Thread: [Ipsec-tools-commits] ipsec-tools/src/racoon grabmyaddr.c,1.19,1.20 handler.c,1.8,1.9 handler.h,1.8,
Brought to you by:
mit_warlord,
netbsd
From: Emmanuel D. <ma...@us...> - 2004-10-29 09:46:34
|
Update of /cvsroot/ipsec-tools/ipsec-tools/src/racoon In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv27378/src/racoon Modified Files: grabmyaddr.c handler.c handler.h Log Message: Do not use the internal addresses obtained through ISAKMP mode config as ISAKMP listeners Index: grabmyaddr.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/grabmyaddr.c,v retrieving revision 1.19 retrieving revision 1.20 diff -u -d -r1.19 -r1.20 --- grabmyaddr.c 24 Sep 2004 16:51:55 -0000 1.19 +++ grabmyaddr.c 29 Oct 2004 09:46:23 -0000 1.20 @@ -67,6 +67,7 @@ #include "debug.h" #include "localconf.h" +#include "handler.h" #include "grabmyaddr.h" #include "sockmisc.h" #include "isakmp_var.h" @@ -553,6 +554,11 @@ const char *ifname; const struct sockaddr *ifaddr; { +#ifdef ENABLE_HYBRID + /* Exclude any address we got through ISAKMP mode config */ + if (exclude_cfg_addr(ifaddr) == 0) + return 0; +#endif switch(ifaddr->sa_family) { case AF_INET: return 1; Index: handler.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/handler.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -d -r1.8 -r1.9 --- handler.c 27 Oct 2004 21:43:25 -0000 1.8 +++ handler.c 29 Oct 2004 09:46:23 -0000 1.9 @@ -893,3 +893,29 @@ sched_new(lt, sweep_recvdpkt, NULL); } + +#ifdef ENABLE_HYBRID +/* + * Retruns 0 if the address was obtained by ISAKMP mode config, 1 otherwise + * This should be in isakmp_cfg.c but ph1tree being private, it must be there + */ +int +exclude_cfg_addr(addr) + const struct sockaddr *addr; +{ + struct ph1handle *p; + struct sockaddr_in *sin; + + LIST_FOREACH(p, &ph1tree, chain) { + if ((p->mode_cfg != NULL) && + (p->mode_cfg->flags & ISAKMP_CFG_GOT_ADDR4) && + (addr->sa_family == AF_INET)) { + sin = (struct sockaddr_in *)addr; + if (sin->sin_addr.s_addr == p->mode_cfg->addr4.s_addr) + return 0; + } + } + + return 1; +} +#endif Index: handler.h =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/handler.h,v retrieving revision 1.8 retrieving revision 1.9 diff -u -d -r1.8 -r1.9 --- handler.h 24 Oct 2004 16:51:24 -0000 1.8 +++ handler.h 29 Oct 2004 09:46:23 -0000 1.9 @@ -447,4 +447,8 @@ vchar_t *, vchar_t *)); extern void init_recvdpkt __P((void)); +#ifdef ENABLE_HYBRID +extern int exclude_cfg_addr __P((const struct sockaddr *)); +#endif + #endif /* _HANDLER_H */ |