ sa->transport->vtbl->get_src(sa->transport, &src);
+ if (!virtual_listen_lookup(src))
+ return;
+
+ gettimeofday(&now, 0);
+ now.tv_sec += NAT_T_KEEPALIVE_INTERVAL;
+
+ sa->nat_t_keepalive = timer_add_event("nat_t_send_keepalive",
+ nat_t_send_keepalive, sa, &now);
+ if (!sa->nat_t_keepalive)
+ log_print("nat_t_setup_keepalive: "
+ "timer_add_event() failed, will not send keepalives");
+}