kame racoon 2003/7/12. lots of lots of stability fixes.

crypto/dist/kame/racoon/admin.c

@@ -1,4 +1,4 @@
-/*	$KAME: admin.c,v 1.23 2001/06/01 10:12:55 sakane Exp $	*/
+/*	$KAME: admin.c,v 1.24 2003/05/29 08:59:51 sakane Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -345,7 +345,7 @@ admin_process(so2, combuf)
 				"%s\n", saddrwop2str(remote));
 
 			/* begin ident mode */
-			if (isakmp_ph1begin_i(rmconf, remote) < 0) {
+			if (isakmp_ph1begin_i(rmconf, remote, local) < 0) {
 				com->ac_errno = -1;
 				break;
 			}

crypto/dist/kame/racoon/configure.in

@@ -322,6 +322,7 @@ main()
     memset(&hints, 0, sizeof(hints));
     hints.ai_family = AF_UNSPEC;
     hints.ai_flags = passive ? AI_PASSIVE : 0;
+    hints.ai_protocol = IPPROTO_TCP;
     hints.ai_socktype = SOCK_STREAM;
     if ((gaierr = getaddrinfo(NULL, "54321", &hints, &aitop)) != 0) {
       (void)gai_strerror(gaierr);
@@ -656,11 +657,20 @@ AC_CHECK_HEADER(openssl/rijndael.h, [], [
 ])
 
 dnl checking sha2
-AC_SUBST(CRYPTOBJS)
-AC_CHECK_HEADER(openssl/sha2.h, [], [
+AC_MSG_CHECKING(sha2 support)
+AC_EGREP_CPP(yes, [#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER >= 0x0090602fL
+yes
+#endif],
+[AC_MSG_RESULT(no)
+        echo "WARNING: sha2 does not work."],
+[AC_MSG_RESULT(yes)
+ AC_SUBST(CRYPTOBJS)
+ AC_DEFINE(WITH_SHA2)
+ AC_CHECK_HEADER(openssl/sha2.h, [], [
 	CPPFLAGS="$CPPFLAGS -I./missing"
-	CRYPTOBJS="$CRYPTOBJS sha2.o"
-])
+	CRYPTOBJS="$CRYPTOBJS sha2.o"])]
+)
 
 dnl Checks for typedefs, structures, and compiler characteristics.
 AC_C_CONST

crypto/dist/kame/racoon/crypto_openssl.h

@@ -1,4 +1,4 @@
-/*	$KAME: crypto_openssl.h,v 1.25 2002/04/25 09:48:32 sakane Exp $	*/
+/*	$KAME: crypto_openssl.h,v 1.28 2003/06/29 04:46:14 sakane Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -31,15 +31,18 @@
 
 #ifdef HAVE_SIGNING_C
 /* X509 Certificate */
-#define GENT_OTHERNAME	0
-#define GENT_EMAIL	1
-#define GENT_DNS	2
-#define GENT_X400	3
-#define GENT_DIRNAME	4
-#define GENT_EDIPARTY	5
-#define GENT_URI	6
-#define GENT_IPADD	7
-#define GENT_RID	8
+
+#include <openssl/x509v3.h>
+
+#define GENT_OTHERNAME	GEN_OTHERNAME
+#define GENT_EMAIL	GEN_EMAIL
+#define GENT_DNS	GEN_DNS
+#define GENT_X400	GEN_X400
+#define GENT_DIRNAME	GEN_DIRNAME
+#define GENT_EDIPARTY	GEN_EDIPARTY
+#define GENT_URI	GEN_URI
+#define GENT_IPADD	GEN_IPADD
+#define GENT_RID	GEN_RID
 
 extern vchar_t *eay_str2asn1dn __P((char *, int));
 extern int eay_cmp_asn1dn __P((vchar_t *, vchar_t *));
@@ -114,6 +117,7 @@ extern int eay_kpdk_hashlen __P((void));
 extern int eay_twofish_keylen __P((int));
 
