diff options
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r-- | sbin/isakmpd/Makefile | 14 | ||||
-rw-r--r-- | sbin/isakmpd/exchange.c | 20 | ||||
-rw-r--r-- | sbin/isakmpd/features/aggressive | 32 | ||||
-rw-r--r-- | sbin/isakmpd/features/dpd | 27 | ||||
-rw-r--r-- | sbin/isakmpd/features/isakmp_cfg | 31 | ||||
-rw-r--r-- | sbin/isakmpd/ike_phase_1.c | 8 | ||||
-rw-r--r-- | sbin/isakmpd/ipsec.c | 22 | ||||
-rw-r--r-- | sbin/isakmpd/ipsec.h | 6 | ||||
-rw-r--r-- | sbin/isakmpd/isakmp_doi.c | 4 | ||||
-rw-r--r-- | sbin/isakmpd/message.c | 16 | ||||
-rw-r--r-- | sbin/isakmpd/message.h | 4 | ||||
-rw-r--r-- | sbin/isakmpd/sa.c | 8 | ||||
-rw-r--r-- | sbin/isakmpd/sa.h | 4 |
13 files changed, 17 insertions, 179 deletions
diff --git a/sbin/isakmpd/Makefile b/sbin/isakmpd/Makefile index 9db0922e988..769682ebb4d 100644 --- a/sbin/isakmpd/Makefile +++ b/sbin/isakmpd/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.65 2005/04/08 16:41:54 deraadt Exp $ +# $OpenBSD: Makefile,v 1.66 2005/04/08 16:52:41 deraadt Exp $ # $EOM: Makefile,v 1.78 2000/10/15 21:33:42 niklas Exp $ # @@ -44,10 +44,10 @@ OS= openbsd #OS= bsdi # Compile-time configuration of otherwise optional features -#FEATURES+= policy aggressive debug gmp -#FEATURES+= rawkey isakmp_cfg dnssec dpd -FEATURES+= policy aggressive debug -FEATURES+= rawkey isakmp_cfg dpd +#FEATURES+= policy debug gmp +#FEATURES+= rawkey dnssec +FEATURES+= policy debug +FEATURES+= rawkey .PATH: ${.CURDIR}/sysdep/${OS} @@ -150,8 +150,8 @@ LDADD+= -ldes DPADD+= ${LIBDES} .endif -SRCS+= ${IPSEC_SRCS} ${POLICY} math_ec2n.c ${AGGRESSIVE} ${DNSSEC} \ - ${ISAKMP_CFG} ${DPD} monitor.c monitor_fdpass.c \ +SRCS+= ${IPSEC_SRCS} ${POLICY} math_ec2n.c ${DNSSEC} \ + ike_aggressive.c isakmp_cfg.c dpd.c monitor.c monitor_fdpass.c \ nat_traversal.c udp_encap.c CFLAGS+= ${IPSEC_CFLAGS} ${DNSSEC_CFLAGS} diff --git a/sbin/isakmpd/exchange.c b/sbin/isakmpd/exchange.c index c8270dbf8e5..58ad0770537 100644 --- a/sbin/isakmpd/exchange.c +++ b/sbin/isakmpd/exchange.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exchange.c,v 1.114 2005/04/08 16:37:14 deraadt Exp $ */ +/* $OpenBSD: exchange.c,v 1.115 2005/04/08 16:52:41 deraadt Exp $ */ /* $EOM: exchange.c,v 1.143 2000/12/04 00:02:25 angelos Exp $ */ /* @@ -50,9 +50,7 @@ #include "exchange.h" #include "ipsec_num.h" #include "isakmp.h" -#ifdef USE_ISAKMP_CFG #include "isakmp_cfg.h" -#endif #include "libcrypto.h" #include "log.h" #include "message.h" @@ -142,7 +140,6 @@ int16_t script_authentication_only[] = { EXCHANGE_SCRIPT_END }; -#ifdef USE_AGGRESSIVE int16_t script_aggressive[] = { ISAKMP_PAYLOAD_SA, /* Initiator -> responder. */ ISAKMP_PAYLOAD_KEY_EXCH, @@ -158,7 +155,6 @@ int16_t script_aggressive[] = { EXCHANGE_SCRIPT_AUTH, /* Initiator -> responder. */ EXCHANGE_SCRIPT_END }; -#endif /* USE_AGGRESSIVE */ int16_t