ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

prepended all ISAKMP notification message types with ISAKMP_

This commit is contained in:
Andreas Steffen 2009-10-12 13:47:22 +02:00
parent 68d23d2401
commit a86d534b4c
7 changed files with 158 additions and 158 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/pluto/constants.c
View File

@ -995,11 +995,11 @@ enum_names ipsec_notification_names =
ipsec_notification_name, &notification_dpd_names };
enum_names notification_status_names =
{ CONNECTED, CONNECTED,
{ ISAKMP_CONNECTED, ISAKMP_CONNECTED,
notification_status_name, &ipsec_notification_names };
enum_names notification_names =
{ INVALID_PAYLOAD_TYPE, UNEQUAL_PAYLOAD_LENGTHS,
{ ISAKMP_INVALID_PAYLOAD_TYPE, ISAKMP_UNEQUAL_PAYLOAD_LENGTHS,
notification_name, &notification_status_names };
/* MODECFG

74
src/pluto/constants.h
View File

@ -1011,52 +1011,52 @@ extern enum_names notification_names;
extern enum_names ipsec_notification_names;
typedef enum {
NOTHING_WRONG = 0, /* unofficial! */
ISAKMP_NOTHING_WRONG = 0, /* unofficial! */
INVALID_PAYLOAD_TYPE = 1,
DOI_NOT_SUPPORTED = 2,
SITUATION_NOT_SUPPORTED = 3,
INVALID_COOKIE = 4,
INVALID_MAJOR_VERSION = 5,
INVALID_MINOR_VERSION = 6,
INVALID_EXCHANGE_TYPE = 7,
INVALID_FLAGS = 8,
INVALID_MESSAGE_ID = 9,
INVALID_PROTOCOL_ID = 10,
INVALID_SPI = 11,
INVALID_TRANSFORM_ID = 12,
ATTRIBUTES_NOT_SUPPORTED = 13,
NO_PROPOSAL_CHOSEN = 14,
BAD_PROPOSAL_SYNTAX = 15,
PAYLOAD_MALFORMED = 16,
INVALID_KEY_INFORMATION = 17,
INVALID_ID_INFORMATION = 18,
INVALID_CERT_ENCODING = 19,
INVALID_CERTIFICATE = 20,
CERT_TYPE_UNSUPPORTED = 21,
INVALID_CERT_AUTHORITY = 22,
INVALID_HASH_INFORMATION = 23,
AUTHENTICATION_FAILED = 24,
INVALID_SIGNATURE = 25,
ADDRESS_NOTIFICATION = 26,
NOTIFY_SA_LIFETIME = 27,
CERTIFICATE_UNAVAILABLE = 28,
UNSUPPORTED_EXCHANGE_TYPE = 29,
UNEQUAL_PAYLOAD_LENGTHS = 30,
ISAKMP_INVALID_PAYLOAD_TYPE = 1,
ISAKMP_DOI_NOT_SUPPORTED = 2,
ISAKMP_SITUATION_NOT_SUPPORTED = 3,
ISAKMP_INVALID_COOKIE = 4,
ISAKMP_INVALID_MAJOR_VERSION = 5,
ISAKMP_INVALID_MINOR_VERSION = 6,
ISAKMP_INVALID_EXCHANGE_TYPE = 7,
ISAKMP_INVALID_FLAGS = 8,
ISAKMP_INVALID_MESSAGE_ID = 9,
ISAKMP_INVALID_PROTOCOL_ID = 10,
ISAKMP_INVALID_SPI = 11,
ISAKMP_INVALID_TRANSFORM_ID = 12,
ISAKMP_ATTRIBUTES_NOT_SUPPORTED = 13,
ISAKMP_NO_PROPOSAL_CHOSEN = 14,
ISAKMP_BAD_PROPOSAL_SYNTAX = 15,
ISAKMP_PAYLOAD_MALFORMED = 16,
ISAKMP_INVALID_KEY_INFORMATION = 17,
ISAKMP_INVALID_ID_INFORMATION = 18,
ISAKMP_INVALID_CERT_ENCODING = 19,
ISAKMP_INVALID_CERTIFICATE = 20,
ISAKMP_CERT_TYPE_UNSUPPORTED = 21,
ISAKMP_INVALID_CERT_AUTHORITY = 22,
ISAKMP_INVALID_HASH_INFORMATION = 23,
ISAKMP_AUTHENTICATION_FAILED = 24,
ISAKMP_INVALID_SIGNATURE = 25,
ISAKMP_ADDRESS_NOTIFICATION = 26,
ISAKMP_NOTIFY_SA_LIFETIME = 27,
ISAKMP_CERTIFICATE_UNAVAILABLE = 28,
ISAKMP_UNSUPPORTED_EXCHANGE_TYPE = 29,
ISAKMP_UNEQUAL_PAYLOAD_LENGTHS = 30,
/* ISAKMP status type */
CONNECTED = 16384,
ISAKMP_CONNECTED = 16384,
/* IPSEC DOI additions; status types (RFC2407 IPSEC DOI 4.6.3)
* These must be sent under the protection of an ISAKMP SA.
*/
IPSEC_RESPONDER_LIFETIME = 24576,
IPSEC_REPLAY_STATUS = 24577,
IPSEC_INITIAL_CONTACT = 24578,
IPSEC_RESPONDER_LIFETIME = 24576,
IPSEC_REPLAY_STATUS = 24577,
IPSEC_INITIAL_CONTACT = 24578,
/* RFC 3706 DPD */
R_U_THERE = 36136,
R_U_THERE_ACK = 36137
R_U_THERE = 36136,
R_U_THERE_ACK = 36137
} notification_t;

