| 1 |
--- ipsec-tools-0.7/src/racoon/handler.h.acquires 2007-08-28 22:18:35.000000000 -0500 |
diff -Nurp ipsec-tools-0.8.0-p3/src/racoon/handler.h ipsec-tools-0.8.0-p103/src/racoon/handler.h |
| 2 |
+++ ipsec-tools-0.7/src/racoon/handler.h 2007-08-28 22:19:57.000000000 -0500 |
--- ipsec-tools-0.8.0-p3/src/racoon/handler.h 2010-11-17 12:40:41.000000000 +0200 |
| 3 |
@@ -284,6 +284,8 @@ |
+++ ipsec-tools-0.8.0-p103/src/racoon/handler.h 2012-03-06 12:09:55.085380720 +0200 |
| 4 |
|
@@ -316,6 +316,8 @@ struct ph2handle { |
| 5 |
|
|
| 6 |
u_int8_t flags; /* Flags for phase 2 */ |
u_int8_t flags; /* Flags for phase 2 */ |
| 7 |
u_int32_t msgid; /* msgid for phase 2 */ |
u_int32_t msgid; /* msgid for phase 2 */ |
| 10 |
|
|
| 11 |
struct sainfo *sainfo; /* place holder of sainfo */ |
struct sainfo *sainfo; /* place holder of sainfo */ |
| 12 |
struct saprop *proposal; /* SA(s) proposal. */ |
struct saprop *proposal; /* SA(s) proposal. */ |
| 13 |
--- ipsec-tools-0.7/src/racoon/pfkey.c.acquires 2007-08-01 06:52:21.000000000 -0500 |
diff -Nurp ipsec-tools-0.8.0-p3/src/racoon/pfkey.c ipsec-tools-0.8.0-p103/src/racoon/pfkey.c |
| 14 |
+++ ipsec-tools-0.7/src/racoon/pfkey.c 2007-08-28 22:08:22.000000000 -0500 |
--- ipsec-tools-0.8.0-p3/src/racoon/pfkey.c 2011-03-15 15:20:14.000000000 +0200 |
| 15 |
@@ -1265,7 +1265,9 @@ |
+++ ipsec-tools-0.8.0-p103/src/racoon/pfkey.c 2012-03-06 12:09:55.086380830 +0200 |
| 16 |
SCHED_KILL(iph2->sce); |
@@ -1347,7 +1347,9 @@ pk_recvupdate(mhp) |
| 17 |
|
sched_cancel(&iph2->sce); |
| 18 |
|
|
| 19 |
/* update status */ |
/* update status */ |
| 20 |
- iph2->status = PHASE2ST_ESTABLISHED; |
- iph2->status = PHASE2ST_ESTABLISHED; |
| 21 |
+ /* Do this in pk_recvadd |
+ /* Do this in pk_recvadd |
| 22 |
+ * iph2->status = PHASE2ST_ESTABLISHED; |
+ * iph2->status = PHASE2ST_ESTABLISHED; |
| 23 |
+ */ |
+ */ |
| 24 |
|
evt_phase2(iph2, EVT_PHASE2_UP, NULL); |
| 25 |
|
|
| 26 |
#ifdef ENABLE_STATS |
#ifdef ENABLE_STATS |
| 27 |
gettimeofday(&iph2->end, NULL); |
@@ -1379,6 +1381,7 @@ pk_sendadd(iph2) |
| 28 |
@@ -1311,6 +1313,7 @@ |
{ |
| 29 |
struct saproto *pr; |
struct saproto *pr; |
|
int proxy = 0; |
|
| 30 |
struct pfkey_send_sa_args sa_args; |
struct pfkey_send_sa_args sa_args; |
| 31 |
+ u_int32_t sa_sent = 0; |
+ u_int32_t sa_sent = 0; |
| 32 |
|
|
| 33 |
/* sanity check */ |
/* sanity check */ |
| 34 |
if (iph2->approval == NULL) { |
if (iph2->approval == NULL) { |
| 35 |
@@ -1427,6 +1430,9 @@ |
@@ -1498,6 +1501,9 @@ pk_sendadd(iph2) |
| 36 |
return -1; |
return -1; |
| 37 |
} |
} |
| 38 |
|
|
| 42 |
if (!lcconf->pathinfo[LC_PATHTYPE_BACKUPSA]) |
if (!lcconf->pathinfo[LC_PATHTYPE_BACKUPSA]) |
| 43 |
continue; |
continue; |
| 44 |
|
|
| 45 |
@@ -1447,6 +1453,7 @@ |
@@ -1518,6 +1524,7 @@ pk_sendadd(iph2) |
| 46 |
sadbsecas2str(sa_args.src, sa_args.dst, |
