Module Name: src Committed By: maxv Date: Sat May 19 18:51:59 UTC 2018
Modified Files: src/crypto/dist/ipsec-tools/src/racoon: main.c nattraversal.c nattraversal.h Log Message: Style, a little... To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 src/crypto/dist/ipsec-tools/src/racoon/main.c cvs rdiff -u -r1.14 -r1.15 \ src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c cvs rdiff -u -r1.7 -r1.8 \ src/crypto/dist/ipsec-tools/src/racoon/nattraversal.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/dist/ipsec-tools/src/racoon/main.c diff -u src/crypto/dist/ipsec-tools/src/racoon/main.c:1.13 src/crypto/dist/ipsec-tools/src/racoon/main.c:1.14 --- src/crypto/dist/ipsec-tools/src/racoon/main.c:1.13 Fri Jul 12 13:11:50 2013 +++ src/crypto/dist/ipsec-tools/src/racoon/main.c Sat May 19 18:51:59 2018 @@ -1,11 +1,11 @@ -/* $NetBSD: main.c,v 1.13 2013/07/12 13:11:50 tteras Exp $ */ +/* $NetBSD: main.c,v 1.14 2018/05/19 18:51:59 maxv Exp $ */ /* Id: main.c,v 1.25 2006/06/20 20:31:34 manubsd Exp */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -17,7 +17,7 @@ * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -85,9 +85,9 @@ static int loading_sa = 0; /* install sa #ifdef TOP_PACKAGE static char version[] = "@(#)" TOP_PACKAGE_STRING " (" TOP_PACKAGE_URL ")"; -#else /* TOP_PACKAGE */ +#else static char version[] = "@(#) racoon / IPsec-tools"; -#endif /* TOP_PACKAGE */ +#endif static void print_version() @@ -162,9 +162,7 @@ usage() } static void -parse(ac, av) - int ac; - char **av; +parse(int ac, char **av) { extern char *optarg; extern int optind; @@ -264,9 +262,7 @@ parse(ac, av) } int -main(ac, av) - int ac; - char **av; +main(int ac, char **av) { int error; @@ -308,7 +304,7 @@ main(ac, av) plog(LLV_INFO, LOCATION, NULL, "@(#)" "This product linked %s (http://www.openssl.org/)" "\n", eay_version()); - plog(LLV_INFO, LOCATION, NULL, "Reading configuration from \"%s\"\n", + plog(LLV_INFO, LOCATION, NULL, "Reading configuration from \"%s\"\n", lcconf->racoon_conf); /* @@ -346,4 +342,3 @@ main(ac, av) return 0; } - Index: src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c diff -u src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c:1.14 src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c:1.15 --- src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c:1.14 Mon Mar 14 17:18:13 2011 +++ src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c Sat May 19 18:51:59 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: nattraversal.c,v 1.14 2011/03/14 17:18:13 tteras Exp $ */ +/* $NetBSD: nattraversal.c,v 1.15 2018/05/19 18:51:59 maxv Exp $ */ /* * Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany. @@ -230,118 +230,117 @@ natt_udp_encap (int encmode) } int -natt_fill_options (struct ph1natt_options *opts, int version) +natt_fill_options(struct ph1natt_options *opts, int version) { - if (! opts) - return -1; + if (!opts) + return -1; - opts->version = version; + opts->version = version; - switch (version) { - case VENDORID_NATT_00: - case VENDORID_NATT_01: - opts->float_port = 0; /* No port floating for those drafts */ - opts->payload_nat_d = ISAKMP_NPTYPE_NATD_DRAFT; - opts->payload_nat_oa = ISAKMP_NPTYPE_NATOA_DRAFT; - opts->mode_udp_tunnel = IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_DRAFT; - opts->mode_udp_transport = IPSECDOI_ATTR_ENC_MODE_UDPTRNS_DRAFT; - opts->encaps_type = UDP_ENCAP_ESPINUDP_NON_IKE; + switch (version) { + case VENDORID_NATT_00: + case VENDORID_NATT_01: + opts->float_port = 0; /* No port floating for those drafts */ + opts->payload_nat_d = ISAKMP_NPTYPE_NATD_DRAFT; + opts->payload_nat_oa = ISAKMP_NPTYPE_NATOA_DRAFT; + opts->mode_udp_tunnel = IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_DRAFT; + opts->mode_udp_transport = IPSECDOI_ATTR_ENC_MODE_UDPTRNS_DRAFT; + opts->encaps_type = UDP_ENCAP_ESPINUDP_NON_IKE; + break; + case VENDORID_NATT_02: + case VENDORID_NATT_02_N: + case VENDORID_NATT_03: + opts->float_port = lcconf->port_isakmp_natt; + opts->payload_nat_d = ISAKMP_NPTYPE_NATD_DRAFT; + opts->payload_nat_oa = ISAKMP_NPTYPE_NATOA_DRAFT; + opts->mode_udp_tunnel = IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_DRAFT; + opts->mode_udp_transport = IPSECDOI_ATTR_ENC_MODE_UDPTRNS_DRAFT; + opts->encaps_type = UDP_ENCAP_ESPINUDP; + break; + case VENDORID_NATT_04: + case VENDORID_NATT_05: + case VENDORID_NATT_06: + case VENDORID_NATT_07: + case VENDORID_NATT_08: + opts->float_port = lcconf->port_isakmp_natt; + opts->payload_nat_d = ISAKMP_NPTYPE_NATD_BADDRAFT; + opts->payload_nat_oa = ISAKMP_NPTYPE_NATOA_BADDRAFT; + opts->mode_udp_tunnel = IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_RFC; + opts->mode_udp_transport = IPSECDOI_ATTR_ENC_MODE_UDPTRNS_RFC; + opts->encaps_type = UDP_ENCAP_ESPINUDP; break; + case VENDORID_NATT_RFC: + opts->float_port = lcconf->port_isakmp_natt; + opts->payload_nat_d = ISAKMP_NPTYPE_NATD_RFC; + opts->payload_nat_oa = ISAKMP_NPTYPE_NATOA_RFC; + opts->mode_udp_tunnel = IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_RFC; + opts->mode_udp_transport = IPSECDOI_ATTR_ENC_MODE_UDPTRNS_RFC; + opts->encaps_type = UDP_ENCAP_ESPINUDP; + break; + default: + plog(LLV_ERROR, LOCATION, NULL, + "unsupported NAT-T version: %s\n", + vid_string_by_id(version)); + return -1; + } - case VENDORID_NATT_02: - case VENDORID_NATT_02_N: - case VENDORID_NATT_03: - opts->float_port = lcconf->port_isakmp_natt; - opts->payload_nat_d = ISAKMP_NPTYPE_NATD_DRAFT; - opts->payload_nat_oa = ISAKMP_NPTYPE_NATOA_DRAFT; - opts->mode_udp_tunnel = IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_DRAFT; - opts->mode_udp_transport = IPSECDOI_ATTR_ENC_MODE_UDPTRNS_DRAFT; - opts->encaps_type = UDP_ENCAP_ESPINUDP; - break; - case VENDORID_NATT_04: - case VENDORID_NATT_05: - case VENDORID_NATT_06: - case VENDORID_NATT_07: - case VENDORID_NATT_08: - opts->float_port = lcconf->port_isakmp_natt; - opts->payload_nat_d = ISAKMP_NPTYPE_NATD_BADDRAFT; - opts->payload_nat_oa = ISAKMP_NPTYPE_NATOA_BADDRAFT; - opts->mode_udp_tunnel = IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_RFC; - opts->mode_udp_transport = IPSECDOI_ATTR_ENC_MODE_UDPTRNS_RFC; - opts->encaps_type = UDP_ENCAP_ESPINUDP; - break; - case VENDORID_NATT_RFC: - opts->float_port = lcconf->port_isakmp_natt; - opts->payload_nat_d = ISAKMP_NPTYPE_NATD_RFC; - opts->payload_nat_oa = ISAKMP_NPTYPE_NATOA_RFC; - opts->mode_udp_tunnel = IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_RFC; - opts->mode_udp_transport = IPSECDOI_ATTR_ENC_MODE_UDPTRNS_RFC; - opts->encaps_type = UDP_ENCAP_ESPINUDP; - break; - default: - plog(LLV_ERROR, LOCATION, NULL, - "unsupported NAT-T version: %s\n", - vid_string_by_id(version)); - return -1; - } - - opts->mode_udp_diff = opts->mode_udp_tunnel - IPSECDOI_ATTR_ENC_MODE_TUNNEL; + opts->mode_udp_diff = opts->mode_udp_tunnel - IPSECDOI_ATTR_ENC_MODE_TUNNEL; - return 0; + return 0; } void -natt_float_ports (struct ph1handle *iph1) +natt_float_ports(struct ph1handle *iph1) { - if (! (iph1->natt_flags & NAT_DETECTED) ) + if (!(iph1->natt_flags & NAT_DETECTED)) return; - if (! iph1->natt_options->float_port){ + if (!iph1->natt_options->float_port) { /* Drafts 00 / 01, just schedule keepalive */ natt_keepalive_add_ph1 (iph1); return; } - - set_port (iph1->local, iph1->natt_options->float_port); - set_port (iph1->remote, iph1->natt_options->float_port); + + set_port(iph1->local, iph1->natt_options->float_port); + set_port(iph1->remote, iph1->natt_options->float_port); iph1->natt_flags |= NAT_PORTS_CHANGED | NAT_ADD_NON_ESP_MARKER; - - natt_keepalive_add_ph1 (iph1); + + natt_keepalive_add_ph1(iph1); } static int -natt_is_enabled (struct remoteconf *rmconf, void *args) +natt_is_enabled(struct remoteconf *rmconf, void *args) { - if (rmconf->nat_traversal) - return 1; - return 0; + if (rmconf->nat_traversal) + return 1; + return 0; } void -natt_handle_vendorid (struct ph1handle *iph1, int vid_numeric) +natt_handle_vendorid(struct ph1handle *iph1, int vid_numeric) { - if (iph1->rmconf == NULL) { - /* Check if any candidate remote conf allows nat-t */ - struct rmconfselector rmconf; - rmconf_selector_from_ph1(&rmconf, iph1); - if (enumrmconf(&rmconf, natt_is_enabled, NULL) == 0) - return; - } else { - if (!iph1->rmconf->nat_traversal) - return; - } - - if (! iph1->natt_options) - iph1->natt_options = racoon_calloc (1, sizeof (*iph1->natt_options)); - - if (! iph1->natt_options) { - plog (LLV_ERROR, LOCATION, NULL, - "Allocating memory for natt_options failed!\n"); - return; - } - - if (iph1->natt_options->version < vid_numeric) - if (natt_fill_options (iph1->natt_options, vid_numeric) == 0) - iph1->natt_flags |= NAT_ANNOUNCED; + if (iph1->rmconf == NULL) { + /* Check if any candidate remote conf allows nat-t */ + struct rmconfselector rmconf; + rmconf_selector_from_ph1(&rmconf, iph1); + if (enumrmconf(&rmconf, natt_is_enabled, NULL) == 0) + return; + } else { + if (!iph1->rmconf->nat_traversal) + return; + } + + if (!iph1->natt_options) + iph1->natt_options = racoon_calloc(1, sizeof(*iph1->natt_options)); + + if (!iph1->natt_options) { + plog(LLV_ERROR, LOCATION, NULL, + "Allocating memory for natt_options failed!\n"); + return; + } + + if (iph1->natt_options->version < vid_numeric) + if (natt_fill_options(iph1->natt_options, vid_numeric) == 0) + iph1->natt_flags |= NAT_ANNOUNCED; } static void Index: src/crypto/dist/ipsec-tools/src/racoon/nattraversal.h diff -u src/crypto/dist/ipsec-tools/src/racoon/nattraversal.h:1.7 src/crypto/dist/ipsec-tools/src/racoon/nattraversal.h:1.8 --- src/crypto/dist/ipsec-tools/src/racoon/nattraversal.h:1.7 Wed Sep 22 07:34:51 2010 +++ src/crypto/dist/ipsec-tools/src/racoon/nattraversal.h Sat May 19 18:51:59 2018 @@ -1,10 +1,10 @@ -/* $NetBSD: nattraversal.h,v 1.7 2010/09/22 07:34:51 vanhu Exp $ */ +/* $NetBSD: nattraversal.h,v 1.8 2018/05/19 18:51:59 maxv Exp $ */ /* * Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany. * Contributed by: Michal Ludvig <mlud...