52
src/pluto/demux.c
View File

@ -1258,16 +1258,16 @@ process_packet(struct msg_digest **mdp)
struct isakmp_hdr *hdr = (struct isakmp_hdr *)md->packet_pbs.cur;
if ((hdr->isa_version >> ISA_MAJ_SHIFT) != ISAKMP_MAJOR_VERSION)
{
SEND_NOTIFICATION(INVALID_MAJOR_VERSION);
SEND_NOTIFICATION(ISAKMP_INVALID_MAJOR_VERSION);
return;
}
else if ((hdr->isa_version & ISA_MIN_MASK) != ISAKMP_MINOR_VERSION)
{
SEND_NOTIFICATION(INVALID_MINOR_VERSION);
SEND_NOTIFICATION(ISAKMP_INVALID_MINOR_VERSION);
return;
}
}
SEND_NOTIFICATION(PAYLOAD_MALFORMED);
SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED);
return;
}
@ -1295,14 +1295,14 @@ process_packet(struct msg_digest **mdp)
{
plog("Message ID was 0x%08lx but should be zero in Main Mode",
(unsigned long) md->hdr.isa_msgid);
SEND_NOTIFICATION(INVALID_MESSAGE_ID);
SEND_NOTIFICATION(ISAKMP_INVALID_MESSAGE_ID);
return;
}
if (is_zero_cookie(md->hdr.isa_icookie))
{
plog("Initiator Cookie must not be zero in Main Mode message");
SEND_NOTIFICATION(INVALID_COOKIE);
SEND_NOTIFICATION(ISAKMP_INVALID_COOKIE);
return;
}
@ -1315,7 +1315,7 @@ process_packet(struct msg_digest **mdp)
{
plog("initial Main Mode message is invalid:"
" its Encrypted Flag is on");
SEND_NOTIFICATION(INVALID_FLAGS);
SEND_NOTIFICATION(ISAKMP_INVALID_FLAGS);
return;
}
@ -1429,7 +1429,7 @@ process_packet(struct msg_digest **mdp)
{
plog("Quick Mode message is invalid because"
" it has an Initiator Cookie of 0");
SEND_NOTIFICATION(INVALID_COOKIE);
SEND_NOTIFICATION(ISAKMP_INVALID_COOKIE);
return;
}
@ -1437,7 +1437,7 @@ process_packet(struct msg_digest **mdp)
{
plog("Quick Mode message is invalid because"
" it has a Responder Cookie of 0");
SEND_NOTIFICATION(INVALID_COOKIE);
SEND_NOTIFICATION(ISAKMP_INVALID_COOKIE);
return;
}
@ -1445,7 +1445,7 @@ process_packet(struct msg_digest **mdp)
{
plog("Quick Mode message is invalid because"
" it has a Message ID of 0");
SEND_NOTIFICATION(INVALID_MESSAGE_ID);
SEND_NOTIFICATION(ISAKMP_INVALID_MESSAGE_ID);
return;
}
@ -1475,7 +1475,7 @@ process_packet(struct msg_digest **mdp)
{
loglog(RC_LOG_SERIOUS, "Quick Mode message is unacceptable because"
" it is for an incomplete ISAKMP SA");
SEND_NOTIFICATION(PAYLOAD_MALFORMED /* XXX ? */);
SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED /* XXX ? */);
return;
}
@ -1486,7 +1486,7 @@ process_packet(struct msg_digest **mdp)
" it uses a previously used Message ID 0x%08lx"
" (perhaps this is a duplicated packet)"
, (unsigned long) md->hdr.isa_msgid);
SEND_NOTIFICATION(INVALID_MESSAGE_ID);
SEND_NOTIFICATION(ISAKMP_INVALID_MESSAGE_ID);
return;
}
@ -1635,7 +1635,7 @@ process_packet(struct msg_digest **mdp)
default:
plog("unsupported exchange type %s in message"
, enum_show(&exchange_names, md->hdr.isa_xchg));
SEND_NOTIFICATION(UNSUPPORTED_EXCHANGE_TYPE);
SEND_NOTIFICATION(ISAKMP_UNSUPPORTED_EXCHANGE_TYPE);
return;
}
@ -1748,14 +1748,14 @@ process_packet(struct msg_digest **mdp)
if (st == NULL)
{
plog("discarding encrypted message for an unknown ISAKMP SA");
SEND_NOTIFICATION(PAYLOAD_MALFORMED /* XXX ? */);
SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED /* XXX ? */);
return;
}
if (st->st_skeyid_e.ptr == (u_char *) NULL)
{
loglog(RC_LOG_SERIOUS, "discarding encrypted message"
" because we haven't yet negotiated keying materiel");
SEND_NOTIFICATION(INVALID_FLAGS);
SEND_NOTIFICATION(ISAKMP_INVALID_FLAGS);
return;
}
@ -1795,7 +1795,7 @@ process_packet(struct msg_digest **mdp)
if (pbs_left(&md->message_pbs) % crypter_block_size != 0)
{
loglog(RC_LOG_SERIOUS, "malformed message: not a multiple of encryption blocksize");
SEND_NOTIFICATION(PAYLOAD_MALFORMED);
SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED);
return;
}
@ -1848,7 +1848,7 @@ process_packet(struct msg_digest **mdp)
if (smc->flags & SMF_INPUT_ENCRYPTED)
{
loglog(RC_LOG_SERIOUS, "packet rejected: should have been encrypted");
SEND_NOTIFICATION(INVALID_FLAGS);
SEND_NOTIFICATION(ISAKMP_INVALID_FLAGS);
return;
}
}
@ -1875,7 +1875,7 @@ process_packet(struct msg_digest **mdp)
if (pd == &md->digest[PAYLIMIT])
{
loglog(RC_LOG_SERIOUS, "more than %d payloads in message; ignored", PAYLIMIT);
SEND_NOTIFICATION(PAYLOAD_MALFORMED);
SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED);
return;
}
@ -1915,7 +1915,7 @@ process_packet(struct msg_digest **mdp)
loglog(RC_LOG_SERIOUS, "%smessage ignored because it contains an unknown or"
" unexpected payload type (%s) at the outermost level"
, excuse, enum_show(&payload_names, np));
SEND_NOTIFICATION(INVALID_PAYLOAD_TYPE);
SEND_NOTIFICATION(ISAKMP_INVALID_PAYLOAD_TYPE);
return;
}
}
@ -1929,7 +1929,7 @@ process_packet(struct msg_digest **mdp)
loglog(RC_LOG_SERIOUS, "%smessage ignored because it "
"contains an unexpected payload type (%s)"
, excuse, enum_show(&payload_names, np));
SEND_NOTIFICATION(INVALID_PAYLOAD_TYPE);
SEND_NOTIFICATION(ISAKMP_INVALID_PAYLOAD_TYPE);
return;
}
needed &= ~s;
@ -1939,7 +1939,7 @@ process_packet(struct msg_digest **mdp)
{
loglog(RC_LOG_SERIOUS, "%smalformed payload in packet", excuse);
if (md->hdr.isa_xchg != ISAKMP_XCHG_INFO)
SEND_NOTIFICATION(PAYLOAD_MALFORMED);
SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED);
return;
}
@ -1979,7 +1979,7 @@ process_packet(struct msg_digest **mdp)
loglog(RC_LOG_SERIOUS, "message for %s is missing payloads %s"
, enum_show(&state_names, from_state)
, bitnamesof(payload_name, needed));
SEND_NOTIFICATION(PAYLOAD_MALFORMED);
SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED);
return;
}
}
@ -1995,7 +1995,7 @@ process_packet(struct msg_digest **mdp)
&& md->hdr.isa_np != ISAKMP_NEXT_SA)
{
loglog(RC_LOG_SERIOUS, "malformed Phase 1 message: does not start with an SA payload");
SEND_NOTIFICATION(PAYLOAD_MALFORMED);
SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED);
return;
}
}
@ -2019,7 +2019,7 @@ process_packet(struct msg_digest **mdp)
if (md->hdr.isa_np != ISAKMP_NEXT_HASH)
{
loglog(RC_LOG_SERIOUS, "malformed Quick Mode message: does not start with a HASH payload");
SEND_NOTIFICATION(PAYLOAD_MALFORMED);
SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED);
return;
}
@ -2033,7 +2033,7 @@ process_packet(struct msg_digest **mdp)
if (p != &md->digest[i])
{
loglog(RC_LOG_SERIOUS, "malformed Quick Mode message: SA payload is in wrong position");
SEND_NOTIFICATION(PAYLOAD_MALFORMED);
SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED);
return;
}
}
@ -2054,14 +2054,14 @@ process_packet(struct msg_digest **mdp)
loglog(RC_LOG_SERIOUS, "malformed Quick Mode message:"
" if any ID payload is present,"
" there must be exactly two");
SEND_NOTIFICATION(PAYLOAD_MALFORMED);
SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED);
return;
}
if (id+1 != id->next)
{
loglog(RC_LOG_SERIOUS, "malformed Quick Mode message:"
" the ID payloads are not adjacent");
SEND_NOTIFICATION(PAYLOAD_MALFORMED);
SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED);
return;
}
}