script_informational[] = { EXCHANGE_SCRIPT_INFO, /* Initiator -> responder. */ @@ -179,16 +175,12 @@ exchange_script(struct exchange *exchange) return script_identity_protection; case ISAKMP_EXCH_AUTH_ONLY: return script_authentication_only; -#ifdef USE_AGGRESSIVE case ISAKMP_EXCH_AGGRESSIVE: return script_aggressive; -#endif case ISAKMP_EXCH_INFO: return script_informational; -#ifdef USE_ISAKMP_CFG case ISAKMP_EXCH_TRANSACTION: return script_transaction; -#endif default: if (exchange->type >= ISAKMP_EXCH_DOI_MIN) return exchange->doi->exchange_script(exchange->type); @@ -710,7 +702,6 @@ exchange_add_finalization(struct exchange *exchange, exchange->finalize_arg = node; } -#ifdef USE_ISAKMP_CFG static void exchange_establish_transaction(struct exchange *exchange, void *arg, int fail) { @@ -725,7 +716,6 @@ exchange_establish_transaction(struct exchange *exchange, void *arg, int fail) free(node); } -#endif /* USE_ISAKMP_CFG */ /* Establish a phase 1 exchange. */ void @@ -735,10 +725,8 @@ exchange_establish_p1(struct transport *t, u_int8_t type, u_int32_t doi, { struct exchange *exchange; struct message *msg; -#ifdef USE_ISAKMP_CFG struct conf_list *flags; struct conf_list_node *flag; -#endif char *tag = 0; char *str; @@ -802,7 +790,6 @@ exchange_establish_p1(struct transport *t, u_int8_t type, u_int32_t doi, if (!exchange->policy && name) exchange->policy = CONF_DFLT_TAG_PHASE1_CONFIG; -#ifdef USE_ISAKMP_CFG if (name && (flags = conf_get_list(name, "Flags")) != NULL) { for (flag = TAILQ_FIRST(&flags->fields); flag; flag = TAILQ_NEXT(flag, link)) @@ -831,7 +818,6 @@ exchange_establish_p1(struct transport *t, u_int8_t type, u_int32_t doi, } conf_free_list(flags); } -#endif /* USE_ISAKMP_CFG */ exchange_add_finalization(exchange, finalize, arg); cookie_gen(t, exchange, exchange->cookies, ISAKMP_HDR_ICOOKIE_LEN); @@ -988,10 +974,8 @@ exchange_setup_p1(struct message *msg, u_int32_t doi) struct transport *t = msg->transport; struct exchange *exchange; struct sockaddr *dst; -#ifdef USE_ISAKMP_CFG struct conf_list *flags; struct conf_list_node *flag; -#endif char *name = 0, *policy = 0, *str; u_int32_t want_doi; u_int8_t type; @@ -1083,7 +1067,6 @@ exchange_setup_p1(struct message *msg, u_int32_t doi) } exchange->policy = policy; -#ifdef USE_ISAKMP_CFG if (name && (flags = conf_get_list(name, "Flags")) != NULL) { for (flag = TAILQ_FIRST(&flags->fields); flag; flag = TAILQ_NEXT(flag, link)) @@ -1111,7 +1094,6 @@ exchange_setup_p1(struct message *msg, u_int32_t doi) } conf_free_list(flags); } -#endif cookie_gen(msg->transport, exchange, exchange->cookies + ISAKMP_HDR_ICOOKIE_LEN, ISAKMP_HDR_RCOOKIE_LEN); diff --git a/sbin/isakmpd/features/aggressive b/sbin/isakmpd/features/aggressive deleted file mode 100644 index 945678c53a6..00000000000 --- a/sbin/isakmpd/features/aggressive +++ /dev/null @@ -1,32 +0,0 @@ -# $OpenBSD: aggressive,v 1.4 2003/06/03 14:29:41 ho Exp $ -# $EOM: aggressive,v 1.3 2000/02/20 16:38:15 niklas Exp $ - -# -# Copyright (c) 2000 Niklas Hallqvist. