Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added some debug in isakmp_chkph1there() to track some port matching problems with NAT-T

This commit is contained in:
vanhu 2007-05-04 09:09:47 +00:00
parent ff0f36d165
commit e91f01072a
1 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
crypto/dist/ipsec-tools/src/racoon/isakmp.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: isakmp.c,v 1.25 2007/03/21 14:29:22 vanhu Exp $ */ /* $NetBSD: isakmp.c,v 1.26 2007/05/04 09:09:47 vanhu Exp $ */
/* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */ /* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
@ -2352,12 +2352,15 @@ isakmp_chkph1there(iph2)
*/ */
#ifdef ENABLE_NATT #ifdef ENABLE_NATT
if (!extract_port(iph2->src) && !extract_port(iph2->dst)) { if (!extract_port(iph2->src) && !extract_port(iph2->dst)) {
if ((iph1 = getph1byaddrwop(iph2->src, iph2->dst)) != NULL) { plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: extract_port.\n");
set_port(iph2->src, extract_port(iph1->local)); if( (iph1 = getph1byaddrwop(iph2->src, iph2->dst)) != NULL){
set_port(iph2->dst, extract_port(iph1->remote)); plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: found a ph1 wop.\n");
} }
} else { } else {
plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: searching byaddr.\n");
iph1 = getph1byaddr(iph2->src, iph2->dst); iph1 = getph1byaddr(iph2->src, iph2->dst);
if(iph1 != NULL)
plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: found byaddr.\n");
} }
#else #else
iph1 = getph1byaddr(iph2->src, iph2->dst); iph1 = getph1byaddr(iph2->src, iph2->dst);
@ -2368,11 +2371,26 @@ isakmp_chkph1there(iph2)
if (iph1 != NULL if (iph1 != NULL
&& iph1->status == PHASE1ST_ESTABLISHED) { && iph1->status == PHASE1ST_ESTABLISHED) {
/* found isakmp-sa */ /* found isakmp-sa */
plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: got a ph1 handler, setting ports.\n");
plog(LLV_DEBUG2, LOCATION, NULL, "iph1->local: %s\n", saddr2str(iph1->local));
plog(LLV_DEBUG2, LOCATION, NULL, "iph1->remote: %s\n", saddr2str(iph1->remote));
plog(LLV_DEBUG2, LOCATION, NULL, "before:\n");
plog(LLV_DEBUG2, LOCATION, NULL, "src: %s\n", saddr2str(iph2->src));
plog(LLV_DEBUG2, LOCATION, NULL, "dst: %s\n", saddr2str(iph2->dst));
set_port(iph2->src, extract_port(iph1->local));
set_port(iph2->dst, extract_port(iph1->remote));
plog(LLV_DEBUG2, LOCATION, NULL, "After:\n");
plog(LLV_DEBUG2, LOCATION, NULL, "src: %s\n", saddr2str(iph2->src));
plog(LLV_DEBUG2, LOCATION, NULL, "dst: %s\n", saddr2str(iph2->dst));
/* begin quick mode */ /* begin quick mode */
(void)isakmp_ph2begin_i(iph1, iph2); (void)isakmp_ph2begin_i(iph1, iph2);
return; return;
} }
plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: no established ph1 handler found\n");
/* no isakmp-sa found */ /* no isakmp-sa found */
sched_new(1, isakmp_chkph1there_stub, iph2); sched_new(1, isakmp_chkph1there_stub, iph2);