Update of /cvsroot/ipsec-tools/ipsec-tools/src/racoon In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv7091/src/racoon Modified Files: Tag: work-on-generate-policy cfparse.y cftoken.l handler.c handler.h isakmp.c remoteconf.c remoteconf.h Log Message: first version to actually generate policies according to new schema! - datastructures' managing bugfixes - made new directives in config file started to work - other thinkos and parameter ordering fixes Index: cfparse.y =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/cfparse.y,v retrieving revision 1.5.2.3 retrieving revision 1.5.2.4 diff -u -d -r1.5.2.3 -r1.5.2.4 --- cfparse.y 27 Jan 2004 19:01:24 -0000 1.5.2.3 +++ cfparse.y 14 Feb 2004 09:39:55 -0000 1.5.2.4 @@ -136,7 +136,7 @@ static int tmpalgtype[MAXALGCLASS]; static struct sainfo *cur_sainfo; static int cur_algclass; -static SLIST_HEAD(cond_queue_head, cond_queue_elem) *cond_queue_head; +static SLIST_HEAD(cond_queue_head, cond_queue_elem) cond_queue_head; static struct proposalspec *prhead; /* the head is always current. */ @@ -148,7 +148,7 @@ static struct cond_queue_elem *newcondqelem __P((struct condition *)); static void delcondqelem __P((struct cond_queue_elem*)); -static addr_list_t **curr_addr_list; +static addr_list_t *curr_addr_list; static int *curr_condition_options; static int curr_condition_options_to_set; static int cur_transf; @@ -227,7 +227,7 @@ %type <num> unittype_time unittype_byte %type <num> REQ_TYPE GENPOL_TYPE genpol_type GENPOL_PROTO GENPOL_MODE GENPOL_LEVEL %type <num> opt_req_option opt_req_option_not opt_req_option_like -%type <val> QUOTEDSTRING HEXSTRING ADDRSTRING sainfo_id sainfo_id_addr +%type <val> QUOTEDSTRING HEXSTRING ADDRSTRING sainfo_id sainfo_id_addr addr_with_prefix %type <val> identifierstring %type <saddr> remote_index ike_addrinfo_port %type <alg> algorithm @@ -754,7 +754,7 @@ newcqe= newcondqelem(new->conditions); - SLIST_INSERT_HEAD(cond_queue_head, newcqe, chain); + SLIST_INSERT_HEAD(&cond_queue_head, newcqe, chain); new->remote = $2; cur_rmconf = new; @@ -822,8 +822,8 @@ EOC { struct cond_queue_elem *cqe; - cqe=SLIST_FIRST(cond_queue_head); - SLIST_REMOVE_HEAD(cond_queue_head, chain); + cqe=SLIST_FIRST(&cond_queue_head); + SLIST_REMOVE_HEAD(&cond_queue_head, chain); delcondqelem(cqe); } ; @@ -945,19 +945,20 @@ insspspec(spspec, &prhead); } BOC isakmpproposal_specs EOC + | for_clients_with ; generate_policy : GENERATE_POLICY genpol_type { - SLIST_FIRST(cond_queue_head)->cond->gen_policy = $2; + SLIST_FIRST(&cond_queue_head)->cond->gen_policy = $2; cur_transf=-1; } policy_spec { - if ((SLIST_FIRST(cond_queue_head)->cond->gen_policy != gen_pol_unspec) && - TRANSFORM_LIST_EMPTY(SLIST_FIRST(cond_queue_head)->cond->transforms)) + if ((SLIST_FIRST(&cond_queue_head)->cond->gen_policy != gen_pol_unspec) && + TRANSFORM_LIST_EMPTY(SLIST_FIRST(&cond_queue_head)->cond->transforms)) { - memcpy(&SLIST_FIRST(cond_queue_head)->cond->transforms, &default_transform, + memcpy(&SLIST_FIRST(&cond_queue_head)->cond->transforms, &default_transform, sizeof(default_transform)); } @@ -977,7 +978,7 @@ case gen_pol_gw_net_2_net: case gen_pol_gw_net_2_gw_net: case gen_pol_gw_net_2_gw: - SLIST_FIRST(cond_queue_head)->cond->options |= CONSTR_COND_LOCAL_GW; + SLIST_FIRST(&cond_queue_head)->cond->options |= CONSTR_COND_LOCAL_GW; $$ = gen_pol_net_2_net; break; } @@ -988,9 +989,9 @@ case gen_pol_gw_2_gw_net: case gen_pol_gw_net_2_gw_net: case gen_pol_net_2_gw_net: - SLIST_FIRST(cond_queue_head)->cond->options |= CONSTR_COND_REMOTE_GW; - break; + SLIST_FIRST(&cond_queue_head)->cond->options |= CONSTR_COND_REMOTE_GW; $$ = gen_pol_net_2_net; + break; } } @@ -1016,7 +1017,7 @@ if (cur_transf<0 || cur_transf >= TRANSFORM_LIST_LEN_MAX) { yyerror("Transformation list is too long"); } - TRANSFORM_PROTO_SET(SLIST_FIRST(cond_queue_head)->cond->transforms.tr[cur_transf], $1); + TRANSFORM_PROTO_SET(SLIST_FIRST(&cond_queue_head)->cond->transforms.tr[cur_transf], $1); } genpol_transform_list ; @@ -1025,7 +1026,7 @@ : /* nothing */ | GENPOL_MODE { - TRANSFORM_MODE_SET(SLIST_FIRST(cond_queue_head)->cond->transforms.tr[cur_transf], $1); + TRANSFORM_MODE_SET(SLIST_FIRST(&cond_queue_head)->cond->transforms.tr[cur_transf], $1); } policy_spec_level ; @@ -1033,7 +1034,7 @@ : /* nothing */ | GENPOL_LEVEL { - TRANSFORM_LEVEL_SET(SLIST_FIRST(cond_queue_head)->cond->transforms.tr[cur_transf], $1); + TRANSFORM_LEVEL_SET(SLIST_FIRST(&cond_queue_head)->cond->transforms.tr[cur_transf], $1); } ; exchange_types @@ -1238,18 +1239,22 @@ for_clients_with : FOR_CLIENTS_WITH { - SLIST_INSERT_HEAD(cond_queue_head, - newcondqelem(newcondition()), chain); + struct cond_queue_elem *cqe = + newcondqelem(newcondition()); + + SLIST_INSERT_HEAD(&cond_queue_head, cqe, chain); /* XXX-AK new_condition == NULL ?!?! */ } fcw_conditions BOC - fcw_sentences EOC EOS + fcw_sentences EOC { struct cond_queue_elem *cqe; - cqe=SLIST_FIRST(cond_queue_head); - SLIST_REMOVE_HEAD(cond_queue_head, chain); + cqe=SLIST_FIRST(&cond_queue_head); + SLIST_REMOVE_HEAD(&cond_queue_head, chain); + if (SLIST_FIRST(&cond_queue_head)) + SLIST_INSERT_HEAD(&SLIST_FIRST(&cond_queue_head)->cond->subconditions, cqe->cond, chain); delcondqelem(cqe); } ; @@ -1263,7 +1268,7 @@ : REQ_TYPE opt_req_option QUOTEDSTRING { STAILQ_INSERT_TAIL( - SLIST_FIRST(cond_queue_head)->cond->require, + &SLIST_FIRST(&cond_queue_head)->cond->require, newreq($1, strdup($3->v), $2), chain); @@ -1311,9 +1316,9 @@ local_addresses : LOCAL_ADDRESSES { - curr_addr_list=&SLIST_FIRST(cond_queue_head)-> + curr_addr_list=&SLIST_FIRST(&cond_queue_head)-> cond->local_addresses; - curr_condition_options = &SLIST_FIRST(cond_queue_head)-> + curr_condition_options = &SLIST_FIRST(&cond_queue_head)-> cond->options; curr_condition_options_to_set = CONSTR_COND_LOCAL_GW; } @@ -1323,9 +1328,9 @@ remote_addresses : REMOTE_ADDRESSES { - curr_addr_list=&SLIST_FIRST(cond_queue_head)-> + curr_addr_list=&SLIST_FIRST(&cond_queue_head)-> cond->remote_addresses; - curr_condition_options = &SLIST_FIRST(cond_queue_head)-> + curr_condition_options = &SLIST_FIRST(&cond_queue_head)-> cond->options; curr_condition_options_to_set = CONSTR_COND_REMOTE_GW; } @@ -1339,19 +1344,47 @@ | gateway address_list ; address_list - : sainfo_id_addr + : addr_with_prefix address_list { struct addr_list *n; n = new_addr_list($1); - SLIST_INSERT_HEAD(*curr_addr_list, n, chain); + SLIST_INSERT_HEAD(curr_addr_list, n, chain); } - | sainfo_id_addr address_list + | /* nothing */ + ; + +addr_with_prefix + : ADDRSTRING prefix { - struct addr_list *n; - n = new_addr_list($1); - SLIST_INSERT_HEAD(*curr_addr_list, n, chain); + struct sockaddr *saddr; + + saddr = str2saddr($1->v, "0"); + vfree($1); + if (saddr == NULL) + return -1; + + switch (saddr->sa_family) { + case AF_INET: + $$ = ipsecdoi_sockaddr2id(saddr, + $2 == ~0 ? (sizeof(struct in_addr) << 3): $2, + 0); + break; +#ifdef INET6 + case AF_INET6: + $$ = ipsecdoi_sockaddr2id(saddr, + $2 == ~0 ? (sizeof(struct in6_addr) << 3) : $2, + 0); + break; +#endif + default: + yyerror("invalid family: %d", saddr->sa_family); + break; + } + racoon_free(saddr); + if ($$ == NULL) + return -1; } - ; + gateway : GATEWAY { @@ -1644,6 +1677,7 @@ int error; yycf_init_buffer(); + SLIST_INIT(&cond_queue_head); if (yycf_switch_buffer(lcconf->racoon_conf) != 0) return -1; Index: cftoken.l =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/cftoken.l,v retrieving revision 1.4.2.2 retrieving revision 1.4.2.3 diff -u -d -r1.4.2.2 -r1.4.2.3 --- cftoken.l 18 Jan 2004 18:33:26 -0000 1.4.2.2 +++ cftoken.l 14 Feb 2004 09:39:55 -0000 1.4.2.3 @@ -1,5 +1,7 @@ /* $KAME: cftoken.l,v 1.73 2003/10/21 07:18:03 itojun Exp $ */ +%option stack + %{ /* * Copyright (C) 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002 and 2003 WIDE Project. @@ -258,7 +260,7 @@ <S_RMTS>send_cr { YYD; return(SEND_CR); } <S_RMTS>dh_group { YYD; return(DH_GROUP); } <S_RMTS>nonce_size { YYD; return(NONCE_SIZE); } -<S_RMTS,S_FCW>generate_policy { BEGIN S_GENPOL; YYDB; return(GENERATE_POLICY); } +<S_RMTS,S_FCW>generate_policy { yy_push_state(S_GENPOL); YYDB; return(GENERATE_POLICY); } <S_RMTS>support_mip6 { YYD; yywarn("it is obsoleted. use \"support_proxy\"."); return(SUPPORT_PROXY); } <S_RMTS>support_proxy { YYD; return(SUPPORT_PROXY); } <S_RMTS>initial_contact { YYD; return(INITIAL_CONTACT); } @@ -284,10 +286,12 @@ <S_RMTP>hash_algorithm { YYD; yylval.num = algclass_isakmp_hash; return(ALGORITHM_CLASS); } <S_RMTP>dh_group { YYD; return(DH_GROUP); } <S_RMTP>gssapi_id { YYD; return(GSSAPI_ID); } -<S_RMTS>for_clients_with { BEGIN S_FCW; YYDB; return(FOR_CLIENTS_WITH); } +<S_RMTS>for_clients_with { yy_push_state(S_FCW); YYDB; return(FOR_CLIENTS_WITH); } <S_RMTS,S_FCW>remote_addresses { YYD; return(REMOTE_ADDRESSES); } <S_RMTS,S_FCW>local_addresses { YYD; return(LOCAL_ADDRESSES); } <S_RMTS,S_FCW>gateway { YYD; return(GATEWAY); } +<S_FCW>{bcl} { return(BOC); } +<S_FCW>{ecl} { yy_pop_state(); return(EOC); } /* parameter */ on { YYD; yylval.num = TRUE; return(SWITCH); } @@ -318,6 +322,7 @@ <S_GENPOL>use { YYD; yylval.num = TRANSFORM_LEVEL_USE; return(GENPOL_LEVEL); } <S_GENPOL>require { YYD; yylval.num = TRANSFORM_LEVEL_REQUIRE; return(GENPOL_LEVEL); } <S_GENPOL>unique { YYD; yylval.num = TRANSFORM_LEVEL_UNIQUE; return(GENPOL_LEVEL); } +<S_GENPOL>{semi} { yy_pop_state(); return(EOS);} /* prefix */ {slash}{digit}{1,3} { Index: handler.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/handler.c,v retrieving revision 1.2.4.1 retrieving revision 1.2.4.2 diff -u -d -r1.2.4.1 -r1.2.4.2 --- handler.c 8 Feb 2004 19:52:40 -0000 1.2.4.1 +++ handler.c 14 Feb 2004 09:39:55 -0000 1.2.4.2 @@ -66,6 +66,7 @@ #include "localconf.h" #include "handler.h" #include "gcmalloc.h" +#include "pfkey.h" #ifdef HAVE_GSSAPI #include "gssapi.h" @@ -658,6 +659,7 @@ dyn->id = vdup(p1->id_p); LIST_INSERT_HEAD(&dynclilist, dyn, chain); LIST_INSERT_HEAD(&dyn->ph1, p1, dyncli_chain); + TAILQ_INIT(&dyn->gen_pol); p1->dyncli = dyn; return dyn; @@ -736,7 +738,7 @@ for (p2 = LIST_FIRST(&p1->ph2tree); p2; p2 = ppnext) { ppnext = LIST_NEXT(p2, ph1bind); /* XXX this one DOES NOT remove SAs from kernel */ - /* TODO: remove fro kernel too */ + /* TODO: remove from kernel too */ isakmp_ph2delete(p2); } @@ -744,10 +746,29 @@ isakmp_ph1delete(p1); } + if (dyn->del_sched) + sched_kill(dyn->del_sched); LIST_REMOVE(dyn, chain); racoon_free(dyn); } +/* called from scheduller */ +static void +deldyncli_stub(p) + void *p; +{ + (void)deldyncli((struct dyncli_handle *) p); +} + +void +dyncli_count_users(dc) + struct dyncli_handle *dc; +{ + if (!LIST_FIRST(&dc->ph1)) { + /* start selfdestruction */ + dc->del_sched = sched_new(dc->timeout, deldyncli_stub, dc); + } +} /* %%% management contacted list */ /* Index: handler.h =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/handler.h,v retrieving revision 1.1.1.2.4.1 retrieving revision 1.1.1.2.4.2 diff -u -d -r1.1.1.2.4.1 -r1.1.1.2.4.2 --- handler.h 8 Feb 2004 19:52:40 -0000 1.1.1.2.4.1 +++ handler.h 14 Feb 2004 09:39:55 -0000 1.1.1.2.4.2 @@ -434,6 +434,7 @@ u_int8_t, u_int8_t, u_int16_t)); extern void deldyncli __P((struct dyncli_handle *)); +extern void dyncli_count_users __P((struct dyncli_handle *)); extern struct contacted *getcontacted __P((struct sockaddr *)); extern int inscontacted __P((struct sockaddr *)); Index: isakmp.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/isakmp.c,v retrieving revision 1.4.2.4 retrieving revision 1.4.2.5 diff -u -d -r1.4.2.4 -r1.4.2.5 --- isakmp.c 8 Feb 2004 19:52:40 -0000 1.4.2.4 +++ isakmp.c 14 Feb 2004 09:39:55 -0000 1.4.2.5 @@ -689,9 +689,9 @@ iph1->dyncli = getdyncli(iph1->id_p); /* check if peer come from different address */ - if (iph1->dyncli && LIST_FIRST(iph1->dyncli->ph1) && + if (iph1->dyncli && LIST_FIRST(&iph1->dyncli->ph1) && !cmpsaddrstrict( - LIST_FIRST(iph1->dyncli->ph1)->remote, + LIST_FIRST(&iph1->dyncli->ph1)->remote, iph1->remote)) { /* wipe