From Matthew Grooms:
handle IKE frag used in the first packet. That should not normally happen, as the initiator does not know yet if the responder can handle IKE frag. However, in some setups, the first packet is too big to get through, and assuming the peer supports IKE frag is the only way to go. racoon should have a setting in the remote section to do taht (something like ike_frag force)
This commit is contained in:
parent
3f9b6523d1
commit
f291901204
|
@ -1,3 +1,8 @@
|
||||||
|
2006-08-18 Emmanuel Dreyfus <manu@netbsd.org>
|
||||||
|
|
||||||
|
From Matthew Grooms:
|
||||||
|
* src/racoon/isakmp.c: handle IKE frag used in the first packet.
|
||||||
|
|
||||||
2006-08-16 Emmanuel Dreyfus <manu@netbsd.org>
|
2006-08-16 Emmanuel Dreyfus <manu@netbsd.org>
|
||||||
|
|
||||||
From Matthew Grooms:
|
From Matthew Grooms:
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: isakmp.c,v 1.12 2006/09/09 16:22:09 manu Exp $ */
|
/* $NetBSD: isakmp.c,v 1.13 2006/09/18 08:05:48 manu Exp $ */
|
||||||
|
|
||||||
/* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
|
/* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
|
||||||
|
|
||||||
|
@ -801,12 +801,15 @@ ph1_main(iph1, msg)
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef ENABLE_FRAG
|
||||||
/* free resend buffer */
|
/* free resend buffer */
|
||||||
if (iph1->sendbuf == NULL) {
|
if (iph1->sendbuf == NULL) {
|
||||||
plog(LLV_ERROR, LOCATION, NULL,
|
plog(LLV_ERROR, LOCATION, NULL,
|
||||||
"no buffer found as sendbuf\n");
|
"no buffer found as sendbuf\n");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
VPTRINIT(iph1->sendbuf);
|
VPTRINIT(iph1->sendbuf);
|
||||||
|
|
||||||
/* turn off schedule */
|
/* turn off schedule */
|
||||||
|
@ -1187,6 +1190,9 @@ isakmp_ph1begin_r(msg, remote, local, etype)
|
||||||
gettimeofday(&iph1->start, NULL);
|
gettimeofday(&iph1->start, NULL);
|
||||||
gettimeofday(&start, NULL);
|
gettimeofday(&start, NULL);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifndef ENABLE_FRAG
|
||||||
|
|
||||||
/* start exchange */
|
/* start exchange */
|
||||||
if ((ph1exchange[etypesw1(iph1->etype)]
|
if ((ph1exchange[etypesw1(iph1->etype)]
|
||||||
[iph1->side]
|
[iph1->side]
|
||||||
|
@ -1200,6 +1206,7 @@ isakmp_ph1begin_r(msg, remote, local, etype)
|
||||||
delph1(iph1);
|
delph1(iph1);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef ENABLE_STATS
|
#ifdef ENABLE_STATS
|
||||||
gettimeofday(&end, NULL);
|
gettimeofday(&end, NULL);
|
||||||
syslog(LOG_NOTICE, "%s(%s): %8.6f",
|
syslog(LOG_NOTICE, "%s(%s): %8.6f",
|
||||||
|
@ -1209,6 +1216,17 @@ isakmp_ph1begin_r(msg, remote, local, etype)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
#else /* ENABLE_FRAG */
|
||||||
|
|
||||||
|
/* now that we have a phase1 handle, feed back into our
|
||||||
|
* main receive function to catch fragmented packets
|
||||||
|
*/
|
||||||
|
|
||||||
|
return isakmp_main(msg, remote, local);
|
||||||
|
|
||||||
|
#endif /* ENABLE_FRAG */
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* new negotiation of phase 2 for initiator */
|
/* new negotiation of phase 2 for initiator */
|
||||||
|
|
Loading…
Reference in New Issue