[vpn-help] Frag issue with 1.1b1

Tue Aug 29 14:04:01 CDT 2006

K, bonk them on the ipsec-tools-devel list and I'll ack it.  It fixes that
issue quite well.

peter

On 8/29/06 12:47 PM, "Matthew Grooms" <mgrooms at shrew.net> wrote:

> Peter Eisch wrote:
>> It's back -- but different.
> 
> This is actually a bug in ipsec tools. See the first item at ...
> 
> http://www.shrew.net/vpn/help/issueswithipsectools.htm
> 
> I have submitted a patch for it on two different occasions but no-one
> has been interested in committing it.
> 
> I have attached the racoon patch but havn't tested it with current
> lately. Let me know if this fixes your problem and I will bring it up
> again on the ipsec-tools developers mailing list.
> 
> Thanks,
> 
> -Matthew
> 
> 
> ? respfrag.diff
> Index: src/racoon/isakmp.c
> ===================================================================
> RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/isakmp.c,v
> retrieving revision 1.74
> diff -u -r1.74 isakmp.c
> --- src/racoon/isakmp.c    7 May 2006 21:32:59 -0000    1.74
> +++ src/racoon/isakmp.c    12 Jun 2006 21:42:43 -0000
> @@ -800,12 +800,8 @@
> }
> 
> /* free resend buffer */
> -    if (iph1->sendbuf == NULL) {
> -        plog(LLV_ERROR, LOCATION, NULL,
> -            "no buffer found as sendbuf\n");
> -        return -1;
> -    }
> -    VPTRINIT(iph1->sendbuf);
> +    if (iph1->sendbuf != NULL)
> +        VPTRINIT(iph1->sendbuf);
> 
> /* turn off schedule */
> if (iph1->scr)
> @@ -962,12 +958,8 @@
> return 0;
> 
> /* free resend buffer */
> -    if (iph2->sendbuf == NULL) {
> -        plog(LLV_ERROR, LOCATION, NULL,
> -            "no buffer found as sendbuf\n");
> -        return -1;
> -    }
> -    VPTRINIT(iph2->sendbuf);
> +    if (iph2->sendbuf != NULL)
> +        VPTRINIT(iph2->sendbuf);
> 
> /* turn off schedule */
> if (iph2->scr)
> @@ -1185,28 +1177,11 @@
> gettimeofday(&iph1->start, NULL);
> gettimeofday(&start, NULL);
> #endif
> -    /* start exchange */
> -    if ((ph1exchange[etypesw1(iph1->etype)]
> -                    [iph1->side]
> -                    [iph1->status])(iph1, msg) < 0
> -     || (ph1exchange[etypesw1(iph1->etype)]
> -            [iph1->side]
> -            [iph1->status])(iph1, msg) < 0) {
> -        plog(LLV_ERROR, LOCATION, remote,
> -            "failed to process packet.\n");
> -        remph1(iph1);
> -        delph1(iph1);
> -        return -1;
> -    }
> -#ifdef ENABLE_STATS
> -    gettimeofday(&end, NULL);
> -    syslog(LOG_NOTICE, "%s(%s): %8.6f",
> -        "phase1",
> -        s_isakmp_state(iph1->etype, iph1->side, iph1->status),
> -        timedelta(&start, &end));
> -#endif
> 
> -    return 0;
> +    /* now that we have a phase1 handle, feed back into our
> +     * main receive function to catch fragmented packets
> +     */
> +    return isakmp_main(msg, remote, local);
> }
> 
> /* new negotiation of phase 2 for initiator */
> 