[Swan] OSX Server interop patch, was Re: Connecting to OS X Server
Paul Wouters
paul at nohats.ca
Tue Jan 13 03:24:43 EET 2015
On Mon, 12 Jan 2015, Ali Gangji wrote:
> So i stopped ipsec, applied the patch, ran make programs and sudo make install, and restarted ipsec. I still get the
> same message about the unknown value 16777216
Ah yes, I still forgot that we have another check for valid numbers that
still failed. I've updated the patch, so try this version 2 patch :)
Paul
-------------- next part --------------
diff --git a/include/ietf_constants.h b/include/ietf_constants.h
index 784ec73..c47c984 100644
--- a/include/ietf_constants.h
+++ b/include/ietf_constants.h
@@ -435,6 +435,8 @@
/* Domain of Interpretation */
#define ISAKMP_DOI_ISAKMP 0
#define ISAKMP_DOI_IPSEC 1
+/* htonl(1) == 16777216 */
+#define ISAKMP_DOI_OSX_SERVER_HTONL_BUG 16777216
/* IPsec DOI things */
diff --git a/lib/libswan/constants.c b/lib/libswan/constants.c
index 61d88a8..abe14dd 100644
--- a/lib/libswan/constants.c
+++ b/lib/libswan/constants.c
@@ -150,11 +150,22 @@ static const char *const doi_name[] = {
"ISAKMP_DOI_IPSEC",
};
+static const char *const doi_name_osx[] = {
+ "ISAKMP_DOI_OSX_SERVER_HTONL_BUG",
+};
+
+static enum_names doi_names_osx = {
+ ISAKMP_DOI_OSX_SERVER_HTONL_BUG,
+ ISAKMP_DOI_OSX_SERVER_HTONL_BUG,
+ doi_name_osx,
+ NULL
+};
+
enum_names doi_names = {
ISAKMP_DOI_ISAKMP,
ISAKMP_DOI_IPSEC,
doi_name,
- NULL
+ &doi_names_osx
};
/*
diff --git a/programs/pluto/ikev1_spdb_struct.c b/programs/pluto/ikev1_spdb_struct.c
index d3d32f9..46abc5e 100644
--- a/programs/pluto/ikev1_spdb_struct.c
+++ b/programs/pluto/ikev1_spdb_struct.c
@@ -850,10 +850,14 @@ notification_t parse_isakmp_sa_body(pb_stream *sa_pbs, /* body of input SA Payl
/* DOI */
if (sa->isasa_doi != ISAKMP_DOI_IPSEC) {
- loglog(RC_LOG_SERIOUS, "Unknown/unsupported DOI %s",
- enum_show(&doi_names, sa->isasa_doi));
- /* XXX Could send notification back */
- return DOI_NOT_SUPPORTED;
+ if (sa->isasa_doi == ISAKMP_DOI_OSX_SERVER_HTONL_BUG) {
+ loglog(RC_LOG_SERIOUS, "OSX Server DOI htonl(1) bug workaround enabled");
+ } else {
+ loglog(RC_LOG_SERIOUS, "Unknown/unsupported DOI %s",
+ enum_show(&doi_names, sa->isasa_doi));
+ /* XXX Could send notification back */
+ return DOI_NOT_SUPPORTED;
+ }
}
/* Situation */
More information about the Swan
mailing list