[src/trunk]: src/crypto/dist/ipsec-tools/src/racoon added a specific script h...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/crypto/dist/ipsec-tools/src/racoon added a specific script h...
From: vanhu <vanhu%NetBSD.org@localhost>
Date: Mon, 06 Apr 2020 19:07:00 +0000
details:   https://anonhg.NetBSD.org/src/rev/7ed9f47d010f
branches:  trunk
changeset: 755804:7ed9f47d010f
user:      vanhu <vanhu%NetBSD.org@localhost>
date:      Tue Jun 22 09:41:33 2010 +0000

description:
added a specific script hook when a dead peer is detected

diffstat:

 crypto/dist/ipsec-tools/src/racoon/cfparse.y     |  11 +++++++++--
 crypto/dist/ipsec-tools/src/racoon/cftoken.l     |   3 ++-
 crypto/dist/ipsec-tools/src/racoon/isakmp.c      |   4 +++-
 crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c  |   3 ++-
 crypto/dist/ipsec-tools/src/racoon/racoon.conf.5 |  12 ++++++++----
 crypto/dist/ipsec-tools/src/racoon/remoteconf.c  |   5 +++--
 crypto/dist/ipsec-tools/src/racoon/remoteconf.h  |   5 +++--
 7 files changed, 30 insertions(+), 13 deletions(-)

diffs (150 lines):

diff -r 790c5f78bd25 -r 7ed9f47d010f crypto/dist/ipsec-tools/src/racoon/cfparse.y
--- a/crypto/dist/ipsec-tools/src/racoon/cfparse.y      Tue Jun 22 07:00:12 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/cfparse.y      Tue Jun 22 09:41:33 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: cfparse.y,v 1.37 2009/03/12 10:57:26 tteras Exp $      */
+/*     $NetBSD: cfparse.y,v 1.38 2010/06/22 09:41:33 vanhu Exp $       */
 
 /* Id: cfparse.y,v 1.66 2006/08/22 18:17:17 manubsd Exp */
 
@@ -237,7 +237,7 @@
 %token PREFIX PORT PORTANY UL_PROTO ANY IKE_FRAG ESP_FRAG MODE_CFG
 %token PFS_GROUP LIFETIME LIFETYPE_TIME LIFETYPE_BYTE STRENGTH REMOTEID
 
-%token SCRIPT PHASE1_UP PHASE1_DOWN
+%token SCRIPT PHASE1_UP PHASE1_DOWN PHASE1_DEAD
 
 %token NUMBER SWITCH BOOLEAN
 %token HEXSTRING QUOTEDSTRING ADDRSTRING ADDRRANGE
@@ -2010,6 +2010,13 @@
                        cur_rmconf->script[SCRIPT_PHASE1_DOWN] = 
                            script_path_add(vdup($2));
                } EOS
+       |       SCRIPT QUOTEDSTRING PHASE1_DEAD { 
+                       if (cur_rmconf->script[SCRIPT_PHASE1_DEAD] != NULL)
+                               vfree(cur_rmconf->script[SCRIPT_PHASE1_DEAD]);
+
+                       cur_rmconf->script[SCRIPT_PHASE1_DEAD] = 
+                           script_path_add(vdup($2));
+               } EOS
        |       MODE_CFG SWITCH { cur_rmconf->mode_cfg = $2; } EOS
        |       WEAK_PHASE1_CHECK SWITCH {
                        cur_rmconf->weak_phase1_check = $2;
diff -r 790c5f78bd25 -r 7ed9f47d010f crypto/dist/ipsec-tools/src/racoon/cftoken.l
--- a/crypto/dist/ipsec-tools/src/racoon/cftoken.l      Tue Jun 22 07:00:12 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/cftoken.l      Tue Jun 22 09:41:33 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: cftoken.l,v 1.20 2009/03/12 10:57:26 tteras Exp $      */
+/*     $NetBSD: cftoken.l,v 1.21 2010/06/22 09:41:33 vanhu Exp $       */
 
 /* Id: cftoken.l,v 1.53 2006/08/22 18:17:17 manubsd Exp */
 
@@ -365,6 +365,7 @@
 <S_RMTS>script         { YYD; return(SCRIPT); }
 <S_RMTS>phase1_up      { YYD; return(PHASE1_UP); }
 <S_RMTS>phase1_down    { YYD; return(PHASE1_DOWN); }
+<S_RMTS>phase1_dead    { YYD; return(PHASE1_DEAD); }
 <S_RMTS>mode_cfg       { YYD; return(MODE_CFG); }
 <S_RMTS>weak_phase1_check { YYD; return(WEAK_PHASE1_CHECK); }
 <S_RMTS>rekey          { YYD; return(REKEY); }
diff -r 790c5f78bd25 -r 7ed9f47d010f crypto/dist/ipsec-tools/src/racoon/isakmp.c
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp.c       Tue Jun 22 07:00:12 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp.c       Tue Jun 22 09:41:33 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: isakmp.c,v 1.60 2009/09/03 09:29:07 tteras Exp $       */
+/*     $NetBSD: isakmp.c,v 1.61 2010/06/22 09:41:33 vanhu Exp $        */
 
