1 Index: ipsec-tools-0.7.3/src/racoon/admin.c
2 ===================================================================
3 --- ipsec-tools-0.7.3.orig/src/racoon/admin.c 2009-04-20 15:32:57.000000000 +0200
4 +++ ipsec-tools-0.7.3/src/racoon/admin.c 2010-03-28 17:07:57.000000000 +0200
11 #include "admin_var.h"
12 #include "isakmp_inf.h"
17 - if (com.ac_cmd == ADMIN_RELOAD_CONF) {
18 - /* reload does not work at all! */
19 - signal_handler(SIGHUP);
22 + plog(LLV_DEBUG, LOCATION, NULL,
23 + "[%d] admin connection established\n", so2);
25 error = admin_process(so2, combuf);
31 + plog(LLV_DEBUG, LOCATION, NULL,
32 + "[%d] admin connection closed\n", so2);
43 + int send_events = 0;
44 + struct evt_listener_list *event_list = NULL;
52 - /* It's not really an error, don't force racoonctl to quit */
53 - if ((buf = evt_dump()) == NULL)
61 case ADMIN_ESTABLISH_SA:
63 + struct admin_com_indexes *ndx;
66 - src = (struct sockaddr *)
67 - &((struct admin_com_indexes *)
68 - ((caddr_t)com + sizeof(*com)))->src;
69 - dst = (struct sockaddr *)
70 - &((struct admin_com_indexes *)
71 - ((caddr_t)com + sizeof(*com)))->dst;
73 + ndx = (struct admin_com_indexes *) ((caddr_t)com + sizeof(*com));
74 + src = (struct sockaddr *) &ndx->src;
75 + dst = (struct sockaddr *) &ndx->dst;
77 switch (com->ac_proto) {
78 case ADMIN_PROTO_ISAKMP: {
79 + struct ph1handle *ph1;
80 struct remoteconf *rmconf;
81 struct sockaddr *remote = NULL;
82 struct sockaddr *local = NULL;
87 + /* connected already? */
88 + ph1 = getph1byaddrwop(src, dst);
90 + event_list = &ph1->evt_listeners;
91 + if (ph1->status == PHASE1ST_ESTABLISHED)
92 + com->ac_errno = EEXIST;
98 /* search appropreate configuration */
99 rmconf = getrmconf(dst);
100 if (rmconf == NULL) {
102 "%s\n", saddrwop2str(remote));
104 /* begin ident mode */
105 - if (isakmp_ph1begin_i(rmconf, remote, local) < 0)
106 + ph1 = isakmp_ph1begin_i(rmconf, remote, local);
110 + event_list = &ph1->evt_listeners;
114 @@ -473,8 +489,105 @@
118 - case ADMIN_PROTO_ESP:
119 + case ADMIN_PROTO_ESP: {
120 + struct ph2handle *iph2;
121 + struct secpolicy *sp_out = NULL, *sp_in = NULL;
122 + struct policyindex spidx;
124 + com->ac_errno = -1;
126 + /* got outbound policy */
127 + memset(&spidx, 0, sizeof(spidx));
128 + spidx.dir = IPSEC_DIR_OUTBOUND;
129 + memcpy(&spidx.src, src, sizeof(spidx.src));
130 + memcpy(&spidx.dst, dst, sizeof(spidx.dst));
131 + spidx.prefs = ndx->prefs;
132 + spidx.prefd = ndx->prefd;
133 + spidx.ul_proto = ndx->ul_proto;
135 + sp_out = getsp_r(&spidx);
137 + plog(LLV_DEBUG, LOCATION, NULL,
138 + "suitable outbound SP found: %s.\n",
139 + spidx2str(&sp_out->spidx));
141 + com->ac_errno = ENOENT;
142 + plog(LLV_NOTIFY, LOCATION, NULL,
143 + "no outbound policy found: %s\n",
144 + spidx2str(&spidx));
148 + iph2 = getph2byid(src, dst, sp_out->id);
149 + if (iph2 != NULL) {
150 + event_list = &iph2->evt_listeners;
151 + if (iph2->status == PHASE2ST_ESTABLISHED)
152 + com->ac_errno = EEXIST;
158 + /* get inbound policy */
159 + memset(&spidx, 0, sizeof(spidx));
160 + spidx.dir = IPSEC_DIR_INBOUND;
161 + memcpy(&spidx.src, dst, sizeof(spidx.src));
162 + memcpy(&spidx.dst, src, sizeof(spidx.dst));
163 + spidx.prefs = ndx->prefd;
164 + spidx.prefd = ndx->prefs;
165 + spidx.ul_proto = ndx->ul_proto;
167 + sp_in = getsp_r(&spidx);
169 + plog(LLV_DEBUG, LOCATION, NULL,
170 + "suitable inbound SP found: %s.\n",
171 + spidx2str(&sp_in->spidx));
173 + com->ac_errno = ENOENT;
174 + plog(LLV_NOTIFY, LOCATION, NULL,
175 + "no inbound policy found: %s\n",
176 + spidx2str(&spidx));
180 + /* allocate a phase 2 */
182 + if (iph2 == NULL) {
183 + plog(LLV_ERROR, LOCATION, NULL,
184 + "failed to allocate phase2 entry.\n");
187 + iph2->side = INITIATOR;
188 + iph2->satype = admin2pfkey_proto(com->ac_proto);
189 + iph2->spid = sp_out->id;
190 + iph2->seq = pk_getseq();
191 + iph2->status = PHASE2ST_STATUS2;
193 + /* set end addresses of SA */
194 + iph2->dst = dupsaddr(dst);
195 + iph2->src = dupsaddr(src);
196 + if (iph2->dst == NULL || iph2->src == NULL) {
201 + if (isakmp_get_sainfo(iph2, sp_out, sp_in) < 0) {
207 + if (isakmp_post_acquire(iph2) < 0) {
214 + event_list = &iph2->evt_listeners;
222 if ((error = admin_reply(so2, com, buf)) != 0)
226 + if (send_events || event_list != NULL)
227 + error = evt_subscribe(event_list, so2);
231 Index: ipsec-tools-0.7.3/src/racoon/evt.c
232 ===================================================================
233 --- ipsec-tools-0.7.3.orig/src/racoon/evt.c 2006-09-09 18:22:09.000000000 +0200
234 +++ ipsec-tools-0.7.3/src/racoon/evt.c 2010-03-28 17:07:57.000000000 +0200
235 @@ -46,113 +46,219 @@
239 +#include "handler.h"
240 #include "gcmalloc.h"
243 #ifdef ENABLE_ADMINPORT
244 -struct evtlist evtlist = TAILQ_HEAD_INITIALIZER(evtlist);
245 -int evtlist_len = 0;
246 +static EVT_LISTENER_LIST(evt_listeners);
247 +static EVT_LISTENER_LIST(evt_fds);
250 -evt_push(src, dst, type, optdata)
251 - struct sockaddr *src;
252 - struct sockaddr *dst;
254 + struct admin_com adm;
255 + struct evt_common evt;
258 +static struct evtdump *
259 +evtdump_create(type, optdata)
