Module Name: src
Committed By: tteras
Date: Fri Nov 12 10:36:37 UTC 2010
Modified Files:
src/crypto/dist/ipsec-tools/src/racoon: admin.c isakmp.c isakmp_var.h
pfkey.c
Log Message:
isakmp_post_acquire is now called from admin commands too, add a flag so
admin commands can be used to establish even passive links on demand.
To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.37 src/crypto/dist/ipsec-tools/src/racoon/admin.c
cvs rdiff -u -r1.64 -r1.65 src/crypto/dist/ipsec-tools/src/racoon/isakmp.c
cvs rdiff -u -r1.16 -r1.17 \
src/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h
cvs rdiff -u -r1.53 -r1.54 src/crypto/dist/ipsec-tools/src/racoon/pfkey.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/racoon/admin.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.36 src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.37
--- src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.36 Fri Nov 12 09:08:26 2010
+++ src/crypto/dist/ipsec-tools/src/racoon/admin.c Fri Nov 12 10:36:37 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: admin.c,v 1.36 2010/11/12 09:08:26 tteras Exp $ */
+/* $NetBSD: admin.c,v 1.37 2010/11/12 10:36:37 tteras Exp $ */
/* Id: admin.c,v 1.25 2006/04/06 14:31:04 manubsd Exp */
@@ -577,7 +577,7 @@
}
insph2(iph2);
- if (isakmp_post_acquire(iph2, NULL) < 0) {
+ if (isakmp_post_acquire(iph2, NULL, FALSE) < 0) {
remph2(iph2);
delph2(iph2);
break;
Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.64 src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.65
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.64 Fri Nov 12 09:11:37 2010
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp.c Fri Nov 12 10:36:37 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp.c,v 1.64 2010/11/12 09:11:37 tteras Exp $ */
+/* $NetBSD: isakmp.c,v 1.65 2010/11/12 10:36:37 tteras Exp $ */
/* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
@@ -2166,9 +2166,10 @@
* if phase1 has been finished, begin phase2.
*/
int
-isakmp_post_acquire(iph2, iph1hint)
+isakmp_post_acquire(iph2, iph1hint, nopassive)
struct ph2handle *iph2;
struct ph1handle *iph1hint;
+ int nopassive;
{
struct remoteconf *rmconf;
struct ph1handle *iph1 = NULL;
@@ -2185,7 +2186,7 @@
* so no need to bother yet. --arno */
if (iph1hint == NULL || iph1hint->rmconf == NULL) {
- rmconf = getrmconf(iph2->dst, GETRMCONF_F_NO_PASSIVE);
+ rmconf = getrmconf(iph2->dst, nopassive ? GETRMCONF_F_NO_PASSIVE : 0);
if (rmconf == NULL) {
plog(LLV_ERROR, LOCATION, NULL,
"no configuration found for %s.\n",
@@ -2197,7 +2198,7 @@
}
/* if passive mode, ignore the acquire message */
- if (rmconf->passive) {
+ if (nopassive && rmconf->passive) {
plog(LLV_DEBUG, LOCATION, NULL,
"because of passive mode, "
"ignore the acquire message for %s.\n",
Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h:1.16 src/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h:1.17
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h:1.16 Thu Sep 3 09:29:07 2009
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h Fri Nov 12 10:36:37 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp_var.h,v 1.16 2009/09/03 09:29:07 tteras Exp $ */
+/* $NetBSD: isakmp_var.h,v 1.17 2010/11/12 10:36:37 tteras Exp $ */
/* Id: isakmp_var.h,v 1.12 2005/05/07 14:45:31 manubsd Exp */
@@ -87,7 +87,7 @@
extern void isakmp_ph2delete __P((struct ph2handle *));
extern int isakmp_get_sainfo __P((struct ph2handle *, struct secpolicy *, struct secpolicy *));
-extern int isakmp_post_acquire __P((struct ph2handle *, struct ph1handle *));
+extern int isakmp_post_acquire __P((struct ph2handle *, struct ph1handle *, int));
extern int isakmp_post_getspi __P((struct ph2handle *));
extern void isakmp_chkph1there_stub __P((struct sched *));
extern void isakmp_chkph1there __P((struct ph2handle *));
Index: src/crypto/dist/ipsec-tools/src/racoon/pfkey.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/pfkey.c:1.53 src/crypto/dist/ipsec-tools/src/racoon/pfkey.c:1.54
--- src/crypto/dist/ipsec-tools/src/racoon/pfkey.c:1.53 Thu Oct 21 06:15:28 2010
+++ src/crypto/dist/ipsec-tools/src/racoon/pfkey.c Fri Nov 12 10:36:37 2010
@@ -1,6 +1,6 @@
-/* $NetBSD: pfkey.c,v 1.53 2010/10/21 06:15:28 tteras Exp $ */
+/* $NetBSD: pfkey.c,v 1.54 2010/11/12 10:36:37 tteras Exp $ */
-/* $Id: pfkey.c,v 1.53 2010/10/21 06:15:28 tteras Exp $ */
+/* $Id: pfkey.c,v 1.54 2010/11/12 10:36:37 tteras Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -1686,7 +1686,7 @@
iph2->status = PHASE2ST_STATUS2;
/* start quick exchange */
- if (isakmp_post_acquire(iph2, iph1hint) < 0) {
+ if (isakmp_post_acquire(iph2, iph1hint, FALSE) < 0) {
plog(LLV_ERROR, LOCATION, iph2->dst,
"failed to begin ipsec sa "
"re-negotication.\n");
@@ -1962,7 +1962,7 @@
/* start isakmp initiation by using ident exchange */
/* XXX should be looped if there are multiple phase 2 handler. */
- if (isakmp_post_acquire(iph2, NULL) < 0) {
+ if (isakmp_post_acquire(iph2, NULL, TRUE) < 0) {
plog(LLV_ERROR, LOCATION, NULL,
"failed to begin ipsec sa negotication.\n");
remph2(iph2);
@@ -3088,7 +3088,7 @@
iph2->status = PHASE2ST_STATUS2;
/* and start a new negotiation */
- if (isakmp_post_acquire(iph2, iph1hint) < 0) {
+ if (isakmp_post_acquire(iph2, iph1hint, FALSE) < 0) {
plog(LLV_ERROR, LOCATION, iph2->dst, "failed "
"to begin IPsec SA renegotiation after "
"MIGRATE reception.\n");
