----Next_Part(Mon_Mar_25_23:39:15_2002_143)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

From: itojun@iijlab.net
Subject: Re: IPSEC/raccoon IKE negotiations 
Date: Mon, 11 Mar 2002 14:53:36 +0900

> 	the kernel uses the old SA based on recommendations in
> 	internet draft draft-jenkins-ipsec-rekeying.  when one side reboots,
> 	racoon should be able to notify the event by using "Initial Contact"
> 	bit and old SA should go away.

I think there is a bug that prevents initial-contact working.
is attached patch ok?

---
YAMAMOTO Takashi<yamt@mwd.biglobe.ne.jp>

----Next_Part(Mon_Mar_25_23:39:15_2002_143)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="racoon.diff"

Index: isakmp_inf.c
===================================================================
RCS file: /cvs/cvsroot/basesrc/crypto/dist/kame/racoon/isakmp_inf.c,v
retrieving revision 1.1.1.5
diff -u -r1.1.1.5 isakmp_inf.c
--- isakmp_inf.c	2001/08/31 10:00:06	1.1.1.5
+++ isakmp_inf.c	2002/03/25 14:31:28
@@ -1058,9 +1058,9 @@
 		 * source address and the destination accress.
 		 */
 		if ((cmpsaddrwop(iph1->local, src)
-		  && cmpsaddrwop(iph1->remote, dst))
-		 || (cmpsaddrwop(iph1->remote, src)
-		  && cmpsaddrwop(iph1->local, dst))) {
+		  || cmpsaddrwop(iph1->remote, dst))
+		 && (cmpsaddrwop(iph1->remote, src)
+		  || cmpsaddrwop(iph1->local, dst))) {
 			msg = next;
 			continue;
 		}
@@ -1075,8 +1075,10 @@
 			    msg->sadb_msg_satype)
 				break;
 		}
-		if (i == pfkey_nsatypes)
+		if (i == pfkey_nsatypes) {
+			msg = next;
 			continue;
+		}
 
 		plog(LLV_INFO, LOCATION, NULL,
 			"purging spi=%u.\n", ntohl(sa->sadb_sa_spi));

----Next_Part(Mon_Mar_25_23:39:15_2002_143)----