 /* hash */
+#if defined(WITH_SHA2)
 /* HMAC SHA2 */
 extern vchar_t *eay_hmacsha2_512_one __P((vchar_t *, vchar_t *));
 extern caddr_t eay_hmacsha2_512_init __P((vchar_t *));
@@ -127,6 +131,7 @@ extern vchar_t *eay_hmacsha2_256_one __P((vchar_t *, vchar_t *));
 extern caddr_t eay_hmacsha2_256_init __P((vchar_t *));
 extern void eay_hmacsha2_256_update __P((caddr_t, vchar_t *));
 extern vchar_t *eay_hmacsha2_256_final __P((caddr_t));
+#endif
 /* HMAC SHA1 */
 extern vchar_t *eay_hmacsha1_one __P((vchar_t *, vchar_t *));
 extern caddr_t eay_hmacsha1_init __P((vchar_t *));
@@ -138,23 +143,29 @@ extern caddr_t eay_hmacmd5_init __P((vchar_t *));
 extern void eay_hmacmd5_update __P((caddr_t, vchar_t *));
 extern vchar_t *eay_hmacmd5_final __P((caddr_t));
 
+#if defined(WITH_SHA2)
 /* SHA2 functions */
 extern caddr_t eay_sha2_512_init __P((void));
 extern void eay_sha2_512_update __P((caddr_t, vchar_t *));
 extern vchar_t *eay_sha2_512_final __P((caddr_t));
 extern vchar_t *eay_sha2_512_one __P((vchar_t *));
+#endif
 extern int eay_sha2_512_hashlen __P((void));
 
+#if defined(WITH_SHA2)
 extern caddr_t eay_sha2_384_init __P((void));
 extern void eay_sha2_384_update __P((caddr_t, vchar_t *));
 extern vchar_t *eay_sha2_384_final __P((caddr_t));
 extern vchar_t *eay_sha2_384_one __P((vchar_t *));
+#endif
 extern int eay_sha2_384_hashlen __P((void));
 
+#if defined(WITH_SHA2)
 extern caddr_t eay_sha2_256_init __P((void));
 extern void eay_sha2_256_update __P((caddr_t, vchar_t *));
 extern vchar_t *eay_sha2_256_final __P((caddr_t));
 extern vchar_t *eay_sha2_256_one __P((vchar_t *));
+#endif
 extern int eay_sha2_256_hashlen __P((void));
 
 /* SHA functions */

crypto/dist/kame/racoon/doc/question

@@ -1,4 +1,6 @@
-$KAME: question,v 1.27 2000/10/04 17:41:07 itojun Exp $
+$KAME: question,v 1.28 2003/05/23 05:13:03 sakane Exp $
+
+This was sent to Kivinen and Paul at 20-Sep-2000.
 
 Q: how may policy matters are.  can we interoperate ?
 

crypto/dist/kame/racoon/ipsec_doi.h

@@ -1,4 +1,4 @@
-/*	$KAME: ipsec_doi.h,v 1.34 2001/08/16 06:20:35 itojun Exp $	*/
+/*	$KAME: ipsec_doi.h,v 1.35 2003/06/27 07:32:38 sakane Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -198,7 +198,7 @@ extern const char *ipsecdoi_id2str __P((const vchar_t *));
 
 extern vchar_t *ipsecdoi_setph1proposal __P((struct isakmpsa *));
 extern int ipsecdoi_setph2proposal __P((struct ph2handle *));
-extern int ipsecdoi_transportmode __P((struct ph2handle *));
+extern int ipsecdoi_transportmode __P((struct saprop *));
 extern int ipsecdoi_get_defaultlifetime __P((void));
 extern int ipsecdoi_checkalgtypes __P((int, int, int, int));
 extern int ipproto2doi __P((int));

crypto/dist/kame/racoon/isakmp_var.h

@@ -1,4 +1,4 @@
-/*	$KAME: isakmp_var.h,v 1.20 2001/12/12 15:29:14 sakane Exp $	*/
+/*	$KAME: isakmp_var.h,v 1.21 2003/05/29 08:59:51 sakane Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -54,7 +54,8 @@ struct isakmp_pl_ke;	/* XXX */
 struct isakmp_pl_nonce;	/* XXX */
 
 extern int isakmp_handler __P((int));
-extern int isakmp_ph1begin_i __P((struct remoteconf *, struct sockaddr *));
+extern int isakmp_ph1begin_i __P((struct remoteconf *, struct sockaddr *,
+	struct sockaddr *));
 
