From 869d26af2154b0619928167c83079c8c0bf7163d Mon Sep 17 00:00:00 2001 From: Apple Date: Thu, 10 May 2012 15:23:40 +0000 Subject: [PATCH] ipsec-146.3.tar.gz --- ipsec-tools/racoon/ike_session.c | 20 ++++++++++++++++++-- ipsec-tools/racoon/ipsecSessionTracer.c | 2 +- ipsec-tools/racoon/isakmp.c | 12 +++++++++++- ipsec-tools/racoon/session.c | 11 +++++++++++ 4 files changed, 41 insertions(+), 4 deletions(-) diff --git a/ipsec-tools/racoon/ike_session.c b/ipsec-tools/racoon/ike_session.c index 489fd5c..e122adb 100644 --- a/ipsec-tools/racoon/ike_session.c +++ b/ipsec-tools/racoon/ike_session.c @@ -267,6 +267,15 @@ ike_session_get_session (struct sockaddr *local, "still search for IKE-Session. this %s.\n", saddr2str((struct sockaddr *)&p->session_id.remote)); + // for now: ignore any stopped sessions as they will go down + if (p->is_dying || p->stopped_by_vpn_controller || p->stop_timestamp.tv_sec || p->stop_timestamp.tv_usec) { + plog(LLV_DEBUG, LOCATION, local, + "still searching. skipping... session to %s is already stopped, active ph1 %d ph2 %d.\n", + saddr2str((struct sockaddr *)&p->session_id.remote), + p->ikev1_state.active_ph1cnt, p->ikev1_state.active_ph2cnt); + continue; + } + if (memcmp(&p->session_id, &id, sizeof(id)) == 0) { plog(LLV_DEBUG, LOCATION, local, "Pre-existing IKE-Session to %s. case 1.\n", @@ -1794,10 +1803,17 @@ ike_session_sweep_sleepwake (void) plog(LLV_DEBUG2, LOCATION, NULL, "skipping sweep of asserted session.\n"); continue; } - + + // cleanup any stopped sessions as they will go down + if (p->stopped_by_vpn_controller || p->stop_timestamp.tv_sec || p->stop_timestamp.tv_usec) { + plog(LLV_DEBUG2, LOCATION, NULL, "sweeping stopped session.\n"); + ike_session_cleanup(p, ike_session_stopped_by_sleepwake); + continue; + } + if (!ike_session_has_established_ph1(p) && !ike_session_has_established_ph2(p)) { - p->is_dying = 1; plog(LLV_DEBUG2, LOCATION, NULL, "session died while sleeping.\n"); + ike_session_cleanup(p, ike_session_stopped_by_sleepwake); } if (p->traffic_monitor.sc_mon) { if (p->traffic_monitor.sc_mon->xtime <= swept_at) { diff --git a/ipsec-tools/racoon/ipsecSessionTracer.c b/ipsec-tools/racoon/ipsecSessionTracer.c index 98308c2..5884aaa 100644 --- a/ipsec-tools/racoon/ipsecSessionTracer.c +++ b/ipsec-tools/racoon/ipsecSessionTracer.c @@ -233,7 +233,7 @@ ipsecSessionTracerEvent (ike_session_t *session, ipsecSessionEventCode_t eventCo char buf[1024]; if (session == NULL) { - ipsecSessionLogEvent(session, CONSTSTR("tracer failed. (Invalid session).")); + //ipsecSessionLogEvent(session, CONSTSTR("tracer failed. (Invalid session).")); return; } if (eventCode <= IPSECSESSIONEVENTCODE_NONE || eventCode >= IPSECSESSIONEVENTCODE_MAX) { diff --git a/ipsec-tools/racoon/isakmp.c b/ipsec-tools/racoon/isakmp.c index 8498336..36bd7d0 100644 --- a/ipsec-tools/racoon/isakmp.c +++ b/ipsec-tools/racoon/isakmp.c @@ -954,7 +954,7 @@ ph1_main(iph1, msg) vfree(raddr); if (addr->force) { (void)ike_session_update_ph1_ph2tree(iph1); - isakmp_ph1delete(iph1); + isakmp_ph1expire(iph1); } } } @@ -2849,6 +2849,12 @@ isakmp_chkph1there(iph2) { struct ph1handle *iph1; + if (iph2->status != PHASE2ST_STATUS2 || + iph2->is_dying) { + plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: ph2 handle has advanced too far (status %d, STATUS2 %d, dying %d)... ignoring\n", iph2->status, PHASE2ST_STATUS2, iph2->is_dying); + return; + } + iph2->retry_checkph1--; if (iph2->retry_checkph1 < 0 || ike_session_verify_ph2_parent_session(iph2)) { @@ -4279,6 +4285,10 @@ isakmp_plist_append_initial_contact (iph1, plist) "failed to allocate notification payload.\n"); return NULL; } + } else { + plog(LLV_DEBUG, LOCATION, iph1->remote, + "failed to add initial-contact payload: rekey %d, ini-contact %d, contacted %d.\n", + iph1->is_rekey? 1:0, iph1->rmconf->ini_contact, getcontacted(iph1->remote)? 1:0); } return NULL; } diff --git a/ipsec-tools/racoon/session.c b/ipsec-tools/racoon/session.c index 8f15109..5bfbaba 100644 --- a/ipsec-tools/racoon/session.c +++ b/ipsec-tools/racoon/session.c @@ -375,6 +375,17 @@ session(void) if (update_myaddrs() && lcconf->autograbaddr) if (check_rtsock_sched == NULL) /* only schedule if not already done */ check_rtsock_sched = sched_new(1, check_rtsock, NULL); + else { + // force reinit if schedule is too far off (3 seconds or more) + time_t too_far = current_time() + 3; + if (check_rtsock_sched->dead || + check_rtsock_sched->xtime >= too_far) { + plog(LLV_DEBUG, LOCATION, NULL, + "forced reinit of addrs\n"); + update_fds = 0; + check_rtsock(NULL); + } + } // initfds(); //%%% BUG FIX - not needed here } if (update_fds) { -- 2.45.2