[Ipsec-tools-devel] remote port with anonymous address bugfix
Brought to you by:
mit_warlord,
netbsd
From: Wolfgang S. <wol...@di...> - 2011-11-21 18:47:00
|
Hello Timo, while testing racoon with different ports, I found another issue. The attached patch fixes a problem, when an anonymous remote address is associated with an individual isakmp port. Example: remote anonymous [501] { ... } The problem is, that this generates a remote socket address with sa_family = AF_UNSPEC. When the function copy_ph1addresses(..) calls: port = extract_port(rmconf->remote); the extract_port does(..) not retrieve the assigned port 501, because rmconf->remote is AF_UNSPEC. I solved this problem in a more generic way. I decided to change the encoding of the anonymous address from AF_UNSPEC to the combination of AF_INET with ip address INADDR_ANY. This will allow extract_port(..) always to work, and will avoid future bugs if somebody would forget to write extra code for the anonymous case. I introduced two new functions in sockmisc.c called is_anonymous(..) and make_anonymous(..). The first idea was to place these functions in remoteconf.c. I decided to move them to sockmisc.c since saddr2str(..) in sockmisc.c has to know about anonymous sockaddresses anyway. So I could avoid including remoteconf.h in sockmisc.c My patch p4b-p4a is based on my previous patch V2_p4a-p3b. Regards Wolfgang |