diff -Nru openwrt.old/buildroot/sources/openwrt/kernel/linux.config openwrt.new/buildroot/sources/openwrt/kernel/linux.config --- openwrt.old/buildroot/sources/openwrt/kernel/linux.config 2004-08-18 01:00:52.000000000 +0200 +++ openwrt.new/buildroot/sources/openwrt/kernel/linux.config 2004-08-30 11:33:22.114398328 +0200 @@ -480,6 +480,7 @@ # Network testing # # CONFIG_NET_PKTGEN is not set +CONFIG_IPSEC_NAT_TRAVERSAL=y # # Telephony Support diff -Nru openwrt.old/buildroot/sources/openwrt/kernel/patches/180-openswan-natt.patch openwrt.new/buildroot/sources/openwrt/kernel/patches/180-openswan-natt.patch --- openwrt.old/buildroot/sources/openwrt/kernel/patches/180-openswan-natt.patch 1970-01-01 01:00:00.000000000 +0100 +++ openwrt.new/buildroot/sources/openwrt/kernel/patches/180-openswan-natt.patch 2004-08-30 11:31:27.686793968 +0200 @@ -0,0 +1,139 @@ +packaging/utils/nattpatch 2.4 +--- ./include/net/sock.h 2002/02/06 15:25:10 1.1 ++++ ./include/net/sock.h 2002/05/22 12:14:56 +@@ -245,6 +245,13 @@ + __u32 end_seq; + }; + ++#if 1 ++#define UDP_OPT_IN_SOCK 1 ++struct udp_opt { ++ __u32 esp_in_udp; ++}; ++#endif ++ + struct tcp_opt { + int tcp_header_len; /* Bytes of tcp header to send */ + +@@ -584,6 +590,9 @@ + #if defined(CONFIG_SPX) || defined (CONFIG_SPX_MODULE) + struct spx_opt af_spx; + #endif /* CONFIG_SPX */ ++#if 1 ++ struct udp_opt af_udp; ++#endif + + } tp_pinfo; + +--- linux/net/Config.in.orig Fri Feb 9 14:34:13 2001 ++++ linux/net/Config.in Thu Feb 22 19:40:08 2001 +@@ -88,3 +88,5 @@ + endmenu + ++bool 'IPSEC NAT-Traversal' CONFIG_IPSEC_NAT_TRAVERSAL ++ + endmenu +--- plain/net/ipv4/udp.c.1 Wed Jan 28 15:57:05 2004 ++++ plain/net/ipv4/udp.c Wed Jan 28 15:58:56 2004 +@@ -787,6 +787,9 @@ + + static int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb) + { ++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL ++ struct udp_opt *tp = &(sk->tp_pinfo.af_udp); ++#endif + /* + * Charge it to the socket, dropping if the queue is full. + */ +@@ -804,6 +807,40 @@ + } + #endif + ++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL ++ if (tp->esp_in_udp) { ++ /* ++ * Set skb->sk and xmit packet to ipsec_rcv. ++ * ++ * If ret != 0, ipsec_rcv refused the packet (not ESPinUDP), ++ * restore skb->sk and fall back to sock_queue_rcv_skb ++ */ ++ struct inet_protocol *esp = NULL; ++ ++#if defined(CONFIG_IPSEC) && !defined(CONFIG_IPSEC_MODULE) ++ /* optomize only when we know it is statically linked */ ++ extern struct inet_protocol esp_protocol; ++ esp = &esp_protocol; ++#else ++ for (esp = (struct inet_protocol *)inet_protos[IPPROTO_ESP & (MAX_INET_PROTOS - 1)]; ++ (esp) && (esp->protocol != IPPROTO_ESP); ++ esp = esp->next); ++#endif ++ ++ if (esp && esp->handler) { ++ struct sock *sav_sk = skb->sk; ++ skb->sk = sk; ++ if (esp->handler(skb) == 0) { ++ skb->sk = sav_sk; ++ /*not sure we might count ESPinUDP as UDP...*/ ++ UDP_INC_STATS_BH(UdpInDatagrams); ++ return 0; ++ } ++ skb->sk = sav_sk; ++ } ++ } ++#endif ++ + if (sock_queue_rcv_skb(sk,skb)<0) { + UDP_INC_STATS_BH(UdpInErrors); + IP_INC_STATS_BH(IpInDiscards); +@@ -1027,13 +1064,49 @@ + return len; + } + ++static int udp_setsockopt(struct sock *sk, int level, int optname, ++ char *optval, int optlen) ++{ ++ struct udp_opt *tp = &(sk->tp_pinfo.af_udp); ++ int val; ++ int err = 0; ++ ++ if (level != SOL_UDP) ++ return ip_setsockopt(sk, level, optname, optval, optlen); ++ ++ if(optlenesp_in_udp = val; ++ break; ++#endif ++ default: ++ err = -ENOPROTOOPT; ++ break; ++ } ++ ++ release_sock(sk); ++ return err; ++} ++ + struct proto udp_prot = { + name: "UDP", + close: udp_close, + connect: udp_connect, + disconnect: udp_disconnect, + ioctl: udp_ioctl, +- setsockopt: ip_setsockopt, ++ setsockopt: udp_setsockopt, + getsockopt: ip_getsockopt, + sendmsg: udp_sendmsg, + recvmsg: udp_recvmsg,