CVS commit: src/crypto/dist/ipsec-tools/src/racoon

Fri, 12 Nov 2010 01:11:42 -0800 

Module Name:    src
Committed By:   tteras
Date:           Fri Nov 12 09:11:37 UTC 2010

Modified Files:
        src/crypto/dist/ipsec-tools/src/racoon: isakmp.c

Log Message:
Purge all IPsec-SA's if the last main ISAKMP-SA for the node is deleted
by remote request and the phase1 rekeying is enabled (this will also
trigger the new phase1_dead script hook).


To generate a diff of this commit:
cvs rdiff -u -r1.63 -r1.64 src/crypto/dist/ipsec-tools/src/racoon/isakmp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.63 src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.64
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.63	Thu Oct 21 06:15:28 2010
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp.c	Fri Nov 12 09:11:37 2010
@@ -1,4 +1,4 @@
-/*	$NetBSD: isakmp.c,v 1.63 2010/10/21 06:15:28 tteras Exp $	*/
+/*	$NetBSD: isakmp.c,v 1.64 2010/11/12 09:11:37 tteras Exp $	*/
 
 /* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
 
@@ -766,6 +766,20 @@
 	return 0;
 }
 
+static int
+ph1_rekey_enabled(iph1)
+	struct ph1handle *iph1;
+{
+	if (iph1->rmconf->rekey == REKEY_FORCE)
+		return 1;
+#ifdef ENABLE_DPD
+	if (iph1->rmconf->rekey == REKEY_ON && iph1->dpd_support &&
+	    iph1->rmconf->dpd_interval)
+		return 1;
+#endif
+	return 0;
+}
+
 /*
  * main function of phase 1.
  */
@@ -866,13 +880,7 @@
 		migrate_dying_ph12(iph1);
 
 		/* add to the schedule to expire, and seve back pointer. */
-		if ((iph1->rmconf->rekey == REKEY_FORCE)
-#ifdef ENABLE_DPD
-			||
-		    (iph1->rmconf->rekey == REKEY_ON && iph1->dpd_support &&
-		     iph1->rmconf->dpd_interval)
-#endif
-			) {
+		if (ph1_rekey_enabled(iph1)) {
 			sched_schedule(&iph1->sce,
 				       iph1->approval->lifetime *
 				       PFKEY_SOFT_LIFETIME_RATE / 100,
@@ -2071,7 +2079,13 @@
 	plog(LLV_INFO, LOCATION, NULL,
 		"ISAKMP-SA deleted %s-%s spi:%s\n",
 		src, dst, isakmp_pindex(&iph1->index, 0));
+
 	evt_phase1(iph1, EVT_PHASE1_DOWN, NULL);
+
+	if (new_iph1 == NULL && ph1_rekey_enabled(iph1)) {
+		purge_remote(iph1);
+		script_hook(iph1, SCRIPT_PHASE1_DEAD);
+	}
 	racoon_free(src);
 	racoon_free(dst);

Reply via email to