[Ipsec-tools-commits] ipsec-tools/src/racoon ipsec_doi.c,1.24,1.25 racoon.conf.5,1.23,1.24

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Update of /cvsroot/ipsec-tools/ipsec-tools/src/racoon
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2583/src/racoon

Modified Files:
	ipsec_doi.c racoon.conf.5 
Log Message:
checks phase 1 lifetime

Index: ipsec_doi.c
===================================================================
RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/ipsec_doi.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -d -r1.24 -r1.25

--- ipsec_doi.c	16 Nov 2004 21:15:05 -0000	1.24
+++ ipsec_doi.c	13 Jan 2005 13:59:40 -0000	1.25
@@ -97,7 +97,7 @@
 
 static vchar_t *get_ph1approval __P((struct ph1handle *, struct prop_pair **));
 static struct isakmpsa *get_ph1approvalx __P((struct prop_pair *,
-	struct isakmpsa *, struct isakmpsa *));
+	struct isakmpsa *, struct isakmpsa *, int));
 static void print_ph1mismatched __P((struct prop_pair *, struct isakmpsa *));
 static int t2isakmpsa __P((struct isakmp_pl_t *, struct isakmpsa *));
 static int cmp_aproppair_i __P((struct prop_pair *, struct prop_pair *));
@@ -223,7 +223,7 @@
 			/* compare proposal and select one */
 			for (p = s; p; p = p->tnext) {
 				sa = get_ph1approvalx(p, iph1->rmconf->proposal,
-						      &tsa);
+						      &tsa, iph1->rmconf->pcheck_level);
 				if (sa != NULL)
 					goto found;
 			}
@@ -319,9 +319,10 @@
  * proposal: my proposals.
  */
 static struct isakmpsa *
-get_ph1approvalx(p, proposal, sap)
+get_ph1approvalx(p, proposal, sap, check_level)
 	struct prop_pair *p;
 	struct isakmpsa *proposal, *sap;
+	int check_level;
 {
 	struct isakmp_pl_p *prop = p->prop;
 	struct isakmp_pl_t *trns = p->trns;
@@ -377,8 +378,7 @@
 			s_oakley_attr_v(OAKLEY_ATTR_GRP_DESC,
 					tsap->dh_group));
 #if 0
-		/* XXX to be considered */
-		if (tsap->lifetime > s->lifetime) ;
+		/* XXX to be considered ? */
 		if (tsap->lifebyte > s->lifebyte) ;
 #endif
 		/*
@@ -390,9 +390,27 @@
 		    tsap->hashtype == s->hashtype &&
 		    tsap->dh_group == s->dh_group &&
 		    tsap->encklen == s->encklen)
-			break;
+			switch(check_level){
+			case PROP_CHECK_OBEY:
+				s->lifetime=tsap->lifetime;
+				goto found;
+				break;
+			case PROP_CHECK_STRICT:
+			case PROP_CHECK_CLAIM:
+				if (tsap->lifetime > s->lifetime) 
+					continue ;
+				s->lifetime=tsap->lifetime;
+				goto found;
+				break;
+			case PROP_CHECK_EXACT:
+				if (tsap->lifetime != s->lifetime) 
+					continue ;
+				goto found;
+				break;
+			}
 	}
 
+found:
 	if (tsap->dhgrp != NULL)
 		oakley_dhgrp_free(tsap->dhgrp);
 	return s;

Index: racoon.conf.5
===================================================================
RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/racoon.conf.5,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24
--- racoon.conf.5	7 Jan 2005 14:22:32 -0000	1.23
+++ racoon.conf.5	13 Jan 2005 13:59:40 -0000	1.24
@@ -508,7 +508,8 @@
 .\"
 .It Ic proposal_check Ar level ;
 specifies the action of lifetime length and PFS of the phase 2
-selection on the responder side.
+selection on the responder side, and the action of lifetime check in
+phase 1.
 The default level is
 .Ic strict .
 If the
@@ -530,7 +531,7 @@
 If the responder's length is
 shorter than the initiator's one, the responder uses its own length
 AND sends a RESPONDER-LIFETIME notify message to an initiator in the
-case of lifetime.
+case of lifetime (phase 2 only).
 About PFS, this directive is same as
 .Ic strict .
 .It Ic exact