 extern vchar_t *isakmp_parsewoh __P((int, struct isakmp_gen *, int));
 extern vchar_t *isakmp_parse __P((vchar_t *));

crypto/dist/kame/racoon/oakley.h

@@ -1,4 +1,4 @@
-/*	$KAME: oakley.h,v 1.28 2001/12/12 18:23:42 sakane Exp $	*/
+/*	$KAME: oakley.h,v 1.29 2003/06/27 12:02:41 sakane Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -46,9 +46,11 @@
 #define   OAKLEY_ATTR_HASH_ALG_MD5		1
 #define   OAKLEY_ATTR_HASH_ALG_SHA		2
 #define   OAKLEY_ATTR_HASH_ALG_TIGER		3
+#if defined(WITH_SHA2)
 #define   OAKLEY_ATTR_HASH_ALG_SHA2_256		4
 #define   OAKLEY_ATTR_HASH_ALG_SHA2_384		5
 #define   OAKLEY_ATTR_HASH_ALG_SHA2_512		6
+#endif
 					/*	65001 - 65535 Private Use */
 #define OAKLEY_ATTR_AUTH_METHOD		3 /* B */
 #define   OAKLEY_ATTR_AUTH_METHOD_PSKEY		1

crypto/dist/kame/racoon/pfkey.c

@@ -1,4 +1,4 @@
-/*	$KAME: pfkey.c,v 1.134 2002/06/04 05:20:27 itojun Exp $	*/
+/*	$KAME: pfkey.c,v 1.138 2003/06/30 11:01:18 sakane Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -765,13 +765,30 @@ int
 pk_sendgetspi(iph2)
 	struct ph2handle *iph2;
 {
+	struct sockaddr *src = NULL, *dst = NULL;
 	u_int satype, mode;
 	struct saprop *pp;
 	struct saproto *pr;
+	int proxy = 0;
 
-	pp = iph2->side == INITIATOR
-			? iph2->proposal
-			: iph2->approval;
+	if (iph2->side == INITIATOR) {
+		pp = iph2->proposal;
+		proxy = iph2->ph1->rmconf->support_proxy;
+	} else {
+		pp = iph2->approval;
+		if (iph2->sainfo && iph2->sainfo->id_i)
+			proxy = 1;
+	}
+
+	/* for mobile IPv6 */
+	if (proxy && iph2->src_id && iph2->dst_id &&
+	    ipsecdoi_transportmode(pp)) {
+		src = iph2->src_id;
+		dst = iph2->dst_id;
+	} else {
+		src = iph2->src;
+		dst = iph2->dst;
+	}
 
 	for (pr = pp->head; pr != NULL; pr = pr->next) {
 
@@ -794,8 +811,8 @@ pk_sendgetspi(iph2)
 				lcconf->sock_pfkey,
 				satype,
 				mode,
-				iph2->dst,		/* src of SA */
-				iph2->src,		/* dst of SA */
+				dst,			/* src of SA */
+				src,			/* dst of SA */
 				0, 0, pr->reqid_in, iph2->seq) < 0) {
 			plog(LLV_ERROR, LOCATION, NULL,
 				"ipseclib failed send getspi (%s)\n",
@@ -804,7 +821,7 @@ pk_sendgetspi(iph2)
 		}
 		plog(LLV_DEBUG, LOCATION, NULL,
 			"pfkey GETSPI sent: %s\n",
-			sadbsecas2str(iph2->dst, iph2->src, satype, 0, mode));
+			sadbsecas2str(dst, src, satype, 0, mode));
 	}
 
 	return 0;
@@ -920,6 +937,7 @@ pk_sendupdate(iph2)
 	int e_type, e_keylen, a_type, a_keylen, flags;
 	u_int satype, mode;
 	u_int64_t lifebyte = 0;
+	int proxy = 0;
 
 	/* sanity check */
 	if (iph2->approval == NULL) {
@@ -927,8 +945,14 @@ pk_sendupdate(iph2)
 			"no approvaled SAs found.\n");
 	}
 
