Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src on phase 2 acquire, lookup phase 2 by (src, dst, policy id) ...
details: https://anonhg.NetBSD.org/src/rev/0a93a3347cd6
branches: trunk
changeset: 580683:0a93a3347cd6
user: manu <manu%NetBSD.org@localhost>
date: Tue May 03 21:08:47 2005 +0000
description:
on phase 2 acquire, lookup phase 2 by (src, dst, policy id) so that
multiple SA can be used in transport mode
While I'm there, patch ipsec-tools ChangeLog to reflect the changes we
took from ipsec-tools-0_6-branch
diffstat:
crypto/dist/ipsec-tools/ChangeLog | 74 ++++++++++++++++++++++++++++
crypto/dist/ipsec-tools/src/racoon/handler.c | 19 ++++++-
crypto/dist/ipsec-tools/src/racoon/handler.h | 4 +-
crypto/dist/ipsec-tools/src/racoon/pfkey.c | 7 +-
lib/libipsec/package_version.h | 4 +-
5 files changed, 102 insertions(+), 6 deletions(-)
diffs (178 lines):
diff -r 83d4bacc2425 -r 0a93a3347cd6 crypto/dist/ipsec-tools/ChangeLog
--- a/crypto/dist/ipsec-tools/ChangeLog Tue May 03 20:52:50 2005 +0000
+++ b/crypto/dist/ipsec-tools/ChangeLog Tue May 03 21:08:47 2005 +0000
@@ -1,3 +1,77 @@
+2005-05-03 Emmanuel Dreyfus <manu%netbsd.org@localhost>
+
+ From Patrick McHardy <kaber%trash.net@localhost>
+ * src/racoon/{pfkey.c|handler.h|hendler.c}: on phase 2 acquire,
+ lookup phase 2 by (src, dst, policy id) so that multiple SA can
+ be used in transport mode
+
+2005-04-26 Emmanuel Dreyfus <manu%netbsd.org@localhost>
+
+ From Larry Baird <lab%gta.com@localhost>
+ * src/racoon/nattraversal.c: Fix NAT-T initiator problem
+
+2005-04-25 Emmanuel Dreyfus <manu%netbsd.org@localhost>
+
+ * src/libipsec/{ipsec_dump_policy.c|pfkey_dump.c|libpfkey.h}:
+ src/setkey/{setkey.8|setkey.c}: add a -p option to setkey to
+ enable the display of ESP over UDP ports in policies.
+
+ * src/racoon/{isakmp.c|isakmp_cfg.c|isakmp_inf.c|pfkey.c}: don't
+ forget port numbers so that mutiple clients behind the same NAT
+ can work.
+
+ * src/racoon/ipsec_doi.c: fix LP64 bug
+
+ From Larry Baird <lab%gta.com@localhost>
+ * src/racoon/{isakmp.c|nattraversal.c|isakmp_quick.c|nattraversal.h}:
+ NAT-T fixes for interoperability with greenbow VPN client.
+
+2005-04-19 Yvan Vanhullebus <vanhu%free.fr@localhost>
+
+ * src/racoon/handler.h: added a flag to identify generated policies
+ * src/racoon/isakmp.c: changed logging in isakmp_ph1expire()
+ * src/racoon/isakmp_inf.c: use iph2->generated_spidx to check if
+ policy have been generated in purge_remote_spi()
+ * src/racoon/isakmp_quick.c: sets iph2->generated_spidx for
+ generated policies
+ * src/racoon/pfkey.c: reactivated the unbindph12() in pk_recvupdate()
+
+2005-04-18 Aidas Kasparas <a.kasparas%gmc.lt@localhost>
+
+ * src/racoon/crypto_openssl.c: fixed single DES support;
+
+2005-04-18 Emmanuel Dreyfus <manu%netbsd.org@localhost>
+
+ From Thomas Klausner <wiz%NetBSD.org@localhost>
+ * src/libipsec/{ipsec_set_policy.3|ipsec_strerror.3}
+ src/racoon/{admin.c|plainrsa-gen.8|racoon.8|racoon.conf.5|racoonctl.8}
+ src/racoon/samples/{racoon.conf.in|racoon.conf.sample}
+ src/racoon/samples/racoon.conf.sample-gssapi
+ src/racoon/samples/racoon.conf.sample-inherit
+ src/racoon/samples/racoon.conf.sample-natt
+ src/racoon/samples/racoon.conf.sample-plainrsa
+ src/racoon/samples/roadwarrior/README
+ src/racoon/samples/roadwarrior/server/phase1-down.sh
+ src/setkey/setkey.8: docmumentation fixes
+
+ From KAME
+ * src/racoon/ipsec_doi.c: wrong check on SA lifebyte
+
+2005-04-10 Emmanuel Dreyfus <manu%netbsd.org@localhost>
+
+ * src/racoon/isakmp_agg.c: fix a memory leak when using hybrid auth
+ * src/libipsec/{pfkey.c|pfkey_dump.c}
+ src/setkey/{token.l|parse.y|setkey.8}: missing bits for TCP_MD5
+ support, from KAME
+
+2005-04-04 Emmanuel Dreyfus <manu%netbsd.org@localhost>
+
+ * src/racoon/isakmp_cfg.c: fix a buffer overrun in mode config SET
+
+---------------------------------------------
+
+ 0.6b1 released
+
2005-03-16 Emmanuel Dreyfus <manu%netbsd.org@localhost>
* src/racoon/{cftoken.l|localconf.h|privsep.c|racoon.conf.5}
diff -r 83d4bacc2425 -r 0a93a3347cd6 crypto/dist/ipsec-tools/src/racoon/handler.c
--- a/crypto/dist/ipsec-tools/src/racoon/handler.c Tue May 03 20:52:50 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/handler.c Tue May 03 21:08:47 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: handler.c,v 1.1.1.2 2005/02/23 14:54:15 manu Exp $ */
+/* $NetBSD: handler.c,v 1.2 2005/05/03 21:08:47 manu Exp $ */
/* Id: handler.c,v 1.13 2004/11/21 19:36:26 manubsd Exp */
@@ -433,6 +433,23 @@
return NULL;
}
+struct ph2handle *
+getph2byid(src, dst, spid)
+ struct sockaddr *src, *dst;
+ u_int32_t spid;
+{
+ struct ph2handle *p;
+
+ LIST_FOREACH(p, &ph2tree, chain) {
+ if (spid == p->spid &&
+ cmpsaddrwop(src, p->src) == 0 &&
+ cmpsaddrwop(dst, p->dst) == 0)
+ return p;
+ }
+
+ return NULL;
+}
+
/*
* call by pk_recvexpire().
