Get rid of the evil CMPSADDR macro. Trac #295.
This commit is contained in:
parent
edd4f79009
commit
3d0db58d61
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: admin.c,v 1.30 2009/04/20 13:22:00 tteras Exp $ */
|
||||
/* $NetBSD: admin.c,v 1.31 2009/07/03 06:41:46 tteras Exp $ */
|
||||
|
||||
/* Id: admin.c,v 1.25 2006/04/06 14:31:04 manubsd Exp */
|
||||
|
||||
|
@ -167,6 +167,14 @@ end:
|
|||
return error;
|
||||
}
|
||||
|
||||
static int admin_ph1_delete_sa(struct ph1handle *iph1, void *arg)
|
||||
{
|
||||
if (iph1->status >= PHASE1ST_ESTABLISHED)
|
||||
isakmp_info_send_d1(iph1);
|
||||
purge_remote(iph1);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* main child's process.
|
||||
*/
|
||||
|
@ -257,7 +265,7 @@ admin_process(so2, combuf)
|
|||
break;
|
||||
}
|
||||
|
||||
iph1 = getph1byaddrwop(src, dst);
|
||||
iph1 = getph1byaddr(src, dst, 0);
|
||||
if (iph1 == NULL) {
|
||||
l_ac_errno = ENOENT;
|
||||
break;
|
||||
|
@ -292,30 +300,25 @@ admin_process(so2, combuf)
|
|||
|
||||
case ADMIN_DELETE_SA: {
|
||||
struct ph1handle *iph1;
|
||||
struct sockaddr *dst;
|
||||
struct sockaddr *src;
|
||||
struct ph1selector sel;
|
||||
char *loc, *rem;
|
||||
|
||||
src = (struct sockaddr *)
|
||||
memset(&sel, 0, sizeof(sel));
|
||||
sel.local = (struct sockaddr *)
|
||||
&((struct admin_com_indexes *)
|
||||
((caddr_t)com + sizeof(*com)))->src;
|
||||
dst = (struct sockaddr *)
|
||||
sel.remote = (struct sockaddr *)
|
||||
&((struct admin_com_indexes *)
|
||||
((caddr_t)com + sizeof(*com)))->dst;
|
||||
|
||||
loc = racoon_strdup(saddrwop2str(src));
|
||||
rem = racoon_strdup(saddrwop2str(dst));
|
||||
loc = racoon_strdup(saddr2str(sel.local));
|
||||
rem = racoon_strdup(saddr2str(sel.remote));
|
||||
STRDUP_FATAL(loc);
|
||||
STRDUP_FATAL(rem);
|
||||
|
||||
if ((iph1 = getph1byaddrwop(src, dst)) == NULL) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"phase 1 for %s -> %s not found\n", loc, rem);
|
||||
} else {
|
||||
if (iph1->status >= PHASE1ST_ESTABLISHED)
|
||||
isakmp_info_send_d1(iph1);
|
||||
purge_remote(iph1);
|
||||
}
|
||||
plog(LLV_INFO, LOCATION, NULL,
|
||||
"admin delete-sa %s %s\n", loc, rem);
|
||||
enumph1(&sel, admin_ph1_delete_sa, NULL);
|
||||
|
||||
racoon_free(loc);
|
||||
racoon_free(rem);
|
||||
|
@ -360,7 +363,7 @@ admin_process(so2, combuf)
|
|||
plog(LLV_INFO, LOCATION, NULL,
|
||||
"Flushing all SAs for peer %s\n", rem);
|
||||
|
||||
while ((iph1 = getph1bydstaddrwop(dst)) != NULL) {
|
||||
while ((iph1 = getph1bydstaddr(dst)) != NULL) {
|
||||
loc = racoon_strdup(saddrwop2str(iph1->local));
|
||||
STRDUP_FATAL(loc);
|
||||
|
||||
|
@ -429,7 +432,7 @@ admin_process(so2, combuf)
|
|||
l_ac_errno = -1;
|
||||
|
||||
/* connected already? */
|
||||
ph1 = getph1byaddrwop(src, dst);
|
||||
ph1 = getph1byaddr(src, dst, 0);
|
||||
if (ph1 != NULL) {
|
||||
event_list = &ph1->evt_listeners;
|
||||
if (ph1->status == PHASE1ST_ESTABLISHED)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: grabmyaddr.c,v 1.22 2009/04/21 18:38:31 tteras Exp $ */
|
||||
/* $NetBSD: grabmyaddr.c,v 1.23 2009/07/03 06:41:46 tteras Exp $ */
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
* Copyright (C) 2008 Timo Teras <timo.teras@iki.fi>.
|
||||
|
@ -100,7 +100,7 @@ myaddr_configured(addr)
|
|||
return TRUE;
|
||||
|
||||
LIST_FOREACH(cfg, &configured, chain) {
|
||||
if (cmpsaddrstrict(addr, (struct sockaddr *) &cfg->addr) == 0)
|
||||
if (cmpsaddr(addr, (struct sockaddr *) &cfg->addr) == 0)
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
@ -116,7 +116,7 @@ myaddr_open(addr, udp_encap)
|
|||
|
||||
/* Already open? */
|
||||
LIST_FOREACH(my, &opened, chain) {
|
||||
if (cmpsaddrstrict(addr, (struct sockaddr *) &my->addr) == 0)
|
||||
if (cmpsaddr(addr, (struct sockaddr *) &my->addr) == 0)
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
@ -156,7 +156,7 @@ myaddr_open_all_configured(addr)
|
|||
|
||||
LIST_FOREACH(cfg, &configured, chain) {
|
||||
if (addr != NULL &&
|
||||
cmpsaddrwop(addr, (struct sockaddr *) &cfg->addr) != 0)
|
||||
cmpsaddr(addr, (struct sockaddr *) &cfg->addr) != 0)
|
||||
continue;
|
||||
if (!myaddr_open((struct sockaddr *) &cfg->addr, cfg->udp_encap))
|
||||
return FALSE;
|
||||
|
@ -187,8 +187,8 @@ myaddr_close_all_open(addr)
|
|||
for (my = LIST_FIRST(&opened); my; my = next) {
|
||||
next = LIST_NEXT(my, chain);
|
||||
|
||||
if (!cmpsaddrwop((struct sockaddr *) &addr,
|
||||
(struct sockaddr *) &my->addr))
|
||||
if (!cmpsaddr((struct sockaddr *) &addr,
|
||||
(struct sockaddr *) &my->addr))
|
||||
myaddr_delete(my);
|
||||
}
|
||||
}
|
||||
|
@ -261,7 +261,7 @@ myaddr_getfd(addr)
|
|||
struct myaddr *my;
|
||||
|
||||
LIST_FOREACH(my, &opened, chain) {
|
||||
if (cmpsaddrstrict((struct sockaddr *) &my->addr, addr) == 0)
|
||||
if (cmpsaddr((struct sockaddr *) &my->addr, addr) == 0)
|
||||
return my->fd;
|
||||
}
|
||||
|
||||
|
@ -273,19 +273,13 @@ myaddr_getsport(addr)
|
|||
struct sockaddr *addr;
|
||||
{
|
||||
struct myaddr *my;
|
||||
int bestmatch_port = -1;
|
||||
|
||||
LIST_FOREACH(my, &opened, chain) {
|
||||
if (cmpsaddrstrict((struct sockaddr *) &my->addr, addr) == 0)
|
||||
if (cmpsaddr((struct sockaddr *) &my->addr, addr) == 0)
|
||||
return extract_port((struct sockaddr *) &my->addr);
|
||||
if (cmpsaddrwop((struct sockaddr *) &my->addr, addr) != 0)
|
||||
continue;
|
||||
if (bestmatch_port == -1 ||
|
||||
extract_port((struct sockaddr *) &my->addr) == PORT_ISAKMP)
|
||||
bestmatch_port = extract_port((struct sockaddr *) &my->addr);
|
||||
}
|
||||
|
||||
return bestmatch_port;
|
||||
return PORT_ISAKMP;
|
||||
}
|
||||
|
||||
void
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: handler.c,v 1.28 2009/04/28 13:54:07 tteras Exp $ */
|
||||
/* $NetBSD: handler.c,v 1.29 2009/07/03 06:41:46 tteras Exp $ */
|
||||
|
||||
/* Id: handler.c,v 1.28 2006/05/26 12:17:29 manubsd Exp */
|
||||
|
||||
|
@ -120,11 +120,11 @@ enumph1(sel, enum_func, enum_arg)
|
|||
LIST_FOREACH(p, &ph1tree, chain) {
|
||||
if (sel != NULL) {
|
||||
if (sel->local != NULL &&
|
||||
CMPSADDR(sel->local, p->local) != 0)
|
||||
cmpsaddr(sel->local, p->local) != 0)
|
||||
continue;
|
||||
|
||||
if (sel->remote != NULL &&
|
||||
CMPSADDR(sel->remote, p->remote) != 0)
|
||||
cmpsaddr(sel->remote, p->remote) != 0)
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -201,17 +201,12 @@ getph1(rmconf, local, remote, flags)
|
|||
"status %d, skipping\n", p->status);
|
||||
continue;
|
||||
}
|
||||
