aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2010-10-27 10:35:19 +0300
committerTimo Teräs <timo.teras@iki.fi>2010-10-27 10:35:19 +0300
commitd8510349a3ee74e12c54f1eccf24f2ce81cf6243 (patch)
tree4fb74739adbe226b444daf3e9129d9ed2f0c162c
parent3ac7715693f62b28675f09a89ed5b0825abddd6c (diff)
downloadalpine_aports-d8510349a3ee74e12c54f1eccf24f2ce81cf6243.tar.bz2
alpine_aports-d8510349a3ee74e12c54f1eccf24f2ce81cf6243.tar.xz
alpine_aports-d8510349a3ee74e12c54f1eccf24f2ce81cf6243.zip
main/ipsec-tools: update to 2010-10-22 snapshot
remove patches committed upstream. and add a patch for dpd related minor fix.
Diffstat
-rw-r--r--main/ipsec-tools/60-debug-quick.patch211
-rw-r--r--main/ipsec-tools/90-dpd-window-fix.patch85
-rw-r--r--main/ipsec-tools/90-openssl-oneshot.patch210
-rw-r--r--main/ipsec-tools/APKBUILD19
-rw-r--r--main/ipsec-tools/fd-priorities.patch285
-rw-r--r--main/ipsec-tools/initial-contact-fix.diff71
6 files changed, 91 insertions, 790 deletions
diff --git a/main/ipsec-tools/60-debug-quick.patch b/main/ipsec-tools/60-debug-quick.patch
deleted file mode 100644
index a5c3346ee9..0000000000
--- a/main/ipsec-tools/60-debug-quick.patch
+++ /dev/null
@@ -1,211 +0,0 @@
1debugging prints for quick mode errors
2
3From: Timo Teras <timo.teras@iki.fi>
4
5
6---
7
8 src/racoon/isakmp.c | 21 ++++++++++++++-------
9 src/racoon/isakmp_quick.c | 46 ++++++++++++++++++++++++++++++++++++++-------
10 2 files changed, 53 insertions(+), 14 deletions(-)
11
12
13diff --git a/src/racoon/isakmp.c b/src/racoon/isakmp.c
14index 2dfda2f..87ce598 100644
15--- a/src/racoon/isakmp.c
16+++ b/src/racoon/isakmp.c
17@@ -817,7 +817,8 @@ ph1_main(iph1, msg)
18
19 if (iph1->side == RESPONDER && iph1->status == PHASE1ST_START) {
20 plog(LLV_ERROR, LOCATION, iph1->remote,
21- "failed to pre-process packet.\n");
22+ "failed to pre-process ph1 packet (side: %d, status %d).\n",
23+ iph1->side, iph1->status);
24 return -1;
25 } else {
26 /* ignore the error and keep phase 1 handler */
27@@ -845,7 +846,8 @@ ph1_main(iph1, msg)
28 [iph1->side]
29 [iph1->status])(iph1, msg) != 0) {
30 plog(LLV_ERROR, LOCATION, iph1->remote,
31- "failed to process packet.\n");
32+ "failed to process ph1 packet (side: %d, status: %d).\n",
33+ iph1->side, iph1->status);
34 return -1;
35 }
36
37@@ -997,7 +999,8 @@ quick_main(iph2, msg)
38 [iph2->status])(iph2, msg);
39 if (error != 0) {
40 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
41- "failed to pre-process packet.\n");
42+ "failed to pre-process ph2 packet (side: %d, status %d).\n",
43+ iph2->side, iph2->status);
44 if (error == ISAKMP_INTERNAL_ERROR)
45 return 0;
46 isakmp_info_send_n1(iph2->ph1, error, NULL);
47@@ -1025,7 +1028,8 @@ quick_main(iph2, msg)
48 [iph2->side]
49 [iph2->status])(iph2, msg) != 0) {
50 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
51- "failed to process packet.\n");
52+ "failed to process ph2 packet (side: %d, status: %d).\n",
53+ iph2->side, iph2->status);
54 return -1;
55 }
56
57@@ -1233,7 +1237,8 @@ isakmp_ph1begin_r(msg, remote, local, etype)
58 [iph1->side]
59 [iph1->status])(iph1, msg) < 0) {
60 plog(LLV_ERROR, LOCATION, remote,
61- "failed to process packet.\n");
62+ "failed to process ph1 packet (side: %d, status: %d).\n",
63+ iph1->side, iph1->status);
64 remph1(iph1);
65 delph1(iph1);
66 return -1;
67@@ -1386,7 +1391,8 @@ isakmp_ph2begin_r(iph1, msg)
68 [iph2->status])(iph2, msg);
69 if (error != 0) {
70 plog(LLV_ERROR, LOCATION, iph1->remote,
71- "failed to pre-process packet.\n");
72+ "failed to pre-process ph2 packet (side: %d, status: %d).\n",
73+ iph2->side, iph2->status);
74 if (error != ISAKMP_INTERNAL_ERROR)
75 isakmp_info_send_n1(iph2->ph1, error, NULL);
76 /*
77@@ -1404,7 +1410,8 @@ isakmp_ph2begin_r(iph1, msg)
78 [iph2->side]
79 [iph2->status])(iph2, msg) < 0) {
80 plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
81- "failed to process packet.\n");
82+ "failed to process ph2 packet (side: %d, status: %d).\n",
83+ iph2->side, iph2->status);
84 /* don't release handler */
85 return -1;
86 }
87diff --git a/src/racoon/isakmp_quick.c b/src/racoon/isakmp_quick.c
88index 46c84c1..2657407 100644
89--- a/src/racoon/isakmp_quick.c
90+++ b/src/racoon/isakmp_quick.c
91@@ -495,18 +495,27 @@ quick_i2recv(iph2, msg0)
92 "isn't supported.\n");
93 break;
94 }
95- if (isakmp_p2ph(&iph2->sa_ret, pa->ptr) < 0)