263 - struct evtdump *evtdump;
268 - /* If admin socket is disabled, silently discard anything */
269 - if (adminsock_path == NULL)
270 + len = sizeof(struct admin_com) + sizeof(struct evt_common);
271 + if (optdata != NULL)
274 + if ((e = racoon_malloc(len)) == NULL) {
275 + plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate event: %s\n",
280 + memset(e, 0, sizeof(struct evtdump));
281 + e->adm.ac_len = len;
282 + e->adm.ac_cmd = ADMIN_SHOW_EVT;
283 + e->adm.ac_errno = 0;
284 + e->adm.ac_proto = 0;
285 + e->evt.ec_type = type;
286 + time(&e->evt.ec_timestamp);
287 + if (optdata != NULL)
288 + memcpy(e + 1, optdata->v, optdata->l);
295 + struct evt_listener *l;
297 + plog(LLV_DEBUG, LOCATION, NULL,
298 + "[%d] admin connection released\n", l->fd);
300 + LIST_REMOVE(l, ll_chain);
301 + LIST_REMOVE(l, fd_chain);
307 +evtdump_broadcast(ll, e)
308 + const struct evt_listener_list *ll;
311 + struct evt_listener *l, *nl;
313 + for (l = LIST_FIRST(ll); l != NULL; l = nl) {
314 + nl = LIST_NEXT(l, ll_chain);
316 + if (send(l->fd, e, e->adm.ac_len,
317 + MSG_NOSIGNAL | MSG_DONTWAIT) < 0) {
318 + plog(LLV_DEBUG, LOCATION, NULL, "Cannot send event to fd: %s\n",
320 + evt_unsubscribe(l);
328 +evt_generic(type, optdata)
335 + if ((e = evtdump_create(type, optdata)) == NULL)
338 - /* If we are above the limit, don't record anything */
339 - if (evtlist_len > EVTLIST_MAX) {
340 - plog(LLV_DEBUG, LOCATION, NULL,
341 - "Cannot record event: event queue overflowed\n");
342 + evtdump_broadcast(&evt_listeners, e);
348 +evt_phase1(ph1, type, optdata)
349 + const struct ph1handle *ph1;
355 + if ((e = evtdump_create(type, optdata)) == NULL)
359 + memcpy(&e->evt.ec_ph1src, ph1->local, sysdep_sa_len(ph1->local));
361 + memcpy(&e->evt.ec_ph1dst, ph1->remote, sysdep_sa_len(ph1->remote));
363 + evtdump_broadcast(&ph1->evt_listeners, e);
364 + evtdump_broadcast(&evt_listeners, e);
370 +evt_phase2(ph2, type, optdata)
371 + const struct ph2handle *ph2;
376 + struct ph1handle *ph1 = ph2->ph1;
378 + if ((e = evtdump_create(type, optdata)) == NULL)
383 + memcpy(&e->evt.ec_ph1src, ph1->local, sysdep_sa_len(ph1->local));
385 + memcpy(&e->evt.ec_ph1dst, ph1->remote, sysdep_sa_len(ph1->remote));
387 + e->evt.ec_ph2msgid = ph2->msgid;
389 - /* If we hit the limit, record an overflow event instead */
390 - if (evtlist_len == EVTLIST_MAX) {
391 - plog(LLV_ERROR, LOCATION, NULL,
392 - "Cannot record event: event queue overflow\n");
395 - type = EVTT_OVERFLOW;
399 - len = sizeof(*evtdump);
403 - if ((evtdump = racoon_malloc(len)) == NULL) {
404 - plog(LLV_ERROR, LOCATION, NULL, "Cannot record event: %s\n",
407 + evtdump_broadcast(&ph2->evt_listeners, e);
409 + evtdump_broadcast(&ph1->evt_listeners, e);
410 + evtdump_broadcast(&evt_listeners, e);
415 - if ((evt = racoon_malloc(sizeof(*evt))) == NULL) {
416 - plog(LLV_ERROR, LOCATION, NULL, "Cannot record event: %s\n",
418 - racoon_free(evtdump);
421 +evt_subscribe(list, fd)
422 + struct evt_listener_list *list;
425 + struct evt_listener *l;
427 + if ((l = racoon_malloc(sizeof(*l))) == NULL) {
428 + plog(LLV_ERROR, LOCATION, NULL,
429 + "Cannot allocate event listener: %s\n",
435 - memcpy(&evtdump->src, src, sysdep_sa_len(src));
437 - memcpy(&evtdump->dst, dst, sysdep_sa_len(dst));
438 - evtdump->len = len;
439 - evtdump->type = type;
440 - time(&evtdump->timestamp);
442 + list = &evt_listeners;
445 - memcpy(evtdump + 1, optdata->v, optdata->l);
446 + LIST_INSERT_HEAD(list, l, ll_chain);
447 + LIST_INSERT_HEAD(&evt_fds, l, fd_chain);
450 - evt->dump = evtdump;
451 - TAILQ_INSERT_TAIL(&evtlist, evt, next);
452 + plog(LLV_DEBUG, LOCATION, NULL,
453 + "[%d] admin connection is polling events\n", fd);
462 + struct evt_listener_list *list;
469 - struct evtdump *evtdump;
472 - if ((evt = TAILQ_FIRST(&evtlist)) == NULL)
475 +evt_list_cleanup(list)
476 + struct evt_listener_list *list;
478 + while (!LIST_EMPTY(list))
479 + evt_unsubscribe(LIST_FIRST(list));
482 - evtdump = evt->dump;
483 - TAILQ_REMOVE(&evtlist, evt, next);
492 - struct evtdump *evtdump;
493 - vchar_t *buf = NULL;
495 - if ((evtdump = evt_pop()) != NULL) {
496 - if ((buf = vmalloc(evtdump->len)) == NULL) {
497 - plog(LLV_ERROR, LOCATION, NULL,
498 - "evt_dump failed: %s\n", strerror(errno));
501 - memcpy(buf->v, evtdump, evtdump->len);
502 - racoon_free(evtdump);
504 +evt_get_fdmask(nfds, fdset)
508 + struct evt_listener *l;
509 + LIST_FOREACH(l, &evt_fds, fd_chain) {
510 + FD_SET(l->fd, fdset);
511 + if (l->fd + 1 > nfds)
519 +evt_handle_fdmask(fdset)
522 + struct evt_listener *l, *nl;
524 + for (l = LIST_FIRST(&evt_fds); l != NULL; l = nl) {
525 + nl = LIST_NEXT(l, ll_chain);
527 + if (FD_ISSET(l->fd, fdset))
528 + evt_unsubscribe(l);
532 #endif /* ENABLE_ADMINPORT */
533 Index: ipsec-tools-0.7.3/src/racoon/evt.h
534 ===================================================================
535 --- ipsec-tools-0.7.3.orig/src/racoon/evt.h 2006-09-09 18:22:09.000000000 +0200
536 +++ ipsec-tools-0.7.3/src/racoon/evt.h 2010-03-28 17:07:57.000000000 +0200
543 - struct sockaddr_storage src;
