diff options
| author | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2005-05-18 20:04:52 +0000 |
|---|---|---|
| committer | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2005-05-18 20:04:52 +0000 |
| commit | 9e8e9412c4f64f8801e97f853c7d384f8ebd6c95 (patch) | |
| tree | 131c24ad92df1c9db08f71f3081de4226d7dbab6 /sbin/isakmpd | |
| parent | 19a98f6a20910fba32c8f2d57c40768274ec45a6 (diff) | |
allow payload types 20 and 21 for nat-t
ok ho
Diffstat (limited to 'sbin/isakmpd')
| -rw-r--r-- | sbin/isakmpd/isakmp_num.cst | 16 | ||||
| -rw-r--r-- | sbin/isakmpd/message.c | 11 | ||||
| -rw-r--r-- | sbin/isakmpd/nat_traversal.c | 6 |
3 files changed, 18 insertions, 15 deletions
diff --git a/sbin/isakmpd/isakmp_num.cst b/sbin/isakmpd/isakmp_num.cst index 45d3963bc90..3ba74a281ba 100644 --- a/sbin/isakmpd/isakmp_num.cst +++ b/sbin/isakmpd/isakmp_num.cst @@ -1,4 +1,4 @@ -# $OpenBSD: isakmp_num.cst,v 1.10 2004/08/10 15:59:10 ho Exp $ +# $OpenBSD: isakmp_num.cst,v 1.11 2005/05/18 20:04:50 hshoexer Exp $ # $EOM: isakmp_num.cst,v 1.3 2000/05/17 03:09:50 angelos Exp $ # @@ -35,6 +35,7 @@ # these constants for validity checks? # ISAKMP payload type. +# see http://www.iana.org/assignments/isakmp-registry ISAKMP_PAYLOAD NONE 0 SA 1 @@ -50,21 +51,20 @@ ISAKMP_PAYLOAD NOTIFY 11 DELETE 12 VENDOR 13 -# XXX the following are not quite legitimate according to the IETF process ATTRIBUTE 14 # IKE Mode-Config attribute SAK 15 # RFC 3547, SA KEK Payload SAT 16 # RFC 3547, SA TEK Payload KD 17 # RFC 3547, Key Download SEQ 18 # RFC 3547, Sequence Number POP 19 # RFC 3547, Proof of possession - RESERVED_MIN 20 + NAT_D 20 # RFC 3947, NAT Discovery payload + NAT_OA 21 # RFC 394y, NAT Original Address payload + RESERVED_MIN 22 RESERVED_MAX 127 PRIVATE_MIN 128 -# XXX values from draft-ietf-ipsec-nat-t-ike-01,02,03. Later drafts specify -# XXX NAT_D as payload 15 and NAT_OA as 16, but these are allocated by RFC -# XXX 3547 as seen above. - NAT_D 130 # NAT Discovery payload - NAT_OA 131 # NAT Original Address payload +# values from draft-ietf-ipsec-nat-t-ike-01,02,03. + NAT_D_DRAFT 130 # NAT Discovery payload + NAT_OA_DRAFT 131 # NAT Original Address payload PRIVATE_MAX 255 . diff --git a/sbin/isakmpd/message.c b/sbin/isakmpd/message.c index 07a340fe963..061a6103f66 100644 --- a/sbin/isakmpd/message.c +++ b/sbin/isakmpd/message.c @@ -1,4 +1,4 @@ -/* $OpenBSD: message.c,v 1.108 2005/04/09 00:42:27 deraadt Exp $ */ +/* $OpenBSD: message.c,v 1.109 2005/05/18 20:04:51 hshoexer Exp $ */ /* $EOM: message.c,v 1.156 2000/10/10 12:36:39 provos Exp $ */ /* @@ -126,7 +126,8 @@ static u_int8_t payload_revmap[] = { ISAKMP_PAYLOAD_SAK, ISAKMP_PAYLOAD_SAT, ISAKMP_PAYLOAD_KD, ISAKMP_PAYLOAD_SEQ, ISAKMP_PAYLOAD_POP #endif - ISAKMP_PAYLOAD_NAT_D, ISAKMP_PAYLOAD_NAT_OA + ISAKMP_PAYLOAD_NAT_D, ISAKMP_PAYLOAD_NAT_OA, + ISAKMP_PAYLOAD_NAT_D_DRAFT, ISAKMP_PAYLOAD_NAT_OA_DRAFT }; static u_int8_t payload_map[256]; @@ -336,8 +337,8 @@ message_parse_payloads(struct message *msg, struct payload *p, u_int8_t next, } /* Ignore most private payloads. */ if (next >= ISAKMP_PAYLOAD_PRIVATE_MIN && - next != ISAKMP_PAYLOAD_NAT_D && - next != ISAKMP_PAYLOAD_NAT_OA) { + next != ISAKMP_PAYLOAD_NAT_D_DRAFT && + next != ISAKMP_PAYLOAD_NAT_OA_DRAFT) { LOG_DBG((LOG_MESSAGE, 30, "message_parse_payloads: " "private next payload type %s in payload of " "type %d ignored", @@ -445,8 +446,10 @@ message_payload_sz(u_int8_t payload) case ISAKMP_PAYLOAD_ATTRIBUTE: return ISAKMP_ATTRIBUTE_SZ; case ISAKMP_PAYLOAD_NAT_D: + case ISAKMP_PAYLOAD_NAT_D_DRAFT: return ISAKMP_NAT_D_SZ; case ISAKMP_PAYLOAD_NAT_OA: + case ISAKMP_PAYLOAD_NAT_OA_DRAFT: return ISAKMP_NAT_OA_SZ; /* Not yet supported and any other unknown payloads. */ case ISAKMP_PAYLOAD_SAK: diff --git a/sbin/isakmpd/nat_traversal.c b/sbin/isakmpd/nat_traversal.c index 9fc341a0305..a94c1b8e6d6 100644 --- a/sbin/isakmpd/nat_traversal.c +++ b/sbin/isakmpd/nat_traversal.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nat_traversal.c,v 1.13 2005/04/08 22:32:10 cloder Exp $ */ +/* $OpenBSD: nat_traversal.c,v 1.14 2005/05/18 20:04:51 hshoexer Exp $ */ /* * Copyright (c) 2004 Håkan Olsson. All rights reserved. @@ -290,7 +290,7 @@ nat_t_add_nat_d(struct message *msg, struct sockaddr *sa) memcpy(buf + ISAKMP_NAT_D_DATA_OFF, hbuf, hbuflen); free(hbuf); - if (message_add_payload(msg, ISAKMP_PAYLOAD_NAT_D, buf, buflen, 1)) { + if (message_add_payload(msg, ISAKMP_PAYLOAD_NAT_D_DRAFT, buf, buflen, 1)) { free(buf); return -1; } @@ -327,7 +327,7 @@ nat_t_match_nat_d_payload(struct message *msg, struct sockaddr *sa) * If there are no NAT-D payloads in the message, return "found" * as this will avoid NAT-T (see nat_t_exchange_check_nat_d()). */ - p = payload_first(msg, ISAKMP_PAYLOAD_NAT_D); + p = payload_first(msg, ISAKMP_PAYLOAD_NAT_D_DRAFT); if (!p) return 1; |