96+ if (isakmp_p2ph(&iph2->sa_ret, pa->ptr) < 0) {
97+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
98+ "duplicate ISAKMP_NPTYPE_SA.\n");
99 goto end;
100+ }
101 break;
102
103 case ISAKMP_NPTYPE_NONCE:
104- if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0)
105+ if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0) {
106+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
107+ "duplicate ISAKMP_NPTYPE_NONCE.\n");
108 goto end;
109+ }
110 break;
111
112 case ISAKMP_NPTYPE_KE:
113- if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0)
114+ if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0) {
115+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
116+ "duplicate ISAKMP_NPTYPE_KE.\n");
117 goto end;
118+ }
119 break;
120
121 case ISAKMP_NPTYPE_ID:
122@@ -517,6 +526,8 @@ quick_i2recv(iph2, msg0)
123 if (isakmp_p2ph(&idcr, pa->ptr) < 0)
124 goto end;
125 } else {
126+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
127+ "too many ISAKMP_NPTYPE_ID payloads.\n");
128 goto end;
129 }
130 break;
131@@ -557,6 +568,8 @@ quick_i2recv(iph2, msg0)
132 iph2->natoa_dst = daddr;
133 else {
134 racoon_free(daddr);
135+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
136+ "too many ISAKMP_NPTYPE_NATOA payloads.\n");
137 goto end;
138 }
139 }
140@@ -718,6 +731,8 @@ quick_i2recv(iph2, msg0)
141
142 /* validity check SA payload sent from responder */
143 if (ipsecdoi_checkph2proposal(iph2) < 0) {
144+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
145+ "proposal check failed.\n");
146 error = ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN;
147 goto end;
148 }
149@@ -1077,8 +1092,11 @@ quick_r1recv(iph2, msg0)
150 }
151 /* decrypt packet */
152 msg = oakley_do_decrypt(iph2->ph1, msg0, iph2->ivm->iv, iph2->ivm->ive);
153- if (msg == NULL)
154+ if (msg == NULL) {
155+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
156+ "Packet decryption failed.\n");
157 goto end;
158+ }
159
160 /* create buffer for using to validate HASH(1) */
161 /*
162@@ -1162,18 +1180,27 @@ quick_r1recv(iph2, msg0)
163 "Multi SAs isn't supported.\n");
164 goto end;
165 }
166- if (isakmp_p2ph(&iph2->sa, pa->ptr) < 0)
167+ if (isakmp_p2ph(&iph2->sa, pa->ptr) < 0) {
168+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
169+ "duplicate ISAKMP_NPTYPE_SA.\n");
170 goto end;
171+ }
172 break;
173
174 case ISAKMP_NPTYPE_NONCE:
175- if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0)
176+ if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0) {
177+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
178+ "duplicate ISAKMP_NPTYPE_NONCE.\n");
179 goto end;
180+ }
181 break;
182
183 case ISAKMP_NPTYPE_KE:
184- if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0)
185+ if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0) {
186+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
187+ "duplicate ISAKMP_NPTYPE_KE.\n");
188 goto end;
189+ }
190 break;
191
192 case ISAKMP_NPTYPE_ID:
193@@ -1241,6 +1268,9 @@ quick_r1recv(iph2, msg0)
194 iph2->natoa_src = daddr;
195 else {
196 racoon_free(daddr);
197+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
198+ "received too many NAT-OA payloads.\n");
199+ error = ISAKMP_NTYPE_PAYLOAD_MALFORMED;
200 goto end;
201 }
202 }
203@@ -1333,6 +1363,8 @@ quick_r1recv(iph2, msg0)
204 case 0:
205 /* select single proposal or reject it. */
206 if (ipsecdoi_selectph2proposal(iph2) < 0) {
207+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
208+ "no proposal chosen.\n");
209 error = ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN;
210 goto end;
211 }
diff --git a/main/ipsec-tools/90-dpd-window-fix.patch b/main/ipsec-tools/90-dpd-window-fix.patch
new file mode 100644
index 0000000000..d3ac9a9aa2
--- /dev/null
+++ b/main/ipsec-tools/90-dpd-window-fix.patch
@@ -0,0 +1,85 @@
1Index: src/racoon/isakmp_inf.c
2===================================================================
3RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c,v
4retrieving revision 1.41
5diff -u -r1.41 isakmp_inf.c
6--- a/src/racoon/isakmp_inf.c 3 Jul 2009 06:41:46 -0000 1.41
7+++ b/src/racoon/isakmp_inf.c 5 May 2010 15:56:38 -0000
8@@ -1450,17 +1450,16 @@
9 struct isakmp_pl_ru *ru;
10 u_int32_t msgid;
11 {
12+ u_int32_t seq;
13
14 plog(LLV_DEBUG, LOCATION, iph1->remote,
15 "DPD R-U-There-Ack received\n");
16
17- /* XXX Maintain window of acceptable sequence numbers ?
