on phase 2 acquire, lookup phase 2 by (src, dst, policy id) so that
multiple SA can be used in transport mode While I'm there, patch ipsec-tools ChangeLog to reflect the changes we took from ipsec-tools-0_6-branch
This commit is contained in:
parent
93548a84e7
commit
8bf053b3f3
|
@ -1,3 +1,77 @@
|
|||
2005-05-03 Emmanuel Dreyfus <manu@netbsd.org>
|
||||
|
||||
From Patrick McHardy <kaber@trash.net>
|
||||
* src/racoon/{pfkey.c|handler.h|hendler.c}: on phase 2 acquire,
|
||||
lookup phase 2 by (src, dst, policy id) so that multiple SA can
|
||||
be used in transport mode
|
||||
|
||||
2005-04-26 Emmanuel Dreyfus <manu@netbsd.org>
|
||||
|
||||
From Larry Baird <lab@gta.com>
|
||||
* src/racoon/nattraversal.c: Fix NAT-T initiator problem
|
||||
|
||||
2005-04-25 Emmanuel Dreyfus <manu@netbsd.org>
|
||||
|
||||
* src/libipsec/{ipsec_dump_policy.c|pfkey_dump.c|libpfkey.h}:
|
||||
src/setkey/{setkey.8|setkey.c}: add a -p option to setkey to
|
||||
enable the display of ESP over UDP ports in policies.
|
||||
|
||||
* src/racoon/{isakmp.c|isakmp_cfg.c|isakmp_inf.c|pfkey.c}: don't
|
||||
forget port numbers so that mutiple clients behind the same NAT
|
||||
can work.
|
||||
|
||||
* src/racoon/ipsec_doi.c: fix LP64 bug
|
||||
|
||||
From Larry Baird <lab@gta.com>
|
||||
* src/racoon/{isakmp.c|nattraversal.c|isakmp_quick.c|nattraversal.h}:
|
||||
NAT-T fixes for interoperability with greenbow VPN client.
|
||||
|
||||
2005-04-19 Yvan Vanhullebus <vanhu@free.fr>
|
||||
|
||||
* src/racoon/handler.h: added a flag to identify generated policies
|
||||
* src/racoon/isakmp.c: changed logging in isakmp_ph1expire()
|
||||
* src/racoon/isakmp_inf.c: use iph2->generated_spidx to check if
|
||||
policy have been generated in purge_remote_spi()
|
||||
* src/racoon/isakmp_quick.c: sets iph2->generated_spidx for
|
||||
generated policies
|
||||
* src/racoon/pfkey.c: reactivated the unbindph12() in pk_recvupdate()
|
||||
|
||||
2005-04-18 Aidas Kasparas <a.kasparas@gmc.lt>
|
||||
|
||||
* src/racoon/crypto_openssl.c: fixed single DES support;
|
||||
|
||||
2005-04-18 Emmanuel Dreyfus <manu@netbsd.org>
|
||||
|
||||
From Thomas Klausner <wiz@NetBSD.org>
|
||||
* src/libipsec/{ipsec_set_policy.3|ipsec_strerror.3}
|
||||
src/racoon/{admin.c|plainrsa-gen.8|racoon.8|racoon.conf.5|racoonctl.8}
|
||||
src/racoon/samples/{racoon.conf.in|racoon.conf.sample}
|
||||
src/racoon/samples/racoon.conf.sample-gssapi
|
||||
src/racoon/samples/racoon.conf.sample-inherit
|
||||
src/racoon/samples/racoon.conf.sample-natt
|
||||
src/racoon/samples/racoon.conf.sample-plainrsa
|
||||
src/racoon/samples/roadwarrior/README
|
||||
src/racoon/samples/roadwarrior/server/phase1-down.sh
|
||||
src/setkey/setkey.8: docmumentation fixes
|
||||
|
||||
From KAME
|
||||
* src/racoon/ipsec_doi.c: wrong check on SA lifebyte
|
||||
|
||||
2005-04-10 Emmanuel Dreyfus <manu@netbsd.org>
|
||||
|
||||
* src/racoon/isakmp_agg.c: fix a memory leak when using hybrid auth
|
||||
* src/libipsec/{pfkey.c|pfkey_dump.c}
|
||||
src/setkey/{token.l|parse.y|setkey.8}: missing bits for TCP_MD5
|
||||
support, from KAME
|
||||
|
||||
2005-04-04 Emmanuel Dreyfus <manu@netbsd.org>
|
||||
|
||||
* src/racoon/isakmp_cfg.c: fix a buffer overrun in mode config SET
|
||||
|
||||
---------------------------------------------
|
||||
|
||||
0.6b1 released
|
||||
|
||||
2005-03-16 Emmanuel Dreyfus <manu@netbsd.org>
|
||||
|
||||
* src/racoon/{cftoken.l|localconf.h|privsep.c|racoon.conf.5}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: handler.c,v 1.1.1.2 2005/02/23 14:54:15 manu Exp $ */
|
||||
/* $NetBSD: handler.c,v 1.2 2005/05/03 21:08:47 manu Exp $ */
|
||||
|
||||
/* Id: handler.c,v 1.13 2004/11/21 19:36:26 manubsd Exp */
|
||||
|
||||
|
@ -433,6 +433,23 @@ getph2bymsgid(iph1, msgid)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
struct ph2handle *
|
||||
getph2byid(src, dst, spid)
|
||||
struct sockaddr *src, *dst;
|
||||
u_int32_t spid;
|
||||
{
|
||||
struct ph2handle *p;
|
||||
|
||||
LIST_FOREACH(p, &ph2tree, chain) {
|
||||
if (spid == p->spid &&
|
||||
cmpsaddrwop(src, p->src) == 0 &&
|
||||
cmpsaddrwop(dst, p->dst) == 0)
|
||||
return p;
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* call by pk_recvexpire().
