Configure the NAT-T port via sysctl on Mac OS X to enable handling of incoming UDP encapsulated ESP packets in the kernel.

2009-07-29 11:34:47 +02:00 · 2009-07-29 11:34:47 +02:00 · 789ba17024
parent b2117eee20
commit 789ba17024
1 changed files with 15 additions and 0 deletions
--- a/src/charon/network/socket.c
+++ b/src/charon/network/socket.c
@ -34,6 +34,9 @@
 #include <netinet/ip6.h>
 #include <netinet/udp.h>
 #include <net/if.h>
+#ifdef __APPLE__
+#include <sys/sysctl.h>
+#endif

 #include "socket.h"

@ -611,6 +614,18 @@ socket_t *socket_create()
 	this->ipv6 = 0;
 	this->ipv4_natt = 0;
 	this->ipv6_natt = 0;
+
+#ifdef __APPLE__
+	{
+		int natt_port = IKEV2_NATT_PORT;
+		if (sysctlbyname("net.inet.ipsec.esp_port", NULL, NULL, &natt_port,
+						 sizeof(natt_port)) != 0)
+		{
+			DBG1(DBG_NET, "could not set net.inet.ipsec.esp_port to %d: %s",
+				 natt_port, strerror(errno));
+		}
+	}
+#endif
 	
 	this->ipv4 = open_socket(this, AF_INET, IKEV2_UDP_PORT);
 	if (this->ipv4 == 0)