544 - struct sockaddr_storage dst;
547 +#ifdef ENABLE_ADMINPORT
549 +struct evt_listener {
550 + LIST_ENTRY(evt_listener) ll_chain;
551 + LIST_ENTRY(evt_listener) fd_chain;
554 +LIST_HEAD(evt_listener_list, evt_listener);
555 +#define EVT_LISTENER_LIST(x) struct evt_listener_list x;
562 + time_t ec_timestamp;
564 + struct sockaddr_storage ec_ph1src;
565 + struct sockaddr_storage ec_ph1dst;
566 + u_int32_t ec_ph2msgid;
569 * Optionnal list of struct isakmp_data
570 * for type EVTT_ISAKMP_CFG_DONE
575 -#define EVTT_UNSEPC 0
576 -#define EVTT_PHASE1_UP 1
577 -#define EVTT_PHASE1_DOWN 2
578 -#define EVTT_XAUTH_SUCCESS 3
579 -#define EVTT_ISAKMP_CFG_DONE 4
580 -#define EVTT_PHASE2_UP 5
581 -#define EVTT_PHASE2_DOWN 6
582 -#define EVTT_DPD_TIMEOUT 7
583 -#define EVTT_PEER_NO_RESPONSE 8
584 -#define EVTT_PEER_DELETE 9
585 -#define EVTT_RACOON_QUIT 10
586 -#define EVTT_XAUTH_FAILED 11
587 -#define EVTT_OVERFLOW 12 /* Event queue overflowed */
588 -#define EVTT_PEERPH1AUTH_FAILED 13
589 -#define EVTT_PEERPH1_NOPROP 14 /* NO_PROPOSAL_CHOSEN & friends */
590 -#define EVTT_NO_ISAKMP_CFG 15 /* no need to wait for mode_cfg */
593 - struct evtdump *dump;
594 - TAILQ_ENTRY(evt) next;
597 -TAILQ_HEAD(evtlist, evt);
599 -#define EVTLIST_MAX 32
600 +#define EVTT_RACOON_QUIT 0x0001
601 +#define EVTT_PHASE1_UP 0x0100
602 +#define EVTT_PHASE1_DOWN 0x0101
603 +#define EVTT_PHASE1_NO_RESPONSE 0x0102
604 +#define EVTT_PHASE1_NO_PROPOSAL 0x0103
605 +#define EVTT_PHASE1_AUTH_FAILED 0x0104
606 +#define EVTT_PHASE1_DPD_TIMEOUT 0x0105
607 +#define EVTT_PHASE1_PEER_DELETED 0x0106
608 +#define EVTT_PHASE1_MODE_CFG 0x0107
609 +#define EVTT_PHASE1_XAUTH_SUCCESS 0x0108
610 +#define EVTT_PHASE1_XAUTH_FAILED 0x0109
612 +#define EVTT_PHASE2_NO_PHASE1 0x0200
613 +#define EVTT_PHASE2_UP 0x0201
614 +#define EVTT_PHASE2_DOWN 0x0202
615 +#define EVTT_PHASE2_NO_RESPONSE 0x0203
617 +void evt_generic __P((int type, vchar_t *optdata));
618 +void evt_phase1 __P((const struct ph1handle *ph1, int type, vchar_t *optdata));
619 +void evt_phase2 __P((const struct ph2handle *ph2, int type, vchar_t *optdata));
621 +int evt_subscribe __P((struct evt_listener_list *list, int fd));
622 +void evt_list_init __P((struct evt_listener_list *list));
623 +void evt_list_cleanup __P((struct evt_listener_list *list));
624 +int evt_get_fdmask __P((int nfds, fd_set *fdset));
625 +void evt_handle_fdmask __P((fd_set *fdset));
629 -#ifdef ENABLE_ADMINPORT
630 -struct evtdump *evt_pop(void);
631 -vchar_t *evt_dump(void);
632 -void evt_push(struct sockaddr *, struct sockaddr *, int, vchar_t *);
634 +#define EVT_LISTENER_LIST(x)
635 +#define evt_generic(type, optdata) ;
636 +#define evt_phase1(ph1, type, optdata) ;
637 +#define evt_phase2(ph2, type, optdata) ;
639 +#define evt_subscribe(eventlist, fd) ;
640 +#define evt_list_init(eventlist) ;
641 +#define evt_list_cleanup(eventlist) ;
642 +#define evt_get_fdmask(nfds, fdset) nfds
643 +#define evt_handle_fdmask(fdset) ;
645 -#ifdef ENABLE_ADMINPORT
646 -#define EVT_PUSH(src, dst, type, optdata) evt_push(src, dst, type, optdata);
648 -#define EVT_PUSH(src, dst, type, optdata) ;
650 +#endif /* ENABLE_ADMINPORT */
653 Index: ipsec-tools-0.7.3/src/racoon/handler.c
654 ===================================================================
655 --- ipsec-tools-0.7.3.orig/src/racoon/handler.c 2009-04-20 15:25:27.000000000 +0200
656 +++ ipsec-tools-0.7.3/src/racoon/handler.c 2010-03-28 17:07:57.000000000 +0200
659 /* SA down shell script hook */
660 script_hook(iph1, SCRIPT_PHASE1_DOWN);
662 - EVT_PUSH(iph1->local, iph1->remote, EVTT_PHASE1_DOWN, NULL);
663 + evt_list_cleanup(&iph1->evt_listeners);
666 if (iph1->natt_flags & NAT_KA_QUEUED)
667 Index: ipsec-tools-0.7.3/src/racoon/handler.h
668 ===================================================================
669 --- ipsec-tools-0.7.3.orig/src/racoon/handler.h 2008-01-11 15:12:01.000000000 +0100
670 +++ ipsec-tools-0.7.3/src/racoon/handler.h 2010-03-28 17:07:57.000000000 +0200
673 #include "isakmp_var.h"
677 /* Phase 1 handler */
681 struct isakmp_cfg_state *mode_cfg; /* ISAKMP mode config state */
684 + EVT_LISTENER_LIST(evt_listeners);
687 /* Phase 2 handler */
690 LIST_ENTRY(ph2handle) chain;
691 LIST_ENTRY(ph2handle) ph1bind; /* chain to ph1handle */
692 + EVT_LISTENER_LIST(evt_listeners);
696 Index: ipsec-tools-0.7.3/src/racoon/isakmp_agg.c
697 ===================================================================
698 --- ipsec-tools-0.7.3.orig/src/racoon/isakmp_agg.c 2006-09-30 23:49:37.000000000 +0200
699 +++ ipsec-tools-0.7.3/src/racoon/isakmp_agg.c 2010-03-28 17:07:57.000000000 +0200
701 /* message printed inner oakley_validate_auth() */
704 - EVT_PUSH(iph1->local, iph1->remote,
705 - EVTT_PEERPH1AUTH_FAILED, NULL);
706 + evt_phase1(iph1, EVTT_PHASE1_AUTH_FAILED, NULL);
707 isakmp_info_send_n1(iph1, ptype, NULL);
710 @@ -1486,8 +1485,7 @@
711 /* message printed inner oakley_validate_auth() */
714 - EVT_PUSH(iph1->local, iph1->remote,
715 - EVTT_PEERPH1AUTH_FAILED, NULL);
716 + evt_phase1(iph1, EVTT_PHASE1_AUTH_FAILED, NULL);
717 isakmp_info_send_n1(iph1, ptype, NULL);
