summaryrefslogtreecommitdiff
path: root/sbin/iked
diff options
context:
space:
mode:
authorMike Belopuhov <mikeb@cvs.openbsd.org>2012-05-30 09:39:36 +0000
committerMike Belopuhov <mikeb@cvs.openbsd.org>2012-05-30 09:39:36 +0000
commitf9cd2a2bc81d7782602c5ea41b55da945c6d1837 (patch)
treec5439cd371e7ccd9cf26899a0f61e1fe090de3a8 /sbin/iked
parentfdd072e80ce3563e1803e324d6493b4b33fc4262 (diff)
when changing peer's address in the SA, remove the old entry from the
tree before doing the actual change, otherwise we won't remove anything for real. also add the newly created SA to the peer's tree so that initiator timer will treat the ike policy as "in progress".
Diffstat (limited to 'sbin/iked')
-rw-r--r--sbin/iked/ikev2.c8
-rw-r--r--sbin/iked/policy.c6
2 files changed, 10 insertions, 4 deletions
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index 3d8720a1300..a478758bfc1 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ikev2.c,v 1.63 2012/05/30 09:18:13 mikeb Exp $ */
+/* $OpenBSD: ikev2.c,v 1.64 2012/05/30 09:39:35 mikeb Exp $ */
/* $vantronix: ikev2.c,v 1.101 2010/06/03 07:57:33 reyk Exp $ */
/*
@@ -788,6 +788,12 @@ ikev2_init_ike_sa_peer(struct iked *env, struct iked_policy *pol,
goto done;
}
+ memcpy(&sa->sa_polpeer, &pol->pol_peer, sizeof(sa->sa_polpeer));
+ if (RB_INSERT(iked_sapeers, &pol->pol_sapeers, sa)) {
+ log_debug("%s: conflicting sa", __func__);
+ goto done;
+ }
+
if ((ret = ikev2_msg_send(env, &req)) == 0)
sa_state(env, sa, IKEV2_STATE_SA_INIT);
diff --git a/sbin/iked/policy.c b/sbin/iked/policy.c
index c40a891ca5f..fe3aa1a0675 100644
--- a/sbin/iked/policy.c
+++ b/sbin/iked/policy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: policy.c,v 1.19 2011/05/02 12:39:18 mikeb Exp $ */
+/* $OpenBSD: policy.c,v 1.20 2012/05/30 09:39:35 mikeb Exp $ */
/* $vantronix: policy.c,v 1.29 2010/05/28 15:34:35 reyk Exp $ */
/*
@@ -384,10 +384,10 @@ sa_address(struct iked_sa *sa, struct iked_addr *addr,
}
if (addr == &sa->sa_peer) {
+ /* XXX Re-insert node into the tree */
+ RB_REMOVE(iked_sapeers, &pol->pol_sapeers, sa);
memcpy(&sa->sa_polpeer, initiator ? &pol->pol_peer :
&sa->sa_peer, sizeof(sa->sa_polpeer));
- /* XXX Re-insert node into the tree */
- (void)RB_REMOVE(iked_sapeers, &pol->pol_sapeers, sa);
RB_INSERT(iked_sapeers, &pol->pol_sapeers, sa);
}