+	if (iph2->side == INITIATOR)
+		proxy = iph2->ph1->rmconf->support_proxy;
+	else if (iph2->sainfo && iph2->sainfo->id_i)
+		proxy = 1;
+
 	/* for mobile IPv6 */
-	if (iph2->ph1->rmconf->support_mip6 && iph2->src_id && iph2->dst_id) {
+	if (proxy && iph2->src_id && iph2->dst_id &&
+	    ipsecdoi_transportmode(iph2->approval)) {
 		src = iph2->src_id;
 		dst = iph2->dst_id;
 	} else {
@@ -977,8 +1001,8 @@ pk_sendupdate(iph2)
 				lcconf->sock_pfkey,
 				satype,
 				mode,
-				iph2->dst,
-				iph2->src,
+				dst,
+				src,
 				pr->spi,
 				pr->reqid_in,
 				4,	/* XXX static size of window */
@@ -1001,7 +1025,7 @@ pk_sendupdate(iph2)
 		 * But it is impossible because there is not key in the
 		 * information from the kernel.
 		 */
-		if (backupsa_to_file(satype, mode, iph2->dst, iph2->src,
+		if (backupsa_to_file(satype, mode, dst, src,
 				pr->spi, pr->reqid_in, 4,
 				pr->keymat->v,
 				e_type, e_keylen, a_type, a_keylen, flags,
@@ -1010,12 +1034,12 @@ pk_sendupdate(iph2)
 				iph2->seq) < 0) {
 			plog(LLV_ERROR, LOCATION, NULL,
 				"backuped SA failed: %s\n",
-				sadbsecas2str(iph2->dst, iph2->src,
+				sadbsecas2str(dst, src,
 				satype, pr->spi, mode));
 		}
 		plog(LLV_DEBUG, LOCATION, NULL,
 			"backuped SA: %s\n",
-			sadbsecas2str(iph2->dst, iph2->src,
+			sadbsecas2str(dst, src,
 			satype, pr->spi, mode));
 	}
 
@@ -1136,6 +1160,10 @@ pk_recvupdate(mhp)
 	/* count up */
 	iph2->ph1->ph2cnt++;
 
+	/* turn off schedule */
+	if (iph2->scr)
+		SCHED_KILL(iph2->scr);
+
 	/*
 	 * since we are going to reuse the phase2 handler, we need to
 	 * remain it and refresh all the references between ph1 and ph2 to use.
@@ -1161,6 +1189,7 @@ pk_sendadd(iph2)
 	int e_type, e_keylen, a_type, a_keylen, flags;
 	u_int satype, mode;
 	u_int64_t lifebyte = 0;
+	int proxy = 0;
 
 	/* sanity check */
 	if (iph2->approval == NULL) {
@@ -1168,8 +1197,14 @@ pk_sendadd(iph2)
 			"no approvaled SAs found.\n");
 	}
 
+	if (iph2->side == INITIATOR)
+		proxy = iph2->ph1->rmconf->support_proxy;
+	else if (iph2->sainfo && iph2->sainfo->id_i)
+		proxy = 1;
+
 	/* for mobile IPv6 */
-	if (iph2->ph1->rmconf->support_mip6 && iph2->src_id && iph2->dst_id) {
+	if (proxy && iph2->src_id && iph2->dst_id &&
+	    ipsecdoi_transportmode(iph2->approval)) {
 		src = iph2->src_id;
 		dst = iph2->dst_id;
 	} else {
@@ -1218,8 +1253,8 @@ pk_sendadd(iph2)
 				lcconf->sock_pfkey,
 				satype,
 				mode,
-				iph2->src,
-				iph2->dst,
+				src,
+				dst,
 				pr->spi_p,
 				pr->reqid_out,
 				4,	/* XXX static size of window */
@@ -1242,7 +1277,7 @@ pk_sendadd(iph2)
 		 * But it is impossible because there is not key in the
 		 * information from the kernel.
 		 */
-		if (backupsa_to_file(satype, mode, iph2->src, iph2->dst,
+		if (backupsa_to_file(satype, mode, src, dst,
 				pr->spi_p, pr->reqid_out, 4,
 				pr->keymat_p->v,
 				e_type, e_keylen, a_type, a_keylen, flags,
@@ -1251,12 +1286,12 @@ pk_sendadd(iph2)
 				iph2->seq) < 0) {
 			plog(LLV_ERROR, LOCATION, NULL,
 				"backuped SA failed: %s\n",
-				sadbsecas2str(iph2->src, iph2->dst,
+				sadbsecas2str(src, dst,
 				satype, pr->spi_p, mode));
 		}
 		plog(LLV_DEBUG, LOCATION, NULL,
 			"backuped SA: %s\n",
-			sadbsecas2str(iph2->src, iph2->dst,
+			sadbsecas2str(src, dst,
 			satype, pr->spi_p, mode));
 	}
 