720 Index: ipsec-tools-0.7.3/src/racoon/isakmp_base.c
721 ===================================================================
722 --- ipsec-tools-0.7.3.orig/src/racoon/isakmp_base.c 2006-10-02 23:51:33.000000000 +0200
723 +++ ipsec-tools-0.7.3/src/racoon/isakmp_base.c 2010-03-28 17:07:57.000000000 +0200
725 /* message printed inner oakley_validate_auth() */
728 - EVT_PUSH(iph1->local, iph1->remote,
729 - EVTT_PEERPH1AUTH_FAILED, NULL);
730 + evt_phase1(iph1, EVTT_PHASE1_AUTH_FAILED, NULL);
731 isakmp_info_send_n1(iph1, ptype, NULL);
734 @@ -1242,8 +1241,7 @@
735 /* message printed inner oakley_validate_auth() */
738 - EVT_PUSH(iph1->local, iph1->remote,
739 - EVTT_PEERPH1AUTH_FAILED, NULL);
740 + evt_phase1(iph1, EVTT_PHASE1_AUTH_FAILED, NULL);
741 isakmp_info_send_n1(iph1, ptype, NULL);
744 Index: ipsec-tools-0.7.3/src/racoon/isakmp.c
745 ===================================================================
746 --- ipsec-tools-0.7.3.orig/src/racoon/isakmp.c 2008-09-25 11:34:39.000000000 +0200
747 +++ ipsec-tools-0.7.3/src/racoon/isakmp.c 2010-03-28 17:10:11.000000000 +0200
750 #include "crypto_openssl.h"
752 +#include "algorithm.h"
753 +#include "proposal.h"
755 #include "isakmp_ident.h"
756 #include "isakmp_agg.h"
757 #include "isakmp_base.h"
758 @@ -1015,7 +1018,7 @@
761 /* new negotiation of phase 1 for initiator */
764 isakmp_ph1begin_i(rmconf, remote, local)
765 struct remoteconf *rmconf;
766 struct sockaddr *remote, *local;
767 @@ -1028,7 +1031,7 @@
768 /* get new entry to isakmp status table. */
774 iph1->status = PHASE1ST_START;
775 iph1->rmconf = rmconf;
776 @@ -1043,7 +1046,7 @@
778 if ((iph1->mode_cfg = isakmp_cfg_mkstate()) == NULL) {
785 @@ -1059,7 +1062,7 @@
786 /* XXX copy remote address */
787 if (copy_ph1addresses(iph1, rmconf, remote, local) < 0) {
794 @@ -1095,7 +1098,7 @@
803 @@ -1106,7 +1109,7 @@
804 timedelta(&start, &end));
811 /* new negotiation of phase 1 for responder */
812 @@ -1887,8 +1890,7 @@
813 plog(LLV_ERROR, LOCATION, NULL,
814 "phase1 negotiation failed due to time up. %s\n",
815 isakmp_pindex(&iph1->index, iph1->msgid));
816 - EVT_PUSH(iph1->local, iph1->remote,
817 - EVTT_PEER_NO_RESPONSE, NULL);
818 + evt_phase1(iph1, EVTT_PHASE1_NO_RESPONSE, NULL);
822 @@ -1897,8 +1899,7 @@
823 plog(LLV_ERROR, LOCATION, NULL,
824 "phase1 negotiation failed due to send error. %s\n",
825 isakmp_pindex(&iph1->index, iph1->msgid));
826 - EVT_PUSH(iph1->local, iph1->remote,
827 - EVTT_PEER_NO_RESPONSE, NULL);
828 + evt_phase1(iph1, EVTT_PHASE1_NO_RESPONSE, NULL);
832 @@ -1947,7 +1948,7 @@
833 plog(LLV_ERROR, LOCATION, NULL,
834 "phase2 negotiation failed due to time up. %s\n",
835 isakmp_pindex(&iph2->ph1->index, iph2->msgid));
836 - EVT_PUSH(iph2->src, iph2->dst, EVTT_PEER_NO_RESPONSE, NULL);
837 + evt_phase2(iph2, EVTT_PHASE2_NO_RESPONSE, NULL);
841 @@ -1956,8 +1957,7 @@
842 plog(LLV_ERROR, LOCATION, NULL,
843 "phase2 negotiation failed due to send error. %s\n",
844 isakmp_pindex(&iph2->ph1->index, iph2->msgid));
845 - EVT_PUSH(iph2->src, iph2->dst, EVTT_PEER_NO_RESPONSE, NULL);
847 + evt_phase2(iph2, EVTT_PHASE2_NO_RESPONSE, NULL);
851 @@ -2048,7 +2048,7 @@
852 plog(LLV_INFO, LOCATION, NULL,
853 "ISAKMP-SA deleted %s-%s spi:%s\n",
854 src, dst, isakmp_pindex(&iph1->index, 0));
855 - EVT_PUSH(iph1->local, iph1->remote, EVTT_PHASE1_DOWN, NULL);
856 + evt_phase1(iph1, EVTT_PHASE1_DOWN, NULL);
860 @@ -2195,7 +2195,7 @@
861 saddrwop2str(iph2->dst));
863 /* start phase 1 negotiation as a initiator. */
864 - if (isakmp_ph1begin_i(rmconf, iph2->dst, iph2->src) < 0) {
865 + if (isakmp_ph1begin_i(rmconf, iph2->dst, iph2->src) == NULL) {
869 @@ -2228,6 +2228,71 @@
874 +isakmp_get_sainfo(iph2, sp_out, sp_in)
875 + struct ph2handle *iph2;
876 + struct secpolicy *sp_out, *sp_in;
880 + plog(LLV_DEBUG, LOCATION, NULL,
881 + "new acquire %s\n", spidx2str(&sp_out->spidx));
885 + vchar_t *idsrc, *iddst;
887 + idsrc = ipsecdoi_sockaddr2id((struct sockaddr *)&sp_out->spidx.src,
888 + sp_out->spidx.prefs, sp_out->spidx.ul_proto);
889 + if (idsrc == NULL) {
890 + plog(LLV_ERROR, LOCATION, NULL,
891 + "failed to get ID for %s\n",
892 + spidx2str(&sp_out->spidx));
895 + iddst = ipsecdoi_sockaddr2id((struct sockaddr *)&sp_out->spidx.dst,
896 + sp_out->spidx.prefd, sp_out->spidx.ul_proto);
897 + if (iddst == NULL) {
898 + plog(LLV_ERROR, LOCATION, NULL,
899 + "failed to get ID for %s\n",
900 + spidx2str(&sp_out->spidx));
905 + struct remoteconf *conf;
906 + conf = getrmconf(iph2->dst);
908 + remoteid=conf->ph1id;
910 + plog(LLV_DEBUG, LOCATION, NULL, "Warning: no valid rmconf !\n");
914 + iph2->sainfo = getsainfo(idsrc, iddst, NULL, remoteid);
917 + if (iph2->sainfo == NULL) {
918 + plog(LLV_ERROR, LOCATION, NULL,
919 + "failed to get sainfo.\n");
921 + /* XXX should use the algorithm list from register message */
924 + plog(LLV_DEBUG, LOCATION, NULL,
925 + "selected sainfo: %s\n", sainfo2str(iph2->sainfo));
928 + if (set_proposal_from_policy(iph2, sp_out, sp_in) < 0) {
929 + plog(LLV_ERROR, LOCATION, NULL,
930 + "failed to create saprop.\n");
939 * receive GETSPI from kernel.
