From: VANHULLEBUS Y. <va...@us...> - 2006-02-15 14:11:06
|
Update of /cvsroot/ipsec-tools/ipsec-tools/src/racoon In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15342/src/racoon Modified Files: proposal.c Log Message: Sets optionnal reqid for generated policies Index: proposal.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/proposal.c,v retrieving revision 1.17 retrieving revision 1.18 diff -u -d -r1.17 -r1.18 --- proposal.c 16 Jul 2005 09:56:40 -0000 1.17 +++ proposal.c 15 Feb 2006 14:10:57 -0000 1.18 @@ -73,6 +73,8 @@ #include "nattraversal.h" #endif +static uint g_nextreqid = 1; + /* %%% * modules for ipsec sa spec */ @@ -1132,8 +1134,8 @@ /*FALLTHROUGH*/ } - for (pr = pp_peer->head; pr; pr = pr->next) { - + for (pr = pp_peer->head; pr; pr = pr->next) { + newpr = newsaproto(); if (newpr == NULL) { plog(LLV_ERROR, LOCATION, NULL, @@ -1145,8 +1147,23 @@ newpr->encmode = pr->encmode; newpr->spi = 0; newpr->spi_p = pr->spi; /* copy peer's SPI */ - newpr->reqid_in = 0; - newpr->reqid_out = 0; + { + struct remoteconf *conf; + conf = getrmconf(iph2->dst); + if (conf != NULL && + conf->gen_policy == GENERATE_POLICY_UNIQUE){ + newpr->reqid_in = g_nextreqid ; + newpr->reqid_out = g_nextreqid ++; + /* XXX there is a (very limited) risk of reusing the same reqid + * as another SP entry for the same peer + */ + if(g_nextreqid >= IPSEC_MANUAL_REQID_MAX) + g_nextreqid = 1; + }else{ + newpr->reqid_in = 0; + newpr->reqid_out = 0; + } + } } if (set_satrnsbysainfo(newpr, iph2->sainfo) < 0) { |