@@ -1468,7 +1503,7 @@ pk_recvacquire(mhp)
 	/* ignore if type is not IPSEC_POLICY_IPSEC */
 	if (xpl->sadb_x_policy_type != IPSEC_POLICY_IPSEC) {
 		plog(LLV_DEBUG, LOCATION, NULL,
-			"ignore SPDGET message. type is not IPsec.\n");
+			"ignore ACQUIRE message. type is not IPsec.\n");
 		return 0;
 	}
 
@@ -1600,7 +1635,7 @@ pk_recvacquire(mhp)
 		delph2(iph2[n]);
 		return -1;
 	}
-	iph2[n]->sainfo = getsainfo(idsrc, iddst);
+	iph2[n]->sainfo = getsainfo(idsrc, iddst, NULL);
 	vfree(idsrc);
 	vfree(iddst);
 	if (iph2[n]->sainfo == NULL) {
@@ -1880,12 +1915,44 @@ static int
 pk_recvspdupdate(mhp)
 	caddr_t *mhp;
 {
+	struct sadb_address *saddr, *daddr;
+	struct sadb_x_policy *xpl;
+	struct policyindex spidx;
+	struct secpolicy *sp;
+
 	/* sanity check */
-	if (mhp[0] == NULL) {
+	if (mhp[0] == NULL
+	 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
+	 || mhp[SADB_EXT_ADDRESS_DST] == NULL
+	 || mhp[SADB_X_EXT_POLICY] == NULL) {
 		plog(LLV_ERROR, LOCATION, NULL,
 			"inappropriate sadb spdupdate message passed.\n");
 		return -1;
 	}
+	saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
+	daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
+	xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
+
+	KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
+			saddr + 1,
+			daddr + 1,
+			saddr->sadb_address_prefixlen,
+			daddr->sadb_address_prefixlen,
+			saddr->sadb_address_proto,
+			&spidx);
+
+	sp = getsp(&spidx);
+	if (sp == NULL) {
+		plog(LLV_ERROR, LOCATION, NULL,
+			"such policy does not already exist: %s\n",
+			spidx2str(&spidx));
+	} else {
+		remsp(sp);
+		delsp(sp);
+	}
+
+	if (addnewsp(mhp) < 0)
+		return -1;
 
 	return 0;
 }

crypto/dist/kame/racoon/remoteconf.c

@@ -1,4 +1,4 @@
-/*	$KAME: remoteconf.c,v 1.29 2001/12/07 08:39:39 sakane Exp $	*/
+/*	$KAME: remoteconf.c,v 1.30 2003/06/27 07:32:39 sakane Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -162,7 +162,7 @@ newrmconf()
 	new->getcert_method = ISAKMP_GETCERT_PAYLOAD;
 	new->send_cert = TRUE;
 	new->send_cr = TRUE;
-	new->support_mip6 = FALSE;
+	new->support_proxy = FALSE;
 	new->gen_policy = FALSE;
 	new->retry_counter = lcconf->retry_counter;
 	new->retry_interval = lcconf->retry_interval;

crypto/dist/kame/racoon/remoteconf.h

@@ -1,4 +1,4 @@
-/*	$KAME: remoteconf.h,v 1.27 2001/12/07 08:39:39 sakane Exp $	*/
+/*	$KAME: remoteconf.h,v 1.28 2003/06/27 07:32:39 sakane Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -65,7 +65,7 @@ struct remoteconf {
 	int nonce_size;			/* the number of bytes of nonce */
 	int keepalive;			/* XXX may not use */
 	int passive;			/* never initiate */
-	int support_mip6;		/* support mip6 */
+	int support_proxy;		/* support mip6/proxy */
 	int gen_policy;			/* generate policy if no policy found */
 	int ini_contact;		/* initial contact */
 	int pcheck_level;		/* level of propocl checking */