941 @@ -2931,9 +2996,9 @@
943 isakmp_pindex(&iph1->index, 0));
945 - EVT_PUSH(iph1->local, iph1->remote, EVTT_PHASE1_UP, NULL);
946 + evt_phase1(iph1, EVTT_PHASE1_UP, NULL);
947 if(!iph1->rmconf->mode_cfg)
948 - EVT_PUSH(iph1->local, iph1->remote, EVTT_NO_ISAKMP_CFG, NULL);
949 + evt_phase1(iph1, EVTT_PHASE1_MODE_CFG, NULL);
953 Index: ipsec-tools-0.7.3/src/racoon/isakmp_cfg.c
954 ===================================================================
955 --- ipsec-tools-0.7.3.orig/src/racoon/isakmp_cfg.c 2008-11-27 16:25:20.000000000 +0100
956 +++ ipsec-tools-0.7.3/src/racoon/isakmp_cfg.c 2010-03-28 17:07:57.000000000 +0200
958 "Cannot allocate memory: %s\n", strerror(errno));
960 memcpy(buf->v, attrpl + 1, buf->l);
961 - EVT_PUSH(iph1->local, iph1->remote,
962 - EVTT_ISAKMP_CFG_DONE, buf);
963 + evt_phase1(iph1, EVTT_PHASE1_MODE_CFG, buf);
967 Index: ipsec-tools-0.7.3/src/racoon/isakmp_ident.c
968 ===================================================================
969 --- ipsec-tools-0.7.3.orig/src/racoon/isakmp_ident.c 2006-10-02 23:41:59.000000000 +0200
970 +++ ipsec-tools-0.7.3/src/racoon/isakmp_ident.c 2010-03-28 17:07:57.000000000 +0200
972 /* msg printed inner oakley_validate_auth() */
975 - EVT_PUSH(iph1->local, iph1->remote,
976 - EVTT_PEERPH1AUTH_FAILED, NULL);
977 + evt_phase1(iph1, EVTT_PHASE1_AUTH_FAILED, NULL);
978 isakmp_info_send_n1(iph1, type, NULL);
981 @@ -1537,8 +1536,7 @@
982 /* msg printed inner oakley_validate_auth() */
985 - EVT_PUSH(iph1->local, iph1->remote,
986 - EVTT_PEERPH1AUTH_FAILED, NULL);
987 + evt_phase1(iph1, EVTT_PHASE1_AUTH_FAILED, NULL);
988 isakmp_info_send_n1(iph1, type, NULL);
991 Index: ipsec-tools-0.7.3/src/racoon/isakmp_inf.c
992 ===================================================================
993 --- ipsec-tools-0.7.3.orig/src/racoon/isakmp_inf.c 2009-05-18 19:07:46.000000000 +0200
994 +++ ipsec-tools-0.7.3/src/racoon/isakmp_inf.c 2010-03-28 17:07:57.000000000 +0200
996 del_ph1=getph1byindex((isakmp_index *)(delete + 1));
999 - EVT_PUSH(del_ph1->local, del_ph1->remote,
1000 - EVTT_PEERPH1_NOPROP, NULL);
1001 + evt_phase1(iph1, EVTT_PHASE1_PEER_DELETED, NULL);
1003 SCHED_KILL(del_ph1->scr);
1006 delete->spi_size, delete->proto_id);
1009 - EVT_PUSH(iph1->local, iph1->remote,
1010 - EVTT_PEER_DELETE, NULL);
1011 purge_ipsec_spi(iph1->remote, delete->proto_id,
1012 (u_int32_t *)(delete + 1), num_spi);
1014 @@ -1630,7 +1627,7 @@
1015 "DPD: remote (ISAKMP-SA spi=%s) seems to be dead.\n",
1016 isakmp_pindex(&iph1->index, 0));
1018 - EVT_PUSH(iph1->local, iph1->remote, EVTT_DPD_TIMEOUT, NULL);
1019 + evt_phase1(iph1, EVTT_PHASE1_DPD_TIMEOUT, NULL);
1022 /* Do not reschedule here: phase1 is deleted,
1023 Index: ipsec-tools-0.7.3/src/racoon/isakmp_var.h
1024 ===================================================================
1025 --- ipsec-tools-0.7.3.orig/src/racoon/isakmp_var.h 2007-02-20 10:08:49.000000000 +0100
1026 +++ ipsec-tools-0.7.3/src/racoon/isakmp_var.h 2010-03-28 17:07:57.000000000 +0200
1028 #define _ISAKMP_VAR_H
1031 +#include "policy.h"
1033 #define PORT_ISAKMP 500
1034 #define PORT_ISAKMP_NATT 4500
1036 struct isakmp_pl_nonce; /* XXX */
1038 extern int isakmp_handler __P((int));
1039 -extern int isakmp_ph1begin_i __P((struct remoteconf *, struct sockaddr *,
1040 - struct sockaddr *));
1041 +extern struct ph1handle *isakmp_ph1begin_i __P((struct remoteconf *,
1042 + struct sockaddr *, struct sockaddr *));
1044 extern vchar_t *isakmp_parsewoh __P((int, struct isakmp_gen *, int));
1045 extern vchar_t *isakmp_parse __P((vchar_t *));
1047 extern void isakmp_ph2delete_stub __P((void *));
1048 extern void isakmp_ph2delete __P((struct ph2handle *));
1050 +extern int isakmp_get_sainfo __P((struct ph2handle *, struct secpolicy *, struct secpolicy *));
1051 extern int isakmp_post_acquire __P((struct ph2handle *));
1052 extern int isakmp_post_getspi __P((struct ph2handle *));
1053 extern void isakmp_chkph1there_stub __P((void *));
1054 Index: ipsec-tools-0.7.3/src/racoon/isakmp_xauth.c
1055 ===================================================================
1056 --- ipsec-tools-0.7.3.orig/src/racoon/isakmp_xauth.c 2009-04-20 15:35:36.000000000 +0200
1057 +++ ipsec-tools-0.7.3/src/racoon/isakmp_xauth.c 2010-03-28 17:07:57.000000000 +0200
1058 @@ -1568,13 +1568,11 @@
1059 plog(LLV_ERROR, LOCATION, NULL,
1060 "Xauth authentication failed\n");
1062 - EVT_PUSH(iph1->local, iph1->remote,
1063 - EVTT_XAUTH_FAILED, NULL);
1064 + evt_phase1(iph1, EVTT_PHASE1_XAUTH_FAILED, NULL);