80
src/pluto/ipsec_doi.c
View File

@ -102,7 +102,7 @@
* and return from the ENCLOSING stf_status returning function if it fails.
*/
#define RETURN_STF_FAILURE(f) \
{ int r = (f); if (r != NOTHING_WRONG) return STF_FAIL + r; }
{ int r = (f); if (r != ISAKMP_NOTHING_WRONG) return STF_FAIL + r; }
/* create output HDR as replica of input HDR */
void echo_hdr(struct msg_digest *md, bool enc, u_int8_t np)
@ -176,13 +176,13 @@ static notification_t accept_KE(chunk_t *dest, const char *val_name,
loglog(RC_LOG_SERIOUS, "KE has %u byte DH public value; %u required"
, (unsigned) pbs_left(pbs), gr->ke_size);
/* XXX Could send notification back */
return INVALID_KEY_INFORMATION;
return ISAKMP_INVALID_KEY_INFORMATION;
}
free(dest->ptr);
*dest = chunk_create(pbs->cur, pbs_left(pbs));
*dest = chunk_clone(*dest);
DBG_cond_dump_chunk(DBG_CRYPT, "DH public value received:\n", *dest);
return NOTHING_WRONG;
return ISAKMP_NOTHING_WRONG;
}
/* accept_PFS_KE
@ -201,7 +201,7 @@ static notification_t accept_PFS_KE(struct msg_digest *md, chunk_t *dest,
if (st->st_pfs_group != NULL)
{
loglog(RC_LOG_SERIOUS, "missing KE payload in %s message", msg_name);
return INVALID_KEY_INFORMATION;
return ISAKMP_INVALID_KEY_INFORMATION;
}
}
else
@ -210,16 +210,16 @@ static notification_t accept_PFS_KE(struct msg_digest *md, chunk_t *dest,
{
loglog(RC_LOG_SERIOUS, "%s message KE payload requires a GROUP_DESCRIPTION attribute in SA"
, msg_name);
return INVALID_KEY_INFORMATION;
return ISAKMP_INVALID_KEY_INFORMATION;
}
if (ke_pd->next != NULL)
{
loglog(RC_LOG_SERIOUS, "%s message contains several KE payloads; we accept at most one", msg_name);
return INVALID_KEY_INFORMATION; /* ??? */
return ISAKMP_INVALID_KEY_INFORMATION; /* ??? */
}
return accept_KE(dest, val_name, st->st_pfs_group, &ke_pd->pbs);
}
return NOTHING_WRONG;
return ISAKMP_NOTHING_WRONG;
}
static bool build_and_ship_nonce(chunk_t *n, pb_stream *outs, u_int8_t np,
@ -1701,7 +1701,7 @@ static stf_status check_signature(key_type_t key_type, identification_t* peer,
s.tried_cnt, peer)
)
}
return STF_FAIL + INVALID_KEY_INFORMATION;
return STF_FAIL + ISAKMP_INVALID_KEY_INFORMATION;
}
}
@ -1715,12 +1715,12 @@ static notification_t accept_nonce(struct msg_digest *md, chunk_t *dest,
{
loglog(RC_LOG_SERIOUS, "%s length not between %d and %d"
, name , MINIMUM_NONCE_SIZE, MAXIMUM_NONCE_SIZE);
return PAYLOAD_MALFORMED; /* ??? */
return ISAKMP_PAYLOAD_MALFORMED; /* ??? */
}
free(dest->ptr);
*dest = chunk_create(nonce_pbs->cur, len);
*dest = chunk_clone(*dest);
return NOTHING_WRONG;
return ISAKMP_NOTHING_WRONG;
}
/* encrypt message, sans fixed part of header
@ -3252,7 +3252,7 @@ stf_status main_inR1_outI2(struct msg_digest *md)
{
loglog(RC_LOG_SERIOUS, "a single Transform is required in a selecting Oakley Proposal; found %u"
, (unsigned)proposal.isap_notrans);
RETURN_STF_FAILURE(BAD_PROPOSAL_SYNTAX);
RETURN_STF_FAILURE(ISAKMP_BAD_PROPOSAL_SYNTAX);
}
RETURN_STF_FAILURE(parse_isakmp_sa_body(ipsecdoisit
, &proposal_pbs, &proposal, NULL, st, TRUE));
@ -3493,7 +3493,7 @@ stf_status main_inI2_outR2(struct msg_digest *md)
compute_dh_shared(st, st->st_gi);
if (!generate_skeyids_iv(st))
{
return STF_FAIL + AUTHENTICATION_FAILED;
return STF_FAIL + ISAKMP_AUTHENTICATION_FAILED;
}
update_iv(st);
@ -3558,7 +3558,7 @@ stf_status main_inR2_outI3(struct msg_digest *md)
compute_dh_shared(st, st->st_gr);
if (!generate_skeyids_iv(st))
{
return STF_FAIL + AUTHENTICATION_FAILED;
return STF_FAIL + ISAKMP_AUTHENTICATION_FAILED;
}
if (st->nat_traversal & NAT_T_WITH_NATD)
{
@ -3679,7 +3679,7 @@ stf_status main_inR2_outI3(struct msg_digest *md)
if (sig_len == 0)
{
loglog(RC_LOG_SERIOUS, "unable to locate my private key for signature");
return STF_FAIL + AUTHENTICATION_FAILED;
return STF_FAIL + ISAKMP_AUTHENTICATION_FAILED;
}
if (!out_generic_raw(ISAKMP_NEXT_NONE, &isakmp_signature_desc
@ -3752,7 +3752,7 @@ main_id_and_auth(struct msg_digest *md