crypto/dist/kame/racoon/sainfo.c

@@ -1,4 +1,4 @@
-/*	$KAME: sainfo.c,v 1.15 2001/11/16 04:12:59 sakane Exp $	*/
+/*	$KAME: sainfo.c,v 1.16 2003/06/27 07:32:39 sakane Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -70,15 +70,27 @@ static LIST_HEAD(_sitree, sainfo) sitree;
  * no matching entry found and if there is anonymous entry, return it.
  * else return NULL.
  * XXX by each data type, should be changed to compare the buffer.
+ * First pass is for sainfo from a specified peer, second for others.
  */
 struct sainfo *
-getsainfo(src, dst)
-	const vchar_t *src, *dst;
+getsainfo(src, dst, peer)
+	const vchar_t *src, *dst, *peer;
 {
 	struct sainfo *s = NULL;
 	struct sainfo *anonymous = NULL;
+	int pass = 1;
 
+	if (peer == NULL)
+		pass = 2;
+    again:
 	LIST_FOREACH(s, &sitree, chain) {
+		if (s->id_i != NULL) {
+			if (pass == 2)
+				continue;
+			if (memcmp(peer->v, s->id_i->v, s->id_i->l) != 0)
+				continue;
+		} else if (pass == 1)
+			continue;
 		if (s->idsrc == NULL) {
 			anonymous = s;
 			continue;
@@ -99,7 +111,11 @@ getsainfo(src, dst)
 	if (anonymous) {
 		plog(LLV_DEBUG, LOCATION, NULL,
 			"anonymous sainfo selected.\n");
+	} else if (pass == 1) {
+		pass = 2;
+		goto again;
 	}
+
 	return anonymous;
 }
 
@@ -112,7 +128,6 @@ newsainfo()
 	if (new == NULL)
 		return NULL;
 
-	new->idvtype = IDTYPE_ADDRESS;
 	new->lifetime = IPSECDOI_ATTR_SA_LD_SEC_DEFAULT;
 	new->lifebyte = IPSECDOI_ATTR_SA_LD_KB_MAX;
 
@@ -214,11 +229,16 @@ sainfo2str(si)
 	static char buf[256];
 
 	if (si->idsrc == NULL)
-		return "anonymous";
+		snprintf(buf, sizeof(buf), "anonymous");
+	else {
+		snprintf(buf, sizeof(buf), "%s", ipsecdoi_id2str(si->idsrc));
+		snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
+			" %s", ipsecdoi_id2str(si->iddst));
+	}
 
-	snprintf(buf, sizeof(buf), "%s", ipsecdoi_id2str(si->idsrc));
-	snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
-		" %s", ipsecdoi_id2str(si->iddst));
+	if (si->id_i != NULL)
+		snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
+			" from %s", ipsecdoi_id2str(si->id_i));
 
 	return buf;
 }

crypto/dist/kame/racoon/sainfo.h

@@ -1,4 +1,4 @@
-/*	$KAME: sainfo.h,v 1.7 2000/10/11 19:54:08 sakane Exp $	*/
+/*	$KAME: sainfo.h,v 1.8 2003/06/27 07:32:39 sakane Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -44,8 +44,7 @@ struct sainfo {
 	time_t lifetime;
 	int lifebyte;
 	int pfs_group;		/* only use when pfs is required. */
-	int idvtype;		/* my identifier type */
-	vchar_t *idv;		/* my identifier */
+	vchar_t *id_i;		/* identifier of the authorized initiator */
 	struct sainfoalg *algs[MAXALGCLASS];
 
 	LIST_ENTRY(sainfo) chain;
@@ -58,7 +57,8 @@ struct sainfoalg {
 	struct sainfoalg *next;
 };
 
-extern struct sainfo *getsainfo __P((const vchar_t *, const vchar_t *));
+extern struct sainfo *getsainfo __P((const vchar_t *,
+	const vchar_t *, const vchar_t *));
 extern struct sainfo *newsainfo __P((void));
 extern void delsainfo __P((struct sainfo *));
 extern void inssainfo __P((struct sainfo *));