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# - -# -# This code was written under funding by Wireless Networks Inc. -# - -AGGRESSIVE= ike_aggressive.c diff --git a/sbin/isakmpd/features/dpd b/sbin/isakmpd/features/dpd deleted file mode 100644 index 155ce682407..00000000000 --- a/sbin/isakmpd/features/dpd +++ /dev/null @@ -1,27 +0,0 @@ -# $OpenBSD: dpd,v 1.1 2004/06/20 15:20:07 ho Exp $ - -# -# Copyright (c) 2004 Håkan Olsson. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# - -DPD= dpd.c diff --git a/sbin/isakmpd/features/isakmp_cfg b/sbin/isakmpd/features/isakmp_cfg deleted file mode 100644 index 55710fcfa84..00000000000 --- a/sbin/isakmpd/features/isakmp_cfg +++ /dev/null @@ -1,31 +0,0 @@ -# $OpenBSD: isakmp_cfg,v 1.2 2003/06/03 14:29:41 ho Exp $ - -# -# Copyright (c) 2001 Niklas Hallqvist. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# - -# -# This code was written under funding by Gatespace (http://www.gatespace.com/). -# - -ISAKMP_CFG= isakmp_cfg.c diff --git a/sbin/isakmpd/ike_phase_1.c b/sbin/isakmpd/ike_phase_1.c index 8c56ec7fa11..937e4c386fd 100644 --- a/sbin/isakmpd/ike_phase_1.c +++ b/sbin/isakmpd/ike_phase_1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_phase_1.c,v 1.60 2005/04/08 16:37:14 deraadt Exp $ */ +/* $OpenBSD: ike_phase_1.c,v 1.61 2005/04/08 16:52:41 deraadt Exp $ */ /* $EOM: ike_phase_1.c,v 1.31 2000/12/11 23:47:56 niklas Exp $ */ /* @@ -45,9 +45,7 @@ #include "crypto.h" #include "dh.h" #include "doi.h" -#ifdef USE_DPD #include "dpd.h" -#endif #include "exchange.h" #include "hash.h" #include "ike_auth.h" @@ -366,11 +364,9 @@ ike_phase_1_initiator_send_SA(struct message *msg) if (nat_t_add_vendor_payloads(msg)) goto bail_out; -#if defined (USE_DPD) /* Advertise DPD capability. */ if (dpd_add_vendor_payload(msg)) goto bail_out; -#endif conf_free_list(conf); free(transform); @@ -528,11 +524,9 @@ ike_phase_1_responder_send_SA(struct message *msg) if (nat_t_add_vendor_payloads(msg)) return -1; -#if defined (USE_DPD) /* Advertise DPD capability. */ if (dpd_add_vendor_payload(msg)) return -1; -#endif return 0; } diff --git a/sbin/isakmpd/ipsec.c b/sbin/isakmpd/ipsec.c index ef54cfe8161..32be08d061a 100644 --- a/sbin/isakmpd/ipsec.c +++ b/sbin/isakmpd/ipsec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec.c,v 1.114 2005/04/08 16:37:14 deraadt Exp $ */ +/* $OpenBSD: ipsec.c,v 1.115 2005/04/08 16:52:41 deraadt Exp $ */ /* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */ /* @@ -47,9 +47,7 @@ #include "crypto.h" #include "dh.h" #include "doi.h" -#if defined (USE_DPD) #include "dpd.h" -#endif #include "exchange.h" #include "hash.h" #include "ike_aggressive.h" @@ -592,9 +590,7 @@ static