/* ID Payload in */
if (!decode_peer_id(md, &peer))
{
return STF_FAIL + INVALID_ID_INFORMATION;
return STF_FAIL + ISAKMP_INVALID_ID_INFORMATION;
}
/* Hash the ID Payload.
@ -3783,7 +3783,7 @@ main_id_and_auth(struct msg_digest *md
, hash_pbs->cur, pbs_left(hash_pbs));
loglog(RC_LOG_SERIOUS, "received Hash Payload does not match computed value");
/* XXX Could send notification back */
r = STF_FAIL + INVALID_HASH_INFORMATION;
r = STF_FAIL + ISAKMP_INVALID_HASH_INFORMATION;
}
}
break;
@ -3840,7 +3840,7 @@ main_id_and_auth(struct msg_digest *md
{
report_key_dns_failure(peer, ugh);
st->st_suspended_md = NULL;
r = STF_FAIL + INVALID_KEY_INFORMATION;
r = STF_FAIL + ISAKMP_INVALID_KEY_INFORMATION;
}
}
break;
@ -3871,7 +3871,7 @@ main_id_and_auth(struct msg_digest *md
*/
if (!switch_connection(md, peer, initiator))
{
r = STF_FAIL + INVALID_ID_INFORMATION;
r = STF_FAIL + ISAKMP_INVALID_ID_INFORMATION;
}
peer->destroy(peer);
return r;
@ -3918,7 +3918,7 @@ static void key_continue(struct adns_continuation *cr, err_t ugh,
if (!kc->failure_ok && ugh != NULL)
{
report_key_dns_failure(st->st_connection->spd.that.id, ugh);
r = STF_FAIL + INVALID_KEY_INFORMATION;
r = STF_FAIL + ISAKMP_INVALID_KEY_INFORMATION;
}
else
{
@ -4107,7 +4107,7 @@ main_inI3_outR3_tail(struct msg_digest *md
if (sig_len == 0)
{
loglog(RC_LOG_SERIOUS, "unable to locate my private key for signature");
return STF_FAIL + AUTHENTICATION_FAILED;
return STF_FAIL + ISAKMP_AUTHENTICATION_FAILED;
}
if (!out_generic_raw(ISAKMP_NEXT_NONE, &isakmp_signature_desc
@ -4333,7 +4333,7 @@ stf_status quick_inI1_outR1(struct msg_digest *md)
if (!decode_net_id(&id_pd->payload.ipsec_id, &id_pd->pbs
, &b.his.net, "peer client"))
{
return STF_FAIL + INVALID_ID_INFORMATION;
return STF_FAIL + ISAKMP_INVALID_ID_INFORMATION;
}
/* Hack for MS 818043 NAT-T Update */
@ -4354,7 +4354,7 @@ stf_status quick_inI1_outR1(struct msg_digest *md)
if (!decode_net_id(&id_pd->next->payload.ipsec_id, &id_pd->next->pbs
, &b.my.net, "our client"))
{
return STF_FAIL + INVALID_ID_INFORMATION;
return STF_FAIL + ISAKMP_INVALID_ID_INFORMATION;
}
b.my.proto = id_pd->next->payload.ipsec_id.isaiid_protoid;
b.my.port = id_pd->next->payload.ipsec_id.isaiid_port;
@ -4435,7 +4435,7 @@ static void quick_inI1_outR1_continue(struct adns_continuation *cr, err_t ugh)
if (!b->failure_ok && ugh != NULL)
{
report_verify_failure(b, ugh);
r = STF_FAIL + INVALID_ID_INFORMATION;
r = STF_FAIL + ISAKMP_INVALID_ID_INFORMATION;
}
else
{
@ -4558,7 +4558,7 @@ static stf_status quick_inI1_outR1_start_query(struct verify_oppo_bundle *b,
*/
report_verify_failure(b, ugh);
p1st->st_suspended_md = NULL;
return STF_FAIL + INVALID_ID_INFORMATION;
return STF_FAIL + ISAKMP_INVALID_ID_INFORMATION;
}
else
{
@ -4791,7 +4791,7 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b,
plog("cannot respond to IPsec SA request"
" because no connection is known for %s"
, buf);
return STF_FAIL + INVALID_ID_INFORMATION;
return STF_FAIL + ISAKMP_INVALID_ID_INFORMATION;
}
else if (p != c)
{
@ -4819,7 +4819,7 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b,
next_step = quick_inI1_outR1_process_answer(b, ac, p1st);
if (next_step == vos_fail)
{
return STF_FAIL + INVALID_ID_INFORMATION;
return STF_FAIL + ISAKMP_INVALID_ID_INFORMATION;
}
/* short circuit: if peer's client is self,
@ -5013,7 +5013,7 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b,
if ((st->st_policy & POLICY_PFS) && st->st_pfs_group == NULL)
{
loglog(RC_LOG_SERIOUS, "we require PFS but Quick I1 SA specifies no GROUP_DESCRIPTION");
return STF_FAIL + NO_PROPOSAL_CHOSEN; /* ??? */
return STF_FAIL + ISAKMP_NO_PROPOSAL_CHOSEN;
}
/* Ni in */
@ -5190,7 +5190,7 @@ stf_status quick_inR1_outI2(struct msg_digest *md)
, &st->st_connection->spd.this.client
, "our client"))
{
return STF_FAIL + INVALID_ID_INFORMATION;
return STF_FAIL + ISAKMP_INVALID_ID_INFORMATION;