if (flags & GETPH1_F_WITHOUT_PORTS) {
|
||||
if (local != NULL && cmpsaddrwop(local, p->local) != 0)
|
||||
continue;
|
||||
if (remote != NULL && cmpsaddrwop(remote, p->remote) != 0)
|
||||
continue;
|
||||
} else {
|
||||
if (local != NULL && CMPSADDR(local, p->local) != 0)
|
||||
continue;
|
||||
if (remote != NULL && CMPSADDR(remote, p->remote) != 0)
|
||||
continue;
|
||||
}
|
||||
|
||||
if (local != NULL && cmpsaddr(local, p->local) != 0)
|
||||
continue;
|
||||
|
||||
if (remote != NULL && cmpsaddr(remote, p->remote) != 0)
|
||||
continue;
|
||||
|
||||
plog(LLV_DEBUG2, LOCATION, NULL, "matched\n");
|
||||
return p;
|
||||
|
@ -287,8 +282,8 @@ void migrate_dying_ph12(iph1)
|
|||
if (p->status < PHASE1ST_DYING)
|
||||
continue;
|
||||
|
||||
if (CMPSADDR(iph1->local, p->local) == 0
|
||||
&& CMPSADDR(iph1->remote, p->remote) == 0)
|
||||
if (cmpsaddr(iph1->local, p->local) == 0
|
||||
&& cmpsaddr(iph1->remote, p->remote) == 0)
|
||||
migrate_ph12(p, iph1);
|
||||
}
|
||||
}
|
||||
|
@ -518,11 +513,11 @@ enumph2(sel, enum_func, enum_arg)
|
|||
continue;
|
||||
|
||||
if (sel->src != NULL &&
|
||||
CMPSADDR(sel->src, p->src) != 0)
|
||||
cmpsaddr(sel->src, p->src) != 0)
|
||||
continue;
|
||||
|
||||
if (sel->dst != NULL &&
|
||||
CMPSADDR(sel->dst, p->dst) != 0)
|
||||
cmpsaddr(sel->dst, p->dst) != 0)
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -586,8 +581,8 @@ getph2byid(src, dst, spid)
|
|||
|
||||
LIST_FOREACH(p, &ph2tree, chain) {
|
||||
if (spid == p->spid &&
|
||||
cmpsaddrwild(src, p->src) == 0 &&
|
||||
cmpsaddrwild(dst, p->dst) == 0){
|
||||
cmpsaddr(src, p->src) == 0 &&
|
||||
cmpsaddr(dst, p->dst) == 0){
|
||||
/* Sanity check to detect zombie handlers
|
||||
* XXX Sould be done "somewhere" more interesting,
|
||||
* because we have lots of getph2byxxxx(), but this one
|
||||
|
@ -614,8 +609,8 @@ getph2bysaddr(src, dst)
|
|||
struct ph2handle *p;
|
||||
|
||||
LIST_FOREACH(p, &ph2tree, chain) {
|
||||
if (cmpsaddrstrict(src, p->src) == 0 &&
|
||||
cmpsaddrstrict(dst, p->dst) == 0)
|
||||
if (cmpsaddr(src, p->src) == 0 &&
|
||||
cmpsaddr(dst, p->dst) == 0)
|
||||
return p;
|
||||
}
|
||||
|
||||
|
@ -918,7 +913,7 @@ getcontacted(remote)
|
|||
struct contacted *p;
|
||||
|
||||
LIST_FOREACH(p, &ctdtree, chain) {
|
||||
if (cmpsaddrstrict(remote, p->remote) == 0)
|
||||
if (cmpsaddr(remote, p->remote) == 0)
|
||||
return p;
|
||||
}
|
||||
|
||||
|
@ -997,7 +992,7 @@ check_recvdpkt(remote, local, rbuf)
|
|||
/*
|
||||
* the packet was processed before, but the remote address mismatches.
|
||||
*/
|
||||
if (cmpsaddrstrict(remote, r->remote) != 0)
|
||||
if (cmpsaddr(remote, r->remote) != 0)
|
||||
return 2;
|
||||
|
||||
/*
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: handler.h,v 1.20 2009/03/12 10:57:26 tteras Exp $ */
|
||||
/* $NetBSD: handler.h,v 1.21 2009/07/03 06:41:46 tteras Exp $ */
|
||||
|
||||
/* Id: handler.h,v 1.19 2006/02/25 08:25:12 manubsd Exp */
|
||||
|
||||
|
@ -467,7 +467,6 @@ extern int enumph1 __P((struct ph1selector *ph1sel,
|
|||
void *enum_arg));
|
||||
|
||||
#define GETPH1_F_ESTABLISHED 0x0001
|
||||
#define GETPH1_F_WITHOUT_PORTS 0x0002
|
||||
|
||||
extern struct ph1handle *getph1 __P((struct remoteconf *rmconf,
|
||||
struct sockaddr *local,
|
||||
|
@ -476,10 +475,8 @@ extern struct ph1handle *getph1 __P((struct remoteconf *rmconf,
|
|||
|
||||
#define getph1byaddr(local, remote, est) \
|
||||
getph1(NULL, local, remote, est ? GETPH1_F_ESTABLISHED : 0)
|
||||
#define getph1byaddrwop(local, remote) \
|
||||
getph1(NULL, local, remote, GETPH1_F_WITHOUT_PORTS)
|
||||
#define getph1bydstaddrwop(remote) \
|
||||
getph1(NULL, NULL, remote, GETPH1_F_WITHOUT_PORTS)
|
||||
#define getph1bydstaddr(remote) \
|
||||
getph1(NULL, NULL, remote, 0)
|
||||
|
||||
#ifdef ENABLE_HYBRID
|
||||
struct ph1handle *getph1bylogin __P((char *));
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: isakmp.c,v 1.57 2009/07/03 06:40:10 tteras Exp $ */
|
||||
/* $NetBSD: isakmp.c,v 1.58 2009/07/03 06:41:46 tteras Exp $ */
|
||||
|
||||
/* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
|
||||
|
||||
|
@ -468,8 +468,8 @@ isakmp_main(msg, remote, local)
|
|||
/* Floating ports for NAT-T */
|
||||
if (NATT_AVAILABLE(iph1) &&
|
||||
! (iph1->natt_flags & NAT_PORTS_CHANGED) &&
|
||||
((cmpsaddrstrict(iph1->remote, remote) != 0) ||
|
||||
(cmpsaddrstrict(iph1->local, local) != 0)))
|
||||
((cmpsaddr(iph1->remote, remote) != 0) ||
|
||||
(cmpsaddr(iph1->local, local) != 0)))
|
||||
{
|
||||
/* prevent memory leak */
|
||||
racoon_free(iph1->remote);
|
||||
|
@ -510,7 +510,7 @@ isakmp_main(msg, remote, local)
|
|||
#endif
|
||||
|
||||
/* must be same addresses in one stream of a phase at least. */
|
||||
if (cmpsaddrstrict(iph1->remote, remote) != 0) {
|
||||
if (cmpsaddr(iph1->remote, remote) != 0) {
|
||||
char *saddr_db, *saddr_act;
|
||||
|
||||
saddr_db = racoon_strdup(saddr2str(iph1->remote));
|
||||
|
@ -636,7 +636,7 @@ isakmp_main(msg, remote, local)
|
|||
"exchange received.\n");
|
||||
return -1;
|
||||
}
|
||||
if (cmpsaddrstrict(iph1->remote, remote) != 0) {
|
||||
if (cmpsaddr(iph1->remote, remote) != 0) {
|
||||
plog(LLV_WARNING, LOCATION, remote,
|
||||
"remote address mismatched. "
|
||||
"db=%s\n",
|
||||
|
@ -1268,6 +1268,12 @@ isakmp_ph2begin_i(iph1, iph2)
|
|||
}
|
||||
#endif
|
||||
|
||||
/* fixup ph2 ports for this ph1 */
|
||||
if (extract_port(iph2->src) == 0)
|
||||
set_port(iph2->src, extract_port(iph1->local));
|
||||
if (extract_port(iph2->dst) == 0)
|
||||
set_port(iph2->dst, extract_port(iph1->remote));
|
||||
|
||||
/* found ISAKMP-SA. */
|
||||
plog(LLV_DEBUG, LOCATION, NULL, "===\n");
|
||||
plog(LLV_DEBUG, LOCATION, NULL, "begin QUICK mode.\n");
|
||||
|
@ -1346,15 +1352,6 @@ isakmp_ph2begin_r(iph1, msg)
|
|||
delph2(iph2);
|
||||
return -1;
|
||||
}
|
||||
#if (!defined(ENABLE_NATT)) || (defined(BROKEN_NATT))
|
||||
if (set_port(iph2->dst, 0) == NULL ||
|
||||
set_port(iph2->src, 0) == NULL) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"invalid family: %d\n", iph2->dst->sa_family);
|
||||
delph2(iph2);
|
||||
return -1;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* add new entry to isakmp status table */
|
||||
insph2(iph2);
|
||||
|
@ -2179,23 +2176,12 @@ isakmp_post_acquire(iph2)
|
|||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Search isakmp status table by address and port
|
||||
* If NAT-T is in use, consider null ports as a
|
||||
* wildcard and use IKE ports instead.
