ipsec-34.0.2.tar.gz

diff --git a/ipsec-tools/racoon/localconf.c b/ipsec-tools/racoon/localconf.c
index 381d1e8d3f57a3dafc2c3617f30cf4d14e311ba8..6725987951b0bb714bbf2f3c44137d1d26995fa2 100644 (file)
--- a/ipsec-tools/racoon/localconf.c
+++ b/ipsec-tools/racoon/localconf.c
@@ -81,6 +81,7 @@ initlcconf()
        setdefault();
        lcconf->sock_vpncontrol = -1;   /* not to be done during flush */
        lcconf->racoon_conf = LC_DEFAULT_CF;
+       TAILQ_INIT(&lcconf->saved_msg_queue);
 }
 
 void

diff --git a/ipsec-tools/racoon/localconf.h b/ipsec-tools/racoon/localconf.h
index b206492810587910a7cbbe4632548096242ca73e..95fda0966b256928fbddbac784dbe910275d015a 100644 (file)
--- a/ipsec-tools/racoon/localconf.h
+++ b/ipsec-tools/racoon/localconf.h
@@ -88,6 +88,10 @@ struct redirect {
        u_int16_t       force;
 };
 
+struct saved_msg_elem {
+       TAILQ_ENTRY(saved_msg_elem) chain;
+       void* msg;
+};
 
 struct localconf {
        char *racoon_conf;              /* configuration filename */
@@ -110,6 +114,7 @@ struct localconf {
        int     auto_exit_delay;                /* auto exit delay until exit */
        struct sched *auto_exit_sched;  /* auto exit schedule */
        
+       TAILQ_HEAD(_saved_msg_elem, saved_msg_elem) saved_msg_queue;
        int autograbaddr;
        struct myaddrs *myaddrs;
 

diff --git a/ipsec-tools/racoon/pfkey.h b/ipsec-tools/racoon/pfkey.h
index 62aede2285c31060e231e00d2e10398660ee02f3..63d749853c5dcad077d018ef76c9e60165060fc9 100644 (file)
--- a/ipsec-tools/racoon/pfkey.h
+++ b/ipsec-tools/racoon/pfkey.h
@@ -41,6 +41,7 @@ extern const struct pfkey_satype pfkey_satypes[];
 extern const int pfkey_nsatypes;
 
 extern int pfkey_handler __P((void));
+extern void pfkey_post_handler __P((void));
 extern vchar_t *pfkey_dump_sadb __P((int));
 extern void pfkey_flush_sadb __P((u_int));
 extern int pfkey_init __P((void));

diff --git a/ipsec-tools/racoon/pfkey_racoon.c b/ipsec-tools/racoon/pfkey_racoon.c
index 76ecbc387c5d69fab8c6072b5045ae8127023656..03e70b4394f9f634a8b4d79b469525c337b63b14 100644 (file)
--- a/ipsec-tools/racoon/pfkey_racoon.c
+++ b/ipsec-tools/racoon/pfkey_racoon.c
@@ -191,34 +191,14 @@ static int addnewsp __P((caddr_t *));
 #endif
 #endif
 
-/*
- * PF_KEY packet handler
- *     0: success
- *     -1: fail
- */
+       
 int
-pfkey_handler()
-{
+pfkey_process(msg)
        struct sadb_msg *msg;
-       int len;
+{
        caddr_t mhp[SADB_EXT_MAX + 1];
        int error = -1;
-
-       /* receive pfkey message. */
-       len = 0;
-       msg = (struct sadb_msg *)pk_recv(lcconf->sock_pfkey, &len);
-       if (msg == NULL) {
-               if (len < 0) {
-                       plog(LLV_ERROR, LOCATION, NULL,
-                               "failed to recv from pfkey (%s)\n",
-                               strerror(errno));
-                       goto end;
-               } else {
-                       /* short message - msg not ready */
-                       return 0;
-               }
-       }
-
+       
        plog(LLV_DEBUG, LOCATION, NULL, "get pfkey %s message\n",
                s_pfkey_type(msg->sadb_msg_type));
        plogdump(LLV_DEBUG2, msg, msg->sadb_msg_len << 3);
@@ -282,6 +262,62 @@ end:
        return(error);
 }
 
+/*
+ * PF_KEY packet handler
+ *     0: success
+ *     -1: fail
+ */
+int
+pfkey_handler()
+{
+       struct sadb_msg *msg;
+       int len;
+
+       /* receive pfkey message. */
+       len = 0;
+       msg = (struct sadb_msg *)pk_recv(lcconf->sock_pfkey, &len);
+       if (msg == NULL) {
+               if (len < 0) {
+                       plog(LLV_ERROR, LOCATION, NULL,
+                                "failed to recv from pfkey (%s)\n",
+                                strerror(errno));
+                       return -1;                      
+               } else {
+                       /* short message - msg not ready */
+                       return 0;
+               }
+       }
+       return pfkey_process(msg);
+}
+
+void
+pfkey_post_handler()
+{
+       struct saved_msg_elem *elem;
+       struct saved_msg_elem *elem_tmp = NULL;
+       
+       TAILQ_FOREACH_SAFE(elem, &lcconf->saved_msg_queue, chain, elem_tmp) {
+               pfkey_process((struct sadb_msg *)elem->msg);
+               TAILQ_REMOVE(&lcconf->saved_msg_queue, elem, chain);
+               racoon_free(elem);
+
+       }
+}
+
+int
+pfkey_save_msg(msg)
+       struct sadb_msg *msg;
+{
+       struct saved_msg_elem *elem;
+       
+       elem = (struct saved_msg_elem *)racoon_calloc(sizeof(struct saved_msg_elem), 1);
+       if (elem == NULL)
+               return -1;
+       elem->msg = msg;
+       TAILQ_INSERT_TAIL(&lcconf->saved_msg_queue, elem, chain);
+       return 0;
+}
+
 /*
  * dump SADB
  */
@@ -321,8 +357,18 @@ pfkey_dump_sadb(satype)
                                continue;
                }
 
-               if (msg->sadb_msg_type != SADB_DUMP || msg->sadb_msg_pid != pid)
+               if (msg->sadb_msg_pid != pid)
+                       continue;
+               
+               /*
+                * for multi-processor system this had to be added because the messages can
+                * be interleaved - they won't all be dump messages
+                */
+               if (msg->sadb_msg_type != SADB_DUMP) {  /* save for later processing */
+                       pfkey_save_msg(msg);
+                       msg = NULL;
                        continue;
+               }
 
                ml = msg->sadb_msg_len << 3;
                bl = buf ? buf->l : 0;
@@ -2776,6 +2822,7 @@ int *lenp;
 }
 
 
+
 /* see handler.h */
 u_int32_t
 pk_getseq()

diff --git a/ipsec-tools/racoon/session.c b/ipsec-tools/racoon/session.c
index 102829069cb2583b81b899cc55f2611db6b91eff..2f9f55786549e1249f315dd7da5088f83edc26f2 100644 (file)
--- a/ipsec-tools/racoon/session.c
+++ b/ipsec-tools/racoon/session.c
@@ -193,6 +193,8 @@ session(void)
        }
 
        while (1) {
+               if (!TAILQ_EMPTY(&lcconf->saved_msg_queue))
+                       pfkey_post_handler();
                update_fds = 0;
                /*
                 * asynchronous requests via signal.