}
/* IDcr (responder is peer) */
@ -5200,7 +5200,7 @@ stf_status quick_inR1_outI2(struct msg_digest *md)
, &st->st_connection->spd.that.client
, "peer client"))
{
return STF_FAIL + INVALID_ID_INFORMATION;
return STF_FAIL + ISAKMP_INVALID_ID_INFORMATION;
}
}
else
@ -5211,7 +5211,7 @@ stf_status quick_inR1_outI2(struct msg_digest *md)
{
loglog(RC_LOG_SERIOUS, "IDci, IDcr payloads missing in message"
" but default does not match proposal");
return STF_FAIL + INVALID_ID_INFORMATION;
return STF_FAIL + ISAKMP_INVALID_ID_INFORMATION;
}
}
}
@ -5236,7 +5236,7 @@ stf_status quick_inR1_outI2(struct msg_digest *md)
"peer with attributes '%s' is not a member of the groups '%s'",
peer_attributes->get_string(peer_attributes),
groups->get_string(groups));
return STF_FAIL + INVALID_ID_INFORMATION;
return STF_FAIL + ISAKMP_INVALID_ID_INFORMATION;
}
}
@ -5597,7 +5597,7 @@ dpd_inI_outR(struct state *st, struct isakmp_notification *const n, pb_stream *p
if (n->isan_spisize != COOKIE_SIZE * 2 || pbs_left(pbs) < COOKIE_SIZE * 2)
{
loglog(RC_LOG_SERIOUS, "DPD: R_U_THERE has invalid SPI length (%d)", n->isan_spisize);
return STF_FAIL + PAYLOAD_MALFORMED;
return STF_FAIL + ISAKMP_PAYLOAD_MALFORMED;
}
if (memcmp(pbs->cur, st->st_icookie, COOKIE_SIZE) != 0)
@ -5606,7 +5606,7 @@ dpd_inI_outR(struct state *st, struct isakmp_notification *const n, pb_stream *p
/* Ignore it, cisco sends odd icookies */
#else
loglog(RC_LOG_SERIOUS, "DPD: R_U_THERE has invalid icookie (broken Cisco?)");
return STF_FAIL + INVALID_COOKIE;
return STF_FAIL + ISAKMP_INVALID_COOKIE;
#endif
}
pbs->cur += COOKIE_SIZE;
@ -5614,7 +5614,7 @@ dpd_inI_outR(struct state *st, struct isakmp_notification *const n, pb_stream *p
if (memcmp(pbs->cur, st->st_rcookie, COOKIE_SIZE) != 0)
{
loglog(RC_LOG_SERIOUS, "DPD: R_U_THERE has invalid rcookie (broken Cisco?)");
return STF_FAIL + INVALID_COOKIE;
return STF_FAIL + ISAKMP_INVALID_COOKIE;
}
pbs->cur += COOKIE_SIZE;
@ -5622,7 +5622,7 @@ dpd_inI_outR(struct state *st, struct isakmp_notification *const n, pb_stream *p
{
loglog(RC_LOG_SERIOUS, "DPD: R_U_THERE has invalid data length (%d)"
, (int) pbs_left(pbs));
return STF_FAIL + PAYLOAD_MALFORMED;
return STF_FAIL + ISAKMP_PAYLOAD_MALFORMED;
}
seqno = ntohl(*(u_int32_t *)pbs->cur);
@ -5671,7 +5671,7 @@ stf_status dpd_inR(struct state *st, struct isakmp_notification *const n,
loglog(RC_LOG_SERIOUS
, "DPD: R_U_THERE_ACK has invalid SPI length (%d)"
, n->isan_spisize);
return STF_FAIL + PAYLOAD_MALFORMED;
return STF_FAIL + ISAKMP_PAYLOAD_MALFORMED;
}
if (memcmp(pbs->cur, st->st_icookie, COOKIE_SIZE) != 0)
@ -5680,7 +5680,7 @@ stf_status dpd_inR(struct state *st, struct isakmp_notification *const n,
/* Ignore it, cisco sends odd icookies */
#else
loglog(RC_LOG_SERIOUS, "DPD: R_U_THERE_ACK has invalid icookie");
return STF_FAIL + INVALID_COOKIE;
return STF_FAIL + ISAKMP_INVALID_COOKIE;
#endif
}
pbs->cur += COOKIE_SIZE;
@ -5691,7 +5691,7 @@ stf_status dpd_inR(struct state *st, struct isakmp_notification *const n,
/* Ignore it, cisco sends odd icookies */
#else
loglog(RC_LOG_SERIOUS, "DPD: R_U_THERE_ACK has invalid rcookie");
return STF_FAIL + INVALID_COOKIE;
return STF_FAIL + ISAKMP_INVALID_COOKIE;
#endif
}
pbs->cur += COOKIE_SIZE;
@ -5701,7 +5701,7 @@ stf_status dpd_inR(struct state *st, struct isakmp_notification *const n,
loglog(RC_LOG_SERIOUS
, " DPD: R_U_THERE_ACK has invalid data length (%d)"
, (int) pbs_left(pbs));
return STF_FAIL + PAYLOAD_MALFORMED;
return STF_FAIL + ISAKMP_PAYLOAD_MALFORMED;
}
seqno = ntohl(*(u_int32_t *)pbs->cur);
@ -5715,7 +5715,7 @@ stf_status dpd_inR(struct state *st, struct isakmp_notification *const n,
loglog(RC_LOG_SERIOUS
, "DPD: R_U_THERE_ACK has unexpected sequence number %u (expected %u)"
, seqno, st->st_dpd_expectseqno);
return STF_FAIL + PAYLOAD_MALFORMED;
return STF_FAIL + ISAKMP_PAYLOAD_MALFORMED;
}
st->st_dpd_expectseqno = 0;