18- * => ru->data <= iph2->dpd_seq &&
19- * ru->data >= iph2->dpd_seq - iph2->dpd_fails ? */
20- if (ntohl(ru->data) != iph1->dpd_seq-1) {
21+ seq = ntohl(ru->data);
22+ if (seq <= iph1->dpd_last_ack || seq > iph1->dpd_seq) {
23 plog(LLV_ERROR, LOCATION, iph1->remote,
24- "Wrong DPD sequence number (%d, %d expected).\n",
25- ntohl(ru->data), iph1->dpd_seq-1);
26+ "Wrong DPD sequence number (%d; last_ack=%d, seq=%d).\n",
27+ seq, iph1->dpd_last_ack, iph1->dpd_seq);
28 return 0;
29 }
30
31@@ -1472,6 +1471,7 @@
32 }
33
34 iph1->dpd_fails = 0;
35+ iph1->dpd_last_ack = seq;
36 sched_cancel(&iph1->dpd_r_u);
37 isakmp_sched_r_u(iph1, 0);
38
39@@ -1535,12 +1535,13 @@
40 memcpy(ru->i_ck, iph1->index.i_ck, sizeof(cookie_t));
41 memcpy(ru->r_ck, iph1->index.r_ck, sizeof(cookie_t));
42
43- if (iph1->dpd_seq == 0){
44+ if (iph1->dpd_seq == 0) {
45 /* generate a random seq which is not too big */
46- srand(time(NULL));
47- iph1->dpd_seq = rand() & 0x0fff;
48+ iph1->dpd_seq = iph1->dpd_last_ack = rand() & 0x0fff;
49 }
50
51+ iph1->dpd_seq++;
52+ iph1->dpd_fails++;
53 ru->data = htonl(iph1->dpd_seq);
54
55 error = isakmp_info_send_common(iph1, payload, ISAKMP_NPTYPE_N, 0);
56@@ -1549,12 +1550,6 @@
57 plog(LLV_DEBUG, LOCATION, iph1->remote,
58 "DPD R-U-There sent (%d)\n", error);
59
60- /* will be decreased if ACK received... */
61- iph1->dpd_fails++;
62-
63- /* XXX should be increased only when ACKed ? */
64- iph1->dpd_seq++;
65-
66 /* Reschedule the r_u_there with a short delay,
67 * will be deleted/rescheduled if ACK received before */
68 isakmp_sched_r_u(iph1, 1);
69Index: src/racoon/handler.h
70===================================================================
71RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.h,v
72retrieving revision 1.22
73diff -u -r1.22 handler.h
74--- a/src/racoon/handler.h 3 Sep 2009 09:29:07 -0000 1.22
75+++ b/src/racoon/handler.h 5 May 2010 15:56:39 -0000
76@@ -202,7 +202,8 @@
77
78 #ifdef ENABLE_DPD
79 int dpd_support; /* Does remote supports DPD ? */
80- u_int16_t dpd_seq; /* DPD seq number to receive */
81+ u_int32_t dpd_last_ack;
82+ u_int32_t dpd_seq; /* DPD seq number to receive */
83 u_int8_t dpd_fails; /* number of failures */
84 struct sched dpd_r_u;
85 #endif
diff --git a/main/ipsec-tools/90-openssl-oneshot.patch b/main/ipsec-tools/90-openssl-oneshot.patch
deleted file mode 100644
index ece12a52dd..0000000000
--- a/main/ipsec-tools/90-openssl-oneshot.patch
+++ /dev/null
@@ -1,210 +0,0 @@
1Index: src/racoon/crypto_openssl.c
2===================================================================
3RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c,v
4retrieving revision 1.19
5diff -u -r1.19 crypto_openssl.c
6--- a/src/racoon/crypto_openssl.c 29 Apr 2009 10:50:01 -0000 1.19
7+++ b/src/racoon/crypto_openssl.c 4 Jun 2010 09:13:18 -0000
8@@ -1800,6 +1800,42 @@
9 return (caddr_t)c;
10 }
11
12+static vchar_t *eay_hmac_one(key, data, type)
13+ vchar_t *key, *data;
14+ const EVP_MD *type;
15+{
16+ vchar_t *res;
17+
18+ if ((res = vmalloc(EVP_MD_size(type))) == 0)
19+ return NULL;
20+
21+ if (!HMAC(type, (void *) key->v, key->l,
22+ (void *) data->v, data->l, (void *) res->v, NULL)) {
23+ vfree(res);
24+ return NULL;
25+ }
26+
27+ return res;
28+}
29+
30+static vchar_t *eay_digest_one(data, type)
31+ vchar_t *data;
32+ const EVP_MD *type;
33+{
34+ vchar_t *res;
35+
36+ if ((res = vmalloc(EVP_MD_size(type))) == 0)
37+ return NULL;
38+
39+ if (!EVP_Digest((void *) data->v, data->l,
