Module Name: src
Committed By: tteras
Date: Thu Oct 21 06:04:33 UTC 2010
Modified Files:
src/crypto/dist/ipsec-tools/src/racoon: admin.c handler.c handler.h
Log Message:
Remove initial-contact entry when all ISAKMP-SA are purged via adminport.
This will avoid stale security associations if some of the delete
notifications happens to get lost.
To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 src/crypto/dist/ipsec-tools/src/racoon/admin.c
cvs rdiff -u -r1.32 -r1.33 src/crypto/dist/ipsec-tools/src/racoon/handler.c
cvs rdiff -u -r1.22 -r1.23 src/crypto/dist/ipsec-tools/src/racoon/handler.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/racoon/admin.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.33 src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.34
--- src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.33 Wed Sep 22 13:37:35 2010
+++ src/crypto/dist/ipsec-tools/src/racoon/admin.c Thu Oct 21 06:04:33 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: admin.c,v 1.33 2010/09/22 13:37:35 vanhu Exp $ */
+/* $NetBSD: admin.c,v 1.34 2010/10/21 06:04:33 tteras Exp $ */
/* Id: admin.c,v 1.25 2006/04/06 14:31:04 manubsd Exp */
@@ -299,9 +299,8 @@
break;
case ADMIN_DELETE_SA: {
- struct ph1handle *iph1;
- struct ph1selector sel;
char *loc, *rem;
+ struct ph1selector sel;
memset(&sel, 0, sizeof(sel));
sel.local = (struct sockaddr *)
@@ -319,6 +318,7 @@
plog(LLV_INFO, LOCATION, NULL,
"admin delete-sa %s %s\n", loc, rem);
enumph1(&sel, admin_ph1_delete_sa, NULL);
+ remcontacted(sel.remote);
racoon_free(loc);
racoon_free(rem);
Index: src/crypto/dist/ipsec-tools/src/racoon/handler.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/handler.c:1.32 src/crypto/dist/ipsec-tools/src/racoon/handler.c:1.33
--- src/crypto/dist/ipsec-tools/src/racoon/handler.c:1.32 Thu Mar 11 15:44:48 2010
+++ src/crypto/dist/ipsec-tools/src/racoon/handler.c Thu Oct 21 06:04:33 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: handler.c,v 1.32 2010/03/11 15:44:48 christos Exp $ */
+/* $NetBSD: handler.c,v 1.33 2010/10/21 06:04:33 tteras Exp $ */
/* Id: handler.c,v 1.28 2006/05/26 12:17:29 manubsd Exp */
@@ -966,6 +966,22 @@
}
void
+remcontacted(remote)
+ struct sockaddr *remote;
+{
+ struct contacted *p;
+
+ LIST_FOREACH(p, &ctdtree, chain) {
+ if (cmpsaddr(remote, p->remote) == 0) {
+ LIST_REMOVE(p, chain);
+ racoon_free(p->remote);
+ racoon_free(p);
+ break;
+ }
+ }
+}
+
+void
initctdtree()
{
LIST_INIT(&ctdtree);
Index: src/crypto/dist/ipsec-tools/src/racoon/handler.h
diff -u src/crypto/dist/ipsec-tools/src/racoon/handler.h:1.22 src/crypto/dist/ipsec-tools/src/racoon/handler.h:1.23
--- src/crypto/dist/ipsec-tools/src/racoon/handler.h:1.22 Thu Sep 3 09:29:07 2009
+++ src/crypto/dist/ipsec-tools/src/racoon/handler.h Thu Oct 21 06:04:33 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: handler.h,v 1.22 2009/09/03 09:29:07 tteras Exp $ */
+/* $NetBSD: handler.h,v 1.23 2010/10/21 06:04:33 tteras Exp $ */
/* Id: handler.h,v 1.19 2006/02/25 08:25:12 manubsd Exp */
@@ -518,6 +518,7 @@
extern struct contacted *getcontacted __P((struct sockaddr *));
extern int inscontacted __P((struct sockaddr *));
+extern void remcontacted __P((struct sockaddr *));
extern void initctdtree __P((void));
extern int check_recvdpkt __P((struct sockaddr *,
