aboutsummaryrefslogtreecommitdiffstats
path: root/extra/ipsec-tools/60-debug-quick.patch
diff options
context:
space:
mode:
Diffstat (limited to 'extra/ipsec-tools/60-debug-quick.patch')
-rw-r--r--extra/ipsec-tools/60-debug-quick.patch211
1 files changed, 0 insertions, 211 deletions
diff --git a/extra/ipsec-tools/60-debug-quick.patch b/extra/ipsec-tools/60-debug-quick.patch
deleted file mode 100644
index a5c3346ee9..0000000000
--- a/extra/ipsec-tools/60-debug-quick.patch
+++ /dev/null
@@ -1,211 +0,0 @@
-debugging prints for quick mode errors
-
-From: Timo Teras <timo.teras@iki.fi>
-
-
----
-
- src/racoon/isakmp.c | 21 ++++++++++++++-------
- src/racoon/isakmp_quick.c | 46 ++++++++++++++++++++++++++++++++++++++-------
- 2 files changed, 53 insertions(+), 14 deletions(-)
-
-
-diff --git a/src/racoon/isakmp.c b/src/racoon/isakmp.c
-index 2dfda2f..87ce598 100644
---- a/src/racoon/isakmp.c
-+++ b/src/racoon/isakmp.c
-@@ -817,7 +817,8 @@ ph1_main(iph1, msg)
-
- if (iph1->side == RESPONDER && iph1->status == PHASE1ST_START) {
- plog(LLV_ERROR, LOCATION, iph1->remote,
-- "failed to pre-process packet.\n");
-+ "failed to pre-process ph1 packet (side: %d, status %d).\n",
-+ iph1->side, iph1->status);
- return -1;
- } else {
- /* ignore the error and keep phase 1 handler */
-@@ -845,7 +846,8 @@ ph1_main(iph1, msg)
- [iph1->side]
- [iph1->status])(iph1, msg) != 0) {
- plog(LLV_ERROR, LOCATION, iph1->remote,
-- "failed to process packet.\n");
-+ "failed to process ph1 packet (side: %d, status: %d).\n",
-+ iph1->side, iph1->status);
- return -1;
- }
-
-@@ -997,7 +999,8 @@ quick_main(iph2, msg)
- [iph2->status])(iph2, msg);
- if (error != 0) {
- plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-- "failed to pre-process packet.\n");
-+ "failed to pre-process ph2 packet (side: %d, status %d).\n",
-+ iph2->side, iph2->status);
- if (error == ISAKMP_INTERNAL_ERROR)
- return 0;
- isakmp_info_send_n1(iph2->ph1, error, NULL);
-@@ -1025,7 +1028,8 @@ quick_main(iph2, msg)
- [iph2->side]
- [iph2->status])(iph2, msg) != 0) {
- plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-- "failed to process packet.\n");
-+ "failed to process ph2 packet (side: %d, status: %d).\n",
-+ iph2->side, iph2->status);
- return -1;
- }
-
-@@ -1233,7 +1237,8 @@ isakmp_ph1begin_r(msg, remote, local, etype)
- [iph1->side]
- [iph1->status])(iph1, msg) < 0) {
- plog(LLV_ERROR, LOCATION, remote,
-- "failed to process packet.\n");
-+ "failed to process ph1 packet (side: %d, status: %d).\n",
-+ iph1->side, iph1->status);
- remph1(iph1);
- delph1(iph1);
- return -1;
-@@ -1386,7 +1391,8 @@ isakmp_ph2begin_r(iph1, msg)
- [iph2->status])(iph2, msg);
- if (error != 0) {
- plog(LLV_ERROR, LOCATION, iph1->remote,
-- "failed to pre-process packet.\n");
-+ "failed to pre-process ph2 packet (side: %d, status: %d).\n",
-+ iph2->side, iph2->status);
- if (error != ISAKMP_INTERNAL_ERROR)
- isakmp_info_send_n1(iph2->ph1, error, NULL);
- /*
-@@ -1404,7 +1410,8 @@ isakmp_ph2begin_r(iph1, msg)
- [iph2->side]
- [iph2->status])(iph2, msg) < 0) {
- plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-- "failed to process packet.\n");
-+ "failed to process ph2 packet (side: %d, status: %d).\n",
-+ iph2->side, iph2->status);
- /* don't release handler */
- return -1;
- }
-diff --git a/src/racoon/isakmp_quick.c b/src/racoon/isakmp_quick.c
-index 46c84c1..2657407 100644
---- a/src/racoon/isakmp_quick.c
-+++ b/src/racoon/isakmp_quick.c
