mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2025-01-03 06:45:37 -08:00
Code

Remove ipsec_utils.c, its headers, and the code block which use it

Browse Source 
from npppd(8).  They had been disabled for long time.
This commit is contained in:
yasuoka 2021-05-22 08:29:57 +00:00
parent 9d12dee73c
commit 102a4fc8ad
4 changed files with 2 additions and 588 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

382
usr.sbin/npppd/common/ipsec_util.c
View File

@ -1,382 +0,0 @@
/* $OpenBSD: ipsec_util.c,v 1.9 2021/03/29 03:54:39 yasuoka Exp $ */
/*-
* Copyright (c) 2007, 2009 Internet Initiative Japan Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: ipsec_util.c,v 1.9 2021/03/29 03:54:39 yasuoka Exp $ */
/*@file IPsec related utility functions */
/*
* RFC 2367 PF_KEY Key Management API, Version 2
*/
#include <sys/socket.h>
#include <sys/errno.h>
#include <net/pfkeyv2.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <fcntl.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "ipsec_util.h"
#include "ipsec_util_local.h"
/**
* Delete the IPsec-SA for transport-mode ESP that matches specified sock and
* peer.
* <p>
* For deleting IPsec-SA for NAT-T, port numbers and protocol must
* be specified.</p>
*
* @param sock localy bounded address of the IPsec-SA.
* @param peer remote address of the IPsec-SA.
* @param proto protocol of IPsec-SA. Specify this only if IPsec-SA is for
* NAT-T peer.
* @param dir IPsec-SA's direction by choosing
* {@link ::IPSEC_UTIL_DIRECTION_IN}, {@link ::IPSEC_UTIL_DIRECTION_OUT}
* or {@link ::IPSEC_UTIL_DIRECTION_BOTH}
* @return 0 if the function success, otherwise return non-zero value;
*/
int
ipsec_util_purge_transport_sa(struct sockaddr *sock, struct sockaddr *peer,
int proto, int dir)
{
int key_sock;
struct timeval tv;
struct sadb_del_args del_in, del_out;
/*
* Assumes address family is (AF_INET|AF_INET6) and has valid length
*/
if (sock == NULL || peer == NULL ||
!sockaddr_is_valid(peer) || !sockaddr_is_valid(peer))
return -1;
if ((key_sock = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0)
return -1;
tv = KEYSOCK_RCVTIMEO;
if (setsockopt(key_sock, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) != 0)
goto fail;
del_in.is_valid = del_out.is_valid = 0;
if (delete_prepare(key_sock, sock, peer, proto, &del_in, &del_out) != 0)
goto fail;
if (del_in.is_valid && (dir & IPSEC_UTIL_DIRECTION_IN) != 0) {
if (send_sadb_delete(key_sock, &del_in))
goto fail;
}
if (del_out.is_valid && (dir & IPSEC_UTIL_DIRECTION_OUT) != 0) {
if (send_sadb_delete(key_sock, &del_out))
goto fail;
}
close(key_sock);
return 0;
fail:
close(key_sock);
return -1;
}
/***********************************************************************
* private functions
***********************************************************************/
static void
ipsec_util_prepare(void)
{
/*
* for sadb_msg_seq. As RFC 2367, it must be used to uniquely
* identify request to a process.
*/
while (++ipsec_util_seq == 0)
/* empty */;
if (ipsec_util_pid == -1)
ipsec_util_pid = getpid();
}
/*
* Find IPsec-SA to delete using SADB_DUMP
*/
static int
delete_prepare(int key_sock, struct sockaddr *sock, struct sockaddr *peer,
