[src/ipsec-tools-0_8-branch]: src/crypto/dist/ipsec-tools/src/racoon From Rom...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/ipsec-tools-0_8-branch]: src/crypto/dist/ipsec-tools/src/racoon From Rom...
From: tteras <tteras%NetBSD.org@localhost>
Date: Mon, 06 Apr 2020 20:13:43 +0000

details:   https://anonhg.NetBSD.org/src/rev/cb4af5ebd1fb
branches:  ipsec-tools-0_8-branch
changeset: 763332:cb4af5ebd1fb
user:      tteras <tteras%NetBSD.org@localhost>
date:      Wed Aug 29 12:01:56 2012 +0000

description:
>From Roman Hoog Antink <rha%open.ch@localhost>: Accept DPD messages with cookies
also in reversed order for compatiblity. At least Cisco 836 running
IOS 12.3(8)T does this.

diffstat:

 crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c |  11 +++++++----
 1 files changed, 7 insertions(+), 4 deletions(-)

diffs (32 lines):

diff -r 6b4aed10f257 -r cb4af5ebd1fb crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c   Wed Aug 29 11:35:09 2012 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c   Wed Aug 29 12:01:56 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: isakmp_inf.c,v 1.47 2011/03/15 13:20:14 vanhu Exp $    */
+/*     $NetBSD: isakmp_inf.c,v 1.47.2.1 2012/08/29 12:01:56 tteras Exp $       */
 
 /* Id: isakmp_inf.c,v 1.44 2006/05/06 20:45:52 manubsd Exp */
 
@@ -1465,8 +1465,11 @@
                return 0;
        }
 
-       if (memcmp(ru->i_ck, iph1->index.i_ck, sizeof(cookie_t)) ||
-           memcmp(ru->r_ck, iph1->index.r_ck, sizeof(cookie_t))) {
+       /* accept cookies in original or reversed order */
+       if ((memcmp(ru->i_ck, iph1->index.i_ck, sizeof(cookie_t)) ||
+            memcmp(ru->r_ck, iph1->index.r_ck, sizeof(cookie_t))) &&
+           (memcmp(ru->r_ck, iph1->index.i_ck, sizeof(cookie_t)) ||
+            memcmp(ru->i_ck, iph1->index.r_ck, sizeof(cookie_t)))) {
                plog(LLV_ERROR, LOCATION, iph1->remote,
                         "Cookie mismatch in DPD ACK!.\n");
                return 0;
@@ -1477,7 +1480,7 @@
        sched_cancel(&iph1->dpd_r_u);
        isakmp_sched_r_u(iph1, 0);
 
-       plog(LLV_DEBUG, LOCATION, NULL, "received an R-U-THERE-ACK\n");
+       plog(LLV_DEBUG, LOCATION, iph1->remote, "received an R-U-THERE-ACK\n");
 
        return 0;
 }

Prev by Date: [src/ipsec-tools-0_8-branch]: src/crypto/dist/ipsec-tools From G?tz Babin-Ebe...
Next by Date: [src/ipsec-tools-0_8-branch]: src/crypto/dist/ipsec-tools/src/racoon From G?t...
Previous by Thread: [src/ipsec-tools-0_8-branch]: src/crypto/dist/ipsec-tools From G?tz Babin-Ebe...
Next by Thread: [src/ipsec-tools-0_8-branch]: src/crypto/dist/ipsec-tools/src/racoon From G?t...
Indexes:

Home | Main Index | Thread Index | Old Index