40+ (void *) res->v, NULL, type, NULL)) {
41+ vfree(res);
42+ return NULL;
43+ }
44+
45+ return res;
46+}
47+
48 #ifdef WITH_SHA2
49 /*
50 * HMAC SHA2-512
51@@ -1808,14 +1844,7 @@
52 eay_hmacsha2_512_one(key, data)
53 vchar_t *key, *data;
54 {
55- vchar_t *res;
56- caddr_t ctx;
57-
58- ctx = eay_hmacsha2_512_init(key);
59- eay_hmacsha2_512_update(ctx, data);
60- res = eay_hmacsha2_512_final(ctx);
61-
62- return(res);
63+ return eay_hmac_one(key, data, EVP_sha2_512());
64 }
65
66 caddr_t
67@@ -1865,14 +1894,7 @@
68 eay_hmacsha2_384_one(key, data)
69 vchar_t *key, *data;
70 {
71- vchar_t *res;
72- caddr_t ctx;
73-
74- ctx = eay_hmacsha2_384_init(key);
75- eay_hmacsha2_384_update(ctx, data);
76- res = eay_hmacsha2_384_final(ctx);
77-
78- return(res);
79+ return eay_hmac_one(key, data, EVP_sha2_384());
80 }
81
82 caddr_t
83@@ -1922,14 +1944,7 @@
84 eay_hmacsha2_256_one(key, data)
85 vchar_t *key, *data;
86 {
87- vchar_t *res;
88- caddr_t ctx;
89-
90- ctx = eay_hmacsha2_256_init(key);
91- eay_hmacsha2_256_update(ctx, data);
92- res = eay_hmacsha2_256_final(ctx);
93-
94- return(res);
95+ return eay_hmac_one(key, data, EVP_sha2_256());
96 }
97
98 caddr_t
99@@ -1980,14 +1995,7 @@
100 eay_hmacsha1_one(key, data)
101 vchar_t *key, *data;
102 {
103- vchar_t *res;
104- caddr_t ctx;
105-
106- ctx = eay_hmacsha1_init(key);
107- eay_hmacsha1_update(ctx, data);
108- res = eay_hmacsha1_final(ctx);
109-
110- return(res);
111+ return eay_hmac_one(key, data, EVP_sha1());
112 }
113
114 caddr_t
115@@ -2037,14 +2045,7 @@
116 eay_hmacmd5_one(key, data)
117 vchar_t *key, *data;
118 {
119- vchar_t *res;
120- caddr_t ctx;
121-
122- ctx = eay_hmacmd5_init(key);
123- eay_hmacmd5_update(ctx, data);
124- res = eay_hmacmd5_final(ctx);
125-
126- return(res);
127+ return eay_hmac_one(key, data, EVP_md5());
128 }
129
130 caddr_t
131@@ -2130,14 +2131,7 @@
132 eay_sha2_512_one(data)
133 vchar_t *data;
134 {
135- caddr_t ctx;
136- vchar_t *res;
137-
138- ctx = eay_sha2_512_init();
139- eay_sha2_512_update(ctx, data);
140- res = eay_sha2_512_final(ctx);
141-
142- return(res);
143+ return eay_digest_one(data, EVP_sha512());
144 }
145
146 int
147@@ -2190,14 +2184,7 @@
148 eay_sha2_384_one(data)
149 vchar_t *data;
150 {
151- caddr_t ctx;
152- vchar_t *res;
153-
154- ctx = eay_sha2_384_init();
155- eay_sha2_384_update(ctx, data);
156- res = eay_sha2_384_final(ctx);
157-
158- return(res);
159+ return eay_digest_one(data, EVP_sha2_384());
160 }
161
162 int
163@@ -2250,14 +2237,7 @@
164 eay_sha2_256_one(data)
165 vchar_t *data;
166 {
167- caddr_t ctx;
168- vchar_t *res;
169-
170- ctx = eay_sha2_256_init();
171- eay_sha2_256_update(ctx, data);
172- res = eay_sha2_256_final(ctx);
173-
174- return(res);
175+ return eay_digest_one(data, EVP_sha2_256());
176 }
177
178 int
179@@ -2309,14 +2289,7 @@
180 eay_sha1_one(data)
181 vchar_t *data;
182 {
183- caddr_t ctx;
184- vchar_t *res;
185-
186- ctx = eay_sha1_init();
187- eay_sha1_update(ctx, data);
188- res = eay_sha1_final(ctx);
189-
190- return(res);
191+ return eay_digest_one(data, EVP_sha1());
192 }
193
194 int
195@@ -2367,14 +2340,7 @@
196 eay_md5_one(data)
197 vchar_t *data;
198 {
199- caddr_t ctx;
200- vchar_t *res;
201-
202- ctx = eay_md5_init();
203- eay_md5_update(ctx, data);
204- res = eay_md5_final(ctx);
205-
206- return(res);
207+ return eay_digest_one(data, EVP_md5());
208 }
209
210 int
diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD
index dc5fca1b55..7421b05d77 100644
