commit e474937fef9fe80b3a961db00d2c39b26ef9430b
Author: Paul Wouters <pwouters@redhat.com>
Date:   Sun May 20 13:30:16 2012 -0400

    * Workaround for Android Ice Cream Sandwich ipsec-tools 0.8.0 bug
    
    ipsec-tools 0.8.0 mistakenly sets some NAT-OA fields that are defined
    in RFC1374 as "always zero". We define these as "ft_mbz" (Must Be Zero)
    
    This workaround changes the type to "ft_nat" (Natural number) and
    then ignores it.
    
    What we really need is the "ft_mbz" case to log and zeroise

diff --git a/Makefile.inc b/Makefile.inc
index 6513b91..a8ce797 100644
--- a/Makefile.inc
+++ b/Makefile.inc
@@ -192,7 +192,7 @@ BISONOSFLAGS=
 #Example for a cross compile:
 #USERCOMPILE?=-g ${PORTDEFINE} -I/usr/local/arm_tools/arm-elf/inc -L/usr/local/arm_tools/lib/gcc-lib
 GCC_LINT ?= -DGCC_LINT 
-USERCOMPILE?=-g -O3 ${WERROR} $(GCC_LINT)
+USERCOMPILE?=-g -O3 ${WERROR} $(GCC_LINT) -DSUPPORT_BROKEN_ANDROID_ICS
 KLIPSCOMPILE=-O3 -DCONFIG_KLIPS_ALG -DDISABLE_UDP_CHECKSUM
 # Additional debugging for developers (warning: can crash libreswan!)
 #USERCOMPILE?=-g -DLEAK_DETECTIVE -lefence
diff --git a/lib/libpluto/packet.c b/lib/libpluto/packet.c
index b58813a..e808cd0 100644
--- a/lib/libpluto/packet.c
+++ b/lib/libpluto/packet.c
@@ -597,10 +597,19 @@ struct_desc isakmp_nat_d = { "ISAKMP NAT-D Payload", isag_fields, sizeof(struct
  */
 static field_desc isanat_oa_fields[] = {
     { ft_enum, 8/BITS_PER_BYTE, "next payload type", &payload_names },
+#ifdef SUPPORT_BROKEN_ANDROID_ICS
+    { ft_nat, 8/BITS_PER_BYTE, NULL, NULL },
+#else
     { ft_mbz, 8/BITS_PER_BYTE, NULL, NULL },
+#endif
     { ft_len, 16/BITS_PER_BYTE, "length", NULL },
     { ft_enum, 8/BITS_PER_BYTE, "ID type", &ident_names },
+#ifdef SUPPORT_BROKEN_ANDROID_ICS
+    { ft_nat, 16/BITS_PER_BYTE, NULL, NULL },
+    { ft_nat, 8/BITS_PER_BYTE, NULL, NULL },
+#else
     { ft_mbz, 24/BITS_PER_BYTE, NULL, NULL },
+#endif
     { ft_end, 0, NULL, NULL }
 };