|
||||
/*
|
||||
* XXX Searching by IP addresses + ports might fail on
|
||||
* some cases, we should use the ISAKMP identity to search
|
||||
* matching ISAKMP.
|
||||
*/
|
||||
#ifdef ENABLE_NATT
|
||||
if (!extract_port(iph2->src) && !extract_port(iph2->dst)) {
|
||||
if ((iph1 = getph1byaddrwop(iph2->src, iph2->dst)) != NULL) {
|
||||
set_port(iph2->src, extract_port(iph1->local));
|
||||
set_port(iph2->dst, extract_port(iph1->remote));
|
||||
}
|
||||
} else {
|
||||
iph1 = getph1byaddr(iph2->src, iph2->dst, 0);
|
||||
}
|
||||
#else
|
||||
iph1 = getph1byaddr(iph2->src, iph2->dst, 0);
|
||||
#endif
|
||||
|
||||
/* no ISAKMP-SA found. */
|
||||
if (iph1 == NULL) {
|
||||
|
@ -2373,26 +2359,8 @@ isakmp_chkph1there(iph2)
|
|||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
* Search isakmp status table by address and port
|
||||
* If NAT-T is in use, consider null ports as a
|
||||
* wildcard and use IKE ports instead.
|
||||
*/
|
||||
#ifdef ENABLE_NATT
|
||||
if (!extract_port(iph2->src) && !extract_port(iph2->dst)) {
|
||||
plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: extract_port.\n");
|
||||
if( (iph1 = getph1byaddrwop(iph2->src, iph2->dst)) != NULL){
|
||||
plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: found a ph1 wop.\n");
|
||||
}
|
||||
} else {
|
||||
plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: searching byaddr.\n");
|
||||
iph1 = getph1byaddr(iph2->src, iph2->dst, 0);
|
||||
if(iph1 != NULL)
|
||||
plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: found byaddr.\n");
|
||||
}
|
||||
#else
|
||||
/* Search isakmp status table by address and port */
|
||||
iph1 = getph1byaddr(iph2->src, iph2->dst, 0);
|
||||
#endif
|
||||
|
||||
/* XXX Even if ph1 as responder is there, should we not start
|
||||
* phase 2 negotiation ? */
|
||||
|
@ -3314,20 +3282,10 @@ purge_remote(iph1)
|
|||
msg = next;
|
||||
continue;
|
||||
}
|
||||
pk_fixup_sa_addresses(mhp);
|
||||
src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
|
||||
dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
|
||||
|
||||
#ifdef SADB_X_NAT_T_NEW_MAPPING
|
||||
if (PFKEY_ADDR_X_NATTYPE(mhp[SADB_X_EXT_NAT_T_TYPE])) {
|
||||
/* NAT-T is enabled for this SADB entry; copy
|
||||
* the ports from NAT-T extensions */
|
||||
if(mhp[SADB_X_EXT_NAT_T_SPORT] != NULL)
|
||||
set_port(src, PFKEY_ADDR_X_PORT(mhp[SADB_X_EXT_NAT_T_SPORT]));
|
||||
if(mhp[SADB_X_EXT_NAT_T_DPORT] != NULL)
|
||||
set_port(dst, PFKEY_ADDR_X_PORT(mhp[SADB_X_EXT_NAT_T_DPORT]));
|
||||
}
|
||||
#endif
|
||||
|
||||
if (sa->sadb_sa_state != SADB_SASTATE_LARVAL &&
|
||||
sa->sadb_sa_state != SADB_SASTATE_MATURE &&
|
||||
sa->sadb_sa_state != SADB_SASTATE_DYING) {
|
||||
|
@ -3339,22 +3297,14 @@ purge_remote(iph1)
|
|||
* check in/outbound SAs.
|
||||
* Select only SAs where src == local and dst == remote (outgoing)
|
||||
* or src == remote and dst == local (incoming).
|
||||
* XXX we sometime have src/dst ports set to 0 and want to match
|
||||
* iph1->local/remote with ports set to 500. This is a bug, see trac:2
|
||||
*/
|
||||
#ifdef ENABLE_NATT
|
||||
if ((cmpsaddrmagic(iph1->local, src) || cmpsaddrmagic(iph1->remote, dst)) &&
|
||||
(cmpsaddrmagic(iph1->local, dst) || cmpsaddrmagic(iph1->remote, src))) {
|
||||
if ((cmpsaddr(iph1->local, src) ||
|
||||
cmpsaddr(iph1->remote, dst)) &&
|
||||
(cmpsaddr(iph1->local, dst) ||
|
||||
cmpsaddr(iph1->remote, src))) {
|
||||
msg = next;
|
||||
continue;
|
||||
}
|
||||
#else
|
||||
if ((CMPSADDR(iph1->local, src) || CMPSADDR(iph1->remote, dst)) &&
|
||||
(CMPSADDR(iph1->local, dst) || CMPSADDR(iph1->remote, src))) {
|
||||
msg = next;
|
||||
continue;
|
||||
}
|
||||
#endif
|
||||
|
||||
proto_id = pfkey2ipsecdoi_proto(msg->sadb_msg_satype);
|
||||
iph2 = getph2bysaidx(src, dst, proto_id, sa->sadb_sa_spi);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: isakmp_cfg.c,v 1.21 2009/01/23 08:23:51 tteras Exp $ */
|
||||
/* $NetBSD: isakmp_cfg.c,v 1.22 2009/07/03 06:41:46 tteras Exp $ */
|
||||
|
||||
/* Id: isakmp_cfg.c,v 1.55 2006/08/22 18:17:17 manubsd Exp */
|
||||
|
||||
|
@ -1151,15 +1151,6 @@ isakmp_cfg_send(iph1, payload, np, flags, new_exchange)
|
|||
goto end;
|
||||
}
|
||||
|
||||
#if (!defined(ENABLE_NATT)) || (defined(BROKEN_NATT))
|
||||
if (set_port(iph2->dst, 0) == NULL ||
|
||||
set_port(iph2->src, 0) == NULL) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"invalid family: %d\n", iph1->remote->sa_family);
|
||||
delph2(iph2);
|
||||
goto end;
|
||||
}
|
||||
#endif
|
||||
iph2->side = INITIATOR;
|
||||
iph2->status = PHASE2ST_START;
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: isakmp_inf.c,v 1.40 2009/07/03 06:40:10 tteras Exp $ */
|
||||
/* $NetBSD: isakmp_inf.c,v 1.41 2009/07/03 06:41:46 tteras Exp $ */
|
||||
|
||||
/* Id: isakmp_inf.c,v 1.44 2006/05/06 20:45:52 manubsd Exp */
|
||||
|
||||
|
@ -899,15 +899,6 @@ isakmp_info_send_common(iph1, payload, np, flags)
|
|||
delph2(iph2);
|
||||
goto end;
|
||||
}
|
||||
#if (!defined(ENABLE_NATT)) || (defined(BROKEN_NATT))
|
||||
if (set_port(iph2->dst, 0) == NULL ||
|
||||
set_port(iph2->src, 0) == NULL) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"invalid family: %d\n", iph1->remote->sa_family);
|
||||
delph2(iph2);
|
||||
goto end;
|
||||
}
|
||||
#endif
|
||||
iph2->side = INITIATOR;
|
||||
iph2->status = PHASE2ST_START;
|
||||
iph2->msgid = isakmp_newmsgid2(iph1);
|
||||
|
@ -1123,9 +1114,6 @@ purge_ipsec_spi(dst0, proto, spi, n)