int proto, struct sadb_del_args *in, struct sadb_del_args *out)
{
int sz, dump_end, res_count;
struct sadb_msg req_msg = {
.sadb_msg_version = PF_KEY_V2,
.sadb_msg_type = SADB_DUMP,
.sadb_msg_satype = SADB_SATYPE_ESP,
.sadb_msg_len = PFKEY_UNIT64(sizeof(struct sadb_msg))
}, *res_msg;
u_char buffer[2048];
/* Dump the SADB to search the SA that matches sock/peer. */
ipsec_util_prepare();
req_msg.sadb_msg_seq = ipsec_util_seq;
req_msg.sadb_msg_pid = ipsec_util_pid;
sz = send(key_sock, &req_msg, sizeof(req_msg), 0);
if (sz <= 0)
return -1;
for (res_count = 0, dump_end = 0; !dump_end;) {
int off = 0;
uint32_t spi;
struct sadb_ext *res_ext;
struct sadb_address *res_src, *res_dst;
sz = recv(key_sock, buffer, sizeof(buffer), 0);
if (sz == 0 && res_count == 0)
return 0; /* empty */
if (sz <= 0)
return -1;
if (sz < sizeof(struct sadb_msg))
return -1;
res_msg = (struct sadb_msg *)buffer;
if (res_msg->sadb_msg_errno != 0) {
if (res_msg->sadb_msg_errno == ENOENT)
return 0;
return -1;
}
dump_end = (res_msg->sadb_msg_seq == 0)? 1 : 0;
if (res_msg->sadb_msg_version != req_msg.sadb_msg_version ||
res_msg->sadb_msg_type != req_msg.sadb_msg_type ||
res_msg->sadb_msg_pid != req_msg.sadb_msg_pid)
continue;
res_count++;
spi = 0; res_src = res_dst = NULL;
for (off = sizeof(struct sadb_msg); off < sz;) {
res_ext = (struct sadb_ext *)(buffer + off);
off += PFKEY_UNUNIT64(res_ext->sadb_ext_len);
switch (res_ext->sadb_ext_type) {
case SADB_EXT_SA:
if (((struct sadb_sa *)res_ext)->sadb_sa_state
!= SADB_SASTATE_MATURE)
break;
spi = ((struct sadb_sa *)res_ext)->sadb_sa_spi;
break;
case SADB_EXT_ADDRESS_SRC:
res_src = (struct sadb_address *)res_ext;
break;
case SADB_EXT_ADDRESS_DST:
res_dst = (struct sadb_address *)res_ext;
break;
}
}
if (res_src == NULL || res_dst == NULL || spi == 0)
continue;
if (address_compar(res_src, sock, proto) == 0 &&
address_compar(res_dst, peer, proto) == 0) {
(void)sadb_del_args_init(out, spi, res_src, res_dst,
proto);
/* continue anyway */
} else
if (address_compar(res_src, peer, proto) == 0 &&
address_compar(res_dst, sock, proto) == 0) {
(void)sadb_del_args_init(in, spi, res_src, res_dst,
proto);
/* continue anyway */
}
}
return 0;
}
static int
send_sadb_delete(int key_sock, struct sadb_del_args *args)
{
int i;
for (i = 0; i < args->spiidx; i++) {
int iovidx, sz;
struct iovec iov[10];
struct msghdr msg;
struct sadb_msg req_msg = {
.sadb_msg_version = PF_KEY_V2,
.sadb_msg_type = SADB_DELETE,
.sadb_msg_satype = SADB_SATYPE_ESP
}, *res_msg;
struct sadb_sa sa;
u_char buffer[1024];
ipsec_util_prepare();
iovidx = 0;
req_msg.sadb_msg_seq = ipsec_util_seq;
req_msg.sadb_msg_pid = ipsec_util_pid;
req_msg.sadb_msg_len = PFKEY_UNIT64(sizeof(req_msg)
+ sizeof(struct sadb_sa)
+ PFKEY_UNUNIT64(args->src.sadb_address_len)
+ PFKEY_UNUNIT64(args->dst.sadb_address_len));
iov[iovidx].iov_base = &req_msg;
iov[iovidx].iov_len = sizeof(req_msg);
iovidx++;
sa.sadb_sa_exttype = SADB_EXT_SA;
sa.sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
sa.sadb_sa_spi = args->spi[i];
iov[iovidx].iov_base = &sa;
iov[iovidx].iov_len = sizeof(sa);
iovidx++;
iov[iovidx].iov_base = &args->src;
iov[iovidx].iov_len = sizeof(args->src);
iovidx++;
iov[iovidx].iov_base = &args->src_sa;
