Module Name: src Committed By: tteras Date: Fri Nov 12 10:36:37 UTC 2010
Modified Files: src/crypto/dist/ipsec-tools/src/racoon: admin.c isakmp.c isakmp_var.h pfkey.c Log Message: isakmp_post_acquire is now called from admin commands too, add a flag so admin commands can be used to establish even passive links on demand. To generate a diff of this commit: cvs rdiff -u -r1.36 -r1.37 src/crypto/dist/ipsec-tools/src/racoon/admin.c cvs rdiff -u -r1.64 -r1.65 src/crypto/dist/ipsec-tools/src/racoon/isakmp.c cvs rdiff -u -r1.16 -r1.17 \ src/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h cvs rdiff -u -r1.53 -r1.54 src/crypto/dist/ipsec-tools/src/racoon/pfkey.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/dist/ipsec-tools/src/racoon/admin.c diff -u src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.36 src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.37 --- src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.36 Fri Nov 12 09:08:26 2010 +++ src/crypto/dist/ipsec-tools/src/racoon/admin.c Fri Nov 12 10:36:37 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: admin.c,v 1.36 2010/11/12 09:08:26 tteras Exp $ */ +/* $NetBSD: admin.c,v 1.37 2010/11/12 10:36:37 tteras Exp $ */ /* Id: admin.c,v 1.25 2006/04/06 14:31:04 manubsd Exp */ @@ -577,7 +577,7 @@ } insph2(iph2); - if (isakmp_post_acquire(iph2, NULL) < 0) { + if (isakmp_post_acquire(iph2, NULL, FALSE) < 0) { remph2(iph2); delph2(iph2); break; Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp.c diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.64 src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.65 --- src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.64 Fri Nov 12 09:11:37 2010 +++ src/crypto/dist/ipsec-tools/src/racoon/isakmp.c Fri Nov 12 10:36:37 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: isakmp.c,v 1.64 2010/11/12 09:11:37 tteras Exp $ */ +/* $NetBSD: isakmp.c,v 1.65 2010/11/12 10:36:37 tteras Exp $ */ /* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */ @@ -2166,9 +2166,10 @@ * if phase1 has been finished, begin phase2. */ int -isakmp_post_acquire(iph2, iph1hint) +isakmp_post_acquire(iph2, iph1hint, nopassive) struct ph2handle *iph2; struct ph1handle *iph1hint; + int nopassive; { struct remoteconf *rmconf; struct ph1handle *iph1 = NULL; @@ -2185,7 +2186,7 @@ * so no need to bother yet. --arno */ if (iph1hint == NULL || iph1hint->rmconf == NULL) { - rmconf = getrmconf(iph2->dst, GETRMCONF_F_NO_PASSIVE); + rmconf = getrmconf(iph2->dst, nopassive ? GETRMCONF_F_NO_PASSIVE : 0); if (rmconf == NULL) { plog(LLV_ERROR, LOCATION, NULL, "no configuration found for %s.\n", @@ -2197,7 +2198,7 @@ } /* if passive mode, ignore the acquire message */ - if (rmconf->passive) { + if (nopassive && rmconf->passive) { plog(LLV_DEBUG, LOCATION, NULL, "because of passive mode, " "ignore the acquire message for %s.\n", Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h:1.16 src/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h:1.17 --- src/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h:1.16 Thu Sep 3 09:29:07 2009 +++ src/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h Fri Nov 12 10:36:37 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: isakmp_var.h,v 1.16 2009/09/03 09:29:07 tteras Exp $ */ +/* $NetBSD: isakmp_var.h,v 1.17 2010/11/12 10:36:37 tteras Exp $ */ /* Id: isakmp_var.h,v 1.12 2005/05/07 14:45:31 manubsd Exp */ @@ -87,7 +87,7 @@ extern void isakmp_ph2delete __P((struct ph2handle *)); extern int isakmp_get_sainfo __P((struct ph2handle *, struct secpolicy *, struct secpolicy *)); -extern int isakmp_post_acquire __P((struct ph2handle *, struct ph1handle *)); +extern int isakmp_post_acquire __P((struct ph2handle *, struct ph1handle *, int)); extern int isakmp_post_getspi __P((struct ph2handle *)); extern void isakmp_chkph1there_stub __P((struct sched *)); extern void isakmp_chkph1there __P((struct ph2handle *)); Index: src/crypto/dist/ipsec-tools/src/racoon/pfkey.c diff -u src/crypto/dist/ipsec-tools/src/racoon/pfkey.c:1.53 src/crypto/dist/ipsec-tools/src/racoon/pfkey.c:1.54 --- src/crypto/dist/ipsec-tools/src/racoon/pfkey.c:1.53 Thu Oct 21 06:15:28 2010 +++ src/crypto/dist/ipsec-tools/src/racoon/pfkey.c Fri Nov 12 10:36:37 2010 @@ -1,6 +1,6 @@ -/* $NetBSD: pfkey.c,v 1.53 2010/10/21 06:15:28 tteras Exp $ */ +/* $NetBSD: pfkey.c,v 1.54 2010/11/12 10:36:37 tteras Exp $ */ -/* $Id: pfkey.c,v 1.53 2010/10/21 06:15:28 tteras Exp $ */ +/* $Id: pfkey.c,v 1.54 2010/11/12 10:36:37 tteras Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -1686,7 +1686,7 @@ iph2->status = PHASE2ST_STATUS2; /* start quick exchange */ - if (isakmp_post_acquire(iph2, iph1hint) < 0) { + if (isakmp_post_acquire(iph2, iph1hint, FALSE) < 0) { plog(LLV_ERROR, LOCATION, iph2->dst, "failed to begin ipsec sa " "re-negotication.\n"); @@ -1962,7 +1962,7 @@ /* start isakmp initiation by using ident exchange */ /* XXX should be looped if there are multiple phase 2 handler. */ - if (isakmp_post_acquire(iph2, NULL) < 0) { + if (isakmp_post_acquire(iph2, NULL, TRUE) < 0) { plog(LLV_ERROR, LOCATION, NULL, "failed to begin ipsec sa negotication.\n"); remph2(iph2); @@ -3088,7 +3088,7 @@ iph2->status = PHASE2ST_STATUS2; /* and start a new negotiation */ - if (isakmp_post_acquire(iph2, iph1hint) < 0) { + if (isakmp_post_acquire(iph2, iph1hint, FALSE) < 0) { plog(LLV_ERROR, LOCATION, iph2->dst, "failed " "to begin IPsec SA renegotiation after " "MIGRATE reception.\n");