ipsec-286.1.1.tar.gz

[apple/ipsec.git] / ipsec-tools / racoon / pfkey_racoon.c

diff --git a/ipsec-tools/racoon/pfkey_racoon.c b/ipsec-tools/racoon/pfkey_racoon.c
index f977c029b251a73444a4dd2664a7999b47dd54d6..665f69e6f3648b532b38696695d26dbaf1483a2e 100644 (file)
--- a/ipsec-tools/racoon/pfkey_racoon.c
+++ b/ipsec-tools/racoon/pfkey_racoon.c
@@ -101,8 +101,6 @@
 #include "ipsecMessageTracer.h"
 #include "power_mgmt.h"
 #include "session.h"
-#include "ikev2_rfc.h"
-#include "api_support.h"
 
 #if defined(SADB_X_EALG_RIJNDAELCBC) && !defined(SADB_X_EALG_AESCBC)
 #define SADB_X_EALG_AESCBC  SADB_X_EALG_RIJNDAELCBC
@@ -234,7 +232,6 @@ pfkey_process(msg)
                        strerror(msg->sadb_msg_errno));
                goto end;
        }
-
     
        /* safety check */
        if (msg->sadb_msg_type >= ARRAYLEN(pkrecvf)) {
@@ -794,6 +791,7 @@ pfkey_convertfromipsecdoi(iph2, proto_id, t_id, hashtype,
                if ((*a_keylen = keylen_aalg(hashtype)) == ~0)
                        goto bad;
                *a_keylen >>= 3;
+                       
                if (*e_type == SADB_EALG_NONE) {
                        plog(ASL_LEVEL_ERR, "no ESP algorithm.\n");
                        goto bad;
@@ -1096,7 +1094,6 @@ pk_sendupdate(iph2)
        u_int wsize = 4;  /* XXX static size of window */ 
        int proxy = 0;
        struct ph2natt natt;
-    struct satrns *tr;
     int authtype;
 
        /* sanity check */
@@ -1296,7 +1293,6 @@ pk_recvupdate(mhp)
                         iph2->status);
                return -1;
        }
-    //%%%% fix for IKEv2
        if (iph2->status != IKEV1_STATE_QUICK_I_ADDSA &&
         iph2->status != IKEV1_STATE_QUICK_R_ADDSA) {
                plog(ASL_LEVEL_ERR,
@@ -1409,7 +1405,6 @@ pk_sendadd(iph2)
        u_int wsize = 4; /* XXX static size of window */ 
        int proxy = 0;
        struct ph2natt natt;
-    struct satrns *tr;
     int authtype;
 
        /* sanity check */
@@ -1709,31 +1704,29 @@ pk_recvexpire(mhp)
 
        /* turn off the timer for calling isakmp_ph2expire() */ 
        SCHED_KILL(iph2->sce);
+       
+       fsm_set_state(&iph2->status, IKEV1_STATE_PHASE2_EXPIRED);
+       
+       /* INITIATOR, begin phase 2 exchange only if there's no other established ph2. */
+       /* allocate buffer for status management of pfkey message */
+       if (iph2->side == INITIATOR &&
+               !ike_session_has_other_established_ph2(iph2->parent_session, iph2) &&
+               !ike_session_drop_rekey(iph2->parent_session, IKE_SESSION_REKEY_TYPE_PH2)) {
+
+               ike_session_initph2(iph2);
+
+               /* start isakmp initiation by using ident exchange */
+               if (isakmp_post_acquire(iph2) < 0) {
+                       plog(ASL_LEVEL_ERR,
+                               "failed to begin ipsec sa "
+                               "re-negotiation.\n");
+                       ike_session_unlink_phase2(iph2);
+                       return -1;
+               }
 
-               fsm_set_state(&iph2->status, IKEV1_STATE_PHASE2_EXPIRED);
-
-    {
-        /* INITIATOR, begin phase 2 exchange only if there's no other established ph2. */
-        /* allocate buffer for status management of pfkey message */
-        if (iph2->side == INITIATOR &&
-            !ike_session_has_other_established_ph2(iph2->parent_session, iph2) &&
-            !ike_session_drop_rekey(iph2->parent_session, IKE_SESSION_REKEY_TYPE_PH2)) {
-
-            ike_session_initph2(iph2);
-
-            /* start isakmp initiation by using ident exchange */
-            if (isakmp_post_acquire(iph2) < 0) {
-                plog(ASL_LEVEL_ERR,
-                    "failed to begin ipsec sa "
-                    "re-negotiation.\n");
-                ike_session_unlink_phase2(iph2);
-                return -1;
-            }
-
-            return 0;
-            /*NOTREACHED*/
-        }
-    }
+               return 0;
+               /*NOTREACHED*/
+       }
 
 
        /* If not received SADB_EXPIRE, INITIATOR delete ph2handle. */