iov[iovidx].iov_len =
PFKEY_ALIGN8(((struct sockaddr *)&args->src_sa)->sa_len);
iovidx++;
iov[iovidx].iov_base = &args->dst;
iov[iovidx].iov_len = sizeof(args->dst);
iovidx++;
iov[iovidx].iov_base = &args->dst_sa;
iov[iovidx].iov_len =
PFKEY_ALIGN8(((struct sockaddr *)&args->dst_sa)->sa_len);
iovidx++;
memset(&msg, 0, sizeof(msg));
msg.msg_iov = iov;
msg.msg_iovlen = iovidx;
if ((sz = sendmsg(key_sock, &msg, 0)) <= 0)
return 1;
if ((sz = recv(key_sock, buffer, sizeof(buffer), 0)) <
sizeof(struct sadb_msg))
return 1;
res_msg = (struct sadb_msg *)buffer;
if (res_msg->sadb_msg_pid != req_msg.sadb_msg_pid ||
res_msg->sadb_msg_version != req_msg.sadb_msg_version ||
res_msg->sadb_msg_type != req_msg.sadb_msg_type ||
res_msg->sadb_msg_errno != 0)
return 1;
}
return 0;
}
/***********************************************************************
* Utility functions
***********************************************************************/
static inline int
address_compar(struct sadb_address *sadb, struct sockaddr *sa, int proto)
{
u_short porta, portb;
int cmp;
struct sockaddr *sb = (struct sockaddr *)(sadb + 1);
if ((cmp = sa->sa_family - sb->sa_family) != 0) return cmp;
if ((cmp = sa->sa_len - sb->sa_len) != 0) return cmp;
if (proto != 0 &&
(cmp = proto - sadb->sadb_address_proto) != 0) return cmp;
switch (sa->sa_family) {
case AF_INET:
if (sadb->sadb_address_prefixlen != sizeof(struct in_addr) << 3)
return -1;
if ((cmp = memcmp(&((struct sockaddr_in *)sa)->sin_addr,
&((struct sockaddr_in *)sb)->sin_addr,
sizeof(struct in_addr))) != 0)
return cmp;
porta = ((struct sockaddr_in *)sa)->sin_port;
portb = ((struct sockaddr_in *)sb)->sin_port;
break;
case AF_INET6:
if (sadb->sadb_address_prefixlen != sizeof(struct in6_addr) << 3)
return -1;
if ((cmp = memcmp(&((struct sockaddr_in6 *)sa)->sin6_addr,
&((struct sockaddr_in6 *)sb)->sin6_addr,
sizeof(struct in6_addr))) != 0)
return cmp;
porta = ((struct sockaddr_in6 *)sa)->sin6_port;
portb = ((struct sockaddr_in6 *)sb)->sin6_port;
break;
default:
return -1;
}
if (porta == 0) {
if (ntohs(portb) != 500 && portb != 0)
return porta - portb;
} else {
if ((cmp = porta - portb) != 0) return cmp;
}
return 0;
}
static int
sadb_del_args_init(struct sadb_del_args *args, uint32_t spi,
struct sadb_address *src, struct sadb_address *dst, int proto)
{
if (!args->is_valid) {
memset(args, 0, sizeof(struct sadb_del_args));
args->src = *src;
args->dst = *dst;
args->src.sadb_address_prefixlen =
args->dst.sadb_address_prefixlen = 0;
#define SADB2SA(_base) ((struct sockaddr *)((_base) + 1))
memcpy(&args->src_sa, SADB2SA(src),
MINIMUM(sizeof(args->src_sa), SADB2SA(src)->sa_len));
memcpy(&args->dst_sa, SADB2SA(dst),
MINIMUM(sizeof(args->src_sa), SADB2SA(dst)->sa_len));
#undef SADB2SA
if (proto != 0) {
args->src.sadb_address_proto = proto;
args->dst.sadb_address_proto = proto;
}
args->is_valid = 1;
}
if (args->spiidx < countof(args->spi)) {
args->spi[args->spiidx++] = spi;
return 0;
}
return 1;
}
static int
sockaddr_is_valid(struct sockaddr *sa)
{
return
((sa->sa_family == AF_INET &&
sa->sa_len == sizeof(struct sockaddr_in)) ||
(sa->sa_family == AF_INET6 &&
sa->sa_len == sizeof(struct sockaddr_in6)))? 1 : 0;
}

