diff -Naur openswan-2.6.32-orig/include/ietf_constants.h openswan-2.6.32/include/ietf_constants.h
--- openswan-2.6.32-orig/include/ietf_constants.h 2014-04-14 14:24:31.746617662 -0400
+++ openswan-2.6.32/include/ietf_constants.h 2014-04-14 14:33:08.093874910 -0400
@@ -352,10 +352,15 @@
ISAKMP_NEXT_D = 12, /* Delete */
ISAKMP_NEXT_VID = 13, /* Vendor ID */
ISAKMP_NEXT_ATTR = 14, /* Mode config Attribute */
- ISAKMP_NEXT_NATD_BADDRAFTS =15, /* NAT-Traversal: NAT-D (bad drafts) */
- /* !!! Conflicts with RFC 3547 */
- ISAKMP_NEXT_NATD_RFC = 20, /* NAT-Traversal: NAT-D (rfc) */
- ISAKMP_NEXT_NATOA_RFC = 21, /* NAT-Traversal: NAT-OA (rfc) */
+ ISAKMP_NEXT_SAK = 15, /* SA KEK Payload - RFC 6407 */
+ ISAKMP_NEXT_TEK = 16, /* SA TEK Payload - RFC 6407 */
+ ISAKMP_NEXT_KD = 17, /* Key Download - RFC 3547 */
+ ISAKMP_NEXT_SEQ = 18, /* Sequence Number - RFC 3547 */
+ ISAKMP_NEXT_POP = 19, /* Proof of Possession - RFC 3547 */
+ ISAKMP_NEXT_NATD_RFC = 20, /* NAT-Traversal: NAT-D RFC 3947 */
+ ISAKMP_NEXT_NATOA_RFC = 21, /* NAT-Traversal: NAT-OA RFC 3947 */
+ ISAKMP_NEXT_GAP = 22, /* Group Associated Policy = RFC 6407 */
+ /* 23-127 Unassigned for IKEv1 */
ISAKMP_NEXT_v2SA = 33, /* security association */
ISAKMP_NEXT_v2KE = 34, /* key exchange payload */
@@ -379,7 +384,8 @@
/* SPECIAL CASES */
ISAKMP_NEXT_NATD_DRAFTS = 130, /* NAT-Traversal: NAT-D (drafts) */
- ISAKMP_NEXT_NATOA_DRAFTS = 131 /* NAT-Traversal: NAT-OA (drafts) */
+ ISAKMP_NEXT_NATOA_DRAFTS = 131, /* NAT-Traversal: NAT-OA (drafts) */
+ ISAKMP_NEXT_IKE_FRAGMENTATION = 132
};
#define ISAKMP_v2PAYLOAD_TYPE_BASE ISAKMP_NEXT_v2SA /* lowest value of a v2 payload type */
diff -Naur openswan-2.6.32-orig/include/names_constant.h openswan-2.6.32/include/names_constant.h
--- openswan-2.6.32-orig/include/names_constant.h 2014-04-14 14:24:31.747617684 -0400
+++ openswan-2.6.32/include/names_constant.h 2014-04-14 14:31:56.892384689 -0400
@@ -33,7 +33,6 @@
extern enum_names payload_names_ikev2;
extern const char *const payload_name[];
extern const char *const payload_name_ikev2[];
-extern const char *const payload_name_ikev2_main[];
extern enum_names attr_msg_type_names;
extern enum_names modecfg_attr_names;
extern enum_names xauth_type_names;
diff -Naur openswan-2.6.32-orig/lib/libopenswan/constants.c openswan-2.6.32/lib/libopenswan/constants.c
--- openswan-2.6.32-orig/lib/libopenswan/constants.c 2014-04-14 14:24:31.747617684 -0400
+++ openswan-2.6.32/lib/libopenswan/constants.c 2014-04-14 14:31:56.892384689 -0400
@@ -147,18 +147,19 @@
"ISAKMP_NEXT_D",
"ISAKMP_NEXT_VID",
"ISAKMP_NEXT_MODECFG", /* 14 */
- "ISAKMP_NEXT_NAT-D",
- "ISAKMP_NEXT_16",
- "ISAKMP_NEXT_17",
- "ISAKMP_NEXT_18",
- "ISAKMP_NEXT_19",
- "ISAKMP_NEXT_NAT-D",
- "ISAKMP_NEXT_NAT-OA",
+ "ISAKMP_NEXT_SAK",
+ "ISAKMP_NEXT_TEK",
+ "ISAKMP_NEXT_KD",
+ "ISAKMP_NEXT_SEQ",
+ "ISAKMP_NEXT_POP",
+ "ISAKMP_NEXT_NAT-D_RFC",
+ "ISAKMP_NEXT_NAT-OA_RFC",
+ "ISAKMP_NEXT_GAP",
NULL
};
/* dual-use: for enum_name and for bitnamesof */
-const char *const payload_name_ikev2_main[] = {
+const char *const payload_name_ikev2[] = {
"ISAKMP_NEXT_v2SA", /* 33 */
"ISAKMP_NEXT_v2KE",
"ISAKMP_NEXT_v2IDi",
@@ -178,22 +179,26 @@
