From: <mo...@pr...> - 2004-01-27 19:02:31
|
Update of /cvsroot/ipsec-tools/ipsec-tools/src/racoon In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25495/src/racoon Modified Files: Tag: work-on-generate-policy cfparse.y isakmp.c Log Message: code to call generate-policy stuff; corrected transform list parsing code Index: cfparse.y =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/cfparse.y,v retrieving revision 1.5.2.2 retrieving revision 1.5.2.3 diff -u -d -r1.5.2.2 -r1.5.2.3 --- cfparse.y 18 Jan 2004 18:33:26 -0000 1.5.2.2 +++ cfparse.y 27 Jan 2004 19:01:24 -0000 1.5.2.3 @@ -1004,6 +1004,12 @@ ; policy_spec : /* nothing */ + | genpol_transform_list + policy_spec_mode_and_level + ; + +genpol_transform_list + : /* nothing */ | GENPOL_PROTO { cur_transf++; @@ -1012,7 +1018,7 @@ } TRANSFORM_PROTO_SET(SLIST_FIRST(cond_queue_head)->cond->transforms.tr[cur_transf], $1); } - policy_spec_mode_and_level + genpol_transform_list ; policy_spec_mode_and_level Index: isakmp.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/isakmp.c,v retrieving revision 1.4.2.2 retrieving revision 1.4.2.3 diff -u -d -r1.4.2.2 -r1.4.2.3 --- isakmp.c 18 Jan 2004 18:33:26 -0000 1.4.2.2 +++ isakmp.c 27 Jan 2004 19:01:24 -0000 1.4.2.3 @@ -148,7 +148,7 @@ static int etypesw2 __P((int)); static void generate_dyn_policies __P((struct ph1handle*, struct condition*, struct condition*)); -static int check_requirement __P(()); +static int check_requirement __P((struct ph1handle *iph1, struct req_list *)); static int generate_policies_net_2_net __P(( struct condition*, struct ph1handle*, struct transform_list* )); @@ -161,6 +161,8 @@ static int generate_policies_gw_2_gw __P(( struct condition*, struct ph1handle*, struct transform_list* )); +void transforms2policy __P((struct sockaddr *, struct sockaddr *, + int, struct transform_list *, char **, int *)); /* * isakmp packet handler @@ -583,6 +585,7 @@ #ifdef ENABLE_STATS struct timeval start, end; #endif + struct condition *stack; /* ignore a packet */ if (iph1->status == PHASE1ST_ESTABLISHED) @@ -678,18 +681,17 @@ } } - /* XXX-AK generate required dynamic policies here */ + /* generate required dynamic policies here */ if (! iph1->rmconf->passive) { - /* XXX-AK Initialize structure - */ + stack = newcondition(); - /* XXX-AK - * generate_dyn_policies(iph1, - * iph1->rmconf->conditions, - * address stack); - */ - + generate_dyn_policies(iph1, + iph1->rmconf->conditions, + stack); + + if (stack) + delconditions(stack); } @@ -2546,6 +2548,7 @@ "IPv6-IPv6/" - 39+1+39+1=80 "require " - 8 = 105 * MAX +XXX: how about unique/xxxxx ? ";\0" - 2 */ @@ -2927,7 +2930,7 @@ } if (r->options & REQ_OPTION_LIKE) { - /* XXX: no case insensitive comparison in case of ~ */ + /* XXX no case insensitive comparison in case of ~ */ ret = (strstr(value, r->etalon) != NULL); } else if (options & CMP_NOCASE) { ret = strcasecmp(value, r->etalon); |