From: Krzysztof P. O. <ol...@an...> - 2008-08-12 11:49:35
|
If: a) racoon acts as a responder side b) racoon is not able to pre-process a received packet c) this is a first packet so the ph1 is in PHASE1ST_START state then such ph1 handle will stay forever because it is not possible to track the retry_counter. --- a/src/racoon/isakmp.c 2008-07-11 10:08:41.000000000 +0200 +++ b/src/racoon/isakmp.c 2008-08-12 12:57:09.000000000 +0200 @@ -798,20 +798,28 @@ [iph1->side] [iph1->status])(iph1, msg); if (error != 0) { -#if 0 + /* XXX * When an invalid packet is received on phase1, it should * be selected to process this packet. That is to respond * with a notify and delete phase 1 handler, OR not to respond - * and keep phase 1 handler. + * and keep phase 1 handler. However, in PHASE1ST_START when + * acting as RESPONDER we must not keep phase 1 handler or else + * it will stay forever. */ - plog(LLV_ERROR, LOCATION, iph1->remote, - "failed to pre-process packet.\n"); - return -1; + +#if 0 + if (1) { #else - /* ignore the error and keep phase 1 handler */ - return 0; + if (iph1->side == RESPONDER && iph1->status == PHASE1ST_START) { #endif + plog(LLV_ERROR, LOCATION, iph1->remote, + "failed to pre-process packet.\n"); + return -1; + } else { + /* ignore the error and keep phase 1 handler */ + return 0; + } } #ifndef ENABLE_FRAG |
From: VANHULLEBUS Y. <va...@fr...> - 2008-08-12 12:04:57
|
On Tue, Aug 12, 2008 at 01:49:41PM +0200, Krzysztof Piotr Oledzki wrote: > > If: > a) racoon acts as a responder side > b) racoon is not able to pre-process a received packet > c) this is a first packet so the ph1 is in PHASE1ST_START state > > then such ph1 handle will stay forever because it is not possible to track the retry_counter. I agree on the idea. > +#if 0 > + if (1) { I understand why you did this, but it is really hard to read... I guess we can just bump out the #if 0 to have a cleaner code... I'll commit a modified version within the next few hours, thanks for the patch. Yvan. |
From: Krzysztof O. <ol...@an...> - 2008-08-12 12:44:32
|
On Tue, 12 Aug 2008, VANHULLEBUS Yvan wrote: > On Tue, Aug 12, 2008 at 01:49:41PM +0200, Krzysztof Piotr Oledzki wrote: >> >> If: >> a) racoon acts as a responder side >> b) racoon is not able to pre-process a received packet >> c) this is a first packet so the ph1 is in PHASE1ST_START state >> >> then such ph1 handle will stay forever because it is not possible to track the retry_counter. > > I agree on the idea. > > >> +#if 0 >> + if (1) { > > > I understand why you did this, but it is really hard to read... Only in the patch, the code itself looks much better. ;) > I guess we can just bump out the #if 0 to have a cleaner code... Fine. > I'll commit a modified version within the next few hours, thanks for > the patch. Thanks. Best regards, Krzysztof Olędzki |