*/
diff -r 83d4bacc2425 -r 0a93a3347cd6 crypto/dist/ipsec-tools/src/racoon/handler.h
--- a/crypto/dist/ipsec-tools/src/racoon/handler.h Tue May 03 20:52:50 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/handler.h Tue May 03 21:08:47 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: handler.h,v 1.2 2005/04/19 19:42:09 manu Exp $ */
+/* $NetBSD: handler.h,v 1.3 2005/05/03 21:08:47 manu Exp $ */
/* Id: handler.h,v 1.11 2004/11/16 15:44:46 ludvigm Exp */
@@ -436,6 +436,8 @@
extern struct ph2handle *getph2byspid __P((u_int32_t));
extern struct ph2handle *getph2byseq __P((u_int32_t));
extern struct ph2handle *getph2bymsgid __P((struct ph1handle *, u_int32_t));
+extern struct ph2handle *getph2byid __P((struct sockaddr *,
+ struct sockaddr *, u_int32_t));
extern struct ph2handle *getph2bysaidx __P((struct sockaddr *,
struct sockaddr *, u_int, u_int32_t));
extern struct ph2handle *newph2 __P((void));
diff -r 83d4bacc2425 -r 0a93a3347cd6 crypto/dist/ipsec-tools/src/racoon/pfkey.c
--- a/crypto/dist/ipsec-tools/src/racoon/pfkey.c Tue May 03 20:52:50 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/pfkey.c Tue May 03 21:08:47 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pfkey.c,v 1.3 2005/04/27 05:19:50 manu Exp $ */
+/* $NetBSD: pfkey.c,v 1.4 2005/05/03 21:08:47 manu Exp $ */
/* Id: pfkey.c,v 1.31.2.1 2005/02/18 10:01:40 vanhu Exp */
@@ -1613,6 +1613,7 @@
struct secpolicy *sp_out = NULL, *sp_in = NULL;
#define MAXNESTEDSA 5 /* XXX */
struct ph2handle *iph2[MAXNESTEDSA];
+ struct sockaddr *src, *dst;
int n; /* # of phase 2 handler */
/* ignore this message because of local test mode. */
@@ -1630,6 +1631,8 @@
}
msg = (struct sadb_msg *)mhp[0];
xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
+ src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
+ dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
/* ignore if type is not IPSEC_POLICY_IPSEC */
if (xpl->sadb_x_policy_type != IPSEC_POLICY_IPSEC) {
@@ -1694,7 +1697,7 @@
* has to prcesss such a acquire message because racoon may
* lost the expire message.
*/
- iph2[0] = getph2byspid(xpl->sadb_x_policy_id);
+ iph2[0] = getph2byid(src, dst, xpl->sadb_x_policy_id);
if (iph2[0] != NULL) {
if (iph2[0]->status < PHASE2ST_ESTABLISHED) {
plog(LLV_DEBUG, LOCATION, NULL,
diff -r 83d4bacc2425 -r 0a93a3347cd6 lib/libipsec/package_version.h
--- a/lib/libipsec/package_version.h Tue May 03 20:52:50 2005 +0000
+++ b/lib/libipsec/package_version.h Tue May 03 21:08:47 2005 +0000
@@ -1,5 +1,5 @@
#define TOP_PACKAGE "ipsec-tools"
#define TOP_PACKAGE_NAME "ipsec-tools"
-#define TOP_PACKAGE_VERSION "0.6-nb20050426"
-#define TOP_PACKAGE_STRING "ipsec-tools 0.6-nb20050426"
+#define TOP_PACKAGE_VERSION "0.6-nb200500503"
+#define TOP_PACKAGE_STRING "ipsec-tools 0.6-nb20050503"
#define TOP_PACKAGE_URL "http://ipsec-tools.sourceforge.net";
Home |
Main Index |
Thread Index |
Old Index