@suse.cz>, SUSE Labs * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -16,7 +16,7 @@ * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,51 +49,50 @@ #define NON_ESP_MARKER_LEN sizeof(u_int32_t) #define NON_ESP_MARKER_USE(_ph1) ((_ph1)->natt_flags & NAT_ADD_NON_ESP_MARKER) -/* These are the values from parsing "remote {}" - block of the config file. */ +/* + * These are the values from parsing "remote {}" block of the config file. + */ #define NATT_OFF FLASE /* = 0 */ #define NATT_ON TRUE /* = 1 */ #define NATT_FORCE 2 struct ph1natt_options { - int version; - u_int16_t float_port; - u_int16_t mode_udp_tunnel; - u_int16_t mode_udp_transport; - u_int16_t encaps_type; /* ESPINUDP / ESPINUDP_NON_IKE */ - u_int16_t mode_udp_diff; - u_int16_t payload_nat_d; - u_int16_t payload_nat_oa; + int version; + u_int16_t float_port; + u_int16_t mode_udp_tunnel; + u_int16_t mode_udp_transport; + u_int16_t encaps_type; /* ESPINUDP / ESPINUDP_NON_IKE */ + u_int16_t mode_udp_diff; + u_int16_t payload_nat_d; + u_int16_t payload_nat_oa; }; struct ph2natt { - u_int8_t type; - u_int16_t sport; - u_int16_t dport; - struct sockaddr *oa; - u_int16_t frag; + u_int8_t type; + u_int16_t sport; + u_int16_t dport; + struct sockaddr *oa; + u_int16_t frag; }; -int natt_vendorid (int vid); -vchar_t *natt_hash_addr (struct ph1handle *iph1, struct sockaddr *addr); -int natt_compare_addr_hash (struct ph1handle *iph1, vchar_t *natd_received, int natd_seq); -int natt_udp_encap (int encmode); -int natt_fill_options (struct ph1natt_options *opts, int version); -void natt_float_ports (struct ph1handle *iph1); -void natt_handle_vendorid (struct ph1handle *iph1, int vid_numeric); - +int natt_vendorid(int vid); +vchar_t *natt_hash_addr(struct ph1handle *iph1, struct sockaddr *addr); +int natt_compare_addr_hash(struct ph1handle *iph1, vchar_t *natd_received, int natd_seq); +int natt_udp_encap(int encmode); +int natt_fill_options(struct ph1natt_options *opts, int version); +void natt_float_ports(struct ph1handle *iph1); +void natt_handle_vendorid(struct ph1handle *iph1, int vid_numeric); struct payload_list * -isakmp_plist_append_natt_vids (struct payload_list *plist, vchar_t *vid_natt[MAX_NATT_VID_COUNT]); - +isakmp_plist_append_natt_vids(struct payload_list *plist, vchar_t *vid_natt[MAX_NATT_VID_COUNT]); /* NAT keepalive functions */ -void natt_keepalive_init (void); -int natt_keepalive_add (struct sockaddr *src, struct sockaddr *dst); -int natt_keepalive_add_ph1 (struct ph1handle *iph1); -void natt_keepalive_remove (struct sockaddr *src, struct sockaddr *dst); +void natt_keepalive_init(void); +int natt_keepalive_add(struct sockaddr *src, struct sockaddr *dst); +int natt_keepalive_add_ph1(struct ph1handle *iph1); +void natt_keepalive_remove(struct sockaddr *src, struct sockaddr *dst); /* Walk through all rmconfigs and tell if NAT-T is enabled in at least one. */ -int natt_enabled_in_rmconf (void); +int natt_enabled_in_rmconf(void); #endif /* _NATTRAVERSAL_H */