|
|||
u_int64_t created;
|
||||
size_t i;
|
||||
caddr_t mhp[SADB_EXT_MAX + 1];
|
||||
#ifdef ENABLE_NATT
|
||||
int natt_port_forced;
|
||||
#endif
|
||||
|
||||
plog(LLV_DEBUG2, LOCATION, NULL,
|
||||
"purge_ipsec_spi:\n");
|
||||
|
@ -1165,6 +1153,7 @@ purge_ipsec_spi(dst0, proto, spi, n)
|
|||
msg = next;
|
||||
continue;
|
||||
}
|
||||
pk_fixup_sa_addresses(mhp);
|
||||
src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
|
||||
dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
|
||||
lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
|
||||
|
@ -1178,28 +1167,7 @@ purge_ipsec_spi(dst0, proto, spi, n)
|
|||
msg = next;
|
||||
continue;
|
||||
}
|
||||
#ifdef ENABLE_NATT
|
||||
if (PFKEY_ADDR_X_NATTYPE(mhp[SADB_X_EXT_NAT_T_TYPE])) {
|
||||
/* NAT-T is enabled for this SADB entry; copy
|
||||
* the ports from NAT-T extensions */
|
||||
if (extract_port(src) == 0 &&
|
||||
mhp[SADB_X_EXT_NAT_T_SPORT] != NULL) {
|
||||
set_port(src, PFKEY_ADDR_X_PORT(mhp[SADB_X_EXT_NAT_T_SPORT]));
|
||||
}
|
||||
|
||||
if (extract_port(dst) == 0 &&
|
||||
mhp[SADB_X_EXT_NAT_T_DPORT] != NULL) {
|
||||
set_port(dst, PFKEY_ADDR_X_PORT(mhp[SADB_X_EXT_NAT_T_DPORT]));
|
||||
}
|
||||
natt_port_forced = 0;
|
||||
} else {
|
||||
/* Force default UDP ports, so
|
||||
* CMPSADDR will match SAs with NO encapsulation */
|
||||
set_port(src, PORT_ISAKMP);
|
||||
set_port(dst, PORT_ISAKMP);
|
||||
natt_port_forced = 1;
|
||||
}
|
||||
#endif
|
||||
plog(LLV_DEBUG2, LOCATION, NULL, "src: %s\n", saddr2str(src));
|
||||
plog(LLV_DEBUG2, LOCATION, NULL, "dst: %s\n", saddr2str(dst));
|
||||
|
||||
|
@ -1207,19 +1175,11 @@ purge_ipsec_spi(dst0, proto, spi, n)
|
|||
|
||||
/* don't delete inbound SAs at the moment */
|
||||
/* XXX should we remove SAs with opposite direction as well? */
|
||||
if (CMPSADDR(dst0, dst)) {
|
||||
if (cmpsaddr(dst0, dst)) {
|
||||
msg = next;
|
||||
continue;
|
||||
}
|
||||
|
||||
#ifdef ENABLE_NATT
|
||||
if (natt_port_forced) {
|
||||
/* Set back port to 0 if it was forced
|
||||
* to default UDP port */
|
||||
set_port(src, 0);
|
||||
set_port(dst, 0);
|
||||
}
|
||||
#endif
|
||||
for (i = 0; i < n; i++) {
|
||||
plog(LLV_DEBUG, LOCATION, NULL,
|
||||
"check spi(packet)=%u spi(db)=%u.\n",
|
||||
|
@ -1350,37 +1310,33 @@ isakmp_info_recv_initialcontact(iph1, protectedph2)
|
|||
msg = (struct sadb_msg *)buf->v;
|
||||
end = (struct sadb_msg *)(buf->v + buf->l);
|
||||
|
||||
while (msg < end) {
|
||||
for (; msg < end; msg = next) {
|
||||
if ((msg->sadb_msg_len << 3) < sizeof(*msg))
|
||||
break;
|
||||
|
||||
next = (struct sadb_msg *)((caddr_t)msg + (msg->sadb_msg_len << 3));
|
||||
if (msg->sadb_msg_type != SADB_DUMP) {
|
||||
msg = next;
|
||||
if (msg->sadb_msg_type != SADB_DUMP)
|
||||
continue;
|
||||
}
|
||||
|
||||
if (pfkey_align(msg, mhp) || pfkey_check(mhp)) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"pfkey_check (%s)\n", ipsec_strerror());
|
||||
msg = next;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (mhp[SADB_EXT_SA] == NULL
|
||||
|| mhp[SADB_EXT_ADDRESS_SRC] == NULL
|
||||
|| mhp[SADB_EXT_ADDRESS_DST] == NULL) {
|
||||
msg = next;
|
||||
|| mhp[SADB_EXT_ADDRESS_DST] == NULL)
|
||||
continue;
|
||||
}
|
||||
|
||||
sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
|
||||
pk_fixup_sa_addresses(mhp);
|
||||
src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
|
||||
dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
|
||||
|
||||
if (sa->sadb_sa_state != SADB_SASTATE_MATURE
|
||||
&& sa->sadb_sa_state != SADB_SASTATE_DYING) {
|
||||
msg = next;
|
||||
&& sa->sadb_sa_state != SADB_SASTATE_DYING)
|
||||
continue;
|
||||
}
|
||||
|
||||
/*
|
||||
* RFC2407 4.6.3.3 INITIAL-CONTACT is the message that
|
||||
|
@ -1390,39 +1346,18 @@ isakmp_info_recv_initialcontact(iph1, protectedph2)
|
|||
* racoon only deletes SA which is matched both the
|
||||
* source address and the destination accress.
|
||||
*/
|
||||
#ifdef ENABLE_NATT
|
||||
/*
|
||||
* XXX RFC 3947 says that whe MUST NOT use IP+port to find old SAs
|
||||
* from this peer !
|
||||
*/
|
||||
if(iph1->natt_flags & NAT_DETECTED){
|
||||
if (CMPSADDR(iph1->local, src) == 0 &&
|
||||
CMPSADDR(iph1->remote, dst) == 0)
|
||||
;
|
||||
else if (CMPSADDR(iph1->remote, src) == 0 &&
|
||||
CMPSADDR(iph1->local, dst) == 0)
|
||||
;
|
||||
else {
|
||||
msg = next;
|
||||
continue;
|
||||
}
|
||||
} else
|
||||
#endif
|
||||
/* If there is no NAT-T, we don't have to check addr + port...
|
||||
* XXX what about a configuration with a remote peers which is not
|
||||
* NATed, but which NATs some other peers ?
|
||||
* Here, the INITIAl-CONTACT would also flush all those NATed peers !!
|
||||
*/
|
||||
if (cmpsaddrwop(iph1->local, src) == 0 &&
|
||||
cmpsaddrwop(iph1->remote, dst) == 0)
|
||||
;
|
||||
else if (cmpsaddrwop(iph1->remote, src) == 0 &&
|
||||
cmpsaddrwop(iph1->local, dst) == 0)
|
||||
;
|
||||
else {
|
||||
msg = next;
|
||||
|
||||
/*
|
||||
* Check that the IP and port match. But this is not optimal,
|
||||
* since NAT-T can make the peer have multiple different
|
||||
* ports. Correct thing to do is delete all entries with
|
||||
* same identity. -TT
|
||||
*/
|
||||
if ((cmpsaddr(iph1->local, src) != 0 ||
|
||||
cmpsaddr(iph1->remote, dst) != 0) &&
|
||||
(cmpsaddr(iph1->local, dst) != 0 ||
|
||||
cmpsaddr(iph1->remote, src) != 0))
|
||||
continue;
|
||||
}
|
||||
|
||||
/*
|
||||
* Make sure this is an SATYPE that we manage.