NULL /* termination for bitnamesof() */
};
-static enum_names payload_names_ikev2_main =
-{ ISAKMP_NEXT_v2SA, ISAKMP_NEXT_v2EAP, payload_name_ikev2_main,
- NULL };
-
-const char *const payload_name_ikev2[] = {
- "ISAKMP_NEXT_v2NONE", /* 0 */
+static const char *const payload_name_private_use[] = {
+ "ISAKMP_NEXT_NATD_DRAFTS", /* 130 */
+ "ISAKMP_NEXT_NATOA_DRAFTS",
+ "ISAKMP_NEXT_IKE_FRAGMENTATION", /*
+ * proprietary Cisco/Microsoft
+ * IKE fragmented payload
+ */
+};
+static enum_names payload_names_private_use =
+{ ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_IKE_FRAGMENTATION,
+ payload_name_private_use,
+ NULL
};
enum_names payload_names_ikev2 =
-{ ISAKMP_NEXT_NONE, ISAKMP_NEXT_NONE, payload_name_ikev2,
- &payload_names_ikev2_main };
-
+{ ISAKMP_NEXT_v2SA, ISAKMP_NEXT_v2EAP, payload_name_ikev2,
+ &payload_names_private_use };
enum_names payload_names =
-{ ISAKMP_NEXT_NONE, ISAKMP_NEXT_NATOA_RFC, payload_name, &payload_names_ikev2_main };
-
+{ ISAKMP_NEXT_NONE, ISAKMP_NEXT_GAP, payload_name, &payload_names_ikev2 };
/* Exchange types (note: two discontinuous ranges) */
diff -Naur openswan-2.6.32-orig/programs/pluto/ikev1.c openswan-2.6.32/programs/pluto/ikev1.c
--- openswan-2.6.32-orig/programs/pluto/ikev1.c 2014-04-14 14:24:31.748617706 -0400
+++ openswan-2.6.32/programs/pluto/ikev1.c 2014-04-14 14:31:56.892384689 -0400
@@ -1611,6 +1611,7 @@
sd = payload_desc(np);
break;
+#if 0
case ISAKMP_NEXT_NATD_BADDRAFTS:
if (st && (st->hidden_variables.st_nat_traversal & NAT_T_WITH_NATD_BADDRAFT_VALUES)) {
/*
@@ -1622,6 +1623,7 @@
break;
}
#endif
+#endif
default:
loglog(RC_LOG_SERIOUS, "%smessage ignored because it contains an unknown or"
" unexpected payload type (%s) at the outermost level"
diff -Naur openswan-2.6.32-orig/programs/pluto/ikev2.c openswan-2.6.32/programs/pluto/ikev2.c
--- openswan-2.6.32-orig/programs/pluto/ikev2.c 2014-04-14 14:24:31.748617706 -0400
+++ openswan-2.6.32/programs/pluto/ikev2.c 2014-04-14 14:31:56.893384710 -0400
@@ -359,7 +359,7 @@
/* improperly repeated payload */
loglog(RC_LOG_SERIOUS,
"missing payload(s) (%s). Message dropped.",
- bitnamesof(payload_name_ikev2_main, req_payloads & ~seen));
+ bitnamesof(payload_name_ikev2, req_payloads & ~seen));
return STF_FAIL + INVALID_SYNTAX;
}
diff -Naur openswan-2.6.32-orig/programs/pluto/nat_traversal.c openswan-2.6.32/programs/pluto/nat_traversal.c
--- openswan-2.6.32-orig/programs/pluto/nat_traversal.c 2014-04-14 14:24:31.660615759 -0400
+++ openswan-2.6.32/programs/pluto/nat_traversal.c 2014-04-14 14:31:56.893384710 -0400
@@ -371,10 +371,8 @@
DBG(DBG_EMITTING, DBG_log("sending NATD payloads"));
- nat_np = (st->hidden_variables.st_nat_traversal & NAT_T_WITH_RFC_VALUES
- ? ISAKMP_NEXT_NATD_RFC
- : (st->hidden_variables.st_nat_traversal & NAT_T_WITH_NATD_BADDRAFT_VALUES
- ? ISAKMP_NEXT_NATD_BADDRAFTS : ISAKMP_NEXT_NATD_DRAFTS));
+ nat_np = (st->hidden_variables.st_nat_traversal & NAT_T_WITH_RFC_VALUES)
+ ? ISAKMP_NEXT_NATD_RFC : ISAKMP_NEXT_NATD_DRAFTS;
if (!out_modify_previous_np(nat_np, outs)) {
return FALSE;
}
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
e8916e5cb6487118130934db089d8fa5
>
files
>
34