44
usr.sbin/npppd/common/ipsec_util.h
View File

@ -1,44 +0,0 @@
/* $OpenBSD: ipsec_util.h,v 1.2 2015/12/17 08:01:55 tb Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef IPSEC_UTIL_H
#define IPSEC_UTIL_H
#define IPSEC_UTIL_DIRECTION_IN 1
#define IPSEC_UTIL_DIRECTION_OUT 2
#define IPSEC_UTIL_DIRECTION_BOTH 3
#ifdef __cplusplus
extern "C" {
#endif
int ipsec_util_purge_transport_sa (struct sockaddr *, struct sockaddr *, int, int);
#ifdef __cplusplus
}
#endif
#endif

66
usr.sbin/npppd/common/ipsec_util_local.h
View File

@ -1,66 +0,0 @@
/* $OpenBSD: ipsec_util_local.h,v 1.4 2015/12/17 08:01:55 tb Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
static uint32_t ipsec_util_seq = 0;
static int ipsec_util_pid = -1;
struct sadb_del_args {
int is_valid;
uint32_t spi[128];
int spiidx;
struct sadb_address src;
union {
struct sockaddr_in sin4;
struct sockaddr_in6 sin6;
} src_sa;
u_char src_pad[8]; /* for PFKEY_ALIGN8 */
struct sadb_address dst;
union {
struct sockaddr_in sin4;
struct sockaddr_in6 sin6;
} dst_sa;
u_char dst_pad[8]; /* for PFKEY_ALIGN8 */
};
static void ipsec_util_prepare (void);
static int delete_prepare (int, struct sockaddr *, struct sockaddr *, int, struct sadb_del_args *, struct sadb_del_args *);
static int send_sadb_delete (int, struct sadb_del_args *);
static inline int address_compar (struct sadb_address *, struct sockaddr *, int);
static int sadb_del_args_init (struct sadb_del_args *, uint32_t, struct sadb_address *, struct sadb_address *, int);
static int sockaddr_is_valid (struct sockaddr *);
#ifndef countof
#define countof(x) (sizeof((x)) / sizeof((x)[0]))
#endif
#ifdef USE_IPSEC_UTIL_PRIVSEP
#include <stdio.h>
#include "privsep.h"
#define socket priv_socket
#endif
struct timeval const KEYSOCK_RCVTIMEO = { .tv_sec = 0, .tv_usec = 500000L };