1066 iph1->mode_cfg->flags |= ISAKMP_CFG_DELETE_PH1;
1068 - EVT_PUSH(iph1->local, iph1->remote,
1069 - EVTT_XAUTH_SUCCESS, NULL);
1070 + evt_phase1(iph1, EVTT_PHASE1_XAUTH_SUCCESS, NULL);
1074 Index: ipsec-tools-0.7.3/src/racoon/pfkey.c
1075 ===================================================================
1076 --- ipsec-tools-0.7.3.orig/src/racoon/pfkey.c 2008-03-05 23:14:24.000000000 +0100
1077 +++ ipsec-tools-0.7.3/src/racoon/pfkey.c 2010-03-28 17:07:57.000000000 +0200
1079 #include "algorithm.h"
1083 #include "privsep.h"
1084 #include "strnames.h"
1085 #include "backupsa.h"
1086 @@ -1266,6 +1267,7 @@
1089 iph2->status = PHASE2ST_ESTABLISHED;
1090 + evt_phase2(iph2, EVTT_PHASE2_UP, NULL);
1093 gettimeofday(&iph2->end, NULL);
1094 @@ -1636,7 +1638,6 @@
1095 struct ph2handle *iph2[MAXNESTEDSA];
1096 struct sockaddr *src, *dst;
1097 int n; /* # of phase 2 handler */
1100 struct sadb_x_sec_ctx *m_sec_ctx;
1101 #endif /* HAVE_SECCTX */
1102 @@ -1825,63 +1826,11 @@
1106 - plog(LLV_DEBUG, LOCATION, NULL,
1107 - "new acquire %s\n", spidx2str(&sp_out->spidx));
1111 - vchar_t *idsrc, *iddst;
1113 - idsrc = ipsecdoi_sockaddr2id((struct sockaddr *)&sp_out->spidx.src,
1114 - sp_out->spidx.prefs, sp_out->spidx.ul_proto);
1115 - if (idsrc == NULL) {
1116 - plog(LLV_ERROR, LOCATION, NULL,
1117 - "failed to get ID for %s\n",
1118 - spidx2str(&sp_out->spidx));
1122 - iddst = ipsecdoi_sockaddr2id((struct sockaddr *)&sp_out->spidx.dst,
1123 - sp_out->spidx.prefd, sp_out->spidx.ul_proto);
1124 - if (iddst == NULL) {
1125 - plog(LLV_ERROR, LOCATION, NULL,
1126 - "failed to get ID for %s\n",
1127 - spidx2str(&sp_out->spidx));
1133 - struct remoteconf *conf;
1134 - conf = getrmconf(iph2[n]->dst);
1136 - remoteid=conf->ph1id;
1138 - plog(LLV_DEBUG, LOCATION, NULL, "Warning: no valid rmconf !\n");
1142 - iph2[n]->sainfo = getsainfo(idsrc, iddst, NULL, remoteid);
1145 - if (iph2[n]->sainfo == NULL) {
1146 - plog(LLV_ERROR, LOCATION, NULL,
1147 - "failed to get sainfo.\n");
1148 + if (isakmp_get_sainfo(iph2[n], sp_out, sp_in) < 0) {
1151 - /* XXX should use the algorithm list from register message */
1154 - plog(LLV_DEBUG, LOCATION, NULL,
1155 - "selected sainfo: %s\n", sainfo2str(iph2[n]->sainfo));
1158 - if (set_proposal_from_policy(iph2[n], sp_out, sp_in) < 0) {
1159 - plog(LLV_ERROR, LOCATION, NULL,
1160 - "failed to create saprop.\n");
1166 set_secctx_in_proposal(iph2[n], spidx);
1167 Index: ipsec-tools-0.7.3/src/racoon/racoonctl.c
1168 ===================================================================
1169 --- ipsec-tools-0.7.3.orig/src/racoon/racoonctl.c 2009-04-20 15:32:57.000000000 +0200
1170 +++ ipsec-tools-0.7.3/src/racoon/racoonctl.c 2010-03-28 17:07:57.000000000 +0200
1171 @@ -135,26 +135,24 @@
1175 - enum { UNSPEC, ERROR, INFO } level;
1177 - { EVTT_PHASE1_UP, "Phase 1 established", INFO },
1178 - { EVTT_PHASE1_DOWN, "Phase 1 deleted", INFO },
1179 - { EVTT_XAUTH_SUCCESS, "Xauth exchange passed", INFO },
1180 - { EVTT_ISAKMP_CFG_DONE, "ISAKMP mode config done", INFO },
1181 - { EVTT_PHASE2_UP, "Phase 2 established", INFO },
1182 - { EVTT_PHASE2_DOWN, "Phase 2 deleted", INFO },
1183 - { EVTT_DPD_TIMEOUT, "Peer not reachable anymore", ERROR },
1184 - { EVTT_PEER_NO_RESPONSE, "Peer not responding", ERROR },
1185 - { EVTT_PEER_DELETE, "Peer terminated security association", ERROR },
1186 - { EVTT_RACOON_QUIT, "Raccon terminated", ERROR },
1187 - { EVTT_OVERFLOW, "Event queue overflow", ERROR },
1188 - { EVTT_XAUTH_FAILED, "Xauth exchange failed", ERROR },
1189 - { EVTT_PEERPH1AUTH_FAILED, "Peer failed phase 1 authentication "
1190 - "(certificate problem?)", ERROR },
1191 - { EVTT_PEERPH1_NOPROP, "Peer failed phase 1 initiation "
1192 - "(proposal problem?)", ERROR },
1193 - { 0, NULL, UNSPEC },
1194 - { EVTT_NO_ISAKMP_CFG, "No need for ISAKMP mode config ", INFO },
1195 + { EVTT_RACOON_QUIT, "Racoon terminated" },
1197 + { EVTT_PHASE1_UP, "Phase 1 established" },
1198 + { EVTT_PHASE1_DOWN, "Phase 1 deleted" },
1199 + { EVTT_PHASE1_NO_RESPONSE, "Phase 1 error: peer not responding" },
1200 + { EVTT_PHASE1_NO_PROPOSAL, "Phase 1 error: no proposal chosen" },
1201 + { EVTT_PHASE1_AUTH_FAILED,
1202 + "Phase 1 error: authentication failed (bad certificate?)" },
1203 + { EVTT_PHASE1_DPD_TIMEOUT, "Phase 1 error: dead peer detected" },
1204 + { EVTT_PHASE1_MODE_CFG, "Phase 1 mode configuration done" },
1205 + { EVTT_PHASE1_XAUTH_SUCCESS, "Phase 1 Xauth succeeded" },
1206 + { EVTT_PHASE1_XAUTH_FAILED, "Phase 1 Xauth failed" },
1208 + { EVTT_PHASE2_NO_PHASE1, "Phase 2 error: no suitable phase 1" },
