aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2015-06-05 10:22:12 +0300
committerTimo Teräs <timo.teras@iki.fi>2015-06-05 10:22:22 +0300
commit585bfa9a7ba9d9e08d53b891bc6514605129ed1b (patch)
treee64e3623179447b0e27408ceb8d1709ba7aecc2b
parentf3d3e32c29e6903a9bb93e19ee086c6b92a409a6 (diff)
downloadaports-585bfa9a7ba9d9e08d53b891bc6514605129ed1b.tar.bz2
aports-585bfa9a7ba9d9e08d53b891bc6514605129ed1b.tar.xz
main/strongswan: don't set gre ports for SPDs
workaround for certain dmvpn issues due to not supporting grekey handling in charon.
-rw-r--r--main/strongswan/0005-kernel-netlink-ignore-ports-for-gre-protocol.patch36
-rw-r--r--main/strongswan/APKBUILD6
2 files changed, 41 insertions, 1 deletions
diff --git a/main/strongswan/0005-kernel-netlink-ignore-ports-for-gre-protocol.patch b/main/strongswan/0005-kernel-netlink-ignore-ports-for-gre-protocol.patch
new file mode 100644
index 0000000000..9d0247b8fa
--- /dev/null
+++ b/main/strongswan/0005-kernel-netlink-ignore-ports-for-gre-protocol.patch
@@ -0,0 +1,36 @@
+From 9645c87adbfcbfba2ace8a51a5df31448512112c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Fri, 5 Jun 2015 10:19:38 +0300
+Subject: [PATCH] kernel-netlink: ignore ports for gre protocol
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Netlink supports matching a grekey from using the port data. But
+charon does not handle grekey negotiation currently, so just ignore
+them for now.
+
+Signed-off-by: Timo Teräs <timo.teras@iki.fi>
+---
+ src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+index f22e07d..5ce6b32 100644
+--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
++++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+@@ -754,6 +754,11 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src,
+ sel.sport = htons(port & 0xff);
+ sel.dport = htons(port >> 8);
+ }
++ else if (sel.proto == IPPROTO_GRE)
++ {
++ sel.sport = sel.dport = 0;
++ sel.sport_mask = sel.dport_mask = 0;
++ }
+ sel.ifindex = 0;
+ sel.user = 0;
+
+--
+2.4.2
+
diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD
index 4860b5d85c..52d844e980 100644
--- a/main/strongswan/APKBUILD
+++ b/main/strongswan/APKBUILD
@@ -3,7 +3,7 @@
pkgname=strongswan
pkgver=5.3.1
_pkgver=${pkgver//_rc/rc}
-pkgrel=1
+pkgrel=2
pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
url="http://www.strongswan.org/"
arch="all"
@@ -20,6 +20,7 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
0002-vici-send-certificates-for-ike-sa-events.patch
0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
0004-vici-support-asynchronous-initiation.patch
+ 0005-kernel-netlink-ignore-ports-for-gre-protocol.patch
strongswan.initd
charon.initd"
@@ -107,6 +108,7 @@ e553c5e9a895a2d95b1cbc33407d64a0 0001-charon-add-optional-source-and-remote-ove
8bea05feac6f4e90c4973b2459864437 0002-vici-send-certificates-for-ike-sa-events.patch
125c4e648f73b0dbdaa741ac13ed6d87 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
f65811bd1ae6e7f98cf9d76928a0aa03 0004-vici-support-asynchronous-initiation.patch
+8616a8800d40662176214df4749d6780 0005-kernel-netlink-ignore-ports-for-gre-protocol.patch
85ebc1b6c6b9c0c6640d8136e97da8e1 strongswan.initd
7962a720ebef6892d80a3cbdab72c204 charon.initd"
sha256sums="83fa7b004e65356ff5bb755d9d0e03901d578a99e90b6328a350a4335a32f6de strongswan-5.3.1.tar.bz2
@@ -114,6 +116,7 @@ a472df28677d4f43a063926a65b52b317dfca0b74f8c6a2e3bf852b94fbf5f0f 0001-charon-ad
c1cfe3d1e3345238e125a46a492f8dc0800aa3dc75aea060d54cdbab35fd60cb 0002-vici-send-certificates-for-ike-sa-events.patch
4e08d4fe01717de0601411b4756141394ced2d3107adc47f2c2beac2f92a967e 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
42171ee35e7679fe3d4efb80fdb121b0a7ea8df5cf3395bbcccb97d56327027c 0004-vici-support-asynchronous-initiation.patch
+3c2e91b6bdf051ecba3c2c9c5575b617998eb471a4b570c9c5c4e59505599439 0005-kernel-netlink-ignore-ports-for-gre-protocol.patch
ad43d1ed2585d84e12ad1e67fbdfe93983c424c5c64b230d5027c0aae496c65f strongswan.initd
97b018796f0f15106b70694449cff36e8fc586292aab09ef83a05c0c13142e73 charon.initd"
sha512sums="b789c18de1fa6663d8140c4173c2fe9b668e7741098340aad439e7346d4542df702f59760d1886d82d68c070ebde3121b5b29ccdab031876399d0d5d771f1381 strongswan-5.3.1.tar.bz2
@@ -121,5 +124,6 @@ sha512sums="b789c18de1fa6663d8140c4173c2fe9b668e7741098340aad439e7346d4542df702f
ca6eec72f75f243234baa1b361ab6dba82a810d1efb01dbcfd16cd7ce104c3f18fb932c1f6f280a566bfcbe16bc67d7d55e024f72c9eef82a62fe78505293c5c 0002-vici-send-certificates-for-ike-sa-events.patch
2e28af9043cab41f16c57f41ccb65b6591ec32d50a811bd393c4dcf7f0ffe81fac67679c41b716dfc74fca9ebedd178fe0b572b1c2cda3ccc685a0ad0d02f65a 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
39e4a9839b2f6f42f662620b20697c684b90949622f8cc21c393ca55ab40e669befd1d2055e0f0c799cf37733a37bbf4df2b9cebc984a45bb66ecba6fa0ef116 0004-vici-support-asynchronous-initiation.patch
+e93856948afbb331c4faa32a008e2948088107b45585d52d67b40aaa819e76246096fc4e71d30ef9b7f41f7e5b41bf58b804569e313c1cb8b0e2e29f6391580e 0005-kernel-netlink-ignore-ports-for-gre-protocol.patch
b56008c07b804dacb3441d3802880058986ab7b314297fe485649a771861885b9232f9fd53b94faa3388a5e9330e2b38a86af5c04f3ff119199720043967ec64 strongswan.initd
6f3abaaa8da0925f06cdd184fdf534518e40c49533dba427dbf31dbe88172e5626bdc9aadf798d791f82fbded08801c1f565d514e2c289e1f28448d0c2e72b79 charon.initd"