diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2015-10-19 11:25:36 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2015-10-19 11:25:36 +0000 |
| commit | 0050716dcb97461cd5e99705a2a4449d85f27b0a (patch) | |
| tree | 8a27cabb17ce6397a162fd8a3a6dead147174620 /sbin/iked/ikev2_msg.c | |
| parent | e1e8afedca181afde388423dd27e22111982692e (diff) | |
Remove the ikev1 stub - Since I started iked, it has an empty privsep
process for ISAKMP+IKEv1. I kept it to let somebody either contribute
the old protocol one day, I never intended to implement IKEv1 myself,
or to add a new kind of pipe to isakmpd to hand off IKEv1 messages.
As IKEv2 is widely supported by all major OS and networking vendors
now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is
still possible to use isakmpd for legacy VPNs.
OK mikeb@
Diffstat (limited to 'sbin/iked/ikev2_msg.c')
| -rw-r--r-- | sbin/iked/ikev2_msg.c | 49 |
1 files changed, 34 insertions, 15 deletions
diff --git a/sbin/iked/ikev2_msg.c b/sbin/iked/ikev2_msg.c index fa9d678641a..3fe71563752 100644 --- a/sbin/iked/ikev2_msg.c +++ b/sbin/iked/ikev2_msg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2_msg.c,v 1.44 2015/10/15 18:40:38 mmcc Exp $ */ +/* $OpenBSD: ikev2_msg.c,v 1.45 2015/10/19 11:25:35 reyk Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> @@ -43,6 +43,7 @@ #include "eap.h" #include "dh.h" +void ikev1_recv(struct iked *, struct iked_message *); void ikev2_msg_response_timeout(struct iked *, void *); void ikev2_msg_retransmit_timeout(struct iked *, void *); @@ -57,7 +58,6 @@ ikev2_msg_cb(int fd, short event, void *arg) uint8_t buf[IKED_MSGBUF_MAX]; ssize_t len; off_t off; - struct iovec iov[2]; bzero(&msg, sizeof(msg)); bzero(buf, sizeof(buf)); @@ -89,25 +89,44 @@ ikev2_msg_cb(int fd, short event, void *arg) if ((msg.msg_data = ibuf_new(buf + off, len - off)) == NULL) return; - if (hdr.ike_version == IKEV1_VERSION) { - iov[0].iov_base = &msg; - iov[0].iov_len = sizeof(msg); - iov[1].iov_base = buf; - iov[1].iov_len = len; - - proc_composev_imsg(&env->sc_ps, PROC_IKEV1, -1, - IMSG_IKE_MESSAGE, -1, iov, 2); - goto done; - } TAILQ_INIT(&msg.msg_proposals); - msg.msg_fd = fd; - ikev2_recv(env, &msg); - done: + if (hdr.ike_version == IKEV1_VERSION) + ikev1_recv(env, &msg); + else + ikev2_recv(env, &msg); + ikev2_msg_cleanup(env, &msg); } +void +ikev1_recv(struct iked *env, struct iked_message *msg) +{ + struct ike_header *hdr; + + if (ibuf_size(msg->msg_data) <= sizeof(*hdr)) { + log_debug("%s: short message", __func__); + return; + } + + hdr = (struct ike_header *)ibuf_data(msg->msg_data); + + log_debug("%s: header ispi %s rspi %s" + " nextpayload %u version 0x%02x exchange %u flags 0x%02x" + " msgid %u length %u", __func__, + print_spi(betoh64(hdr->ike_ispi), 8), + print_spi(betoh64(hdr->ike_rspi), 8), + hdr->ike_nextpayload, + hdr->ike_version, + hdr->ike_exchange, + hdr->ike_flags, + betoh32(hdr->ike_msgid), + betoh32(hdr->ike_length)); + + log_debug("%s: IKEv1 not supported", __func__); +} + struct ibuf * ikev2_msg_init(struct iked *env, struct iked_message *msg, struct sockaddr_storage *peer, socklen_t peerlen, |