out old policies and SAs */ @@ -2495,7 +2495,7 @@ for (c=cond; c; c=SLIST_NEXT(c, chain)) { fit = 1; - STAILQ_FOREACH(r, c->require, chain) { + STAILQ_FOREACH(r, &c->require, chain) { if (!check_requirement(iph1, r)) { fit = 0; break; @@ -2510,14 +2510,14 @@ if (c->gen_policy != gen_pol_unspec) { /* push new net_head */ nc = newcondition(); - SLIST_INSERT_HEAD(nc->subconditions, stack, chain); + SLIST_INSERT_HEAD(&nc->subconditions, stack, chain); stack = nc; } - append_addresses(stack->local_addresses, c->local_addresses); - append_addresses(stack->remote_addresses, c->remote_addresses); + append_addresses(&stack->local_addresses, &c->local_addresses); + append_addresses(&stack->remote_addresses, &c->remote_addresses); - generate_dyn_policies(iph1, SLIST_FIRST(c->subconditions), stack); + generate_dyn_policies(iph1, SLIST_FIRST(&c->subconditions), stack); if (c->gen_policy == gen_pol_gw_2_gw) generate_policies_gw_2_gw(stack, iph1, &c->transforms); @@ -2540,8 +2540,8 @@ if (c->gen_policy != gen_pol_unspec) { /* pop net_head */ nc = stack; - stack = SLIST_FIRST(stack->subconditions); - SLIST_INIT(nc->subconditions); + stack = SLIST_FIRST(&stack->subconditions); + SLIST_INIT(&nc->subconditions); delconditions(nc); } } @@ -2584,15 +2584,17 @@ buf[0] = '\0'; strncat(buf, in? "in ipsec ": "out ipsec ", MAX_TR_BUF_LEN); for (i=0; i<TRANSFORM_LIST_LEN_MAX; i++) { + if (TRANSFORM_PROTO(tr->tr[i]) == TRANSFORM_PROTO_NONE) + break; strncat(buf, transform_proto_2_str[TRANSFORM_PROTO(tr->tr[i])], MAX_TR_BUF_LEN); strncat(buf, "/", MAX_TR_BUF_LEN); strncat(buf, transform_mode_2_str[TRANSFORM_MODE(tr->tr[i])], MAX_TR_BUF_LEN); strncat(buf, "/", MAX_TR_BUF_LEN); if (TRANSFORM_MODE(tr->tr[i]) == TRANSFORM_MODE_TUNNEL) { - strncat(buf, saddrwop2str(i?lgw:rgw), MAX_TR_BUF_LEN); + strncat(buf, saddrwop2str(in?rgw:lgw), MAX_TR_BUF_LEN); strncat(buf, "-", MAX_TR_BUF_LEN); - strncat(buf, saddrwop2str(i?rgw:lgw), MAX_TR_BUF_LEN); + strncat(buf, saddrwop2str(in?lgw:rgw), MAX_TR_BUF_LEN); } strncat(buf, "/", MAX_TR_BUF_LEN); strncat(buf, transform_level_2_str[TRANSFORM_LEVEL(tr->tr[i])], MAX_TR_BUF_LEN); @@ -2621,27 +2623,28 @@ char *policy; int policylen; - SLIST_FOREACH(l, stack->local_addresses, chain) { + SLIST_FOREACH(l, &stack->local_addresses, chain) { if (((struct sockaddr*) (l->addr)) ->sa_family==0) continue; if ((err=ipsecdoi_id2sockaddr(l->addr, &laddr, &lpref, &lulpr))) return err; - SLIST_FOREACH(r, stack->remote_addresses, chain) + SLIST_FOREACH(r, &stack->remote_addresses, chain) { if ((err=ipsecdoi_id2sockaddr(r->addr, &raddr, &rpref, &rulpr))) return err; if (laddr.sa_family != raddr.sa_family) continue; - transforms2policy(iph1->remote, iph1->local, 1, tr, &policy, &policylen); + transforms2policy(iph1->local, iph1->remote, 1, tr, &policy, &policylen); dyncli_note_generated_policy(iph1->dyncli, - &laddr, &raddr, + (struct sockaddr_storage *) &laddr, + (struct sockaddr_storage *) &raddr, lpref, rpref, - luplpr); + lulpr); pfkey_send_spdadd( lcconf->sock_pfkey, - &laddr, lpref, &raddr, rpref, + &laddr, lpref, lulpr, policy, policylen, 0); @@ -2652,8 +2655,8 @@ pfkey_send_spdadd( lcconf->sock_pfkey, - &raddr, rpref, &laddr, lpref, + &raddr, rpref, lulpr, policy, policylen, 0); @@ -2687,24 +2690,25 @@ lpref=sizeof(struct in6_addr)<<3; }; - SLIST_FOREACH(r, stack->remote_addresses, chain) + SLIST_FOREACH(r, &stack->remote_addresses, chain) { if ((err=ipsecdoi_id2sockaddr(r->addr, &raddr, &rpref, &rulpr))) return err; if (laddr->sa_family != raddr.sa_family) continue; - transforms2policy(iph1->remote, iph1->local, 1, tr, &policy, &policylen); + transforms2policy(iph1->local, iph1->remote, 1, tr, &policy, &policylen); dyncli_note_generated_policy(iph1->dyncli, - laddr, &raddr, + (struct sockaddr_storage *) laddr, + (struct sockaddr_storage *) &raddr, lpref, rpref, - luplpr); + rulpr); pfkey_send_spdadd( lcconf->sock_pfkey, - laddr, lpref, &raddr, rpref, + laddr, lpref, rulpr, policy, policylen, 0); @@ -2715,8 +2719,8 @@ pfkey_send_spdadd( lcconf->sock_pfkey, - &raddr, rpref, laddr, lpref, + &raddr, rpref, rulpr, policy, policylen, 0); @@ -2749,24 +2753,25 @@ rpref=sizeof(struct in6_addr)<<3; }; - SLIST_FOREACH(l, stack->local_addresses, chain) + SLIST_FOREACH(l, &stack->local_addresses, chain) { if ((err=ipsecdoi_id2sockaddr(l->addr, &laddr, &lpref, &lulpr))) return err; if (laddr.sa_family != raddr->sa_family) continue; - transforms2policy(iph1->remote, iph1->local, 1, tr, &policy, &policylen); + transforms2policy(iph1->local, iph1->remote, 1, tr, &policy, &policylen); dyncli_note_generated_policy(iph1->dyncli, - &laddr, raddr, + (struct sockaddr_storage *) &laddr, + (struct sockaddr_storage *) raddr, lpref, rpref, - luplpr); + lulpr); pfkey_send_spdadd( lcconf->sock_pfkey, - &laddr, lpref, raddr, rpref, + &laddr, lpref, lulpr, policy, policylen, 0); @@ -2777,8 +2782,8 @@ pfkey_send_spdadd( lcconf->sock_pfkey, - raddr, rpref, &laddr, lpref, + raddr, rpref, lulpr, policy, policylen, 0); @@ -2818,17 +2823,18 @@ /* XXX should we explicitly pass udp/500 unchanged? */ - transforms2policy(iph1->remote, iph1->local, 1, tr, &policy, &policylen); + transforms2policy(iph1->local, iph1->remote, 1, tr, &policy, &policylen); dyncli_note_generated_policy(iph1->dyncli, - laddr, raddr, + (struct sockaddr_storage *) laddr, + (struct sockaddr_storage *) raddr, lpref, rpref, - luplpr); + 0); pfkey_send_spdadd( lcconf->sock_pfkey, - laddr, lpref, raddr, rpref, + laddr, lpref, 0, policy, policylen, 0); @@ -2839,8 +2845,8 @@ pfkey_send_spdadd( lcconf->sock_pfkey, - raddr, rpref, laddr, lpref, + raddr, rpref, 0, policy, policylen, 0); Index: remoteconf.