1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
Index: src/racoon/isakmp_inf.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c,v
retrieving revision 1.41
diff -u -r1.41 isakmp_inf.c
--- a/src/racoon/isakmp_inf.c 3 Jul 2009 06:41:46 -0000 1.41
+++ b/src/racoon/isakmp_inf.c 5 May 2010 15:56:38 -0000
@@ -1450,17 +1450,16 @@
struct isakmp_pl_ru *ru;
u_int32_t msgid;
{
+ u_int32_t seq;
plog(LLV_DEBUG, LOCATION, iph1->remote,
"DPD R-U-There-Ack received\n");
- /* XXX Maintain window of acceptable sequence numbers ?
- * => ru->data <= iph2->dpd_seq &&
- * ru->data >= iph2->dpd_seq - iph2->dpd_fails ? */
- if (ntohl(ru->data) != iph1->dpd_seq-1) {
+ seq = ntohl(ru->data);
+ if (seq <= iph1->dpd_last_ack || seq > iph1->dpd_seq) {
plog(LLV_ERROR, LOCATION, iph1->remote,
- "Wrong DPD sequence number (%d, %d expected).\n",
- ntohl(ru->data), iph1->dpd_seq-1);
+ "Wrong DPD sequence number (%d; last_ack=%d, seq=%d).\n",
+ seq, iph1->dpd_last_ack, iph1->dpd_seq);
return 0;
}
@@ -1472,6 +1471,7 @@
}
iph1->dpd_fails = 0;
+ iph1->dpd_last_ack = seq;
sched_cancel(&iph1->dpd_r_u);
isakmp_sched_r_u(iph1, 0);
@@ -1535,12 +1535,13 @@
memcpy(ru->i_ck, iph1->index.i_ck, sizeof(cookie_t));
memcpy(ru->r_ck, iph1->index.r_ck, sizeof(cookie_t));
- if (iph1->dpd_seq == 0){
+ if (iph1->dpd_seq == 0) {
/* generate a random seq which is not too big */
- srand(time(NULL));
- iph1->dpd_seq = rand() & 0x0fff;
+ iph1->dpd_seq = iph1->dpd_last_ack = rand() & 0x0fff;
}
+ iph1->dpd_seq++;
+ iph1->dpd_fails++;
ru->data = htonl(iph1->dpd_seq);
error = isakmp_info_send_common(iph1, payload, ISAKMP_NPTYPE_N, 0);
@@ -1549,12 +1550,6 @@
plog(LLV_DEBUG, LOCATION, iph1->remote,
"DPD R-U-There sent (%d)\n", error);
- /* will be decreased if ACK received... */
- iph1->dpd_fails++;
-
- /* XXX should be increased only when ACKed ? */
- iph1->dpd_seq++;
-
/* Reschedule the r_u_there with a short delay,
* will be deleted/rescheduled if ACK received before */
isakmp_sched_r_u(iph1, 1);
Index: src/racoon/handler.h
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.h,v
retrieving revision 1.22
diff -u -r1.22 handler.h
--- a/src/racoon/handler.h 3 Sep 2009 09:29:07 -0000 1.22
+++ b/src/racoon/handler.h 5 May 2010 15:56:39 -0000
@@ -202,7 +202,8 @@
#ifdef ENABLE_DPD
int dpd_support; /* Does remote supports DPD ? */
- u_int16_t dpd_seq; /* DPD seq number to receive */
+ u_int32_t dpd_last_ack;
+ u_int32_t dpd_seq; /* DPD seq number to receive */
u_int8_t dpd_fails; /* number of failures */
struct sched dpd_r_u;
#endif
|