void ipsec_free_exchange_data(void *vie) { struct ipsec_exch *ie = vie; -#ifdef USE_ISAKMP_CFG struct isakmp_cfg_attr *attr; -#endif if (ie->sa_i_b) free(ie->sa_i_b); @@ -622,7 +618,6 @@ ipsec_free_exchange_data(void *vie) free(ie->hash_r); if (ie->group) group_free(ie->group); -#ifdef USE_ISAKMP_CFG for (attr = LIST_FIRST(&ie->attrs); attr; attr = LIST_FIRST(&ie->attrs)) { LIST_REMOVE(attr, link); @@ -630,7 +625,6 @@ ipsec_free_exchange_data(void *vie) free(attr->value); free(attr); } -#endif } /* Free the DOI-specific SA data pointed to by VISA. */ @@ -670,10 +664,8 @@ static int16_t * ipsec_exchange_script(u_int8_t type) { switch (type) { -#ifdef USE_ISAKMP_CFG - case ISAKMP_EXCH_TRANSACTION: + case ISAKMP_EXCH_TRANSACTION: return script_transaction; -#endif case IKE_EXCH_QUICK_MODE: return script_quick_mode; case IKE_EXCH_NEW_GROUP_MODE: @@ -923,16 +915,12 @@ ipsec_initiator(struct message *msg) case ISAKMP_EXCH_ID_PROT: script = ike_main_mode_initiator; break; -#ifdef USE_AGGRESSIVE case ISAKMP_EXCH_AGGRESSIVE: script = ike_aggressive_initiator; break; -#endif -#ifdef USE_ISAKMP_CFG case ISAKMP_EXCH_TRANSACTION: script = isakmp_cfg_initiator; break; -#endif case ISAKMP_EXCH_INFO: return message_send_info(msg); case IKE_EXCH_QUICK_MODE: @@ -1020,16 +1008,12 @@ ipsec_responder(struct message *msg) case ISAKMP_EXCH_ID_PROT: script = ike_main_mode_responder; break; -#ifdef USE_AGGRESSIVE case ISAKMP_EXCH_AGGRESSIVE: script = ike_aggressive_responder; break; -#endif -#ifdef USE_ISAKMP_CFG case ISAKMP_EXCH_TRANSACTION: script = isakmp_cfg_responder; break; -#endif case ISAKMP_EXCH_INFO: for (p = payload_first(msg, ISAKMP_PAYLOAD_NOTIFY); p; p = TAILQ_NEXT(p, link)) { @@ -1043,12 +1027,10 @@ ipsec_responder(struct message *msg) /* Handled by leftover logic. */ break; -#if defined (USE_DPD) case ISAKMP_NOTIFY_STATUS_DPD_R_U_THERE: case ISAKMP_NOTIFY_STATUS_DPD_R_U_THERE_ACK: dpd_handle_notify(msg, p); break; -#endif default: p->flags |= PL_MARK; diff --git a/sbin/isakmpd/ipsec.h b/sbin/isakmpd/ipsec.h index 1b3c9963c1f..0dc74dee49f 100644 --- a/sbin/isakmpd/ipsec.h +++ b/sbin/isakmpd/ipsec.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec.h,v 1.24 2004/05/23 18:17:56 hshoexer Exp $ */ +/* $OpenBSD: ipsec.h,v 1.25 2005/04/08 16:52:41 deraadt Exp $ */ /* $EOM: ipsec.h,v 1.42 2000/12/03 07:58:20 angelos Exp $ */ /* @@ -39,9 +39,7 @@ #include <netinet/in.h> #include "ipsec_doi.h" -#ifdef USE_ISAKMP_CFG #include "isakmp_cfg.h" -#endif struct group; struct hash; @@ -99,12 +97,10 @@ struct ipsec_exch { u_int8_t *id_cr; size_t id_cr_sz; -#ifdef USE_ISAKMP_CFG /* ISAKMP configuration mode parameters */ u_int16_t cfg_id; u_int16_t cfg_type; LIST_HEAD(isakmp_cfg_attr_head, isakmp_cfg_attr) attrs; -#endif }; #define IPSEC_EXCH_FLAG_NO_ID 1 diff --git a/sbin/isakmpd/isakmp_doi.c b/sbin/isakmpd/isakmp_doi.c