[src/trunk]: src/crypto/dist/ipsec-tools/src/racoon From Alexander Sbitnev <a...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/crypto/dist/ipsec-tools/src/racoon From Alexander Sbitnev <a...
From: tteras <tteras%NetBSD.org@localhost>
Date: Tue, 07 Apr 2020 00:42:25 +0000

details:   https://anonhg.NetBSD.org/src/rev/8165860dd178
branches:  trunk
changeset: 787113:8165860dd178
user:      tteras <tteras%NetBSD.org@localhost>
date:      Mon Jun 03 05:49:31 2013 +0000

description:
>From Alexander Sbitnev <alexander.sbitnev%gmail.com@localhost>: fix admin port
establish-sa for tunnel mode SAs.

diffstat:

 crypto/dist/ipsec-tools/src/racoon/admin.c |  38 +++++++++++++++++++----------
 1 files changed, 25 insertions(+), 13 deletions(-)

diffs (52 lines):

diff -r fe3344f167df -r 8165860dd178 crypto/dist/ipsec-tools/src/racoon/admin.c
--- a/crypto/dist/ipsec-tools/src/racoon/admin.c        Mon Jun 03 01:47:58 2013 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/admin.c        Mon Jun 03 05:49:31 2013 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: admin.c,v 1.38 2010/12/08 07:38:35 tteras Exp $        */
+/*     $NetBSD: admin.c,v 1.39 2013/06/03 05:49:31 tteras Exp $        */
 
 /* Id: admin.c,v 1.25 2006/04/06 14:31:04 manubsd Exp */
 
@@ -563,18 +563,30 @@
                        iph2->seq = pk_getseq();
                        iph2->status = PHASE2ST_STATUS2;
 
-                       /* set end addresses of SA */
-                       iph2->sa_dst = dupsaddr(dst);
-                       iph2->sa_src = dupsaddr(src);
-                       iph2->dst = dupsaddr(dst);
-                       iph2->src = dupsaddr(src);
-                       if (iph2->sa_src == NULL || iph2->sa_dst == NULL ||
-                           iph2->dst == NULL || iph2->src == NULL) {
-                               delph2(iph2);
-                               break;
-                       }
-                       set_port(iph2->dst, 0);
-                       set_port(iph2->src, 0);
+                        if (sp_out->local && sp_out->remote) {
+                            /* hints available, let's use them */
+                            iph2->sa_dst = dupsaddr(dst);
+                            iph2->sa_src = dupsaddr(src);
+                            iph2->src = dupsaddr((struct sockaddr *)sp_out->local);
+                            iph2->dst = dupsaddr((struct sockaddr *)sp_out->remote);
+                        } else if (sp_out->req && sp_out->req->saidx.mode == IPSEC_MODE_TUNNEL) {
+                            /* Tunnel mode and no hint, use endpoints */
+                            iph2->src = dupsaddr((struct sockaddr *)&sp_out->req->saidx.src);
+                            iph2->dst = dupsaddr((struct sockaddr *)&sp_out->req->saidx.dst);
+                        } else {
+                            /* default, use selectors as fallback */
+                            iph2->sa_dst = dupsaddr(dst);
+                            iph2->sa_src = dupsaddr(src);
+                            iph2->dst = dupsaddr(dst);
+                            iph2->src = dupsaddr(src);
+                        }
+
+                        if (iph2->dst == NULL || iph2->src == NULL) {
+                            delph2(iph2);
+                            break;
+                        }
+                        set_port(iph2->dst, 0);
+                        set_port(iph2->src, 0);
 
                        if (isakmp_get_sainfo(iph2, sp_out, sp_in) < 0) {
                                delph2(iph2);

Prev by Date: [src/trunk]: src/sys/arch/evbarm/n900 Using a sysmon taskqueue to report even...
Next by Date: [src/trunk]: src/external/mit/xorg/lib/fontconfig updates for fontconfig 2.10.2
Previous by Thread: [src/trunk]: src/sys/arch/evbarm/n900 Using a sysmon taskqueue to report even...
Next by Thread: [src/trunk]: src/external/mit/xorg/lib/fontconfig updates for fontconfig 2.10.2
Indexes:

Home | Main Index | Thread Index | Old Index