Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/crypto/dist/ipsec-tools/src/racoon Remove initial-contact en...



details:   https://anonhg.NetBSD.org/src/rev/b967b907851b
branches:  trunk
changeset: 758135:b967b907851b
user:      tteras <tteras%NetBSD.org@localhost>
date:      Thu Oct 21 06:04:33 2010 +0000

description:
Remove initial-contact entry when all ISAKMP-SA are purged via adminport.
This will avoid stale security associations if some of the delete
notifications happens to get lost.

diffstat:

 crypto/dist/ipsec-tools/src/racoon/admin.c   |   6 +++---
 crypto/dist/ipsec-tools/src/racoon/handler.c |  18 +++++++++++++++++-
 crypto/dist/ipsec-tools/src/racoon/handler.h |   3 ++-
 3 files changed, 22 insertions(+), 5 deletions(-)

diffs (77 lines):

diff -r bae9b7d42296 -r b967b907851b crypto/dist/ipsec-tools/src/racoon/admin.c
--- a/crypto/dist/ipsec-tools/src/racoon/admin.c        Thu Oct 21 01:02:34 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/admin.c        Thu Oct 21 06:04:33 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: admin.c,v 1.33 2010/09/22 13:37:35 vanhu Exp $ */
+/*     $NetBSD: admin.c,v 1.34 2010/10/21 06:04:33 tteras Exp $        */
 
 /* Id: admin.c,v 1.25 2006/04/06 14:31:04 manubsd Exp */
 
@@ -299,9 +299,8 @@
                break;
 
        case ADMIN_DELETE_SA: {
-               struct ph1handle *iph1;
+               char *loc, *rem;
                struct ph1selector sel;
-               char *loc, *rem;
 
                memset(&sel, 0, sizeof(sel));
                sel.local = (struct sockaddr *)
@@ -319,6 +318,7 @@
                plog(LLV_INFO, LOCATION, NULL,
                     "admin delete-sa %s %s\n", loc, rem);
                enumph1(&sel, admin_ph1_delete_sa, NULL);
+               remcontacted(sel.remote);
 
                racoon_free(loc);
                racoon_free(rem);
diff -r bae9b7d42296 -r b967b907851b crypto/dist/ipsec-tools/src/racoon/handler.c
--- a/crypto/dist/ipsec-tools/src/racoon/handler.c      Thu Oct 21 01:02:34 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/handler.c      Thu Oct 21 06:04:33 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: handler.c,v 1.32 2010/03/11 15:44:48 christos Exp $    */
+/*     $NetBSD: handler.c,v 1.33 2010/10/21 06:04:33 tteras Exp $      */
 
 /* Id: handler.c,v 1.28 2006/05/26 12:17:29 manubsd Exp */
 
@@ -966,6 +966,22 @@
 }
 
 void
+remcontacted(remote)
+       struct sockaddr *remote;
+{
+       struct contacted *p;
+
+       LIST_FOREACH(p, &ctdtree, chain) {
+               if (cmpsaddr(remote, p->remote) == 0) {
+                       LIST_REMOVE(p, chain);
+                       racoon_free(p->remote);
+                       racoon_free(p);
+                       break;
+               }
+       }       
+}
+
+void
 initctdtree()
 {
        LIST_INIT(&ctdtree);
diff -r bae9b7d42296 -r b967b907851b crypto/dist/ipsec-tools/src/racoon/handler.h
--- a/crypto/dist/ipsec-tools/src/racoon/handler.h      Thu Oct 21 01:02:34 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/handler.h      Thu Oct 21 06:04:33 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: handler.h,v 1.22 2009/09/03 09:29:07 tteras Exp $      */
+/*     $NetBSD: handler.h,v 1.23 2010/10/21 06:04:33 tteras Exp $      */
 
 /* Id: handler.h,v 1.19 2006/02/25 08:25:12 manubsd Exp */
 
@@ -518,6 +518,7 @@
 
 extern struct contacted *getcontacted __P((struct sockaddr *));
 extern int inscontacted __P((struct sockaddr *));
+extern void remcontacted __P((struct sockaddr *));
 extern void initctdtree __P((void));
 
 extern int check_recvdpkt __P((struct sockaddr *,



Home | Main Index | Thread Index | Old Index