Module Name: src
Committed By: tteras
Date: Wed Aug 29 12:01:30 UTC 2012
Modified Files:
src/crypto/dist/ipsec-tools/src/racoon: isakmp_inf.c
Log Message:
>From Roman Hoog Antink <r...@open.ch>: Accept DPD messages with cookies
also in reversed order for compatiblity. At least Cisco 836 running
IOS 12.3(8)T does this.
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 \
src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c:1.47 src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c:1.48
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c:1.47 Tue Mar 15 13:20:14 2011
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c Wed Aug 29 12:01:30 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp_inf.c,v 1.47 2011/03/15 13:20:14 vanhu Exp $ */
+/* $NetBSD: isakmp_inf.c,v 1.48 2012/08/29 12:01:30 tteras Exp $ */
/* Id: isakmp_inf.c,v 1.44 2006/05/06 20:45:52 manubsd Exp */
@@ -1465,8 +1465,11 @@ isakmp_info_recv_r_u_ack (iph1, ru, msgi
return 0;
}
- if (memcmp(ru->i_ck, iph1->index.i_ck, sizeof(cookie_t)) ||
- memcmp(ru->r_ck, iph1->index.r_ck, sizeof(cookie_t))) {
+ /* accept cookies in original or reversed order */
+ if ((memcmp(ru->i_ck, iph1->index.i_ck, sizeof(cookie_t)) ||
+ memcmp(ru->r_ck, iph1->index.r_ck, sizeof(cookie_t))) &&
+ (memcmp(ru->r_ck, iph1->index.i_ck, sizeof(cookie_t)) ||
+ memcmp(ru->i_ck, iph1->index.r_ck, sizeof(cookie_t)))) {
plog(LLV_ERROR, LOCATION, iph1->remote,
"Cookie mismatch in DPD ACK!.\n");
return 0;
@@ -1477,7 +1480,7 @@ isakmp_info_recv_r_u_ack (iph1, ru, msgi
sched_cancel(&iph1->dpd_r_u);
isakmp_sched_r_u(iph1, 0);
- plog(LLV_DEBUG, LOCATION, NULL, "received an R-U-THERE-ACK\n");
+ plog(LLV_DEBUG, LOCATION, iph1->remote, "received an R-U-THERE-ACK\n");
return 0;
}