-@@ -495,18 +495,27 @@ quick_i2recv(iph2, msg0)
- "isn't supported.\n");
- break;
- }
-- if (isakmp_p2ph(&iph2->sa_ret, pa->ptr) < 0)
-+ if (isakmp_p2ph(&iph2->sa_ret, pa->ptr) < 0) {
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "duplicate ISAKMP_NPTYPE_SA.\n");
- goto end;
-+ }
- break;
-
- case ISAKMP_NPTYPE_NONCE:
-- if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0)
-+ if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0) {
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "duplicate ISAKMP_NPTYPE_NONCE.\n");
- goto end;
-+ }
- break;
-
- case ISAKMP_NPTYPE_KE:
-- if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0)
-+ if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0) {
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "duplicate ISAKMP_NPTYPE_KE.\n");
- goto end;
-+ }
- break;
-
- case ISAKMP_NPTYPE_ID:
-@@ -517,6 +526,8 @@ quick_i2recv(iph2, msg0)
- if (isakmp_p2ph(&idcr, pa->ptr) < 0)
- goto end;
- } else {
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "too many ISAKMP_NPTYPE_ID payloads.\n");
- goto end;
- }
- break;
-@@ -557,6 +568,8 @@ quick_i2recv(iph2, msg0)
- iph2->natoa_dst = daddr;
- else {
- racoon_free(daddr);
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "too many ISAKMP_NPTYPE_NATOA payloads.\n");
- goto end;
- }
- }
-@@ -718,6 +731,8 @@ quick_i2recv(iph2, msg0)
-
- /* validity check SA payload sent from responder */
- if (ipsecdoi_checkph2proposal(iph2) < 0) {
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "proposal check failed.\n");
- error = ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN;
- goto end;
- }
-@@ -1077,8 +1092,11 @@ quick_r1recv(iph2, msg0)
- }
- /* decrypt packet */
- msg = oakley_do_decrypt(iph2->ph1, msg0, iph2->ivm->iv, iph2->ivm->ive);
-- if (msg == NULL)
-+ if (msg == NULL) {
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "Packet decryption failed.\n");
- goto end;
-+ }
-
- /* create buffer for using to validate HASH(1) */
- /*
-@@ -1162,18 +1180,27 @@ quick_r1recv(iph2, msg0)
- "Multi SAs isn't supported.\n");
- goto end;
- }
-- if (isakmp_p2ph(&iph2->sa, pa->ptr) < 0)
-+ if (isakmp_p2ph(&iph2->sa, pa->ptr) < 0) {
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "duplicate ISAKMP_NPTYPE_SA.\n");
- goto end;
-+ }
- break;
-
- case ISAKMP_NPTYPE_NONCE:
-- if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0)
-+ if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0) {
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "duplicate ISAKMP_NPTYPE_NONCE.\n");
- goto end;
-+ }
- break;
-
- case ISAKMP_NPTYPE_KE:
-- if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0)
-+ if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0) {
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "duplicate ISAKMP_NPTYPE_KE.\n");
- goto end;
-+ }
- break;
-
- case ISAKMP_NPTYPE_ID:
-@@ -1241,6 +1268,9 @@ quick_r1recv(iph2, msg0)
- iph2->natoa_src = daddr;
- else {
- racoon_free(daddr);
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "received too many NAT-OA payloads.\n");
-+ error = ISAKMP_NTYPE_PAYLOAD_MALFORMED;
- goto end;
- }
- }
-@@ -1333,6 +1363,8 @@ quick_r1recv(iph2, msg0)
- case 0:
- /* select single proposal or reject it. */
- if (ipsecdoi_selectph2proposal(iph2) < 0) {
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "no proposal chosen.\n");
- error = ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN;
- goto end;
- }
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-01 17:46:37 +0000