 /* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
 
@@ -1839,6 +1839,8 @@
                plog(LLV_ERROR, LOCATION, NULL,
                        "phase1 negotiation failed due to time up. %s\n",
                        isakmp_pindex(&iph1->index, iph1->msgid));
+               /* XXX is the peer really "dead" here ??? */
+               script_hook(iph1, SCRIPT_PHASE1_DEAD);
                evt_phase1(iph1, EVT_PHASE1_NO_RESPONSE, NULL);
 
                return -1;
diff -r 790c5f78bd25 -r 7ed9f47d010f crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c   Tue Jun 22 07:00:12 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c   Tue Jun 22 09:41:33 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: isakmp_inf.c,v 1.41 2009/07/03 06:41:46 tteras Exp $   */
+/*     $NetBSD: isakmp_inf.c,v 1.42 2010/06/22 09:41:33 vanhu Exp $    */
 
 /* Id: isakmp_inf.c,v 1.44 2006/05/06 20:45:52 manubsd Exp */
 
@@ -1506,6 +1506,7 @@
                        "DPD: remote (ISAKMP-SA spi=%s) seems to be dead.\n",
                        isakmp_pindex(&iph1->index, 0));
 
+               script_hook(iph1, SCRIPT_PHASE1_DEAD);
                evt_phase1(iph1, EVT_PHASE1_DPD_TIMEOUT, NULL);
                purge_remote(iph1);
 
diff -r 790c5f78bd25 -r 7ed9f47d010f crypto/dist/ipsec-tools/src/racoon/racoon.conf.5
--- a/crypto/dist/ipsec-tools/src/racoon/racoon.conf.5  Tue Jun 22 07:00:12 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/racoon.conf.5  Tue Jun 22 09:41:33 2010 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: racoon.conf.5,v 1.59 2009/10/14 18:22:04 joerg Exp $
+.\"    $NetBSD: racoon.conf.5,v 1.60 2010/06/22 09:41:33 vanhu Exp $
 .\"
 .\"    Id: racoon.conf.5,v 1.54 2006/08/22 18:17:17 manubsd Exp
 .\"
@@ -602,11 +602,15 @@
 .\"
 .It Ic script Ar script Ic phase1_up
 .It Ic script Ar script Ic phase1_down
-Shell scripts that get executed when a phase 1 SA goes up or down.
-Both scripts get either
+.It Ic script Ar script Ic phase1_dead
+Shell scripts that get executed when a phase 1 SA goes up or down, or
+when it is detected as dead by DPD.
+All scripts get either
 .Ic phase1_up
+,
+.Ic phase1_down
 or
-.Ic phase1_down
+.Ic phase1_dead
 as first argument, and the following
 variables are set in their environment:
 .Bl -tag -width Ds -compact
diff -r 790c5f78bd25 -r 7ed9f47d010f crypto/dist/ipsec-tools/src/racoon/remoteconf.c
--- a/crypto/dist/ipsec-tools/src/racoon/remoteconf.c   Tue Jun 22 07:00:12 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/remoteconf.c   Tue Jun 22 09:41:33 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: remoteconf.c,v 1.18 2009/09/01 09:49:59 tteras Exp $   */
+/*     $NetBSD: remoteconf.c,v 1.19 2010/06/22 09:41:33 vanhu Exp $    */
 
 /* Id: remoteconf.c,v 1.38 2006/05/06 15:52:44 manubsd Exp */
 
@@ -84,7 +84,8 @@
 /*
  * Script hook names and script hook paths
  */
-char *script_names[SCRIPT_MAX + 1] = { "phase1_up", "phase1_down" };
+char *script_names[SCRIPT_MAX + 1] = {
+       "phase1_up", "phase1_down", "phase1_dead" };
 
 /*%%%*/
 
diff -r 790c5f78bd25 -r 7ed9f47d010f crypto/dist/ipsec-tools/src/racoon/remoteconf.h
--- a/crypto/dist/ipsec-tools/src/racoon/remoteconf.h   Tue Jun 22 07:00:12 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/remoteconf.h   Tue Jun 22 09:41:33 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: remoteconf.h,v 1.11 2009/07/03 06:41:47 tteras Exp $   */
+/*     $NetBSD: remoteconf.h,v 1.12 2010/06/22 09:41:33 vanhu Exp $    */
 
 /* Id: remoteconf.h,v 1.26 2006/05/06 15:52:44 manubsd Exp */
 
@@ -80,7 +80,8 @@
 /* Script hooks */
 #define SCRIPT_PHASE1_UP       0
 #define SCRIPT_PHASE1_DOWN     1
-#define SCRIPT_MAX             1
+#define SCRIPT_PHASE1_DEAD     2
+#define SCRIPT_MAX             2
 extern char *script_names[SCRIPT_MAX + 1];
 
 struct remoteconf {
Prev by Date: [src/trunk]: src/libexec/httpd merge bozohttpd 20100621
Next by Date: [src/trunk]: src/libexec/httpd Fix typo, remove trailing whitespace.
Previous by Thread: [src/trunk]: src/libexec/httpd merge bozohttpd 20100621
Next by Thread: [src/trunk]: src/libexec/httpd Fix typo, remove trailing whitespace.
Indexes:
Home | Main Index | Thread Index | Old Index