| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
| 1 | /* $NetBSD: handler.c,v 1.39 2011/03/14 17:18:12 tteras Exp $ */ | | 1 | /* $NetBSD: handler.c,v 1.39.2.1 2011/11/17 14:46:31 vanhu Exp $ */ |
| 2 | | | 2 | |
| 3 | /* Id: handler.c,v 1.28 2006/05/26 12:17:29 manubsd Exp */ | | 3 | /* Id: handler.c,v 1.28 2006/05/26 12:17:29 manubsd Exp */ |
| 4 | | | 4 | |
| 5 | /* | | 5 | /* |
| 6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | | 6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
| 7 | * All rights reserved. | | 7 | * All rights reserved. |
| 8 | * | | 8 | * |
| 9 | * Redistribution and use in source and binary forms, with or without | | 9 | * Redistribution and use in source and binary forms, with or without |
| 10 | * modification, are permitted provided that the following conditions | | 10 | * modification, are permitted provided that the following conditions |
| 11 | * are met: | | 11 | * are met: |
| 12 | * 1. Redistributions of source code must retain the above copyright | | 12 | * 1. Redistributions of source code must retain the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer. | | 13 | * notice, this list of conditions and the following disclaimer. |
| 14 | * 2. Redistributions in binary form must reproduce the above copyright | | 14 | * 2. Redistributions in binary form must reproduce the above copyright |
| @@ -601,29 +601,31 @@ getph2bymsgid(iph1, msgid) | | | @@ -601,29 +601,31 @@ getph2bymsgid(iph1, msgid) |
| 601 | * but the source and destination addresses used for | | 601 | * but the source and destination addresses used for |
| 602 | * for SA negotiation (best example is tunnel mode SA | | 602 | * for SA negotiation (best example is tunnel mode SA |
| 603 | * where src and dst are the endpoints). There is at most | | 603 | * where src and dst are the endpoints). There is at most |
| 604 | * a unique match because racoon does not support bundles | | 604 | * a unique match because racoon does not support bundles |
| 605 | * which makes that there is at most a single established | | 605 | * which makes that there is at most a single established |
| 606 | * SA for a given spid. One could say that src and dst | | 606 | * SA for a given spid. One could say that src and dst |
| 607 | * are in fact useless ... | | 607 | * are in fact useless ... |
| 608 | */ | | 608 | */ |
| 609 | struct ph2handle * | | 609 | struct ph2handle * |
| 610 | getph2byid(src, dst, spid) | | 610 | getph2byid(src, dst, spid) |
| 611 | struct sockaddr *src, *dst; | | 611 | struct sockaddr *src, *dst; |
| 612 | u_int32_t spid; | | 612 | u_int32_t spid; |
| 613 | { | | 613 | { |
| 614 | struct ph2handle *p; | | 614 | struct ph2handle *p, *next; |
| | | 615 | |
| | | 616 | for (p = LIST_FIRST(&ph2tree); p; p = next) { |
| | | 617 | next = LIST_NEXT(p, chain); |
| 615 | | | 618 | |
| 616 | LIST_FOREACH(p, &ph2tree, chain) { | | | |
| 617 | if (spid == p->spid && | | 619 | if (spid == p->spid && |
| 618 | cmpsaddr(src, p->src) <= CMPSADDR_WILDPORT_MATCH && | | 620 | cmpsaddr(src, p->src) <= CMPSADDR_WILDPORT_MATCH && |
| 619 | cmpsaddr(dst, p->dst) <= CMPSADDR_WILDPORT_MATCH){ | | 621 | cmpsaddr(dst, p->dst) <= CMPSADDR_WILDPORT_MATCH){ |
| 620 | /* Sanity check to detect zombie handlers | | 622 | /* Sanity check to detect zombie handlers |
| 621 | * XXX Sould be done "somewhere" more interesting, | | 623 | * XXX Sould be done "somewhere" more interesting, |
| 622 | * because we have lots of getph2byxxxx(), but this one | | 624 | * because we have lots of getph2byxxxx(), but this one |
| 623 | * is called by pk_recvacquire(), so is the most important. | | 625 | * is called by pk_recvacquire(), so is the most important. |
| 624 | */ | | 626 | */ |
| 625 | if(p->status < PHASE2ST_ESTABLISHED && | | 627 | if(p->status < PHASE2ST_ESTABLISHED && |
| 626 | p->retry_counter == 0 | | 628 | p->retry_counter == 0 |
| 627 | && p->sce.func == NULL && p->scr.func == NULL) { | | 629 | && p->sce.func == NULL && p->scr.func == NULL) { |
| 628 | plog(LLV_DEBUG, LOCATION, NULL, | | 630 | plog(LLV_DEBUG, LOCATION, NULL, |
| 629 | "Zombie ph2 found, expiring it\n"); | | 631 | "Zombie ph2 found, expiring it\n"); |
| @@ -975,29 +977,31 @@ inscontacted(remote) | | | @@ -975,29 +977,31 @@ inscontacted(remote) |
| 975 | racoon_free(new); | | 977 | racoon_free(new); |
| 976 | return -1; | | 978 | return -1; |
| 977 | } | | 979 | } |
| 978 | | | 980 | |
| 979 | LIST_INSERT_HEAD(&ctdtree, new, chain); | | 981 | LIST_INSERT_HEAD(&ctdtree, new, chain); |
| 980 | | | 982 | |
| 981 | return 0; | | 983 | return 0; |
| 982 | } | | 984 | } |
| 983 | | | 985 | |
| 984 | void | | 986 | void |
| 985 | remcontacted(remote) | | 987 | remcontacted(remote) |
| 986 | struct sockaddr *remote; | | 988 | struct sockaddr *remote; |
| 987 | { | | 989 | { |
| 988 | struct contacted *p; | | 990 | struct contacted *p, *next; |
| | | 991 | |
| | | 992 | for (p = LIST_FIRST(&ctdtree); p; p = next) { |
| | | 993 | next = LIST_NEXT(p, chain); |
| 989 | | | 994 | |
| 990 | LIST_FOREACH(p, &ctdtree, chain) { | | | |
| 991 | if (cmpsaddr(remote, p->remote) <= CMPSADDR_WILDPORT_MATCH) { | | 995 | if (cmpsaddr(remote, p->remote) <= CMPSADDR_WILDPORT_MATCH) { |
| 992 | LIST_REMOVE(p, chain); | | 996 | LIST_REMOVE(p, chain); |
| 993 | racoon_free(p->remote); | | 997 | racoon_free(p->remote); |
| 994 | racoon_free(p); | | 998 | racoon_free(p); |
| 995 | break; | | 999 | break; |
| 996 | } | | 1000 | } |
| 997 | } | | 1001 | } |
| 998 | } | | 1002 | } |
| 999 | | | 1003 | |
| 1000 | void | | 1004 | void |
| 1001 | initctdtree() | | 1005 | initctdtree() |
| 1002 | { | | 1006 | { |
| 1003 | LIST_INIT(&ctdtree); | | 1007 | LIST_INIT(&ctdtree); |
| @@ -1545,30 +1549,32 @@ getph1bylogin(login) | | | @@ -1545,30 +1549,32 @@ getph1bylogin(login) |
| 1545 | if (p->mode_cfg == NULL) | | 1549 | if (p->mode_cfg == NULL) |
| 1546 | continue; | | 1550 | continue; |
| 1547 | if (strncmp(p->mode_cfg->login, login, LOGINLEN) == 0) | | 1551 | if (strncmp(p->mode_cfg->login, login, LOGINLEN) == 0) |
| 1548 | return p; | | 1552 | return p; |
| 1549 | } | | 1553 | } |
| 1550 | | | 1554 | |
| 1551 | return NULL; | | 1555 | return NULL; |
| 1552 | } | | 1556 | } |
| 1553 | | | 1557 | |
| 1554 | int | | 1558 | int |
| 1555 | purgeph1bylogin(login) | | 1559 | purgeph1bylogin(login) |
| 1556 | char *login; | | 1560 | char *login; |
| 1557 | { | | 1561 | { |
| 1558 | struct ph1handle *p; | | 1562 | struct ph1handle *p, *next; |
| 1559 | int found = 0; | | 1563 | int found = 0; |
| 1560 | | | 1564 | |
| 1561 | LIST_FOREACH(p, &ph1tree, chain) { | | 1565 | for (p = LIST_FIRST(&ph1tree); p; p = next) { |
| | | 1566 | next = LIST_NEXT(p, chain); |
| | | 1567 | |
| 1562 | if (p->mode_cfg == NULL) | | 1568 | if (p->mode_cfg == NULL) |
| 1563 | continue; | | 1569 | continue; |
| 1564 | if (strncmp(p->mode_cfg->login, login, LOGINLEN) == 0) { | | 1570 | if (strncmp(p->mode_cfg->login, login, LOGINLEN) == 0) { |
| 1565 | if (p->status >= PHASE1ST_EXPIRED) | | 1571 | if (p->status >= PHASE1ST_EXPIRED) |
| 1566 | continue; | | 1572 | continue; |
| 1567 | | | 1573 | |
| 1568 | if (p->status >= PHASE1ST_ESTABLISHED) | | 1574 | if (p->status >= PHASE1ST_ESTABLISHED) |
| 1569 | isakmp_info_send_d1(p); | | 1575 | isakmp_info_send_d1(p); |
| 1570 | purge_remote(p); | | 1576 | purge_remote(p); |
| 1571 | found++; | | 1577 | found++; |
| 1572 | } | | 1578 | } |
| 1573 | } | | 1579 | } |
| 1574 | | | 1580 | |