--- a/main/ipsec-tools/APKBUILD
+++ b/main/ipsec-tools/APKBUILD
@@ -1,8 +1,8 @@
1# Maintainer: Natanael Copa <ncopa@alpinelinux.org> 1# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2pkgname=ipsec-tools 2pkgname=ipsec-tools
3pkgver=0.8_alpha20090903 3pkgver=0.8_alpha20101022
4_myver=0.8-alpha20090903 4_myver=0.8-alpha20101022
5pkgrel=11 5pkgrel=0
6pkgdesc="User-space IPsec tools for various IPsec implementations" 6pkgdesc="User-space IPsec tools for various IPsec implementations"
7url="http://ipsec-tools.sourceforge.net/" 7url="http://ipsec-tools.sourceforge.net/"
8license="BSD" 8license="BSD"
@@ -13,12 +13,9 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$_myver.tar.gz
13 racoon.initd 13 racoon.initd
14 racoon.confd 14 racoon.confd
15 50-reverse-connect.patch 15 50-reverse-connect.patch
16 60-debug-quick.patch
17 initial-contact-fix.diff
18 fd-priorities.patch
19 70-rcvbuf-size.patch 16 70-rcvbuf-size.patch
20 75-racoonctl-rcvbuf.patch 17 75-racoonctl-rcvbuf.patch
21 90-openssl-oneshot.patch 18 90-dpd-window-fix.patch
22 " 19 "
23 20
24_builddir="$srcdir"/$pkgname-$_myver 21_builddir="$srcdir"/$pkgname-$_myver
@@ -28,7 +25,6 @@ prepare() {
28 msg "Applying $i..." 25 msg "Applying $i..."
29 patch -p1 -i $i || return 1 26 patch -p1 -i $i || return 1
30 done 27 done
31 patch -p0 -i "$srcdir"/initial-contact-fix.diff || return 1
32 28
33 sed -i 's:-Werror::g' configure 29 sed -i 's:-Werror::g' configure
34} 30}
@@ -59,13 +55,10 @@ package() {
59 install -D -m644 ../racoon.confd "$pkgdir"/etc/conf.d/racoon 55 install -D -m644 ../racoon.confd "$pkgdir"/etc/conf.d/racoon
60} 56}
61 57
62md5sums="8ec28d4e89c0f5e49ae2caa7463fbcfd ipsec-tools-0.8-alpha20090903.tar.gz 58md5sums="1492b83edc944b5d32d2eff51e33399e ipsec-tools-0.8-alpha20101022.tar.gz
6374f12ed04ed273a738229c0bfbf829cc racoon.initd 5974f12ed04ed273a738229c0bfbf829cc racoon.initd
642d00250cf72da7f2f559c91b65a48747 racoon.confd 602d00250cf72da7f2f559c91b65a48747 racoon.confd
6513bda94a598aabf593280e04ea16065d 50-reverse-connect.patch 6113bda94a598aabf593280e04ea16065d 50-reverse-connect.patch
66baa13d7f0f48955c792f7fcd42a8587a 60-debug-quick.patch
6769e06c5cc3a0c1cc8b10ddc89d1e644b initial-contact-fix.diff
68c1e8b8dc80ef4b5d79fece52a4865e68 fd-priorities.patch
69f40c78e4ca4b92d2bf74e4fcf3a8d91f 70-rcvbuf-size.patch 62f40c78e4ca4b92d2bf74e4fcf3a8d91f 70-rcvbuf-size.patch
702d5d24c4a3684a38584f88720f71c7d6 75-racoonctl-rcvbuf.patch 632d5d24c4a3684a38584f88720f71c7d6 75-racoonctl-rcvbuf.patch
7111e2c21e443edab17725f74ffeaddb76 90-openssl-oneshot.patch" 640391a6967ad19673588302bc8b17e0e2 90-dpd-window-fix.patch"
diff --git a/main/ipsec-tools/fd-priorities.patch b/main/ipsec-tools/fd-priorities.patch
deleted file mode 100644
index 68fc4b3455..0000000000
--- a/main/ipsec-tools/fd-priorities.patch
+++ /dev/null
@@ -1,285 +0,0 @@
1? .msg
2? ChangeLog
3? alpine-config
4? commiters.txt
5? fd-priorities-2.patch
6? fd-priorities.patch
7? ipsec-tools-0.8-alpha20090820.tar.bz2
8? ipsec-tools-0.8-alpha20090903.tar.bz2
9? local-changes.diff
10? patch-to-support-cast128-cbc-algorithm.patch
11? racoon.txt
12? rpm/Makefile
13? rpm/Makefile.in
14? rpm/ipsec-tools.spec
15? rpm/suse/Makefile
16? rpm/suse/Makefile.in
17? rpm/suse/ipsec-tools.spec
18? src/Makefile
19? src/Makefile.in
20? src/include-glibc/.includes
21? src/include-glibc/Makefile
22? src/include-glibc/Makefile.in
23? src/libipsec/.deps
24? src/libipsec/.libs
25? src/libipsec/Makefile