2
src/pluto/ipsec_doi.h
View File

@ -100,7 +100,7 @@ extern void dpd_timeout(struct state *st);
DBG_cond_dump(DBG_CRYPT, "received " hash_name ":", hash_pbs->cur, pbs_left(hash_pbs)); \
loglog(RC_LOG_SERIOUS, "received " hash_name " does not match computed value in " msg_name); \
/* XXX Could send notification back */ \
return STF_FAIL + INVALID_HASH_INFORMATION; \
return STF_FAIL + ISAKMP_INVALID_HASH_INFORMATION; \
} \
}

2
src/pluto/modecfg.c
View File

@ -1205,7 +1205,7 @@ xauth_inI1(struct msg_digest *md)
if (stat != STF_OK)
{
/* notification payload - not exactly the right choice, but okay */
md->note = ATTRIBUTES_NOT_SUPPORTED;
md->note = ISAKMP_ATTRIBUTES_NOT_SUPPORTED;
return stat;
}

102
src/pluto/spdb.c
View File

@ -623,20 +623,20 @@ preparse_isakmp_sa_body(const struct isakmp_sa *sa
{
loglog(RC_LOG_SERIOUS, "Unknown/unsupported DOI %s", enum_show(&doi_names, sa->isasa_doi));
/* XXX Could send notification back */
return DOI_NOT_SUPPORTED;
return ISAKMP_DOI_NOT_SUPPORTED;
}
/* Situation */
if (!in_struct(ipsecdoisit, &ipsec_sit_desc, sa_pbs, NULL))
{
return SITUATION_NOT_SUPPORTED;
return ISAKMP_SITUATION_NOT_SUPPORTED;
}
if (*ipsecdoisit != SIT_IDENTITY_ONLY)
{
loglog(RC_LOG_SERIOUS, "unsupported IPsec DOI situation (%s)"
, bitnamesof(sit_bit_names, *ipsecdoisit));
/* XXX Could send notification back */
return SITUATION_NOT_SUPPORTED;
return ISAKMP_SITUATION_NOT_SUPPORTED;
}
/* The rules for ISAKMP SAs are scattered.
@ -646,20 +646,20 @@ preparse_isakmp_sa_body(const struct isakmp_sa *sa
*/
if (!in_struct(proposal, &isakmp_proposal_desc, sa_pbs, proposal_pbs))
{
return PAYLOAD_MALFORMED;
return ISAKMP_PAYLOAD_MALFORMED;
}
if (proposal->isap_np != ISAKMP_NEXT_NONE)
{
loglog(RC_LOG_SERIOUS, "Proposal Payload must be alone in Oakley SA; found %s following Proposal"
, enum_show(&payload_names, proposal->isap_np));
return PAYLOAD_MALFORMED;
return ISAKMP_PAYLOAD_MALFORMED;
}
if (proposal->isap_protoid != PROTO_ISAKMP)
{
loglog(RC_LOG_SERIOUS, "unexpected Protocol ID (%s) found in Oakley Proposal"
, enum_show(&protocol_names, proposal->isap_protoid));
return INVALID_PROTOCOL_ID;
return ISAKMP_INVALID_PROTOCOL_ID;
}
/* Just what should we accept for the SPI field?
@ -693,15 +693,15 @@ preparse_isakmp_sa_body(const struct isakmp_sa *sa
u_char junk_spi[MAX_ISAKMP_SPI_SIZE];
if (!in_raw(junk_spi, proposal->isap_spisize, proposal_pbs, "Oakley SPI"))
return PAYLOAD_MALFORMED;
return ISAKMP_PAYLOAD_MALFORMED;
}
else
{
loglog(RC_LOG_SERIOUS, "invalid SPI size (%u) in Oakley Proposal"
, (unsigned)proposal->isap_spisize);
return INVALID_SPI;
return ISAKMP_INVALID_SPI;
}
return NOTHING_WRONG;
return ISAKMP_NOTHING_WRONG;
}
static struct {
@ -749,14 +749,14 @@ notification_t parse_isakmp_policy(pb_stream *proposal_pbs, u_int notrans,
if (!in_struct(&trans, &isakmp_isakmp_transform_desc, proposal_pbs, &trans_pbs))
{
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
}
if (trans.isat_transnum <= last_transnum)
{
/* picky, picky, picky */
loglog(RC_LOG_SERIOUS, "Transform Numbers are not monotonically increasing"
" in Oakley Proposal");
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
}
last_transnum = trans.isat_transnum;
@ -764,7 +764,7 @@ notification_t parse_isakmp_policy(pb_stream *proposal_pbs, u_int notrans,
{
loglog(RC_LOG_SERIOUS, "expected KEY_IKE but found %s in Oakley Transform"
, enum_show(&isakmp_transformid_names, trans.isat_transid));
return INVALID_TRANSFORM_ID;
return ISAKMP_INVALID_TRANSFORM_ID;
}
attr_start = trans_pbs.cur;
@ -778,7 +778,7 @@ notification_t parse_isakmp_policy(pb_stream *proposal_pbs, u_int notrans,
if (!in_struct(&a, &isakmp_oakley_attribute_desc, &trans_pbs, &attr_pbs))
{
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
}
passert((a.isaat_af_type & ISAKMP_ATTR_RTYPE_MASK) < 32);
@ -821,7 +821,7 @@ notification_t parse_isakmp_policy(pb_stream *proposal_pbs, u_int notrans,
DBG_log("preparse_isakmp_policy: peer requests %s authentication"
, prettypolicy(*policy))
)
return NOTHING_WRONG;
return ISAKMP_NOTHING_WRONG;
}
/**
@ -890,7 +890,7 @@ notification_t parse_isakmp_sa_body(u_int32_t ipsecdoisit,
if (no_trans_left == 0)
{
loglog(RC_LOG_SERIOUS, "number of Transform Payloads disagrees with Oakley Proposal Payload");
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