|
||||
|
@ -1434,10 +1369,8 @@ isakmp_info_recv_initialcontact(iph1, protectedph2)
|
|||
msg->sadb_msg_satype)
|
||||
break;
|
||||
}
|
||||
if (i == pfkey_nsatypes) {
|
||||
msg = next;
|
||||
if (i == pfkey_nsatypes)
|
||||
continue;
|
||||
}
|
||||
|
||||
plog(LLV_INFO, LOCATION, NULL,
|
||||
"purging spi=%u.\n", ntohl(sa->sadb_sa_spi));
|
||||
|
@ -1457,8 +1390,6 @@ isakmp_info_recv_initialcontact(iph1, protectedph2)
|
|||
remph2(iph2);
|
||||
delph2(iph2);
|
||||
}
|
||||
|
||||
msg = next;
|
||||
}
|
||||
|
||||
vfree(buf);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: isakmp_quick.c,v 1.25 2009/03/12 10:57:26 tteras Exp $ */
|
||||
/* $NetBSD: isakmp_quick.c,v 1.26 2009/07/03 06:41:46 tteras Exp $ */
|
||||
|
||||
/* Id: isakmp_quick.c,v 1.29 2006/08/22 18:17:17 manubsd Exp */
|
||||
|
||||
|
@ -610,17 +610,19 @@ quick_i2recv(iph2, msg0)
|
|||
error = ISAKMP_NTYPE_ATTRIBUTES_NOT_SUPPORTED;
|
||||
goto end;
|
||||
}
|
||||
#ifdef ENABLE_NATT
|
||||
set_port(iph2->natoa_src,
|
||||
extract_port((struct sockaddr *) &proposed_addr));
|
||||
#endif
|
||||
|
||||
if (cmpsaddrstrict((struct sockaddr *) &proposed_addr,
|
||||
(struct sockaddr *) &got_addr) == 0) {
|
||||
if (cmpsaddr((struct sockaddr *) &proposed_addr,
|
||||
(struct sockaddr *) &got_addr) == 0) {
|
||||
plog(LLV_DEBUG, LOCATION, NULL,
|
||||
"IDci matches proposal.\n");
|
||||
#ifdef ENABLE_NATT
|
||||
} else if (iph2->natoa_src != NULL
|
||||
&& cmpsaddrwop(iph2->natoa_src,
|
||||
(struct sockaddr *) &got_addr) == 0
|
||||
&& extract_port((struct sockaddr *) &proposed_addr) ==
|
||||
extract_port((struct sockaddr *) &got_addr)) {
|
||||
&& cmpsaddr(iph2->natoa_src,
|
||||
(struct sockaddr *) &got_addr) == 0) {
|
||||
plog(LLV_DEBUG, LOCATION, NULL,
|
||||
"IDci matches NAT-OAi.\n");
|
||||
#endif
|
||||
|
@ -656,16 +658,19 @@ quick_i2recv(iph2, msg0)
|
|||
goto end;
|
||||
}
|
||||
|
||||
if (cmpsaddrstrict((struct sockaddr *) &proposed_addr,
|
||||
(struct sockaddr *) &got_addr) == 0) {
|
||||
#ifdef ENABLE_NATT
|
||||
set_port(iph2->natoa_dst,
|
||||
extract_port((struct sockaddr *) &proposed_addr));
|
||||
#endif
|
||||
|
||||
if (cmpsaddr((struct sockaddr *) &proposed_addr,
|
||||
(struct sockaddr *) &got_addr) == 0) {
|
||||
plog(LLV_DEBUG, LOCATION, NULL,
|
||||
"IDcr matches proposal.\n");
|
||||
#ifdef ENABLE_NATT
|
||||
} else if (iph2->natoa_dst != NULL
|
||||
&& cmpsaddrwop(iph2->natoa_dst,
|
||||
(struct sockaddr *) &got_addr) == 0
|
||||
&& extract_port((struct sockaddr *) &proposed_addr) ==
|
||||
extract_port((struct sockaddr *) &got_addr)) {
|
||||
&& cmpsaddr(iph2->natoa_dst,
|
||||
(struct sockaddr *) &got_addr) == 0) {
|
||||
plog(LLV_DEBUG, LOCATION, NULL,
|
||||
"IDcr matches NAT-OAr.\n");
|
||||
#endif
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: nattraversal.c,v 1.11 2009/05/18 17:00:42 tteras Exp $ */
|
||||
/* $NetBSD: nattraversal.c,v 1.12 2009/07/03 06:41:46 tteras Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany.
|
||||
|
@ -379,8 +379,8 @@ natt_keepalive_add (struct sockaddr *src, struct sockaddr *dst)
|
|||
struct natt_ka_addrs *ka = NULL, *new_addr;
|
||||
|
||||
TAILQ_FOREACH (ka, &ka_tree, chain) {
|
||||
if (cmpsaddrstrict(ka->src, src) == 0 &&
|
||||
cmpsaddrstrict(ka->dst, dst) == 0) {
|
||||
if (cmpsaddr(ka->src, src) == 0 &&
|
||||
cmpsaddr(ka->dst, dst) == 0) {
|
||||
ka->in_use++;
|
||||
plog (LLV_INFO, LOCATION, NULL, "KA found: %s (in_use=%u)\n",
|
||||
saddr2str_fromto("%s->%s", src, dst), ka->in_use);
|
||||
|
@ -443,8 +443,8 @@ natt_keepalive_remove (struct sockaddr *src, struct sockaddr *dst)
|
|||
plog (LLV_DEBUG, LOCATION, NULL, "KA tree dump: %s (in_use=%u)\n",
|
||||
saddr2str_fromto("%s->%s", src, dst), ka->in_use);
|
||||
|
||||
if (cmpsaddrstrict(ka->src, src) == 0 &&
|
||||
cmpsaddrstrict(ka->dst, dst) == 0 &&
|
||||
if (cmpsaddr(ka->src, src) == 0 &&
|
||||
cmpsaddr(ka->dst, dst) == 0 &&
|
||||
-- ka->in_use <= 0) {
|
||||
|
||||
plog (LLV_DEBUG, LOCATION, NULL, "KA removing this one...\n");
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/* $NetBSD: pfkey.c,v 1.47 2009/07/03 06:40:10 tteras Exp $ */
|
||||
/* $NetBSD: pfkey.c,v 1.48 2009/07/03 06:41:46 tteras Exp $ */
|
||||
|
||||
/* $Id: pfkey.c,v 1.47 2009/07/03 06:40:10 tteras Exp $ */
|
||||
/* $Id: pfkey.c,v 1.48 2009/07/03 06:41:46 tteras Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
|
@ -774,8 +774,12 @@ pk_fixup_sa_addresses(mhp)
|
|||
caddr_t *mhp;
|
||||
{
|
||||
struct sockaddr *src, *dst;
|
||||
|
||||
src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
|
||||
dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
|
||||
set_port(src, PORT_ISAKMP);
|
||||
set_port(dst, PORT_ISAKMP);
|
||||
|
||||
#ifdef ENABLE_NATT
|
||||
if (PFKEY_ADDR_X_NATTYPE(mhp[SADB_X_EXT_NAT_T_TYPE])) {
|
||||
/* NAT-T is enabled for this SADB entry; copy
|
||||
|
@ -785,9 +789,6 @@ pk_fixup_sa_addresses(mhp)
|
|||
if(mhp[SADB_X_EXT_NAT_T_DPORT] != NULL)
|
||||
set_port(dst, PFKEY_ADDR_X_PORT(mhp[SADB_X_EXT_NAT_T_DPORT]));
|
||||
}
|
||||
#else
|
||||
set_port(src, 0);
|
||||
set_port(dst, 0);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
@ -949,10 +950,6 @@ pk_sendgetspi(iph2)
|
|||
dport=extract_port(dst);
|
||||
}
|
||||
#endif
|
||||
/* Always remove port information, it will be sent in
|
||||
* SADB_X_EXT_NAT_T_[S|D]PORT if needed */
|
||||
set_port(src, 0);
|
||||
set_port(dst, 0);
|
||||
|
||||
plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_getspi\n");
|
||||
if (pfkey_send_getspi_nat(
|
||||
|
@ -1009,6 +1006,7 @@ pk_recvgetspi(mhp)
|
|||
}
|
||||
msg = (struct sadb_msg *)mhp[0];
|
||||
sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
|
||||
pk_fixup_sa_addresses(mhp);
|
||||
dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]); /* note SA dir */
|
||||
src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
|
||||
|
||||
|
@ -1183,18 +1181,14 @@ pk_sendupdate(iph2)
|
|||
#ifdef ENABLE_NATT
|
||||
if (pr->udp_encap) {
|
||||
sa_args.l_natt_type = iph2->ph1->natt_options->encaps_type;
|
||||
sa_args.l_natt_sport = extract_port (iph2->ph1->remote);
|
||||
sa_args.l_natt_dport = extract_port (iph2->ph1->local);
|
||||
sa_args.l_natt_sport = extract_port(iph2->ph1->remote);
|
||||
sa_args.l_natt_dport = extract_port(iph2->ph1->local);
|
||||
sa_args.l_natt_oa = iph2->natoa_src;
|
||||
#ifdef SADB_X_EXT_NAT_T_FRAG
|
||||
sa_args.l_natt_frag = iph2->ph1->rmconf->esp_frag;
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
/* Always remove port information, it will be sent in
|
||||
* SADB_X_EXT_NAT_T_[S|D]PORT if needed */
|
||||
set_port(sa_args.src, 0);
|
||||
set_port(sa_args.dst, 0);
|
||||
|
||||
/* more info to fill in */
|
||||
sa_args.spi = pr->spi;
|
||||
|
@ -1358,14 +1352,6 @@ pk_recvupdate(mhp)
|
|||
/* turn off schedule */
|
||||
sched_cancel(&iph2->scr);
|
||||
|
||||
/* Force the update of ph2's ports, as there is at least one
|
||||
* situation where they'll mismatch with ph1's values
|
||||
*/
|
||||
#ifdef ENABLE_NATT
|
||||
set_port(iph2->src, extract_port(iph2->ph1->local));
|
||||
set_port(iph2->dst, extract_port(iph2->ph1->remote));
|
||||
#endif
|
||||
|
||||
/*
|
||||
* since we are going to reuse the phase2 handler, we need to
|
||||
* remain it and refresh all the references between ph1 and ph2 to use.
