[Ipsec-tools-devel] remote port with anonymous address bugfix
Brought to you by:
mit_warlord,
netbsd
Menu
▾
▴
[Ipsec-tools-devel] remote port with anonymous address bugfix
|
From: Wolfgang S. <wol...@di...> - 2011-11-21 18:47:00
|
Hello Timo,
while testing racoon with different ports, I found another issue.
The attached patch fixes a problem, when an anonymous remote address is
associated with an individual isakmp port. Example:
remote anonymous [501] {
...
}
The problem is, that this generates a remote socket address with sa_family =
AF_UNSPEC. When the function copy_ph1addresses(..) calls:
port = extract_port(rmconf->remote);
the extract_port does(..) not retrieve the assigned port 501, because
rmconf->remote is AF_UNSPEC.
I solved this problem in a more generic way. I decided to change the
encoding of the anonymous address from AF_UNSPEC to the combination of
AF_INET with ip address INADDR_ANY. This will allow extract_port(..) always
to work, and will avoid future bugs if somebody would forget to write extra
code for the anonymous case.
I introduced two new functions in sockmisc.c called is_anonymous(..) and
make_anonymous(..). The first idea was to place these functions in
remoteconf.c. I decided to move them to sockmisc.c since saddr2str(..) in
sockmisc.c has to know about anonymous sockaddresses anyway. So I could
avoid including remoteconf.h in sockmisc.c
My patch p4b-p4a is based on my previous patch V2_p4a-p3b.
Regards
Wolfgang
|