26? src/libipsec/Makefile.in
27? src/libipsec/ipsec_dump_policy.lo
28? src/libipsec/ipsec_get_policylen.lo
29? src/libipsec/ipsec_strerror.lo
30? src/libipsec/key_debug.lo
31? src/libipsec/libipsec.la
32? src/libipsec/pfkey.lo
33? src/libipsec/pfkey_dump.lo
34? src/libipsec/policy_parse.c
35? src/libipsec/policy_parse.h
36? src/libipsec/policy_parse.lo
37? src/libipsec/policy_token.c
38? src/libipsec/policy_token.lo
39? src/racoon/.deps
40? src/racoon/.libs
41? src/racoon/Makefile
42? src/racoon/Makefile.in
43? src/racoon/cfparse.c
44? src/racoon/cfparse.h
45? src/racoon/cftoken.c
46? src/racoon/eaytest
47? src/racoon/libracoon.la
48? src/racoon/libracoon_la-kmpstat.lo
49? src/racoon/libracoon_la-misc.lo
50? src/racoon/libracoon_la-sockmisc.lo
51? src/racoon/libracoon_la-vmbuf.lo
52? src/racoon/plainrsa-gen
53? src/racoon/prsa_par.c
54? src/racoon/prsa_par.h
55? src/racoon/prsa_tok.c
56? src/racoon/racoon
57? src/racoon/racoonctl
58? src/racoon/samples/psk.txt
59? src/racoon/samples/racoon.conf
60? src/setkey/.deps
61? src/setkey/.libs
62? src/setkey/Makefile
63? src/setkey/Makefile.in
64? src/setkey/parse.c
65? src/setkey/parse.h
66? src/setkey/setkey
67? src/setkey/token.c
68Index: src/racoon/admin.c
69===================================================================
70RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/admin.c,v
71retrieving revision 1.32
72diff -u -r1.32 admin.c
73--- a/src/racoon/admin.c 3 Sep 2009 09:29:07 -0000 1.32
74+++ b/src/racoon/admin.c 9 Mar 2010 07:50:46 -0000
75@@ -734,7 +734,7 @@
76 return -1;
77 }
78
79- monitor_fd(lcconf->sock_admin, admin_handler, NULL);
80+ monitor_fd(lcconf->sock_admin, admin_handler, NULL, 0);
81 plog(LLV_DEBUG, LOCATION, NULL,
82 "open %s as racoon management.\n", sunaddr.sun_path);
83
84Index: src/racoon/evt.c
85===================================================================
86RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/evt.c,v
87retrieving revision 1.9
88diff -u -r1.9 evt.c
89--- a/src/racoon/evt.c 23 Jan 2009 08:05:58 -0000 1.9
90+++ b/src/racoon/evt.c 9 Mar 2010 07:50:46 -0000
91@@ -373,7 +373,7 @@
92
93 LIST_INSERT_HEAD(list, l, ll_chain);
94 l->fd = fd;
95- monitor_fd(l->fd, evt_unsubscribe_cb, l);
96+ monitor_fd(l->fd, evt_unsubscribe_cb, l, 0);
97
98 plog(LLV_DEBUG, LOCATION, NULL,
99 "[%d] admin connection is polling events\n", fd);
100Index: src/racoon/grabmyaddr.c
101===================================================================
102RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c,v
103retrieving revision 1.23
104diff -u -r1.23 grabmyaddr.c
105--- a/src/racoon/grabmyaddr.c 3 Jul 2009 06:41:46 -0000 1.23
106+++ b/src/racoon/grabmyaddr.c 9 Mar 2010 07:50:46 -0000
107@@ -296,7 +296,7 @@
108 lcconf->rtsock = kernel_open_socket();
109 if (lcconf->rtsock < 0)
110 return -1;
111- monitor_fd(lcconf->rtsock, kernel_receive, NULL);
112+ monitor_fd(lcconf->rtsock, kernel_receive, NULL, 0);
113 } else {
114 lcconf->rtsock = -1;
115 if (!myaddr_open_all_configured(NULL))
116Index: src/racoon/isakmp.c
117===================================================================
118RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c,v
119retrieving revision 1.60
120diff -u -r1.60 isakmp.c
121--- a/src/racoon/isakmp.c 3 Sep 2009 09:29:07 -0000 1.60
122+++ b/src/racoon/isakmp.c 9 Mar 2010 07:50:48 -0000
123@@ -1720,7 +1720,7 @@
124 "%s used as isakmp port (fd=%d)\n",
125 saddr2str(addr), fd);
126