1209 + { EVTT_PHASE2_UP, "Phase 2 established" },
1210 + { EVTT_PHASE2_DOWN, "Phase 2 deleted" },
1211 + { EVTT_PHASE2_NO_RESPONSE, "Phase 2 error: no response" },
1214 static int get_proto __P((char *));
1216 { IPPROTO_ICMP, "icmp" },
1217 { IPPROTO_TCP, "tcp" },
1218 { IPPROTO_UDP, "udp" },
1219 + { IPPROTO_GRE, "gre" },
1223 @@ -193,31 +192,13 @@
1226 int long_format = 0;
1228 -#define EVTF_NONE 0x0000 /* Ignore any events */
1229 -#define EVTF_LOOP 0x0001 /* Loop awaiting for new events */
1230 -#define EVTF_CFG_STOP 0x0002 /* Stop after ISAKMP mode config */
1231 -#define EVTF_CFG 0x0004 /* Print ISAKMP mode config info */
1232 -#define EVTF_ALL 0x0008 /* Print any events */
1233 -#define EVTF_PURGE 0x0010 /* Print all available events */
1234 -#define EVTF_PH1DOWN_STOP 0x0020 /* Stop when phase 1 SA gets down */
1235 -#define EVTF_PH1DOWN 0x0040 /* Print that phase 1 SA got down */
1236 -#define EVTF_ERR 0x0080 /* Print any error */
1237 -#define EVTF_ERR_STOP 0x0100 /* Stop on any error */
1239 -int evt_filter = EVTF_NONE;
1241 +int evt_quit_event = 0;
1243 void dump_isakmp_sa __P((char *, int));
1244 void dump_internal __P((char *, int));
1245 char *pindex_isakmp __P((isakmp_index *));
1246 void print_schedule __P((caddr_t, int));
1247 -void print_evt __P((caddr_t, int));
1248 -void print_cfg __P((caddr_t, int));
1249 -void print_err __P((caddr_t, int));
1250 -void print_ph1down __P((caddr_t, int));
1251 -void print_ph1up __P((caddr_t, int));
1252 -int evt_poll __P((void));
1253 +void print_evt __P((struct evt_common *));
1254 char * fixed_addr __P((char *, char *, int));
1257 @@ -226,13 +207,15 @@
1260 " %s reload-config\n"
1261 +" %s show-schedule\n"
1262 " %s [-l [-l]] show-sa [protocol]\n"
1263 " %s flush-sa [protocol]\n"
1264 " %s delete-sa <saopts>\n"
1265 -" %s establish-sa [-u identity] <saopts>\n"
1266 +" %s establish-sa [-u identity] [-w] <saopts>\n"
1267 " %s vpn-connect [-u identity] vpn_gateway\n"
1268 " %s vpn-disconnect vpn_gateway\n"
1271 +" %s logout-user login\n""\n"
1272 " <protocol>: \"isakmp\", \"esp\" or \"ah\".\n"
1273 " In the case of \"show-sa\" or \"flush-sa\", you can use \"ipsec\".\n"
1276 " : {\"esp\",\"ah\"} <family> <src/prefixlen/port> <dst/prefixlen/port>\n"
1278 " <family>: \"inet\" or \"inet6\"\n"
1279 -" <ul_proto>: \"icmp\", \"tcp\", \"udp\" or \"any\"\n",
1280 - pname, pname, pname, pname, pname, pname, pname);
1281 +" <ul_proto>: \"icmp\", \"tcp\", \"udp\", \"gre\" or \"any\"\n",
1282 + pname, pname, pname, pname, pname, pname, pname, pname, pname, pname);
1286 @@ -312,53 +295,24 @@
1290 - if (com_recv(&combuf) != 0)
1292 - if (handle_recv(combuf) != 0)
1297 + if (com_recv(&combuf) != 0)
1299 + if (handle_recv(combuf) != 0)
1302 + } while (evt_quit_event != 0);
1304 - if (evt_filter != EVTF_NONE)
1305 - if (evt_poll() != 0)
1314 + if (errno == EEXIST)
1321 - struct timeval tv;
1325 - if ((sendbuf = f_getevt(0, NULL)) == NULL)
1326 - errx(1, "Cannot make combuf");
1329 - while (evt_filter & (EVTF_LOOP|EVTF_PURGE)) {
1330 - /* handle_recv closes the socket time, so open it each time */
1333 - if (com_send(sendbuf) != 0)
1334 - errx(1, "Cannot send combuf");
1336 - if (com_recv(&recvbuf) == 0) {
1337 - handle_recv(recvbuf);
1343 - (void)select(0, NULL, NULL, NULL, &tv);
1352 @@ -422,20 +376,8 @@
1354 struct admin_com *head;
1357 - * There are 3 ways of getting here
1358 - * 1) racoonctl vc => evt_filter = (EVTF_LOOP|EVTF_CFG| ... )
1359 - * 2) racoonctl es => evt_filter = EVTF_NONE
1360 - * 3) racoonctl es -l => evt_filter = EVTF_LOOP
1361 - * Catch the second case: show-event is here to purge all
1363 - if (evt_filter == EVTF_NONE)
1364 - evt_filter = (EVTF_ALL|EVTF_PURGE);
1366 - if ((ac >= 1) && (strcmp(av[0], "-l") == 0))
1367 - evt_filter |= EVTF_LOOP;
1370 + evt_quit_event = -1;
1372 errx(1, "too many arguments");
1374 buf = vmalloc(sizeof(*head));
1378 struct admin_com_psk *acp;
1382 errx(1, "insufficient arguments");
1383 @@ -673,6 +616,12 @@
1387 + if (ac >= 1 && strcmp(av[0], "-w") == 0) {
1395 errx(1, "insufficient arguments");
1396 @@ -687,12 +636,16 @@
1397 index = get_index(ac, av);
1401 + evt_quit_event = EVTT_PHASE1_MODE_CFG;
1403 case ADMIN_PROTO_AH:
1404 case ADMIN_PROTO_ESP:
1405 index = get_index(ac, av);
1409 + evt_quit_event = EVTT_PHASE2_UP;
1412 errno = EPROTONOSUPPORT;
1415 errx(1, "insufficient arguments");
1417 - evt_filter = (EVTF_LOOP|EVTF_CFG|EVTF_CFG_STOP|EVTF_ERR|EVTF_ERR_STOP);
1419 + evt_quit_event = EVTT_PHASE1_MODE_CFG;
