FreeBSD Bugzilla – Attachment 161355 Details for
Bug 203308
wildcard patch in security/ipsec-tools breaks aggressive tunnels
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch to fix aggressive mode tunnels with PSK
oakley.c.patch (text/plain), 1.02 KB, created by
andywhite
on 2015-09-24 23:44:49 UTC
(
hide
)
Description:
patch to fix aggressive mode tunnels with PSK
Filename:
MIME Type:
Creator:
andywhite
Created:
2015-09-24 23:44:49 UTC
Size:
1.02 KB
patch
obsolete
>--- oakley.c.orig 2011-03-17 14:42:58.000000000 +0000 >+++ oakley.c 2015-09-25 00:37:38.000000000 +0100 >@@ -2386,6 +2386,7 @@ > char *p; > int len; > int error = -1; >+ struct ipsecdoi_id_b *id_b; > > /* SKEYID */ > switch (iph1->approval->authmethod) { >@@ -2395,7 +2396,19 @@ > case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R: > #endif > if (iph1->etype != ISAKMP_ETYPE_IDENT) { >- iph1->authstr = getpskbyname(iph1->id_p); >+ id_b = (struct ipsecdoi_id_b *)iph1->id_p->v; >+ >+ if (id_b->type != IPSECDOI_ID_IPV4_ADDR >+ && id_b->type != IPSECDOI_ID_IPV6_ADDR) { >+ iph1->authstr = getpskbyname(iph1->id_p); >+ } else { >+ struct sockaddr addr; >+ u_int8_t prefix; >+ u_int16_t ul_proto; >+ if (!ipsecdoi_id2sockaddr(iph1->id_p, &addr, &prefix, &ul_proto)) { >+ iph1->authstr = getpskbyaddr(&addr); >+ } >+ } > if (iph1->authstr == NULL) { > if (iph1->rmconf->verify_identifier) { > plog(LLV_ERROR, LOCATION, iph1->remote,
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=161355">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 203308
:
161355
|
161414