98
usr.sbin/npppd/l2tp/l2tp_ctrl.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: l2tp_ctrl.c,v 1.25 2021/03/29 03:54:39 yasuoka Exp $ */
/* $OpenBSD: l2tp_ctrl.c,v 1.26 2021/05/22 08:29:57 yasuoka Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
@ -26,7 +26,7 @@
* SUCH DAMAGE.
*/
/**@file Control connection processing functions for L2TP LNS */
/* $Id: l2tp_ctrl.c,v 1.25 2021/03/29 03:54:39 yasuoka Exp $ */
/* $Id: l2tp_ctrl.c,v 1.26 2021/05/22 08:29:57 yasuoka Exp $ */
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
@ -52,7 +52,6 @@
#endif
#include "time_utils.h"
#include "ipsec_util.h"
#include "bytebuf.h"
#include "hash.h"
#include "debugutil.h"
@ -69,9 +68,6 @@
static int l2tp_ctrl_init(l2tp_ctrl *, l2tpd *, struct sockaddr *, struct sockaddr *, void *);
static void l2tp_ctrl_reload(l2tp_ctrl *);
static int l2tp_ctrl_send_disconnect_notify(l2tp_ctrl *);
#if 0
static void l2tp_ctrl_purge_ipsec_sa(l2tp_ctrl *);
#endif
static void l2tp_ctrl_timeout(int, short, void *);
static int l2tp_ctrl_resend_una_packets(l2tp_ctrl *, bool);
static void l2tp_ctrl_destroy_all_calls(l2tp_ctrl *);
@ -330,10 +326,6 @@ cleanup:
if (l2tp_ctrl_disconnect_all_calls(_this, 1) > 0)
break;
}
#if 0
if (L2TP_CTRL_CONF(_this)e_ipsec_sa != 0)
l2tp_ctrl_purge_ipsec_sa(_this);
#endif
l2tp_ctrl_log(_this, LOG_NOTICE, "logtype=Finished");
@ -368,92 +360,6 @@ cleanup:
return 1;
}
#if 0
/** Delete the IPsec SA for disconnection */
static void
l2tp_ctrl_purge_ipsec_sa(l2tp_ctrl *_this)
{
int is_natt, proto;
struct sockaddr_storage peer, sock;
hash_link *hl;
#ifdef USE_LIBSOCKUTIL
struct in_ipsec_sa_cookie *ipsec_sa_cookie;
#endif
l2tp_ctrl *anot;
/*
* Search another tunnel that uses the same IPsec SA
* by lineer.
*/
for (hl = hash_first(_this->l2tpd->ctrl_map);
hl != NULL; hl = hash_next(_this->l2tpd->ctrl_map)) {
anot = hl->item;
if (anot == _this)
continue;
if (_this->peer.ss_family != anot->peer.ss_family)
continue;
if (_this->peer.ss_family == AF_INET) {
if (SIN(&_this->peer)->sin_addr.s_addr !=
SIN(&anot->peer)->sin_addr.s_addr)
continue;
} else if (_this->peer.ss_family == AF_INET6) {
if (!IN6_ARE_ADDR_EQUAL(
&(SIN6(&_this->peer)->sin6_addr),
&(SIN6(&anot->peer)->sin6_addr)))
continue;
}
#ifdef USE_LIBSOCKUTIL
if (_this->sa_cookie != NULL && anot->sa_cookie != NULL) {
/* Both tunnels belong the same NAT box. */
if (memcmp(_this->sa_cookie, anot->sa_cookie,
sizeof(struct in_ipsec_sa_cookie)) != 0)
/* Different hosts behind the NAT box. */
continue;
/* The SA is shared by another tunnels by one host. */
return; /* don't purge the sa */
} else if (_this->sa_cookie != NULL || anot->sa_cookie != NULL)
/* Only one is behind the NAT */
continue;
#endif
return; /* don't purge the sa */
}
#if defined(USE_LIBSOCKUTIL) && defined(IP_IPSEC_SA_COOKIE)
is_natt = (_this->sa_cookie != NULL)? 1 : 0;
#else
is_natt = 0;
#endif
proto = 0;
memcpy(&peer, &_this->peer, _this->peer.ss_len);
memcpy(&sock, &_this->sock, _this->sock.ss_len);
if (!is_natt)
SIN(&peer)->sin_port = SIN(&sock)->sin_port = 0;
#if defined(USE_LIBSOCKUTIL) && defined(IP_IPSEC_SA_COOKIE)
else {
ipsec_sa_cookie = _this->sa_cookie;
SIN(&peer)->sin_port = ipsec_sa_cookie->remote_port;
SIN(&sock)->sin_port = ipsec_sa_cookie->local_port;
#if 1
/*
* XXX: As RFC 2367, protocol should be specified if the port
* XXX: number is non-zero.
*/
proto = 0;
#else
proto = IPPROTO_UDP;
#endif
}
#endif
if (ipsec_util_purge_transport_sa((struct sockaddr *)&peer,
(struct sockaddr *)&sock, proto, IPSEC_UTIL_DIRECTION_BOTH) != 0)
l2tp_ctrl_log(_this, LOG_NOTICE, "failed to purge IPsec SA");
}
#endif
/* timeout processing */
static void
l2tp_ctrl_timeout(int fd, short evtype, void *ctx)