index 2fc8c1dab4c..b819f768a2c 100644 --- a/sbin/isakmpd/isakmp_doi.c +++ b/sbin/isakmpd/isakmp_doi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: isakmp_doi.c,v 1.22 2004/06/20 17:17:35 ho Exp $ */ +/* $OpenBSD: isakmp_doi.c,v 1.23 2005/04/08 16:52:41 deraadt Exp $ */ /* $EOM: isakmp_doi.c,v 1.42 2000/09/12 16:29:41 ho Exp $ */ /* @@ -247,10 +247,8 @@ isakmp_responder(struct message *msg) } return 0; -#ifdef USE_ISAKMP_CFG case ISAKMP_EXCH_TRANSACTION: /* return 0 isakmp_cfg_responder (msg); */ -#endif /* USE_ISAKMP_CFG */ default: /* XXX So far we don't accept any proposals. */ diff --git a/sbin/isakmpd/message.c b/sbin/isakmpd/message.c index ddfd567be05..1ca73aaa607 100644 --- a/sbin/isakmpd/message.c +++ b/sbin/isakmpd/message.c @@ -1,4 +1,4 @@ -/* $OpenBSD: message.c,v 1.103 2005/04/08 16:37:14 deraadt Exp $ */ +/* $OpenBSD: message.c,v 1.104 2005/04/08 16:52:41 deraadt Exp $ */ /* $EOM: message.c,v 1.156 2000/10/10 12:36:39 provos Exp $ */ /* @@ -45,9 +45,7 @@ #include "constants.h" #include "crypto.h" #include "doi.h" -#ifdef USE_DPD #include "dpd.h" -#endif #include "exchange.h" #include "field.h" #include "hash.h" @@ -476,7 +474,6 @@ message_payload_sz(u_int8_t payload) static int message_validate_attribute(struct message *msg, struct payload *p) { -#ifdef USE_ISAKMP_CFG /* If we don't have an exchange yet, create one. */ if (!msg->exchange) { if (zero_test((u_int8_t *) msg->iov[0].iov_base + @@ -493,7 +490,6 @@ message_validate_attribute(struct message *msg, struct payload *p) return -1; } } -#endif return 0; } @@ -1099,9 +1095,7 @@ message_validate_vendor(struct message *msg, struct payload *p) message_drop(msg, ISAKMP_NOTIFY_INVALID_PAYLOAD_TYPE, 0, 1, 1); return -1; } -#if defined (USE_DPD) dpd_check_vendor_payload(msg, p); -#endif nat_t_check_vendor_payload(msg, p); if (!(p->flags & PL_MARK)) LOG_DBG((LOG_MESSAGE, 40, "message_validate_vendor: " @@ -1644,13 +1638,11 @@ struct info_args { u_int16_t nspis; u_int8_t *spis; } d; -#if defined (USE_DPD) struct { u_int16_t msg_type; u_int8_t *spi; u_int32_t seq; } dpd; -#endif } u; }; @@ -1723,7 +1715,6 @@ message_send_delete(struct sa *sa) } } -#if defined (USE_DPD) void message_send_dpd_notify(struct sa* isakmp_sa, u_int16_t notify, u_int32_t seq) { @@ -1739,7 +1730,6 @@ message_send_dpd_notify(struct sa* isakmp_sa, u_int16_t notify, u_int32_t seq) exchange_establish_p2(isakmp_sa, ISAKMP_EXCH_INFO, 0, &args, 0, 0); } -#endif /* Build the informational message into MSG. */ int @@ -1756,11 +1746,9 @@ message_send_info(struct message *msg) return -1; switch (args->discr) { -#if defined (USE_DPD) case 'P': sz = sizeof args->u.dpd.seq; /* FALLTHROUGH */ -#endif case 'N': sz += ISAKMP_NOTIFY_SPI_OFF + args->spi_sz; break; @@ -1778,12 +1766,10 @@ message_send_info(struct message *msg) return -1; } switch (args->discr) { -#if