}
in_struct(&trans, &isakmp_isakmp_transform_desc, proposal_pbs, &trans_pbs);
@ -906,7 +906,7 @@ notification_t parse_isakmp_sa_body(u_int32_t ipsecdoisit,
u_int32_t val; /* room for larger values */
if (!in_struct(&a, &isakmp_oakley_attribute_desc, &trans_pbs, &attr_pbs))
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
passert((a.isaat_af_type & ISAKMP_ATTR_RTYPE_MASK) < 32);
@ -915,7 +915,7 @@ notification_t parse_isakmp_sa_body(u_int32_t ipsecdoisit,
loglog(RC_LOG_SERIOUS, "repeated %s attribute in Oakley Transform %u"
, enum_show(&oakley_attr_names, a.isaat_af_type)
, trans.isat_transnum);
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
}
seen_attrs |= LELEM(a.isaat_af_type & ISAKMP_ATTR_RTYPE_MASK);
@ -1069,7 +1069,7 @@ notification_t parse_isakmp_sa_body(u_int32_t ipsecdoisit,
loglog(RC_LOG_SERIOUS
, "attribute OAKLEY_LIFE_TYPE value %s repeated"
, enum_show(&oakley_lifetime_names, val));
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
}
seen_durations |= LELEM(val);
life_type = val;
@ -1208,7 +1208,7 @@ notification_t parse_isakmp_sa_body(u_int32_t ipsecdoisit,
loglog(RC_LOG_SERIOUS, "missing mandatory attribute(s) %s in Oakley Transform %u"
, bitnamesof(oakley_attr_bit_names, missing)
, trans.isat_transnum);
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
}
}
/* We must have liked this transform.
@ -1262,7 +1262,7 @@ notification_t parse_isakmp_sa_body(u_int32_t ipsecdoisit,
/* copy over the results */
st->st_oakley = ta;
return NOTHING_WRONG;
return ISAKMP_NOTHING_WRONG;
}
/* on to next transform */
@ -1273,7 +1273,7 @@ notification_t parse_isakmp_sa_body(u_int32_t ipsecdoisit,
if (no_trans_left != 0)
{
loglog(RC_LOG_SERIOUS, "number of Transform Payloads disagrees with Oakley Proposal Payload");
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
}
break;
}
@ -1281,11 +1281,11 @@ notification_t parse_isakmp_sa_body(u_int32_t ipsecdoisit,
{
loglog(RC_LOG_SERIOUS, "unexpected %s payload in Oakley Proposal"
, enum_show(&payload_names, proposal->isap_np));
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
}
}
loglog(RC_LOG_SERIOUS, "no acceptable Oakley Transform");
return NO_PROPOSAL_CHOSEN;
return ISAKMP_NO_PROPOSAL_CHOSEN;
}
/* Parse the body of an IPsec SA Payload (i.e. Phase 2 / Quick Mode).
@ -1724,19 +1724,19 @@ parse_ipsec_sa_body(
{
loglog(RC_LOG_SERIOUS, "Unknown or unsupported DOI %s", enum_show(&doi_names, sa->isasa_doi));
/* XXX Could send notification back */
return DOI_NOT_SUPPORTED;
return ISAKMP_DOI_NOT_SUPPORTED;
}
/* Situation */
if (!in_struct(&ipsecdoisit, &ipsec_sit_desc, sa_pbs, NULL))
return SITUATION_NOT_SUPPORTED;
return ISAKMP_SITUATION_NOT_SUPPORTED;
if (ipsecdoisit != SIT_IDENTITY_ONLY)
{
loglog(RC_LOG_SERIOUS, "unsupported IPsec DOI situation (%s)"
, bitnamesof(sit_bit_names, ipsecdoisit));
/* XXX Could send notification back */
return SITUATION_NOT_SUPPORTED;
return ISAKMP_SITUATION_NOT_SUPPORTED;
}
/* The rules for IPsec SAs are scattered.
@ -1753,7 +1753,7 @@ parse_ipsec_sa_body(
*/
if (!in_struct(&next_proposal, &isakmp_proposal_desc, sa_pbs, &next_proposal_pbs))
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
/* for each conjunction of proposals... */
while (next_full)
@ -1795,13 +1795,13 @@ parse_ipsec_sa_body(
if (!in_raw(filler, sizeof(filler)
, &next_proposal_pbs, "CPI filler")
|| !all_zero(filler, sizeof(filler)))
return INVALID_SPI;
return ISAKMP_INVALID_SPI;
}
else if (next_proposal.isap_spisize != IPCOMP_CPI_SIZE)
{
loglog(RC_LOG_SERIOUS, "IPsec Proposal with improper CPI size (%u)"
, next_proposal.isap_spisize);
return INVALID_SPI;
return ISAKMP_INVALID_SPI;
}
/* We store CPI in the low order of a network order
@ -1811,7 +1811,7 @@ parse_ipsec_sa_body(
if (!in_raw((u_char *)&next_spi
+ IPSEC_DOI_SPI_SIZE - IPCOMP_CPI_SIZE
, IPCOMP_CPI_SIZE, &next_proposal_pbs, "CPI"))
return INVALID_SPI;
return ISAKMP_INVALID_SPI;
/* If sanity ruled, CPIs would have to be such that
* the SAID (the triple (CPI, IPCOM, destination IP))
@ -1830,7 +1830,7 @@ parse_ipsec_sa_body(
{
loglog(RC_LOG_SERIOUS
, "IPsec Proposal contains well-known CPI that I cannot uniquify");
return INVALID_SPI;
return ISAKMP_INVALID_SPI;
}
break;
default:
@ -1839,7 +1839,7 @@ parse_ipsec_sa_body(
{
loglog(RC_LOG_SERIOUS, "IPsec Proposal contains CPI from non-negotiated range (0x%lx)"
