Re: [Swan] OSX Server interop patch, was Re: Connecting to OS X Server

Mon, 12 Jan 2015 17:25:22 -0800 

On Mon, 12 Jan 2015, Ali Gangji wrote:


So i stopped ipsec, applied the patch, ran make programs and sudo make install, 
and restarted ipsec. I still get the
same message about the unknown value 16777216


Ah yes, I still forgot that we have another check for valid numbers that
still failed. I've updated the patch, so try this version 2 patch :)

Paul
diff --git a/include/ietf_constants.h b/include/ietf_constants.h
index 784ec73..c47c984 100644
--- a/include/ietf_constants.h
+++ b/include/ietf_constants.h
@@ -435,6 +435,8 @@
 /* Domain of Interpretation */
 #define ISAKMP_DOI_ISAKMP 0
 #define ISAKMP_DOI_IPSEC 1
+/* htonl(1) == 16777216 */
+#define ISAKMP_DOI_OSX_SERVER_HTONL_BUG 16777216
 
 /* IPsec DOI things */
 
diff --git a/lib/libswan/constants.c b/lib/libswan/constants.c
index 61d88a8..abe14dd 100644
--- a/lib/libswan/constants.c
+++ b/lib/libswan/constants.c
@@ -150,11 +150,22 @@ static const char *const doi_name[] = {
        "ISAKMP_DOI_IPSEC",
 };
 
+static const char *const doi_name_osx[] = {
+       "ISAKMP_DOI_OSX_SERVER_HTONL_BUG",
+};
+
+static enum_names doi_names_osx = {
+       ISAKMP_DOI_OSX_SERVER_HTONL_BUG,
+       ISAKMP_DOI_OSX_SERVER_HTONL_BUG,
+       doi_name_osx,
+       NULL
+};
+
 enum_names doi_names = {
        ISAKMP_DOI_ISAKMP,
        ISAKMP_DOI_IPSEC,
        doi_name,
-       NULL
+       &doi_names_osx
 };
 
 /*
diff --git a/programs/pluto/ikev1_spdb_struct.c 
b/programs/pluto/ikev1_spdb_struct.c
index d3d32f9..46abc5e 100644
--- a/programs/pluto/ikev1_spdb_struct.c
+++ b/programs/pluto/ikev1_spdb_struct.c
@@ -850,10 +850,14 @@ notification_t parse_isakmp_sa_body(pb_stream *sa_pbs,    
        /* body of input SA Payl
 
        /* DOI */
        if (sa->isasa_doi != ISAKMP_DOI_IPSEC) {
-               loglog(RC_LOG_SERIOUS, "Unknown/unsupported DOI %s",
-                      enum_show(&doi_names, sa->isasa_doi));
-               /* XXX Could send notification back */
-               return DOI_NOT_SUPPORTED;
+               if (sa->isasa_doi == ISAKMP_DOI_OSX_SERVER_HTONL_BUG) {
+                       loglog(RC_LOG_SERIOUS, "OSX Server DOI htonl(1) bug 
workaround enabled");
+               } else {
+                       loglog(RC_LOG_SERIOUS, "Unknown/unsupported DOI %s",
+                               enum_show(&doi_names, sa->isasa_doi));
+                       /* XXX Could send notification back */
+                       return DOI_NOT_SUPPORTED;
+               }
        }
 
        /* Situation */

_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan






















					Reply via email to