defined (USE_DPD) case 'P': memcpy(buf + ISAKMP_NOTIFY_SPI_OFF + args->spi_sz, &args->u.dpd.seq, sizeof args->u.dpd.seq); /* FALLTHROUGH */ -#endif case 'N': /* Build the NOTIFY payload. */ payload = ISAKMP_PAYLOAD_NOTIFY; diff --git a/sbin/isakmpd/message.h b/sbin/isakmpd/message.h index 14b1d9a9977..f7b15d8d09f 100644 --- a/sbin/isakmpd/message.h +++ b/sbin/isakmpd/message.h @@ -1,4 +1,4 @@ -/* $OpenBSD: message.h,v 1.22 2004/08/10 15:59:10 ho Exp $ */ +/* $OpenBSD: message.h,v 1.23 2005/04/08 16:52:41 deraadt Exp $ */ /* $EOM: message.h,v 1.51 2000/10/10 12:36:39 provos Exp $ */ /* @@ -198,8 +198,6 @@ extern void message_setup_header(struct message *, u_int8_t, u_int8_t, struct payload *payload_first(struct message *, u_int8_t); struct payload *payload_last(struct message *, u_int8_t); -#if defined (USE_DPD) extern void message_send_dpd_notify(struct sa*, u_int16_t, u_int32_t); -#endif #endif /* _MESSAGE_H_ */ diff --git a/sbin/isakmpd/sa.c b/sbin/isakmpd/sa.c index a7562298677..a09ac8c07ec 100644 --- a/sbin/isakmpd/sa.c +++ b/sbin/isakmpd/sa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sa.c,v 1.94 2005/04/08 16:37:15 deraadt Exp $ */ +/* $OpenBSD: sa.c,v 1.95 2005/04/08 16:52:41 deraadt Exp $ */ /* $EOM: sa.c,v 1.112 2000/12/12 00:22:52 niklas Exp $ */ /* @@ -723,12 +723,10 @@ sa_free(struct sa *sa) sa->soft_death = 0; sa->refcnt--; } -#if defined (USE_DPD) if (sa->dpd_event) { timer_remove_event(sa->dpd_event); sa->dpd_event = 0; } -#endif sa_remove(sa); } @@ -801,10 +799,8 @@ sa_release(struct sa *sa) free(sa->keystate); if (sa->nat_t_keepalive) timer_remove_event(sa->nat_t_keepalive); -#if defined (USE_DPD) if (sa->dpd_event) timer_remove_event(sa->dpd_event); -#endif if (sa->transport) transport_release(sa->transport); free(sa); @@ -1185,12 +1181,10 @@ sa_mark_replaced(struct sa *sa) { LOG_DBG((LOG_SA, 60, "sa_mark_replaced: SA %p (%s) marked as replaced", sa, sa->name ? sa->name : "unnamed")); -#if defined (USE_DPD) if (sa->dpd_event) { timer_remove_event(sa->dpd_event); sa->dpd_event = 0; } -#endif sa->flags |= SA_FLAG_REPLACED; } diff --git a/sbin/isakmpd/sa.h b/sbin/isakmpd/sa.h index 836df87401b..80a4cc1d448 100644 --- a/sbin/isakmpd/sa.h +++ b/sbin/isakmpd/sa.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sa.h,v 1.45 2005/04/08 16:37:15 deraadt Exp $ */ +/* $OpenBSD: sa.h,v 1.46 2005/04/08 16:52:41 deraadt Exp $ */ /* $EOM: sa.h,v 1.58 2000/10/10 12:39:01 provos Exp $ */ /* @@ -203,14 +203,12 @@ struct sa { struct event *nat_t_keepalive; -#if defined (USE_DPD) /* IKE DPD (RFC3706) message sequence number. */ u_int32_t dpd_seq; /* sent */ u_int32_t dpd_rseq; /* recieved */ u_int32_t dpd_failcount; /* # of subsequent failures */ u_int32_t dpd_rdupcount; /* # of subsequent duplicates */ struct event *dpd_event; /* time of next event */ -#endif }; /* This SA is alive. */ |