[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(racoon 631) generate_policy option and renegociation



Hi.

A few mponth ago, I reported a problem with generate_policy option
when renegociating phase2: the generated policy is found by racoon,
but it's lifetime is not updated, so it will be deleted when the old
IPSec SA expires.


Here is a quick patch which solves the problem.
There is probably a better/cleaner way to do that, but this patch is
very light, and it works :-)


I'm still having a look to try to solve the "unique" problem
(currently, it is not possible to generate an "unique" policy entry,,
which is a problem for me).



Yvan.
--- isakmp_quick.c.orig	Mon Aug  9 14:52:29 2004
+++ isakmp_quick.c	Mon Aug  9 14:53:42 2004
@@ -2031,6 +2031,20 @@
 			"no policy found: %s\n", spidx2str(&spidx));
 		return ISAKMP_INTERNAL_ERROR;
 	}
+	/* Refresh existing generated policies
+	 */
+	if (iph2->ph1->rmconf->gen_policy) {
+		plog(LLV_INFO, LOCATION, NULL,
+			 "Update the generated policy : %s\n",
+			 spidx2str(&spidx));
+		iph2->spidx_gen = racoon_malloc(sizeof(spidx));
+		if (!iph2->spidx_gen) {
+			plog(LLV_ERROR, LOCATION, NULL,
+				 "buffer allocation failed.\n");
+			return ISAKMP_INTERNAL_ERROR;
+		}
+		memcpy(iph2->spidx_gen, &spidx, sizeof(spidx));
+	}
 
 	/* get outbound policy */
     {