Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/dist/ipsec-tools/src/racoon isakmp_post_acquire is no...
details: https://anonhg.NetBSD.org/src/rev/f41f0cc440b6
branches: trunk
changeset: 758653:f41f0cc440b6
user: tteras <tteras%NetBSD.org@localhost>
date: Fri Nov 12 10:36:37 2010 +0000
description:
isakmp_post_acquire is now called from admin commands too, add a flag so
admin commands can be used to establish even passive links on demand.
diffstat:
crypto/dist/ipsec-tools/src/racoon/admin.c | 4 ++--
crypto/dist/ipsec-tools/src/racoon/isakmp.c | 9 +++++----
crypto/dist/ipsec-tools/src/racoon/isakmp_var.h | 4 ++--
crypto/dist/ipsec-tools/src/racoon/pfkey.c | 12 ++++++------
4 files changed, 15 insertions(+), 14 deletions(-)
diffs (115 lines):
diff -r 22c1f2a88c0f -r f41f0cc440b6 crypto/dist/ipsec-tools/src/racoon/admin.c
--- a/crypto/dist/ipsec-tools/src/racoon/admin.c Fri Nov 12 09:11:37 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/admin.c Fri Nov 12 10:36:37 2010 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: admin.c,v 1.36 2010/11/12 09:08:26 tteras Exp $ */
+/* $NetBSD: admin.c,v 1.37 2010/11/12 10:36:37 tteras Exp $ */
/* Id: admin.c,v 1.25 2006/04/06 14:31:04 manubsd Exp */
@@ -577,7 +577,7 @@
}
insph2(iph2);
- if (isakmp_post_acquire(iph2, NULL) < 0) {
+ if (isakmp_post_acquire(iph2, NULL, FALSE) < 0) {
remph2(iph2);
delph2(iph2);
break;
diff -r 22c1f2a88c0f -r f41f0cc440b6 crypto/dist/ipsec-tools/src/racoon/isakmp.c
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp.c Fri Nov 12 09:11:37 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp.c Fri Nov 12 10:36:37 2010 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp.c,v 1.64 2010/11/12 09:11:37 tteras Exp $ */
+/* $NetBSD: isakmp.c,v 1.65 2010/11/12 10:36:37 tteras Exp $ */
/* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
@@ -2166,9 +2166,10 @@
* if phase1 has been finished, begin phase2.
*/
int
-isakmp_post_acquire(iph2, iph1hint)
+isakmp_post_acquire(iph2, iph1hint, nopassive)
struct ph2handle *iph2;
struct ph1handle *iph1hint;
+ int nopassive;
{
struct remoteconf *rmconf;
struct ph1handle *iph1 = NULL;
@@ -2185,7 +2186,7 @@
* so no need to bother yet. --arno */
if (iph1hint == NULL || iph1hint->rmconf == NULL) {
- rmconf = getrmconf(iph2->dst, GETRMCONF_F_NO_PASSIVE);
+ rmconf = getrmconf(iph2->dst, nopassive ? GETRMCONF_F_NO_PASSIVE : 0);
if (rmconf == NULL) {
plog(LLV_ERROR, LOCATION, NULL,
"no configuration found for %s.\n",
@@ -2197,7 +2198,7 @@
}
/* if passive mode, ignore the acquire message */
- if (rmconf->passive) {
+ if (nopassive && rmconf->passive) {
plog(LLV_DEBUG, LOCATION, NULL,
"because of passive mode, "
"ignore the acquire message for %s.\n",
diff -r 22c1f2a88c0f -r f41f0cc440b6 crypto/dist/ipsec-tools/src/racoon/isakmp_var.h
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h Fri Nov 12 09:11:37 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h Fri Nov 12 10:36:37 2010 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp_var.h,v 1.16 2009/09/03 09:29:07 tteras Exp $ */
+/* $NetBSD: isakmp_var.h,v 1.17 2010/11/12 10:36:37 tteras Exp $ */
/* Id: isakmp_var.h,v 1.12 2005/05/07 14:45:31 manubsd Exp */
@@ -87,7 +87,7 @@
extern void isakmp_ph2delete __P((struct ph2handle *));
extern int isakmp_get_sainfo __P((struct ph2handle *, struct secpolicy *, struct secpolicy *));
-extern int isakmp_post_acquire __P((struct ph2handle *, struct ph1handle *));
+extern int isakmp_post_acquire __P((struct ph2handle *, struct ph1handle *, int));
extern int isakmp_post_getspi __P((struct ph2handle *));
extern void isakmp_chkph1there_stub __P((struct sched *));
extern void isakmp_chkph1there __P((struct ph2handle *));
diff -r 22c1f2a88c0f -r f41f0cc440b6 crypto/dist/ipsec-tools/src/racoon/pfkey.c
--- a/crypto/dist/ipsec-tools/src/racoon/pfkey.c Fri Nov 12 09:11:37 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/pfkey.c Fri Nov 12 10:36:37 2010 +0000
@@ -1,6 +1,6 @@
-/* $NetBSD: pfkey.c,v 1.53 2010/10/21 06:15:28 tteras Exp $ */
-
-/* $Id: pfkey.c,v 1.53 2010/10/21 06:15:28 tteras Exp $ */
+/* $NetBSD: pfkey.c,v 1.54 2010/11/12 10:36:37 tteras Exp $ */
+
+/* $Id: pfkey.c,v 1.54 2010/11/12 10:36:37 tteras Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -1686,7 +1686,7 @@
iph2->status = PHASE2ST_STATUS2;
/* start quick exchange */
- if (isakmp_post_acquire(iph2, iph1hint) < 0) {
+ if (isakmp_post_acquire(iph2, iph1hint, FALSE) < 0) {
plog(LLV_ERROR, LOCATION, iph2->dst,
"failed to begin ipsec sa "
"re-negotication.\n");
@@ -1962,7 +1962,7 @@
/* start isakmp initiation by using ident exchange */
/* XXX should be looped if there are multiple phase 2 handler. */
- if (isakmp_post_acquire(iph2, NULL) < 0) {
+ if (isakmp_post_acquire(iph2, NULL, TRUE) < 0) {
plog(LLV_ERROR, LOCATION, NULL,
"failed to begin ipsec sa negotication.\n");
remph2(iph2);
@@ -3088,7 +3088,7 @@
iph2->status = PHASE2ST_STATUS2;
/* and start a new negotiation */
- if (isakmp_post_acquire(iph2, iph1hint) < 0) {
+ if (isakmp_post_acquire(iph2, iph1hint, FALSE) < 0) {
plog(LLV_ERROR, LOCATION, iph2->dst, "failed "
"to begin IPsec SA renegotiation after "
"MIGRATE reception.\n");
Home |
Main Index |
Thread Index |
Old Index