|
||||
*/
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: handler.h,v 1.2 2005/04/19 19:42:09 manu Exp $ */
|
||||
/* $NetBSD: handler.h,v 1.3 2005/05/03 21:08:47 manu Exp $ */
|
||||
|
||||
/* Id: handler.h,v 1.11 2004/11/16 15:44:46 ludvigm Exp */
|
||||
|
||||
|
@ -436,6 +436,8 @@ extern struct ph2handle *getph2byspidx __P((struct policyindex *));
|
|||
extern struct ph2handle *getph2byspid __P((u_int32_t));
|
||||
extern struct ph2handle *getph2byseq __P((u_int32_t));
|
||||
extern struct ph2handle *getph2bymsgid __P((struct ph1handle *, u_int32_t));
|
||||
extern struct ph2handle *getph2byid __P((struct sockaddr *,
|
||||
struct sockaddr *, u_int32_t));
|
||||
extern struct ph2handle *getph2bysaidx __P((struct sockaddr *,
|
||||
struct sockaddr *, u_int, u_int32_t));
|
||||
extern struct ph2handle *newph2 __P((void));
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: pfkey.c,v 1.3 2005/04/27 05:19:50 manu Exp $ */
|
||||
/* $NetBSD: pfkey.c,v 1.4 2005/05/03 21:08:47 manu Exp $ */
|
||||
|
||||
/* Id: pfkey.c,v 1.31.2.1 2005/02/18 10:01:40 vanhu Exp */
|
||||
|
||||
|
@ -1613,6 +1613,7 @@ pk_recvacquire(mhp)
|
|||
struct secpolicy *sp_out = NULL, *sp_in = NULL;
|
||||
#define MAXNESTEDSA 5 /* XXX */
|
||||
struct ph2handle *iph2[MAXNESTEDSA];
|
||||
struct sockaddr *src, *dst;
|
||||
int n; /* # of phase 2 handler */
|
||||
|
||||
/* ignore this message because of local test mode. */
|
||||
|
@ -1630,6 +1631,8 @@ pk_recvacquire(mhp)
|
|||
}
|
||||
msg = (struct sadb_msg *)mhp[0];
|
||||
xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
|
||||
src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
|
||||
dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
|
||||
|
||||
/* ignore if type is not IPSEC_POLICY_IPSEC */
|
||||
if (xpl->sadb_x_policy_type != IPSEC_POLICY_IPSEC) {
|
||||
|
@ -1694,7 +1697,7 @@ pk_recvacquire(mhp)
|
|||
* has to prcesss such a acquire message because racoon may
|
||||
* lost the expire message.
|
||||
*/
|
||||
iph2[0] = getph2byspid(xpl->sadb_x_policy_id);
|
||||
iph2[0] = getph2byid(src, dst, xpl->sadb_x_policy_id);
|
||||
if (iph2[0] != NULL) {
|
||||
if (iph2[0]->status < PHASE2ST_ESTABLISHED) {
|
||||
plog(LLV_DEBUG, LOCATION, NULL,
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#define TOP_PACKAGE "ipsec-tools"
|
||||
#define TOP_PACKAGE_NAME "ipsec-tools"
|
||||
#define TOP_PACKAGE_VERSION "0.6-nb20050426"
|
||||
#define TOP_PACKAGE_STRING "ipsec-tools 0.6-nb20050426"
|
||||
#define TOP_PACKAGE_VERSION "0.6-nb200500503"
|
||||
#define TOP_PACKAGE_STRING "ipsec-tools 0.6-nb20050503"
|
||||
#define TOP_PACKAGE_URL "http://ipsec-tools.sourceforge.net"
|
||||
|
|
Loading…
Reference in New Issue