|
||||
|
@ -1418,7 +1404,7 @@ pk_sendadd(iph2)
|
|||
racoon_free(sa_args.src);
|
||||
racoon_free(sa_args.dst);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
for (pr = iph2->approval->head; pr != NULL; pr = pr->next) {
|
||||
/* validity check */
|
||||
|
@ -1490,11 +1476,6 @@ pk_sendadd(iph2)
|
|||
#endif
|
||||
}
|
||||
#endif
|
||||
/* Always remove port information, it will be sent in
|
||||
* SADB_X_EXT_NAT_T_[S|D]PORT if needed */
|
||||
set_port(sa_args.src, 0);
|
||||
set_port(sa_args.dst, 0);
|
||||
|
||||
/* more info to fill in */
|
||||
sa_args.spi = pr->spi_p;
|
||||
sa_args.reqid = pr->reqid_out;
|
||||
|
@ -1559,6 +1540,7 @@ pk_recvadd(mhp)
|
|||
return -1;
|
||||
}
|
||||
msg = (struct sadb_msg *)mhp[0];
|
||||
pk_fixup_sa_addresses(mhp);
|
||||
src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
|
||||
dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
|
||||
sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
|
||||
|
@ -1749,7 +1731,9 @@ pk_recvacquire(mhp)
|
|||
}
|
||||
msg = (struct sadb_msg *)mhp[0];
|
||||
xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
|
||||
pk_fixup_sa_addresses(mhp);
|
||||
/* acquire does not have nat-t ports; so do not bother setting
|
||||
* the default port 500; just use the port zero for wildcard
|
||||
* matching the get a valid natted destination */
|
||||
sp_src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
|
||||
sp_dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
|
||||
|
||||
|
@ -2884,8 +2868,8 @@ migrate_ph1_ike_addresses(iph1, arg)
|
|||
u_int16_t port;
|
||||
|
||||
/* Already up-to-date? */
|
||||
if (cmpsaddrwop(iph1->local, ma->local) == 0 &&
|
||||
cmpsaddrwop(iph1->remote, ma->remote) == 0)
|
||||
if (cmpsaddr(iph1->local, ma->local) == 0 &&
|
||||
cmpsaddr(iph1->remote, ma->remote) == 0)
|
||||
return 0;
|
||||
|
||||
if (iph1->status < PHASE1ST_ESTABLISHED) {
|
||||
|
@ -2985,8 +2969,8 @@ migrate_ph2_ike_addresses(iph2, arg)
|
|||
migrate_ph1_ike_addresses(iph2->ph1, arg);
|
||||
|
||||
/* Already up-to-date? */
|
||||
if (CMPSADDR(iph2->src, ma->local) == 0 &&
|
||||
CMPSADDR(iph2->dst, ma->remote) == 0)
|
||||
if (cmpsaddr(iph2->src, ma->local) == 0 &&
|
||||
cmpsaddr(iph2->dst, ma->remote) == 0)
|
||||
return 0;
|
||||
|
||||
/* save src/dst as sa_src/sa_dst before rewriting */
|
||||
|
@ -3206,8 +3190,8 @@ migrate_ph2_one_isr(spid, isr_cur, xisr_old, xisr_new)
|
|||
"changing address families (%d to %d) for endpoints.\n",
|
||||
osaddr->sa_family, nsaddr->sa_family);
|
||||
|
||||
if (CMPSADDR(osaddr, (struct sockaddr *)&saidx->src) ||
|
||||
CMPSADDR(odaddr, (struct sockaddr *)&saidx->dst)) {
|
||||
if (cmpsaddr(osaddr, (struct sockaddr *) &saidx->src) ||
|
||||
cmpsaddr(odaddr, (struct sockaddr *) &saidx->dst)) {
|
||||
plog(LLV_DEBUG, LOCATION, NULL, "SADB_X_MIGRATE: "
|
||||
"mismatch of addresses in saidx and xisr.\n");
|
||||
return -1;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: policy.c,v 1.10 2008/12/05 06:02:20 tteras Exp $ */
|
||||
/* $NetBSD: policy.c,v 1.11 2009/07/03 06:41:46 tteras Exp $ */
|
||||
|
||||
/* $KAME: policy.c,v 1.46 2001/11/16 04:08:10 sakane Exp $ */
|
||||
|
||||
|
@ -141,16 +141,18 @@ getsp_r(spidx, iph2)
|
|||
saddr2str(iph2->src));
|
||||
plog(LLV_DEBUG, LOCATION, NULL, "src2: %s\n",
|
||||
saddr2str((struct sockaddr *)&spidx->src));
|
||||
if (cmpsaddrwop(iph2->src, (struct sockaddr *)&spidx->src)
|
||||
|| spidx->prefs != prefixlen)
|
||||
|
||||
if (cmpsaddr(iph2->src, (struct sockaddr *) &spidx->src) ||
|
||||
spidx->prefs != prefixlen)
|
||||
return NULL;
|
||||
|
||||
plog(LLV_DEBUG, LOCATION, NULL, "dst1: %s\n",
|
||||
saddr2str(iph2->dst));
|
||||
plog(LLV_DEBUG, LOCATION, NULL, "dst2: %s\n",
|
||||
saddr2str((struct sockaddr *)&spidx->dst));
|
||||
if (cmpsaddrwop(iph2->dst, (struct sockaddr *)&spidx->dst)
|
||||
|| spidx->prefd != prefixlen)
|
||||
|
||||
if (cmpsaddr(iph2->dst, (struct sockaddr *) &spidx->dst) ||
|
||||
spidx->prefd != prefixlen)
|
||||
return NULL;
|
||||
|
||||
plog(LLV_DEBUG, LOCATION, NULL, "looks to be transport mode\n");
|
||||
|
@ -198,11 +200,11 @@ cmpspidxstrict(a, b)
|
|||
|| a->ul_proto != b->ul_proto)
|
||||
return 1;
|
||||
|
||||
if (cmpsaddrstrict((struct sockaddr *)&a->src,
|
||||
(struct sockaddr *)&b->src))
|
||||
if (cmpsaddr((struct sockaddr *) &a->src,
|
||||
(struct sockaddr *) &b->src))
|
||||
return 1;
|
||||
if (cmpsaddrstrict((struct sockaddr *)&a->dst,
|
||||
(struct sockaddr *)&b->dst))
|
||||
if (cmpsaddr((struct sockaddr *) &a->dst,
|
||||
(struct sockaddr *) &b->dst))
|
||||
return 1;
|
||||
|
||||
#ifdef HAVE_SECCTX
|
||||
|
@ -259,7 +261,7 @@ cmpspidxwild(a, b)
|
|||
a, b->prefs, saddr2str((struct sockaddr *)&sa1));
|
||||
plog(LLV_DEBUG, LOCATION, NULL, "%p masked with /%d: %s\n",
|
||||
b, b->prefs, saddr2str((struct sockaddr *)&sa2));
|
||||
if (cmpsaddrwild((struct sockaddr *)&sa1, (struct sockaddr *)&sa2))
|
||||
if (cmpsaddr((struct sockaddr *)&sa1, (struct sockaddr *)&sa2))
|
||||
return 1;
|
||||
|
||||
#ifndef __linux__
|
||||
|
@ -277,7 +279,7 @@ cmpspidxwild(a, b)
|
|||
a, b->prefd, saddr2str((struct sockaddr *)&sa1));
|
||||
plog(LLV_DEBUG, LOCATION, NULL, "%p masked with /%d: %s\n",
|
||||
b, b->prefd, saddr2str((struct sockaddr *)&sa2));
|
||||
if (cmpsaddrwild((struct sockaddr *)&sa1, (struct sockaddr *)&sa2))
|
||||
if (cmpsaddr((struct sockaddr *)&sa1, (struct sockaddr *)&sa2))
|
||||
return 1;
|
||||
|
||||
#ifdef HAVE_SECCTX
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: remoteconf.c,v 1.14 2009/03/12 23:05:27 he Exp $ */
|
||||
/* $NetBSD: remoteconf.c,v 1.15 2009/07/03 06:41:47 tteras Exp $ */
|
||||
|
||||
/* Id: remoteconf.c,v 1.38 2006/05/06 15:52:44 manubsd Exp */
|
||||
|
||||
|
@ -200,15 +200,9 @@ rmconf_match_type(rmsel, rmconf)
|
|||
/* Check address */
|
||||
if (rmsel->remote != NULL) {
|
||||
if (rmconf->remote->sa_family != AF_UNSPEC) {
|
||||
if (rmsel->flags & GETRMCONF_F_NO_PORTS) {
|
||||
if (cmpsaddrwop(rmsel->remote,
|
||||
rmconf->remote) != 0)
|
||||
return 0;
|
||||
} else {
|
||||
if (cmpsaddrstrict(rmsel->remote,
|
||||
rmconf->remote) != 0)
|
||||
return 0;
|
||||
}
|
||||
if (cmpsaddr(rmsel->remote, rmconf->remote) != 0)
|
||||
return 0;
|
||||
|
||||
/* Address matched */
|
||||
ret = 2;
|
||||
}
|
||||
|
@ -262,7 +256,7 @@ void rmconf_selector_from_ph1(rmsel, iph1)
|
|||
struct ph1handle *iph1;
|
||||
{
|
||||
memset(rmsel, 0, sizeof(*rmsel));
|
||||
rmsel->flags = GETRMCONF_F_NO_PORTS;
|
||||
rmsel->flags = 0;
|
||||
rmsel->remote = iph1->remote;
|
||||
rmsel->etype = iph1->etype;
|
||||
rmsel->approval = iph1->approval;
|
||||
|
@ -357,22 +351,8 @@ getrmconf(remote, flags)
|
|||
int n = 0;
|
||||
|
||||
memset(&ctx, 0, sizeof(ctx));
|
||||
ctx.sel.flags = flags | GETRMCONF_F_NO_PORTS;
|
||||
ctx.sel.flags = flags;
|
||||
ctx.sel.remote = remote;
|
||||
#ifndef ENABLE_NATT
|
||||
/*
|
||||
* We never have ports set in our remote configurations, but when
|
||||
* NAT-T is enabled, the kernel can have policies with ports and
|
||||
* send us an acquire message for a destination that has a port set.
