racoon2-opensolaris Udiff iked/ike

Print this page

Current snapshot of OpenSolaris port.
Checkpoint
Checkpoint
Merge from parent.
Merge with WIDE update.
Pull from WIDE.
Pull from WIDE.
Checkpoint
Re-update.
blah
WIDE update
Update from WIDE.

@@ -3264,10 +3264,11 @@
                 IKEV2PROPOSAL_AH,
                 IKEV2PROPOSAL_ESP
         };
         const int BITS = 8;
 
+        (void) memset(&param, 0, sizeof (param));
         /*
          * param fields assigned here:
          * seq, samode, (reqid,) ul_proto,
          * spi, satype, enctype, enckey, enckeylen, authtype, authkey, authkeylen,
          *

@@ -4280,14 +4281,26 @@
         switch (config_ipaddr->type) {
         case RCT_ADDR_INET:
                 memcpy(ss, config_ipaddr->a.ipaddr,
                        SOCKADDR_LEN(config_ipaddr->a.ipaddr));
                 addr = (struct sockaddr *)ss;
+#ifdef sun
+                /*
+                 * XXX KEBE SAYS we need the port from the "policy".  This, of
+                 * course, goes to hell when we introduce tunnel- mode into
+                 * the mix, and config_ipaddr is != actual_addr.  The IKEv1
+                 * callers of this are restricted to ikev1/pfkey.c, and the
+                 * IKEv2 callers are restricted to ikev2_child.c.  Hopefully
+                 * those callers can account for tunnel-mode or
+                 * transport-mode.  :)
+                 */
+#else
                 if (!set_port(addr, extract_port(actual_addr))) {
                         plog(PLOG_INTERR, PLOGLOC, 0, "set_port failed\n");
                         return NULL;
                 }
+#endif
                 break;
 
         case RCT_ADDR_MACRO:
                 if (rcs_is_addr_rw(config_ipaddr))
                         return actual_addr;

@@ -4307,16 +4320,27 @@
 
                 memcpy(ss, addrlist->a.ipaddr,
                        SOCKADDR_LEN(addrlist->a.ipaddr));
                 rcs_free_addrlist(addrlist);
                 addr = (struct sockaddr *)ss;
+#ifdef sun
+                /*
+                 * XXX KEBE SAYS we need the port from the "policy".  This, of
+                 * course, goes to hell when we introduce tunnel- mode into
+                 * the mix, and config_ipaddr is != actual_addr.  The IKEv1
+                 * callers of this are restricted to ikev1/pfkey.c, and the
+                 * IKEv2 callers are restricted to ikev2_child.c.  Hopefully
+                 * those callers can account for tunnel-mode or
+                 * transport-mode.  :)
+                 */
+#else
                 if (!set_port(addr, extract_port(actual_addr))) {
                         plog(PLOG_INTERR, PLOGLOC, 0, "set_port failed\n");
                         return NULL;
                 }
+#endif
                 break;
-
         default:
                 plog(PLOG_INTERR, PLOGLOC, 0,
                      "my_sa_ipaddr or peers_sa_ipaddr is "
                      "unsupported address type (type %s)\n",
                      rct2str(config_ipaddr->type));