Module Name: src
Committed By: tteras
Date: Sun Jan 1 15:57:31 UTC 2012
Modified Files:
src/crypto/dist/ipsec-tools/src/racoon: handler.c isakmp.c pfkey.c
remoteconf.c
Log Message:
>From Wolfgang Schmieder <[email protected]>: Fix various typos in
comments and log messages. Fix default port used in copy_ph1addresses().
To generate a diff of this commit:
cvs rdiff -u -r1.40 -r1.41 src/crypto/dist/ipsec-tools/src/racoon/handler.c
cvs rdiff -u -r1.73 -r1.74 src/crypto/dist/ipsec-tools/src/racoon/isakmp.c
cvs rdiff -u -r1.57 -r1.58 src/crypto/dist/ipsec-tools/src/racoon/pfkey.c
cvs rdiff -u -r1.27 -r1.28 \
src/crypto/dist/ipsec-tools/src/racoon/remoteconf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/racoon/handler.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/handler.c:1.40 src/crypto/dist/ipsec-tools/src/racoon/handler.c:1.41
--- src/crypto/dist/ipsec-tools/src/racoon/handler.c:1.40 Thu Nov 17 14:41:55 2011
+++ src/crypto/dist/ipsec-tools/src/racoon/handler.c Sun Jan 1 15:57:31 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: handler.c,v 1.40 2011/11/17 14:41:55 vanhu Exp $ */
+/* $NetBSD: handler.c,v 1.41 2012/01/01 15:57:31 tteras Exp $ */
/* Id: handler.c,v 1.28 2006/05/26 12:17:29 manubsd Exp */
@@ -213,7 +213,7 @@ getph1(ph1hint, local, remote, flags)
(ph1hint->id->l != p->id->l ||
memcmp(ph1hint->id->v, p->id->v, p->id->l) != 0)) {
plog(LLV_DEBUG2, LOCATION, NULL,
- "local identity does match hint\n");
+ "local identity does not match hint\n");
continue;
}
if (ph1hint->id_p && ph1hint->id_p->l &&
@@ -221,7 +221,7 @@ getph1(ph1hint, local, remote, flags)
(ph1hint->id_p->l != p->id_p->l ||
memcmp(ph1hint->id_p->v, p->id_p->v, p->id_p->l) != 0)) {
plog(LLV_DEBUG2, LOCATION, NULL,
- "remote identity does match hint\n");
+ "remote identity does not match hint\n");
continue;
}
}
Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.73 src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.74
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.73 Tue Oct 11 14:50:15 2011
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp.c Sun Jan 1 15:57:31 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp.c,v 1.73 2011/10/11 14:50:15 tteras Exp $ */
+/* $NetBSD: isakmp.c,v 1.74 2012/01/01 15:57:31 tteras Exp $ */
/* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
@@ -624,7 +624,7 @@ isakmp_main(msg, remote, local)
/*
* iph1 must be present for Information message.
* if iph1 is null then trying to get the phase1 status
- * as the packet from responder againt initiator's 1st
+ * as the packet from responder again initiator's 1st
* exchange in phase 1.
* NOTE: We think such informational exchange should be ignored.
*/
@@ -2358,7 +2358,7 @@ isakmp_chkph1there(iph2)
plog(LLV_ERROR, LOCATION, iph2->dst,
"phase2 negotiation failed "
"due to time up waiting for phase1. %s\n",
- sadbsecas2str(iph2->dst, iph2->src,
+ sadbsecas2str(iph2->src, iph2->dst,
iph2->satype, 0, 0));
plog(LLV_INFO, LOCATION, NULL,
"delete phase 2 handler.\n");
@@ -2909,7 +2909,7 @@ copy_ph1addresses(iph1, rmconf, remote,
struct remoteconf *rmconf;
struct sockaddr *remote, *local;
{
- u_int16_t port;
+ u_int16_t port = 0;
/* address portion must be grabbed from real remote address "remote" */
iph1->remote = dupsaddr(remote);
@@ -2919,7 +2919,7 @@ copy_ph1addresses(iph1, rmconf, remote,
/*
* if remote has no port # (in case of initiator - from ACQUIRE msg)
* - if remote.conf specifies port #, use that
- * - if remote.conf does not, use 500
+ * - if remote.conf does not, use lcconf->port_isakmp
* if remote has port # (in case of responder - from recvfrom(2))
* respect content of "remote".
*/
@@ -2928,7 +2928,7 @@ copy_ph1addresses(iph1, rmconf, remote,
if (rmconf != NULL)
port = extract_port(rmconf->remote);
if (port == 0)
- port = PORT_ISAKMP;
+ port = lcconf->port_isakmp;
set_port(iph1->remote, port);
}
Index: src/crypto/dist/ipsec-tools/src/racoon/pfkey.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/pfkey.c:1.57 src/crypto/dist/ipsec-tools/src/racoon/pfkey.c:1.58
--- src/crypto/dist/ipsec-tools/src/racoon/pfkey.c:1.57 Tue Mar 15 13:20:14 2011
+++ src/crypto/dist/ipsec-tools/src/racoon/pfkey.c Sun Jan 1 15:57:31 2012
@@ -1,6 +1,6 @@
-/* $NetBSD: pfkey.c,v 1.57 2011/03/15 13:20:14 vanhu Exp $ */
+/* $NetBSD: pfkey.c,v 1.58 2012/01/01 15:57:31 tteras Exp $ */
-/* $Id: pfkey.c,v 1.57 2011/03/15 13:20:14 vanhu Exp $ */
+/* $Id: pfkey.c,v 1.58 2012/01/01 15:57:31 tteras Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -1853,8 +1853,8 @@ pk_recvacquire(mhp)
* should ignore such a acquire message because the phase 2
* is just negotiating.
* 2. its state is equal to PHASE2ST_ESTABLISHED, then racoon
- * has to prcesss such a acquire message because racoon may
- * lost the expire message.
+ * has to process such an acquire message because racoon may
+ * have lost the expire message.
*/
iph2 = getph2byid(src, dst, xpl->sadb_x_policy_id);
if (iph2 != NULL) {
Index: src/crypto/dist/ipsec-tools/src/racoon/remoteconf.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/remoteconf.c:1.27 src/crypto/dist/ipsec-tools/src/racoon/remoteconf.c:1.28
--- src/crypto/dist/ipsec-tools/src/racoon/remoteconf.c:1.27 Sun Jan 1 15:29:28 2012
+++ src/crypto/dist/ipsec-tools/src/racoon/remoteconf.c Sun Jan 1 15:57:31 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: remoteconf.c,v 1.27 2012/01/01 15:29:28 tteras Exp $ */
+/* $NetBSD: remoteconf.c,v 1.28 2012/01/01 15:57:31 tteras Exp $ */
/* Id: remoteconf.c,v 1.38 2006/05/06 15:52:44 manubsd Exp */
@@ -604,6 +604,11 @@ duprmconf_shallow (rmconf)
new->proposal = NULL; /* will be filled by set_isakmp_proposal() */
+ /* Better to set remote to NULL to avoid that the destination
+ * rmconf uses the same allocated memory as the source rmconf.
+ */
+ new->remote = NULL;
+
return new;
}