|
||||
* If we do this port check here, we don't find the remote config.
|
||||
*
|
||||
* In an ideal world, we would be able to have remote conf with
|
||||
* port, and the port could be a wildcard. That test could be used.
|
||||
*/
|
||||
if (remote->sa_family != AF_UNSPEC &&
|
||||
extract_port(remote) != IPSEC_PORT_ANY)
|
||||
ctx.sel.flags &= ~GETRMCONF_F_NO_PORTS;
|
||||
#endif /* ENABLE_NATT */
|
||||
|
||||
if (enumrmconf(&ctx.sel, rmconf_find, &ctx) != 0) {
|
||||
plog(LLV_ERROR, LOCATION, remote,
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: remoteconf.h,v 1.10 2009/03/13 04:49:16 tteras Exp $ */
|
||||
/* $NetBSD: remoteconf.h,v 1.11 2009/07/03 06:41:47 tteras Exp $ */
|
||||
|
||||
/* Id: remoteconf.h,v 1.26 2006/05/06 15:52:44 manubsd Exp */
|
||||
|
||||
|
@ -189,8 +189,7 @@ extern int enumrmconf __P((struct rmconfselector *rmsel,
|
|||
void *enum_arg));
|
||||
|
||||
#define GETRMCONF_F_NO_ANONYMOUS 0x0001
|
||||
#define GETRMCONF_F_NO_PORTS 0x0002
|
||||
#define GETRMCONF_F_NO_PASSIVE 0x0004
|
||||
#define GETRMCONF_F_NO_PASSIVE 0x0002
|
||||
|
||||
#define RMCONF_ERR_MULTIPLE ((struct remoteconf *) -1)
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: sockmisc.c,v 1.15 2009/05/18 17:40:38 tteras Exp $ */
|
||||
/* $NetBSD: sockmisc.c,v 1.16 2009/07/03 06:41:47 tteras Exp $ */
|
||||
|
||||
/* Id: sockmisc.c,v 1.24 2006/05/07 21:32:59 manubsd Exp */
|
||||
|
||||
|
@ -79,60 +79,6 @@
|
|||
|
||||
const int niflags = 0;
|
||||
|
||||
/*
|
||||
* compare two sockaddr without port number.
|
||||
* OUT: 0: equal.
|
||||
* 1: not equal.
|
||||
*/
|
||||
int
|
||||
cmpsaddrwop(addr1, addr2)
|
||||
const struct sockaddr *addr1;
|
||||
const struct sockaddr *addr2;
|
||||
{
|
||||
caddr_t sa1, sa2;
|
||||
|
||||
if (addr1 == 0 && addr2 == 0)
|
||||
return 0;
|
||||
if (addr1 == 0 || addr2 == 0)
|
||||
return 1;
|
||||
|
||||
#ifdef __linux__
|
||||
if (addr1->sa_family != addr2->sa_family)
|
||||
return 1;
|
||||
#else
|
||||
if (addr1->sa_len != addr2->sa_len
|
||||
|| addr1->sa_family != addr2->sa_family)
|
||||
return 1;
|
||||
|
||||
#endif /* __linux__ */
|
||||
|
||||
switch (addr1->sa_family) {
|
||||
case AF_UNSPEC:
|
||||
break;
|
||||
case AF_INET:
|
||||
sa1 = (caddr_t)&((struct sockaddr_in *)addr1)->sin_addr;
|
||||
sa2 = (caddr_t)&((struct sockaddr_in *)addr2)->sin_addr;
|
||||
if (memcmp(sa1, sa2, sizeof(struct in_addr)) != 0)
|
||||
return 1;
|
||||
break;
|
||||
#ifdef INET6
|
||||
case AF_INET6:
|
||||
sa1 = (caddr_t)&((struct sockaddr_in6 *)addr1)->sin6_addr;
|
||||
sa2 = (caddr_t)&((struct sockaddr_in6 *)addr2)->sin6_addr;
|
||||
if (memcmp(sa1, sa2, sizeof(struct in6_addr)) != 0)
|
||||
return 1;
|
||||
if (((struct sockaddr_in6 *)addr1)->sin6_scope_id !=
|
||||
((struct sockaddr_in6 *)addr2)->sin6_scope_id)
|
||||
return 1;
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* compare two sockaddr with port, taking care wildcard.
|
||||
* addr1 is a subject address, addr2 is in a database entry.
|
||||
|
@ -140,27 +86,22 @@ cmpsaddrwop(addr1, addr2)
|
|||
* 1: not equal.
|
||||
*/
|
||||
int
|
||||
cmpsaddrwild(addr1, addr2)
|
||||
cmpsaddr(addr1, addr2)
|
||||
const struct sockaddr *addr1;
|
||||
const struct sockaddr *addr2;
|
||||
{
|
||||
caddr_t sa1, sa2;
|
||||
u_short port1, port2;
|
||||
|
||||
if (addr1 == 0 && addr2 == 0)
|
||||
return 0;
|
||||
if (addr1 == 0 || addr2 == 0)
|
||||
return 1;
|
||||
if (addr1 == NULL && addr2 == NULL)
|
||||
return CMPSADDR_MATCH;
|
||||
|
||||
#ifdef __linux__
|
||||
if (addr1->sa_family != addr2->sa_family)
|
||||
return 1;
|
||||
#else
|
||||
if (addr1->sa_len != addr2->sa_len
|
||||
|| addr1->sa_family != addr2->sa_family)
|
||||
return 1;
|
||||
if (addr1 == NULL || addr2 == NULL)
|
||||
return CMPSADDR_MISMATCH;
|
||||
|
||||
#endif /* __linux__ */
|
||||
if (addr1->sa_family != addr2->sa_family ||
|
||||
sysdep_sa_len(addr1) != sysdep_sa_len(addr2))
|
||||
return CMPSADDR_MISMATCH;
|
||||
|
||||
switch (addr1->sa_family) {
|
||||
case AF_UNSPEC:
|
||||
|
@ -170,12 +111,8 @@ cmpsaddrwild(addr1, addr2)
|
|||
sa2 = (caddr_t)&((struct sockaddr_in *)addr2)->sin_addr;
|
||||
port1 = ((struct sockaddr_in *)addr1)->sin_port;
|
||||
port2 = ((struct sockaddr_in *)addr2)->sin_port;
|
||||
if (!(port1 == IPSEC_PORT_ANY ||
|
||||
port2 == IPSEC_PORT_ANY ||
|
||||
port1 == port2))
|
||||
return 1;
|
||||
if (memcmp(sa1, sa2, sizeof(struct in_addr)) != 0)
|
||||
return 1;
|
||||
return CMPSADDR_MISMATCH;
|
||||
break;
|
||||
#ifdef INET6
|
||||
case AF_INET6:
|
||||
|
@ -183,155 +120,23 @@ cmpsaddrwild(addr1, addr2)
|
|||
sa2 = (caddr_t)&((struct sockaddr_in6 *)addr2)->sin6_addr;
|
||||
port1 = ((struct sockaddr_in6 *)addr1)->sin6_port;
|
||||
port2 = ((struct sockaddr_in6 *)addr2)->sin6_port;
|
||||
if (!(port1 == IPSEC_PORT_ANY ||
|
||||
port2 == IPSEC_PORT_ANY ||
|
||||
port1 == port2))
|
||||
return 1;
|
||||
if (memcmp(sa1, sa2, sizeof(struct in6_addr)) != 0)
|
||||
return 1;
|
||||
return CMPSADDR_MISMATCH;
|
||||
if (((struct sockaddr_in6 *)addr1)->sin6_scope_id !=
|
||||
((struct sockaddr_in6 *)addr2)->sin6_scope_id)
|
||||
return 1;
|
||||
return CMPSADDR_MISMATCH;
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
return 1;
|
||||
return CMPSADDR_MISMATCH;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
if (port1 == port2 ||
|
||||
port1 == IPSEC_PORT_ANY ||
|
||||
port2 == IPSEC_PORT_ANY)
|
||||
return CMPSADDR_MATCH;
|
||||
|
||||
/*
|
||||
* compare two sockaddr with port, taking care specific situation:
|
||||
* one addr has 0 as port, and the other has 500 (network order), return equal
|
||||
* OUT: 0: equal.
