On Mon, Dec 06, 2010 at 12:58 +0000, Mikolaj Kucharski wrote: > Hi, > > I had a chance to test pr 5562 and would like to confirm that on OpenBSD > current the issue is still present. > > OpenBSD 4.8-current (GENERIC) #510: Sat Dec 4 12:03:30 MST 2010 > dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC > > > After applying attached patch (taken from url in pr 5562) issue is > resolved. See reference urls for more detailed explanation. > > > Would be possible to get this patch commited? >
FWIW, I'm okay with the diff. > > References > 1. http://marc.info/?t=120168048500001&r=1&w=2 > 2. http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yes&numbers=5562 > 3. http://www.bzero.se/patches/isakmpd-multi-nat-peers-patch.diff > > -- > best regards > q# > Index: sa.c > =================================================================== > RCS file: /cvs/src/sbin/isakmpd/sa.c,v > retrieving revision 1.110 > diff -u -r1.110 sa.c > --- sa.c 24 Nov 2006 13:52:14 -0000 1.110 > +++ sa.c 17 Aug 2007 14:31:04 -0000 > @@ -199,7 +199,18 @@ > return 0; > > sa->transport->vtbl->get_dst(sa->transport, &dst); > - return (net_addrcmp(dst, addr->addr) == 0); > + if (net_addrcmp(dst, addr->addr) != 0) > + return 0; > + > + /* same family, length and address, check port if inet/inet6 */ > + switch (dst->sa_family) { > + case AF_INET: > + return ((struct sockaddr_in *)dst)->sin_port == ((struct > sockaddr_in *)addr->addr)->sin_port; > + case AF_INET6: > + return ((struct sockaddr_in6 *)dst)->sin6_port == ((struct > sockaddr_in6 *)addr->addr)->sin6_port; > + } > + > + return 1; > } > > struct dst_isakmpspi_arg {