127- monitor_fd(fd, isakmp_handler, NULL);
128+ monitor_fd(fd, isakmp_handler, NULL, 1);
129 return fd;
130
131 err:
132Index: src/racoon/pfkey.c
133===================================================================
134RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/pfkey.c,v
135retrieving revision 1.52
136diff -u -r1.52 pfkey.c
137--- a/src/racoon/pfkey.c 9 Feb 2010 23:05:16 -0000 1.52
138+++ b/src/racoon/pfkey.c 9 Mar 2010 07:50:49 -0000
139@@ -487,7 +487,7 @@
140 return -1;
141 }
142 #endif
143- monitor_fd(lcconf->sock_pfkey, pfkey_handler, NULL);
144+ monitor_fd(lcconf->sock_pfkey, pfkey_handler, NULL, 0);
145 return 0;
146 }
147
148Index: src/racoon/session.c
149===================================================================
150RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/session.c,v
151retrieving revision 1.27
152diff -u -r1.27 session.c
153--- a/src/racoon/session.c 4 Mar 2010 15:13:53 -0000 1.27
154+++ b/src/racoon/session.c 9 Mar 2010 07:50:50 -0000
155@@ -103,8 +103,13 @@
156 struct fd_monitor {
157 int (*callback)(void *ctx, int fd);
158 void *ctx;
159+ int prio;
160+ int fd;
161+ TAILQ_ENTRY(fd_monitor) chain;
162 };
163
164+#define NUM_PRIORITIES 2
165+
166 static void close_session __P((void));
167 static void initfds __P((void));
168 static void init_signal __P((void));
169@@ -115,13 +120,14 @@
170
171 static fd_set preset_mask, active_mask;
172 static struct fd_monitor fd_monitors[FD_SETSIZE];
173+static TAILQ_HEAD(fd_monitor_list, fd_monitor) fd_monitor_tree[NUM_PRIORITIES];
174 static int nfds = 0;
175
176 static volatile sig_atomic_t sigreq[NSIG + 1];
177 static struct sched scflushsa = SCHED_INITIALIZER();
178
179 void
180-monitor_fd(int fd, int (*callback)(void *, int), void *ctx)
181+monitor_fd(int fd, int (*callback)(void *, int), void *ctx, int priority)
182 {
183 if (fd < 0 || fd >= FD_SETSIZE) {
184 plog(LLV_ERROR, LOCATION, NULL, "fd_set overrun");
185@@ -131,9 +137,17 @@
186 FD_SET(fd, &preset_mask);
187 if (fd > nfds)
188 nfds = fd;
189+ if (priority <= 0)
190+ priority = 0;
191+ if (priority >= NUM_PRIORITIES)
192+ priority = NUM_PRIORITIES - 1;
193
194 fd_monitors[fd].callback = callback;
195 fd_monitors[fd].ctx = ctx;
196+ fd_monitors[fd].prio = priority;
197+ fd_monitors[fd].fd = fd;
198+ TAILQ_INSERT_TAIL(&fd_monitor_tree[priority],
199+ &fd_monitors[fd], chain);
200 }
201
202 void
203@@ -144,10 +158,15 @@
204 exit(1);
205 }
206
207+ if (fd_monitors[fd].callback == NULL)
208+ return;
209+
210 FD_CLR(fd, &preset_mask);
211 FD_CLR(fd, &active_mask);
212 fd_monitors[fd].callback = NULL;
213 fd_monitors[fd].ctx = NULL;
214+ TAILQ_REMOVE(&fd_monitor_tree[fd_monitors[fd].prio],
215+ &fd_monitors[fd], chain);
216 }
217
218 int
219@@ -158,11 +177,15 @@
220 char pid_file[MAXPATHLEN];
221 FILE *fp;
222 pid_t racoon_pid = 0;
223- int i;
224+ int i, count;
225+ struct fd_monitor *fdm;
226
227 nfds = 0;
228 FD_ZERO(&preset_mask);
229
230+ for (i = 0; i < NUM_PRIORITIES; i++)
231+ TAILQ_INIT(&fd_monitor_tree[i]);
232+
233 /* initialize schedular */
234 sched_init();
235 init_signal();
236@@ -291,16 +314,24 @@
237 /*NOTREACHED*/
238 }
239
240- for (i = 0; i <= nfds; i++) {
241- if (!FD_ISSET(i, &active_mask))
242- continue;
243-
244- if (fd_monitors[i].callback != NULL)
245- fd_monitors[i].callback(fd_monitors[i].ctx, i);
246- else
247- plog(LLV_ERROR, LOCATION, NULL,
248- "fd %d set, but no active callback\n", i);
249+ count = 0;
250+ for (i = 0; i < NUM_PRIORITIES; i++) {
