racoon

Timo Teräs Fri, 12 Nov 2010 01:08:32 -0800

Module Name:    src
Committed By:   tteras
Date:           Fri Nov 12 09:08:26 UTC 2010


Modified Files:
        src/crypto/dist/ipsec-tools/src/racoon: admin.c admin.h kmpstat.c
            racoonctl.c

Log Message:
Extern admin protocol to allow reply packets to exceed 64kb. E.g SA dumps
with many established SAs can be easily over the limit.


To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 src/crypto/dist/ipsec-tools/src/racoon/admin.c
cvs rdiff -u -r1.7 -r1.8 src/crypto/dist/ipsec-tools/src/racoon/admin.h
cvs rdiff -u -r1.6 -r1.7 src/crypto/dist/ipsec-tools/src/racoon/kmpstat.c
cvs rdiff -u -r1.17 -r1.18 src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/admin.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.35 src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.36
--- src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.35	Thu Oct 21 06:15:28 2010
+++ src/crypto/dist/ipsec-tools/src/racoon/admin.c	Fri Nov 12 09:08:26 2010
@@ -1,4 +1,4 @@
-/*	$NetBSD: admin.c,v 1.35 2010/10/21 06:15:28 tteras Exp $	*/
+/*	$NetBSD: admin.c,v 1.36 2010/11/12 09:08:26 tteras Exp $	*/
 
 /* Id: admin.c,v 1.25 2006/04/06 14:31:04 manubsd Exp */
 
@@ -638,9 +638,15 @@
 	}
 
 	combuf = (struct admin_com *) retbuf;
-	combuf->ac_len = tlen;
+	combuf->ac_len = (u_int16_t) tlen;
 	combuf->ac_cmd = req->ac_cmd & ~ADMIN_FLAG_VERSION;
-	combuf->ac_errno = l_ac_errno;
+	if (tlen != (u_int32_t) combuf->ac_len &&
+	    l_ac_errno == 0) {
+		combuf->ac_len_high = tlen >> 16;
+		combuf->ac_cmd |= ADMIN_FLAG_LONG_REPLY;
+	} else {
+		combuf->ac_errno = l_ac_errno;
+	}
 	combuf->ac_proto = req->ac_proto;
 
 	if (buf != NULL)

Index: src/crypto/dist/ipsec-tools/src/racoon/admin.h
diff -u src/crypto/dist/ipsec-tools/src/racoon/admin.h:1.7 src/crypto/dist/ipsec-tools/src/racoon/admin.h:1.8
--- src/crypto/dist/ipsec-tools/src/racoon/admin.h:1.7	Fri Aug 29 00:30:15 2008
+++ src/crypto/dist/ipsec-tools/src/racoon/admin.h	Fri Nov 12 09:08:26 2010
@@ -1,4 +1,4 @@
-/*	$NetBSD: admin.h,v 1.7 2008/08/29 00:30:15 gmcgarry Exp $	*/
+/*	$NetBSD: admin.h,v 1.8 2010/11/12 09:08:26 tteras Exp $	*/
 
 /* Id: admin.h,v 1.11 2005/06/19 22:37:47 manubsd Exp */
 
@@ -49,16 +49,19 @@
 	union {
 		int16_t ac_un_errno;
 		uint16_t ac_un_version;
+		uint16_t ac_un_len_high;
 	} u;
 	u_int16_t ac_proto;
 };
 #define ac_errno u.ac_un_errno
 #define ac_version u.ac_un_version
+#define ac_len_high u.ac_un_len_high
 
 /*
  * Version field in request is valid.
  */
 #define ADMIN_FLAG_VERSION	0x8000
+#define ADMIN_FLAG_LONG_REPLY	0x8000
 
 /*
  * No data follows as the data.

Index: src/crypto/dist/ipsec-tools/src/racoon/kmpstat.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/kmpstat.c:1.6 src/crypto/dist/ipsec-tools/src/racoon/kmpstat.c:1.7
--- src/crypto/dist/ipsec-tools/src/racoon/kmpstat.c:1.6	Tue Oct  2 09:47:45 2007
+++ src/crypto/dist/ipsec-tools/src/racoon/kmpstat.c	Fri Nov 12 09:08:26 2010
@@ -1,4 +1,4 @@
-/*	$NetBSD: kmpstat.c,v 1.6 2007/10/02 09:47:45 vanhu Exp $	*/
+/*	$NetBSD: kmpstat.c,v 1.7 2010/11/12 09:08:26 tteras Exp $	*/
 
 /*	$KAME: kmpstat.c,v 1.33 2004/08/16 08:20:28 itojun Exp $	*/
 
@@ -138,7 +138,7 @@
 {
 	struct admin_com h, *com;
 	caddr_t buf;
-	int len;
+	int len, rlen;
 	int l = 0;
 	caddr_t p;
 
@@ -153,19 +153,25 @@
 	if (len < sizeof(h))
 		goto bad1;
 
-	if (h.ac_errno) {
+	if (h.ac_errno && !(h.ac_cmd & ADMIN_FLAG_LONG_REPLY)) {
 		errno = h.ac_errno;
 		goto bad1;
 	}
 
+	/* real length */
+	if (h.ac_cmd & ADMIN_FLAG_LONG_REPLY)
+		rlen = ((u_int32_t)h.ac_len) + (((u_int32_t)h.ac_len_high) << 16);
+	else
+		rlen = h.ac_len;
+
 	/* allocate buffer */
-	if ((*combufp = vmalloc(h.ac_len)) == NULL)
+	if ((*combufp = vmalloc(rlen)) == NULL)
 		goto bad1;
 
 	/* read real message */
 	p = (*combufp)->v;
-	while (l < len) {
-		if ((len = recv(so, p, h.ac_len, 0)) < 0) {
+	while (l < rlen) {
+		if ((len = recv(so, p, rlen - l, 0)) < 0) {
 			perror("recv");
 			goto bad2;
 		}

Index: src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c:1.17 src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c:1.18
--- src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c:1.17	Mon Apr 20 13:22:00 2009
+++ src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c	Fri Nov 12 09:08:26 2010
@@ -1,4 +1,4 @@
-/*	$NetBSD: racoonctl.c,v 1.17 2009/04/20 13:22:00 tteras Exp $	*/
+/*	$NetBSD: racoonctl.c,v 1.18 2010/11/12 09:08:26 tteras Exp $	*/
 
 /*	Id: racoonctl.c,v 1.11 2006/04/06 17:06:25 manubsd Exp */
 
@@ -1426,10 +1426,14 @@
         int len;
 
 	com = (struct admin_com *)combuf->v;
-	len = com->ac_len - sizeof(*com);
+	if (com->ac_cmd & ADMIN_FLAG_LONG_REPLY)
+		len = ((u_int32_t)com->ac_len) + (((u_int32_t)com->ac_len_high) << 16);
+	else
+		len = com->ac_len;
+	len -= sizeof(*com);
 	buf = combuf->v + sizeof(*com);
 
-	switch (com->ac_cmd) {
+	switch (com->ac_cmd & ~ADMIN_FLAG_LONG_REPLY) {
 	case ADMIN_SHOW_SCHED:
 		print_schedule(buf, len);
 		break;

CVS commit: src/crypto/dist/ipsec-tools/src/racoon

Reply via email to