|
||||
* 1: not equal.
|
||||
*/
|
||||
int
|
||||
cmpsaddrmagic(addr1, addr2)
|
||||
const struct sockaddr *addr1;
|
||||
const struct sockaddr *addr2;
|
||||
{
|
||||
caddr_t sa1, sa2;
|
||||
u_short port1, port2;
|
||||
|
||||
if (addr1 == 0 && addr2 == 0)
|
||||
return 0;
|
||||
if (addr1 == 0 || addr2 == 0)
|
||||
return 1;
|
||||
|
||||
#ifdef __linux__
|
||||
if (addr1->sa_family != addr2->sa_family)
|
||||
return 1;
|
||||
#else
|
||||
if (addr1->sa_len != addr2->sa_len
|
||||
|| addr1->sa_family != addr2->sa_family)
|
||||
return 1;
|
||||
|
||||
#endif /* __linux__ */
|
||||
|
||||
switch (addr1->sa_family) {
|
||||
case AF_UNSPEC:
|
||||
break;
|
||||
case AF_INET:
|
||||
sa1 = (caddr_t)&((struct sockaddr_in *)addr1)->sin_addr;
|
||||
sa2 = (caddr_t)&((struct sockaddr_in *)addr2)->sin_addr;
|
||||
port1 = ((struct sockaddr_in *)addr1)->sin_port;
|
||||
port2 = ((struct sockaddr_in *)addr2)->sin_port;
|
||||
plog(LLV_DEBUG, LOCATION, NULL, "cmpsaddr_magic: port1 == %d, port2 == %d\n", port1, port2);
|
||||
if (!((port1 == IPSEC_PORT_ANY && port2 == ntohs(PORT_ISAKMP)) ||
|
||||
(port2 == IPSEC_PORT_ANY && port1 == ntohs(PORT_ISAKMP)) ||
|
||||
(port1 == port2))){
|
||||
plog(LLV_DEBUG, LOCATION, NULL, "cmpsaddr_magic: ports mismatch\n");
|
||||
return 1;
|
||||
}
|
||||
plog(LLV_DEBUG, LOCATION, NULL, "cmpsaddr_magic: ports matched\n");
|
||||
if (memcmp(sa1, sa2, sizeof(struct in_addr)) != 0)
|
||||
return 1;
|
||||
break;
|
||||
#ifdef INET6
|
||||
case AF_INET6:
|
||||
sa1 = (caddr_t)&((struct sockaddr_in6 *)addr1)->sin6_addr;
|
||||
sa2 = (caddr_t)&((struct sockaddr_in6 *)addr2)->sin6_addr;
|
||||
port1 = ((struct sockaddr_in6 *)addr1)->sin6_port;
|
||||
port2 = ((struct sockaddr_in6 *)addr2)->sin6_port;
|
||||
if (!((port1 == IPSEC_PORT_ANY && port2 == PORT_ISAKMP) ||
|
||||
(port2 == IPSEC_PORT_ANY && port1 == PORT_ISAKMP) ||
|
||||
(port1 == port2)))
|
||||
return 1;
|
||||
if (memcmp(sa1, sa2, sizeof(struct in6_addr)) != 0)
|
||||
return 1;
|
||||
if (((struct sockaddr_in6 *)addr1)->sin6_scope_id !=
|
||||
((struct sockaddr_in6 *)addr2)->sin6_scope_id)
|
||||
return 1;
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* compare two sockaddr with strict match on port.
|
||||
* OUT: 0: equal.
|
||||
* 1: not equal.
|
||||
*/
|
||||
int
|
||||
cmpsaddrstrict(addr1, addr2)
|
||||
const struct sockaddr *addr1;
|
||||
const struct sockaddr *addr2;
|
||||
{
|
||||
caddr_t sa1, sa2;
|
||||
u_short port1, port2;
|
||||
|
||||
if (addr1 == 0 && addr2 == 0)
|
||||
return 0;
|
||||
if (addr1 == 0 || addr2 == 0)
|
||||
return 1;
|
||||
|
||||
#ifdef __linux__
|
||||
if (addr1->sa_family != addr2->sa_family)
|
||||
return 1;
|
||||
#else
|
||||
if (addr1->sa_len != addr2->sa_len
|
||||
|| addr1->sa_family != addr2->sa_family)
|
||||
return 1;
|
||||
|
||||
#endif /* __linux__ */
|
||||
|
||||
switch (addr1->sa_family) {
|
||||
case AF_INET:
|
||||
sa1 = (caddr_t)&((struct sockaddr_in *)addr1)->sin_addr;
|
||||
sa2 = (caddr_t)&((struct sockaddr_in *)addr2)->sin_addr;
|
||||
port1 = ((struct sockaddr_in *)addr1)->sin_port;
|
||||
port2 = ((struct sockaddr_in *)addr2)->sin_port;
|
||||
if (port1 != port2)
|
||||
return 1;
|
||||
if (memcmp(sa1, sa2, sizeof(struct in_addr)) != 0)
|
||||
return 1;
|
||||
break;
|
||||
#ifdef INET6
|
||||
case AF_INET6:
|
||||
sa1 = (caddr_t)&((struct sockaddr_in6 *)addr1)->sin6_addr;
|
||||
sa2 = (caddr_t)&((struct sockaddr_in6 *)addr2)->sin6_addr;
|
||||
port1 = ((struct sockaddr_in6 *)addr1)->sin6_port;
|
||||
port2 = ((struct sockaddr_in6 *)addr2)->sin6_port;
|
||||
if (port1 != port2)
|
||||
return 1;
|
||||
if (memcmp(sa1, sa2, sizeof(struct in6_addr)) != 0)
|
||||
return 1;
|
||||
if (((struct sockaddr_in6 *)addr1)->sin6_scope_id !=
|
||||
((struct sockaddr_in6 *)addr2)->sin6_scope_id)
|
||||
return 1;
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
return CMPSADDR_WOP_MATCH;
|
||||
}
|
||||
|
||||
/* get local address against the destination. */
|
||||
|
@ -1128,7 +933,7 @@ naddr_score(const struct netaddr *naddr, const struct sockaddr *saddr)
|
|||
free(a2);
|
||||
free(a3);
|
||||
}
|
||||
if (cmpsaddrwop(&sa, &naddr->sa.sa) == 0)
|
||||
if (cmpsaddr(&sa, &naddr->sa.sa) == 0)
|
||||
return naddr->prefix + port_score;
|
||||
|
||||
return -1;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: sockmisc.h,v 1.10 2009/05/18 17:40:38 tteras Exp $ */
|
||||
/* $NetBSD: sockmisc.h,v 1.11 2009/07/03 06:41:47 tteras Exp $ */
|
||||
|
||||
/* Id: sockmisc.h,v 1.9 2005/10/05 16:55:41 manubsd Exp */
|
||||
|
||||
|
@ -56,16 +56,11 @@ struct netaddr {
|
|||
|
||||
extern const int niflags;
|
||||
|
||||
extern int cmpsaddrwop __P((const struct sockaddr *, const struct sockaddr *));
|
||||
extern int cmpsaddrwild __P((const struct sockaddr *, const struct sockaddr *));
|
||||
extern int cmpsaddrstrict __P((const struct sockaddr *, const struct sockaddr *));
|
||||
extern int cmpsaddrmagic __P((const struct sockaddr *, const struct sockaddr *));
|
||||
#define CMPSADDR_MATCH 0
|
||||
#define CMPSADDR_WOP_MATCH 1
|
||||
#define CMPSADDR_MISMATCH 2
|
||||
|
||||
#ifdef ENABLE_NATT
|
||||
#define CMPSADDR(saddr1, saddr2) cmpsaddrstrict((saddr1), (saddr2))
|
||||
#else
|
||||
#define CMPSADDR(saddr1, saddr2) cmpsaddrwop((saddr1), (saddr2))
|
||||
#endif
|
||||
extern int cmpsaddr __P((const struct sockaddr *, const struct sockaddr *));
|
||||
|
||||
extern struct sockaddr *getlocaladdr __P((struct sockaddr *));
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: throttle.c,v 1.5 2009/01/23 08:25:07 tteras Exp $ */
|
||||
/* $NetBSD: throttle.c,v 1.6 2009/07/03 06:41:47 tteras Exp $ */
|
||||
|
||||
/* Id: throttle.c,v 1.5 2006/04/05 20:54:50 manubsd Exp */
|
||||
|
||||
|
@ -104,7 +104,7 @@ restart:
|
|||
goto restart;
|
||||
}
|
||||
|
||||
if (cmpsaddrwop(addr, (struct sockaddr *)&te->host) == 0) {
|
||||
if (cmpsaddr(addr, (struct sockaddr *) &te->host) == 0) {
|
||||
found = 1;
|
||||
break;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue