Skip to content

Commit

Permalink
Fixed resending mechanism to have non-ESP marker for retransmitted pa…
Browse files Browse the repository at this point in the history 
…ckets
  • Loading branch information
vanhu committed Sep 25, 2008
1 parent f229842 commit 994d6fc
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 17 deletions.
4 changes: 4 additions & 0 deletions crypto/dist/ipsec-tools/ChangeLog
View file
@@ -1,3 +1,7 @@
2008-09-25 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/isakmp.c: Fixed resending mechanism to have non-ESP
marker for retransmitted packets.

2008-09-17 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/isakmp_inf.c: Fixed port match in purge_ipsec_spi()
when NAT-T enabled and trying to purge non NAT-T SAs.
Expand Down
37 changes: 20 additions & 17 deletions crypto/dist/ipsec-tools/src/racoon/isakmp.c
View file
@@ -1,4 +1,4 @@
/* $NetBSD: isakmp.c,v 1.20.6.12 2008/08/12 12:47:07 vanhu Exp $ */
/* $NetBSD: isakmp.c,v 1.20.6.13 2008/09/25 09:34:39 vanhu Exp $ */

/* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */

Expand Down Expand Up @@ -212,7 +212,7 @@ isakmp_handler(so_isakmp)
unsigned int local_len = sizeof(local);
int len = 0, extralen = 0;
vchar_t *buf = NULL, *tmpbuf = NULL;
int error = -1;
int error = -1, res;

/* read message by MSG_PEEK */
while ((len = recvfromto(so_isakmp, x.buf, sizeof(x),
Expand Down Expand Up @@ -363,11 +363,11 @@ isakmp_handler(so_isakmp)
/* XXX: I don't know how to check isakmp half connection attack. */

/* simply reply if the packet was processed. */
if (check_recvdpkt((struct sockaddr *)&remote,
(struct sockaddr *)&local, buf)) {
res=check_recvdpkt((struct sockaddr *)&remote,(struct sockaddr *)&local, buf);
if (res) {
plog(LLV_NOTIFY, LOCATION, NULL,
"the packet is retransmitted by %s.\n",
saddr2str((struct sockaddr *)&remote));
"the packet is retransmitted by %s (%d).\n",
saddr2str((struct sockaddr *)&remote), res);
error = 0;
goto end;
}
Expand Down Expand Up @@ -1781,11 +1781,17 @@ isakmp_send(iph1, sbuf)
{
int len = 0;
int s;
vchar_t *vbuf = NULL;
vchar_t *vbuf = NULL, swap;

#ifdef ENABLE_NATT
size_t extralen = NON_ESP_MARKER_USE(iph1) ? NON_ESP_MARKER_LEN : 0;

/* Check if NON_ESP_MARKER_LEN is already there (happens when resending packets)
*/
if(extralen == NON_ESP_MARKER_LEN &&
*(u_int32_t *)sbuf->v == 0)
extralen = 0;

#ifdef ENABLE_FRAG
/*
* Do not add the non ESP marker for a packet that will
Expand All @@ -1809,15 +1815,19 @@ isakmp_send(iph1, sbuf)
}
*(u_int32_t *)vbuf->v = 0;
memcpy (vbuf->v + extralen, sbuf->v, sbuf->l);
sbuf = vbuf;
/* ensures that the modified buffer will be sent back to the caller, so
* add_recvdpkt() will add the correct buffer
*/
swap = *sbuf;
*sbuf = *vbuf;
*vbuf = swap;
vfree(vbuf);
}
#endif

/* select the socket to be sent */
s = getsockmyaddr(iph1->local);
if (s == -1){
if ( vbuf != NULL )
vfree(vbuf);
return -1;
}

Expand All @@ -1829,8 +1839,6 @@ isakmp_send(iph1, sbuf)
if (isakmp_sendfrags(iph1, sbuf) == -1) {
plog(LLV_ERROR, LOCATION, NULL,
"isakmp_sendfrags failed\n");
if ( vbuf != NULL )
vfree(vbuf);
return -1;
}
} else
Expand All @@ -1841,15 +1849,10 @@ isakmp_send(iph1, sbuf)

if (len == -1) {
plog(LLV_ERROR, LOCATION, NULL, "sendfromto failed\n");
if ( vbuf != NULL )
vfree(vbuf);
return -1;
}
}

if ( vbuf != NULL )
vfree(vbuf);

return 0;
}

Expand Down

0 comments on commit 994d6fc

Please sign in to comment.