1421 /* Optional -u identity */
1422 if (strcmp(av[0], "-u") == 0) {
1425 warnx("Extra arguments");
1428 - (EVTF_PH1DOWN|EVTF_PH1DOWN_STOP|EVTF_LOOP|EVTF_ERR|EVTF_ERR_STOP);
1429 + evt_quit_event = EVTT_PHASE1_DOWN;
1431 nav[nac++] = isakmp;
1433 @@ -1337,84 +1288,32 @@
1437 -print_evt(buf, len)
1441 + struct evt_common *evtdump;
1443 - struct evtdump *evtdump = (struct evtdump *)buf;
1448 - for (i = 0; evtmsg[i].msg; i++)
1449 - if (evtmsg[i].type == evtdump->type)
1452 - if (evtmsg[i].msg == NULL)
1453 - printf("Event %d: ", evtdump->type);
1454 + for (i = 0; i < sizeof(evtmsg) / sizeof(evtmsg[0]); i++)
1455 + if (evtmsg[i].type == evtdump->ec_type)
1458 + if (evtmsg[i].msg == NULL)
1459 + printf("Event %d: ", evtdump->ec_type);
1461 printf("%s : ", evtmsg[i].msg);
1463 - if ((srcstr = saddr2str((struct sockaddr *)&evtdump->src)) == NULL)
1464 + if ((srcstr = saddr2str((struct sockaddr *)&evtdump->ec_ph1src)) == NULL)
1467 printf("%s", srcstr);
1469 - if ((dststr = saddr2str((struct sockaddr *)&evtdump->dst)) == NULL)
1470 + if ((dststr = saddr2str((struct sockaddr *)&evtdump->ec_ph1dst)) == NULL)
1473 printf("%s", dststr);
1480 -print_err(buf, len)
1484 - struct evtdump *evtdump = (struct evtdump *)buf;
1488 - for (i = 0; evtmsg[i].msg; i++)
1489 - if (evtmsg[i].type == evtdump->type)
1492 - if (evtmsg[i].level != ERROR)
1495 - if (evtmsg[i].msg == NULL)
1496 - printf("Error: Event %d\n", evtdump->type);
1498 - printf("Error: %s\n", evtmsg[i].msg);
1500 - if (evt_filter & EVTF_ERR_STOP)
1501 - evt_filter &= ~EVTF_LOOP;
1507 - * Print a message when phase 1 SA goes down
1510 -print_ph1down(buf, len)
1514 - struct evtdump *evtdump = (struct evtdump *)buf;
1516 - if (evtdump->type != EVTT_PHASE1_DOWN)
1519 - printf("VPN connexion terminated\n");
1521 - if (evt_filter & EVTF_PH1DOWN_STOP)
1522 - evt_filter &= ~EVTF_LOOP;
1528 @@ -1425,15 +1324,14 @@
1532 - struct evtdump *evtdump = (struct evtdump *)buf;
1533 + struct evt_common *evtdump = (struct evt_common *)buf;
1534 struct isakmp_data *attr;
1535 char *banner = NULL;
1536 struct in_addr addr4;
1538 memset(&addr4, 0, sizeof(addr4));
1540 - if (evtdump->type != EVTT_ISAKMP_CFG_DONE &&
1541 - evtdump->type != EVTT_NO_ISAKMP_CFG)
1542 + if (evtdump->ec_type != EVTT_PHASE1_MODE_CFG)
1545 len -= sizeof(*evtdump);
1546 @@ -1487,7 +1385,7 @@
1550 - if (evtdump->type == EVTT_ISAKMP_CFG_DONE)
1552 printf("Bound to address %s\n", inet_ntoa(addr4));
1554 printf("VPN connexion established\n");
1555 @@ -1508,11 +1406,6 @@
1557 racoon_free(banner);
1560 - if (evt_filter & EVTF_CFG_STOP)
1561 - evt_filter &= ~EVTF_LOOP;
1567 @@ -1563,32 +1456,28 @@
1570 case ADMIN_SHOW_EVT: {
1571 - struct evtdump *evtdump;
1572 + struct evt_common *ec;
1574 - /* We got no event */
1576 - /* If we were purging the queue, it is now done */
1577 - if (evt_filter & EVTF_PURGE)
1578 - evt_filter &= ~EVTF_PURGE;
1579 + /* We got no event? */
1583 + if (len < sizeof(struct evt_common))
1584 + errx(1, "Short buffer\n");
1586 - if (len < sizeof(struct evtdump))
1587 - errx(1, "Short buffer\n");
1589 - /* Toss outdated events */
1590 - evtdump = (struct evtdump *)buf;
1591 - if (evtdump->timestamp < evt_start)
1594 - if (evt_filter & EVTF_ALL)
1595 - print_evt(buf, len);
1596 - if (evt_filter & EVTF_ERR)
1597 - print_err(buf, len);
1598 - if (evt_filter & EVTF_CFG)
1599 - print_cfg(buf, len);
1600 - if (evt_filter & EVTF_PH1DOWN)
1601 - print_ph1down(buf, len);
1602 + ec = (struct evt_common *) buf;
1603 + if (evt_quit_event <= 0)
1605 + else if (evt_quit_event == ec->ec_type) {
1606 + switch (ec->ec_type) {
1607 + case EVTT_PHASE1_MODE_CFG:
1608 + print_cfg(ec, len);
1614 + evt_quit_event = 0;
1619 @@ -1645,10 +1534,8 @@
1631 Index: ipsec-tools-0.7.3/src/racoon/session.c
1632 ===================================================================
1633 --- ipsec-tools-0.7.3.orig/src/racoon/session.c 2007-08-01 13:52:22.000000000 +0200
1634 +++ ipsec-tools-0.7.3/src/racoon/session.c 2010-03-28 17:07:57.000000000 +0200
1637 timeout = schedular();
1639 + nfds = evt_get_fdmask(nfds, &rfds);
1640 error = select(nfds, &rfds, (fd_set *)0, (fd_set *)0, timeout);
1644 (FD_ISSET(lcconf->sock_admin, &rfds)))
1647 + evt_handle_fdmask(&rfds);
1649 for (p = lcconf->myaddrs; p; p = p->next) {
1653 plog(LLV_INFO, LOCATION, NULL,
1654 "caught signal %d\n", sig);
1655 - EVT_PUSH(NULL, NULL, EVTT_RACOON_QUIT, NULL);
1656 + evt_generic(EVTT_RACOON_QUIT, NULL);
1657 pfkey_send_flush(lcconf->sock_pfkey,
1658 SADB_SATYPE_UNSPEC);
1659 #ifdef ENABLE_FASTQUIT