Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c,v retrieving revision 1.20.6.11 retrieving revision 1.20.6.12 diff -c -p -r1.20.6.11 -r1.20.6.12 *** src/crypto/dist/ipsec-tools/src/racoon/isakmp.c 2008/07/11 08:08:41 1.20.6.11 --- src/crypto/dist/ipsec-tools/src/racoon/isakmp.c 2008/08/12 12:47:07 1.20.6.12 *************** *** 1,4 **** ! /* $NetBSD: isakmp.c,v 1.20.6.11 2008/07/11 08:08:41 tteras Exp $ */ /* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */ --- 1,4 ---- ! /* $NetBSD: isakmp.c,v 1.20.6.12 2008/08/12 12:47:07 vanhu Exp $ */ /* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */ *************** ph1_main(iph1, msg) *** 798,817 **** [iph1->side] [iph1->status])(iph1, msg); if (error != 0) { ! #if 0 /* XXX * When an invalid packet is received on phase1, it should * be selected to process this packet. That is to respond * with a notify and delete phase 1 handler, OR not to respond ! * and keep phase 1 handler. */ ! plog(LLV_ERROR, LOCATION, iph1->remote, ! "failed to pre-process packet.\n"); ! return -1; ! #else ! /* ignore the error and keep phase 1 handler */ ! return 0; ! #endif } #ifndef ENABLE_FRAG --- 798,821 ---- [iph1->side] [iph1->status])(iph1, msg); if (error != 0) { ! /* XXX * When an invalid packet is received on phase1, it should * be selected to process this packet. That is to respond * with a notify and delete phase 1 handler, OR not to respond ! * and keep phase 1 handler. However, in PHASE1ST_START when ! * acting as RESPONDER we must not keep phase 1 handler or else ! * it will stay forever. */ ! ! if (iph1->side == RESPONDER && iph1->status == PHASE1ST_START) { ! plog(LLV_ERROR, LOCATION, iph1->remote, ! "failed to pre-process packet.\n"); ! return -1; ! } else { ! /* ignore the error and keep phase 1 handler */ ! return 0; ! } } #ifndef ENABLE_FRAG