[vpn-help] Frag issue with 1.1b1
Peter Eisch
peter at boku.net
Tue Aug 29 14:04:01 CDT 2006
K, bonk them on the ipsec-tools-devel list and I'll ack it. It fixes that
issue quite well.
peter
On 8/29/06 12:47 PM, "Matthew Grooms" <mgrooms at shrew.net> wrote:
> Peter Eisch wrote:
>> It's back -- but different.
>
> This is actually a bug in ipsec tools. See the first item at ...
>
> http://www.shrew.net/vpn/help/issueswithipsectools.htm
>
> I have submitted a patch for it on two different occasions but no-one
> has been interested in committing it.
>
> I have attached the racoon patch but havn't tested it with current
> lately. Let me know if this fixes your problem and I will bring it up
> again on the ipsec-tools developers mailing list.
>
> Thanks,
>
> -Matthew
>
>
> ? respfrag.diff
> Index: src/racoon/isakmp.c
> ===================================================================
> RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/isakmp.c,v
> retrieving revision 1.74
> diff -u -r1.74 isakmp.c
> --- src/racoon/isakmp.c 7 May 2006 21:32:59 -0000 1.74
> +++ src/racoon/isakmp.c 12 Jun 2006 21:42:43 -0000
> @@ -800,12 +800,8 @@
> }
>
> /* free resend buffer */
> - if (iph1->sendbuf == NULL) {
> - plog(LLV_ERROR, LOCATION, NULL,
> - "no buffer found as sendbuf\n");
> - return -1;
> - }
> - VPTRINIT(iph1->sendbuf);
> + if (iph1->sendbuf != NULL)
> + VPTRINIT(iph1->sendbuf);
>
> /* turn off schedule */
> if (iph1->scr)
> @@ -962,12 +958,8 @@
> return 0;
>
> /* free resend buffer */
> - if (iph2->sendbuf == NULL) {
> - plog(LLV_ERROR, LOCATION, NULL,
> - "no buffer found as sendbuf\n");
> - return -1;
> - }
> - VPTRINIT(iph2->sendbuf);
> + if (iph2->sendbuf != NULL)
> + VPTRINIT(iph2->sendbuf);
>
> /* turn off schedule */
> if (iph2->scr)
> @@ -1185,28 +1177,11 @@
> gettimeofday(&iph1->start, NULL);
> gettimeofday(&start, NULL);
> #endif
> - /* start exchange */
> - if ((ph1exchange[etypesw1(iph1->etype)]
> - [iph1->side]
> - [iph1->status])(iph1, msg) < 0
> - || (ph1exchange[etypesw1(iph1->etype)]
> - [iph1->side]
> - [iph1->status])(iph1, msg) < 0) {
> - plog(LLV_ERROR, LOCATION, remote,
> - "failed to process packet.\n");
> - remph1(iph1);
> - delph1(iph1);
> - return -1;
> - }
> -#ifdef ENABLE_STATS
> - gettimeofday(&end, NULL);
> - syslog(LOG_NOTICE, "%s(%s): %8.6f",
> - "phase1",
> - s_isakmp_state(iph1->etype, iph1->side, iph1->status),
> - timedelta(&start, &end));
> -#endif
>
> - return 0;
> + /* now that we have a phase1 handle, feed back into our
> + * main receive function to catch fragmented packets
> + */
> + return isakmp_main(msg, remote, local);
> }
>
> /* new negotiation of phase 2 for initiator */
>
More information about the vpn-help
mailing list