sadbsecas2str(sa_args.src, sa_args.dst, |
| 47 |
sa_args.satype, sa_args.spi, sa_args.mode)); |
sa_args.satype, sa_args.spi, sa_args.mode)); |
| 48 |
} |
} |
| 49 |
+ iph2->sa_count = sa_sent; |
+ iph2->sa_count = sa_sent; |
| 50 |
|
racoon_free(sa_args.src); |
| 51 |
|
racoon_free(sa_args.dst); |
| 52 |
return 0; |
return 0; |
| 53 |
} |
@@ -1576,10 +1583,20 @@ pk_recvadd(mhp) |
|
|
|
|
@@ -1502,10 +1509,20 @@ |
|
| 54 |
} |
} |
| 55 |
|
|
| 56 |
/* |
/* |
| 72 |
+ |
+ |
| 73 |
plog(LLV_INFO, LOCATION, NULL, |
plog(LLV_INFO, LOCATION, NULL, |
| 74 |
"IPsec-SA established: %s\n", |
"IPsec-SA established: %s\n", |
| 75 |
sadbsecas2str(iph2->src, iph2->dst, |
sadbsecas2str(src, dst, |
| 76 |
@@ -1589,8 +1606,6 @@ |
@@ -1690,6 +1707,7 @@ pk_recvexpire(mhp) |
| 77 |
/* turn off the timer for calling isakmp_ph2expire() */ |
plog(LLV_ERROR, LOCATION, iph2->dst, |
| 78 |
SCHED_KILL(iph2->sce); |
"failed to begin ipsec sa " |
| 79 |
|
"re-negotication.\n"); |
| 80 |
- iph2->status = PHASE2ST_EXPIRED; |
+ iph2->status = PHASE2ST_EXPIRED; |
| 81 |
- |
remph2(iph2); |
| 82 |
/* INITIATOR, begin phase 2 exchange. */ |
delph2(iph2); |
| 83 |
/* allocate buffer for status management of pfkey message */ |
return -1; |
| 84 |
if (iph2->side == INITIATOR) { |
@@ -1855,8 +1873,17 @@ pk_recvacquire(mhp) |
|
@@ -1618,6 +1633,7 @@ |
|
|
/* If not received SADB_EXPIRE, INITIATOR delete ph2handle. */ |
|
|
/* RESPONDER always delete ph2handle, keep silent. RESPONDER doesn't |
|
|
* manage IPsec SA, so delete the list */ |
|
|
+ iph2->status = PHASE2ST_EXPIRED; |
|
|
unbindph12(iph2); |
|
|
remph2(iph2); |
|
|
delph2(iph2); |
|
|
@@ -1739,8 +1755,17 @@ |
|
| 85 |
* 2. its state is equal to PHASE2ST_ESTABLISHED, then racoon |
* 2. its state is equal to PHASE2ST_ESTABLISHED, then racoon |
| 86 |
* has to prcesss such a acquire message because racoon may |
* has to prcesss such a acquire message because racoon may |
| 87 |
* lost the expire message. |
* lost the expire message. |
| 92 |
+ * and responder receives acquire for same policy. So to prevent |
+ * and responder receives acquire for same policy. So to prevent |
| 93 |
+ * another identical negotiation, also check by address. |
+ * another identical negotiation, also check by address. |
| 94 |
*/ |
*/ |
| 95 |
iph2[0] = getph2byid(src, dst, xpl->sadb_x_policy_id); |
iph2 = getph2byid(src, dst, xpl->sadb_x_policy_id); |
| 96 |
+ if (iph2[0] == NULL) |
+ if (iph2 == NULL) |
| 97 |
+ iph2[0] = getph2bysaddr(src, dst); |
+ iph2 = getph2bysaddr(src, dst); |
| 98 |
+ |
+ |
| 99 |
if (iph2[0] != NULL) { |
if (iph2 != NULL) { |
| 100 |
if (iph2[0]->status < PHASE2ST_ESTABLISHED) { |
if (iph2->status < PHASE2ST_ESTABLISHED) { |
| 101 |
plog(LLV_DEBUG, LOCATION, NULL, |
plog(LLV_DEBUG, LOCATION, NULL, |
Parent Directory
| 
Revision Log
| 
Patch