251+ TAILQ_FOREACH(fdm, &fd_monitor_tree[i], chain) {
252+ if (!FD_ISSET(fdm->fd, &active_mask))
253+ continue;
254+
255+ FD_CLR(fdm->fd, &active_mask);
256+ if (fdm->callback != NULL) {
257+ fdm->callback(fdm->ctx, fdm->fd);
258+ count++;
259+ } else
260+ plog(LLV_ERROR, LOCATION, NULL,
261+ "fd %d set, but no active callback\n", i);
262+ }
263+ if (count != 0)
264+ break;
265 }
266+
267 }
268 }
269
270Index: src/racoon/session.h
271===================================================================
272RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/session.h,v
273retrieving revision 1.8
274diff -u -r1.8 session.h
275--- a/src/racoon/session.h 23 Jan 2009 08:05:58 -0000 1.8
276+++ b/src/racoon/session.h 9 Mar 2010 07:50:50 -0000
277@@ -37,7 +37,7 @@
278 extern int session __P((void));
279 extern RETSIGTYPE signal_handler __P((int));
280
281-extern void monitor_fd __P((int fd, int (*callback)(void *, int), void *ctx));
282+extern void monitor_fd __P((int fd, int (*callback)(void *, int), void *ctx, int priority));
283 extern void unmonitor_fd __P((int fd));
284
285 #endif /* _SESSION_H */
diff --git a/main/ipsec-tools/initial-contact-fix.diff b/main/ipsec-tools/initial-contact-fix.diff
deleted file mode 100644
index 370418be09..0000000000
--- a/main/ipsec-tools/initial-contact-fix.diff
+++ /dev/null
@@ -1,71 +0,0 @@
1Index: src/racoon/admin.c
2===================================================================
3RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/admin.c,v
4retrieving revision 1.32
5diff -u -r1.32 admin.c
6--- src/racoon/admin.c 3 Sep 2009 09:29:07 -0000 1.32
7+++ src/racoon/admin.c 10 Dec 2009 14:38:47 -0000
8@@ -299,9 +299,8 @@
9 break;
10
11 case ADMIN_DELETE_SA: {
12- struct ph1handle *iph1;
13- struct ph1selector sel;
14 char *loc, *rem;
15+ struct ph1selector sel;
16
17 memset(&sel, 0, sizeof(sel));
18 sel.local = (struct sockaddr *)
19@@ -319,6 +318,7 @@
20 plog(LLV_INFO, LOCATION, NULL,
21 "admin delete-sa %s %s\n", loc, rem);
22 enumph1(&sel, admin_ph1_delete_sa, NULL);
23+ remcontacted(sel.remote);
24
25 racoon_free(loc);
26 racoon_free(rem);
27Index: src/racoon/handler.c
28===================================================================
29RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.c,v
30retrieving revision 1.31
31diff -u -r1.31 handler.c
32--- src/racoon/handler.c 22 Nov 2009 19:34:55 -0000 1.31
33+++ src/racoon/handler.c 10 Dec 2009 14:38:48 -0000
34@@ -966,6 +966,22 @@
35 }
36
37 void
38+remcontacted(remote)
39+ struct sockaddr *remote;
40+{
41+ struct contacted *p;
42+
43+ LIST_FOREACH(p, &ctdtree, chain) {
44+ if (cmpsaddr(remote, p->remote) == 0) {
45+ LIST_REMOVE(p, chain);
46+ racoon_free(p->remote);
47+ racoon_free(p);
48+ break;
49+ }
50+ }
51+}
52+
53+void
54 initctdtree()
55 {
56 LIST_INIT(&ctdtree);
57Index: src/racoon/handler.h
58===================================================================
59RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.h,v
60retrieving revision 1.22
61diff -u -r1.22 handler.h
62--- src/racoon/handler.h 3 Sep 2009 09:29:07 -0000 1.22
63+++ src/racoon/handler.h 10 Dec 2009 14:38:48 -0000
64@@ -518,6 +518,7 @@
65
66 extern struct contacted *getcontacted __P((struct sockaddr *));
67 extern int inscontacted __P((struct sockaddr *));
68+extern void remcontacted __P((struct sockaddr *));
69 extern void initctdtree __P((void));
70
71 extern int check_recvdpkt __P((struct sockaddr *,
© 2015 Mike Crute