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/remoteconf.c,v retrieving revision 1.3.2.2 retrieving revision 1.3.2.3 diff -u -d -r1.3.2.2 -r1.3.2.3 --- remoteconf.c 18 Jan 2004 18:33:26 -0000 1.3.2.2 +++ remoteconf.c 14 Feb 2004 09:39:56 -0000 1.3.2.3 @@ -329,12 +329,12 @@ n = racoon_calloc(1, sizeof(*n)); if (!n) return NULL; - STAILQ_INIT(n->require); - SLIST_INIT(n->local_addresses); - SLIST_INIT(n->remote_addresses); + STAILQ_INIT(&n->require); + SLIST_INIT(&n->local_addresses); + SLIST_INIT(&n->remote_addresses); n->gen_policy = gen_pol_unspec; TRANSFORM_PROTO_SET(n->transforms.tr[0], TRANSFORM_PROTO_NONE); - SLIST_INIT(n->subconditions); + SLIST_INIT(&n->subconditions); return n; } @@ -393,14 +393,14 @@ struct condition *cond; { if (!cond) return; - if (cond->require) - delreqs(STAILQ_FIRST(cond->require)); - if (cond->local_addresses) - deladdresses(SLIST_FIRST(cond->local_addresses)); - if (cond->remote_addresses) - deladdresses(SLIST_FIRST(cond->remote_addresses)); - if (cond->subconditions) - delconditions(SLIST_FIRST(cond->subconditions)); + if (STAILQ_FIRST(&cond->require)) + delreqs(STAILQ_FIRST(&cond->require)); + if (SLIST_FIRST(&cond->local_addresses)) + deladdresses(SLIST_FIRST(&cond->local_addresses)); + if (SLIST_FIRST(&cond->remote_addresses)) + deladdresses(SLIST_FIRST(&cond->remote_addresses)); + if (SLIST_FIRST(&cond->subconditions)) + delconditions(SLIST_FIRST(&cond->subconditions)); racoon_free(cond); }; Index: remoteconf.h =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/remoteconf.h,v retrieving revision 1.1.1.2.2.2 retrieving revision 1.1.1.2.2.3 diff -u -d -r1.1.1.2.2.2 -r1.1.1.2.2.3 --- remoteconf.h 18 Jan 2004 18:33:26 -0000 1.1.1.2.2.2 +++ remoteconf.h 14 Feb 2004 09:39:56 -0000 1.1.1.2.2.3 @@ -100,7 +100,7 @@ #define TRANSFORM_PROTO_UDP 0x4 /* Encapsulation into UDP packets * TODO */ -#define TRANSFORM_MODE_MASK 0x1 +#define TRANSFORM_MODE_MASK 0x1 * 0x10 #define TRANSFORM_MODE_TUNNEL 0x0 /* the default */ #define TRANSFORM_MODE_TRANSP 0x1 @@ -110,7 +110,7 @@ #define TRANSFORM_LEVEL_REQUIRE 0x2 #define TRANSFORM_LEVEL_UNIQUE 0x3 -#define TRANSFORM_PROTO(t) (t & TRANSFORM_PROTO_MASK >>5) +#define TRANSFORM_PROTO(t) ((t & TRANSFORM_PROTO_MASK) >>5) #define TRANSFORM_PROTO_SET(t, v) t = ((t) & ~TRANSFORM_PROTO_MASK) | \ ((v << 5) & TRANSFORM_PROTO_MASK) @@ -139,15 +139,15 @@ #define CONSTR_COND_LOCAL_GW 1 /* genpol uses local gw */ #define CONSTR_COND_REMOTE_GW 2 /* genpol uses remote gw */ struct condition { - STAILQ_HEAD(req_list_head, req_list) *require; + STAILQ_HEAD(req_list_head, req_list) require; /* list of conditions when generation of SPD entries should take place */ - addr_list_t *local_addresses; + addr_list_t local_addresses; /* list of addresses in this side to be used in SPD entry generation */ - addr_list_t *remote_addresses; + addr_list_t remote_addresses; /* list of addresses in other side */ enum gen_pol_type gen_policy; /* generate policy if no @@ -155,7 +155,7 @@ struct transform_list transforms; /* list of transformations in required SPD entry */ int options; /* CONSTR_COND_xxx */ - SLIST_HEAD(sc_head, condition) *subconditions; + SLIST_HEAD(sc_head, condition) subconditions; /* further specialization */ SLIST_ENTRY(condition) chain; /* chain */ }; |