, (unsigned long) ntohl(next_spi));
return INVALID_SPI;
return ISAKMP_INVALID_SPI;
}
break;
}
@ -1851,11 +1851,11 @@ parse_ipsec_sa_body(
{
loglog(RC_LOG_SERIOUS, "IPsec Proposal with improper SPI size (%u)"
, next_proposal.isap_spisize);
return INVALID_SPI;
return ISAKMP_INVALID_SPI;
}
if (!in_raw((u_char *)&next_spi, sizeof(next_spi), &next_proposal_pbs, "SPI"))
return INVALID_SPI;
return ISAKMP_INVALID_SPI;
/* SPI value 0 is invalid and values 1-255 are reserved to IANA.
* RFC 2402 (ESP) 2.4, RFC 2406 (AH) 2.1
@ -1865,14 +1865,14 @@ parse_ipsec_sa_body(
{
loglog(RC_LOG_SERIOUS, "IPsec Proposal contains invalid SPI (0x%lx)"
, (unsigned long) ntohl(next_spi));
return INVALID_SPI;
return ISAKMP_INVALID_SPI;
}
}
if (next_proposal.isap_notrans == 0)
{
loglog(RC_LOG_SERIOUS, "IPsec Proposal contains no Transforms");
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
}
switch (next_proposal.isap_protoid)
@ -1881,7 +1881,7 @@ parse_ipsec_sa_body(
if (ah_seen)
{
loglog(RC_LOG_SERIOUS, "IPsec SA contains two simultaneous AH Proposals");
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
}
ah_seen = TRUE;
ah_prop_pbs = next_proposal_pbs;
@ -1893,7 +1893,7 @@ parse_ipsec_sa_body(
if (esp_seen)
{
loglog(RC_LOG_SERIOUS, "IPsec SA contains two simultaneous ESP Proposals");
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
}
esp_seen = TRUE;
esp_prop_pbs = next_proposal_pbs;
@ -1905,7 +1905,7 @@ parse_ipsec_sa_body(
if (ipcomp_seen)
{
loglog(RC_LOG_SERIOUS, "IPsec SA contains two simultaneous IPCOMP Proposals");
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
}
ipcomp_seen = TRUE;
ipcomp_prop_pbs = next_proposal_pbs;
@ -1916,7 +1916,7 @@ parse_ipsec_sa_body(
default:
loglog(RC_LOG_SERIOUS, "unexpected Protocol ID (%s) in IPsec Proposal"
, enum_show(&protocol_names, next_proposal.isap_protoid));
return INVALID_PROTOCOL_ID;
return ISAKMP_INVALID_PROTOCOL_ID;
}
/* refill next_proposal */
@ -1929,11 +1929,11 @@ parse_ipsec_sa_body(
{
loglog(RC_LOG_SERIOUS, "unexpected in Proposal: %s"
, enum_show(&payload_names, next_proposal.isap_np));
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
}
if (!in_struct(&next_proposal, &isakmp_proposal_desc, sa_pbs, &next_proposal_pbs))
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
} while (next_proposal.isap_proposal == propno);
/* Now that we have all conjuncts, we should try
@ -1966,7 +1966,7 @@ parse_ipsec_sa_body(
, tn == ah_proposal.isap_notrans - 1
, FALSE
, st))
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
previous_transnum = ah_trans.isat_transnum;
@ -1986,7 +1986,7 @@ parse_ipsec_sa_body(
{
case AUTH_ALGORITHM_NONE:
loglog(RC_LOG_SERIOUS, "AUTH_ALGORITHM attribute missing in AH Transform");
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
case AUTH_ALGORITHM_HMAC_MD5:
ok_auth = TRUE;
@ -2009,7 +2009,7 @@ parse_ipsec_sa_body(
loglog(RC_LOG_SERIOUS, "%s attribute inappropriate in %s Transform"
, enum_name(&auth_alg_names, ah_attrs.auth)
, enum_show(&ah_transformid_names, ah_attrs.transid));
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
}
if (!ok_auth)
{
@ -2048,7 +2048,7 @@ parse_ipsec_sa_body(
, tn == esp_proposal.isap_notrans - 1
, FALSE
, st))
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
previous_transnum = esp_trans.isat_transnum;
@ -2184,7 +2184,7 @@ parse_ipsec_sa_body(
if (well_known_cpi != 0 && !ah_seen && !esp_seen)
{
plog("illegal proposal: bare IPCOMP used with well-known CPI");
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
}
for (tn = 0; tn != ipcomp_proposal.isap_notrans; tn++)
@ -2199,14 +2199,14 @@ parse_ipsec_sa_body(
, tn == ipcomp_proposal.isap_notrans - 1
, TRUE
, st))
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
previous_transnum = ipcomp_trans.isat_transnum;
if (well_known_cpi != 0 && ipcomp_attrs.transid != well_known_cpi)
{
plog("illegal proposal: IPCOMP well-known CPI disagrees with transform");
return BAD_PROPOSAL_SYNTAX;
return ISAKMP_BAD_PROPOSAL_SYNTAX;
}
switch (ipcomp_attrs.transid)
@ -2307,9 +2307,9 @@ parse_ipsec_sa_body(
if (ipcomp_seen)
st->st_ipcomp.attrs = ipcomp_attrs;
return NOTHING_WRONG;
return ISAKMP_NOTHING_WRONG;
}
loglog(RC_LOG_SERIOUS, "no acceptable Proposal in IPsec SA");
return NO_PROPOSAL_CHOSEN;
return ISAKMP_NO_PROPOSAL_CHOSEN;
}