diff options
| author | Andrew Manison <amanison@anselsystems.com> | 2011-02-16 19:14:26 +0000 |
|---|---|---|
| committer | Andrew Manison <amanison@anselsystems.com> | 2011-02-16 19:14:26 +0000 |
| commit | 71e39ce025e46b17e9634cb8fdeec7af04f2f0fa (patch) | |
| tree | ab6569d59ab7f79ae8cb7c677658f9ba12854069 /main/ipsec-tools | |
| parent | 01fd4f6611dd2b61cd8ceee01b4a454d74bbbc51 (diff) | |
| parent | 692f71db5a7621fe29b255de3ef9ae973b74eacb (diff) | |
| download | aports-71e39ce025e46b17e9634cb8fdeec7af04f2f0fa.tar.bz2 aports-71e39ce025e46b17e9634cb8fdeec7af04f2f0fa.tar.xz | |
Merge branch 'master' of ssh://git.alpinelinux.org/gitroot/aports-amanison
Conflicts:
main/iaxmodem/APKBUILD
Diffstat (limited to 'main/ipsec-tools')
| -rw-r--r-- | main/ipsec-tools/60-debug-quick.patch | 211 | ||||
| -rw-r--r-- | main/ipsec-tools/70-defer-isakmp-ident-handling.patch | 179 | ||||
| -rw-r--r-- | main/ipsec-tools/75-racoonctl-rcvbuf.patch | 33 | ||||
| -rw-r--r-- | main/ipsec-tools/APKBUILD | 20 | ||||
| -rw-r--r-- | main/ipsec-tools/fd-priorities.patch | 285 | ||||
| -rw-r--r-- | main/ipsec-tools/initial-contact-fix.diff | 71 |
6 files changed, 221 insertions, 578 deletions
diff --git a/main/ipsec-tools/60-debug-quick.patch b/main/ipsec-tools/60-debug-quick.patch deleted file mode 100644 index a5c3346ee9..0000000000 --- a/main/ipsec-tools/60-debug-quick.patch +++ /dev/null @@ -1,211 +0,0 @@ -debugging prints for quick mode errors - -From: Timo Teras <timo.teras@iki.fi> - - ---- - - src/racoon/isakmp.c | 21 ++++++++++++++------- - src/racoon/isakmp_quick.c | 46 ++++++++++++++++++++++++++++++++++++++------- - 2 files changed, 53 insertions(+), 14 deletions(-) - - -diff --git a/src/racoon/isakmp.c b/src/racoon/isakmp.c -index 2dfda2f..87ce598 100644 ---- a/src/racoon/isakmp.c -+++ b/src/racoon/isakmp.c -@@ -817,7 +817,8 @@ ph1_main(iph1, msg) - - if (iph1->side == RESPONDER && iph1->status == PHASE1ST_START) { - plog(LLV_ERROR, LOCATION, iph1->remote, -- "failed to pre-process packet.\n"); -+ "failed to pre-process ph1 packet (side: %d, status %d).\n", -+ iph1->side, iph1->status); - return -1; - } else { - /* ignore the error and keep phase 1 handler */ -@@ -845,7 +846,8 @@ ph1_main(iph1, msg) - [iph1->side] - [iph1->status])(iph1, msg) != 0) { - plog(LLV_ERROR, LOCATION, iph1->remote, -- "failed to process packet.\n"); -+ "failed to process ph1 packet (side: %d, status: %d).\n", -+ iph1->side, iph1->status); - return -1; - } - -@@ -997,7 +999,8 @@ quick_main(iph2, msg) - [iph2->status])(iph2, msg); - if (error != 0) { - plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -- "failed to pre-process packet.\n"); -+ "failed to pre-process ph2 packet (side: %d, status %d).\n", -+ iph2->side, iph2->status); - if (error == ISAKMP_INTERNAL_ERROR) - return 0; - isakmp_info_send_n1(iph2->ph1, error, NULL); -@@ -1025,7 +1028,8 @@ quick_main(iph2, msg) - [iph2->side] - [iph2->status])(iph2, msg) != 0) { - plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -- "failed to process packet.\n"); -+ "failed to process ph2 packet (side: %d, status: %d).\n", -+ iph2->side, iph2->status); - return -1; - } - -@@ -1233,7 +1237,8 @@ isakmp_ph1begin_r(msg, remote, local, etype) - [iph1->side] - [iph1->status])(iph1, msg) < 0) { - plog(LLV_ERROR, LOCATION, remote, -- "failed to process packet.\n"); -+ "failed to process ph1 packet (side: %d, status: %d).\n", -+ iph1->side, iph1->status); - remph1(iph1); - delph1(iph1); - return -1; -@@ -1386,7 +1391,8 @@ isakmp_ph2begin_r(iph1, msg) - [iph2->status])(iph2, msg); - if (error != 0) { - plog(LLV_ERROR, LOCATION, iph1->remote, -- "failed to pre-process packet.\n"); -+ "failed to pre-process ph2 packet (side: %d, status: %d).\n", -+ iph2->side, iph2->status); - if (error != ISAKMP_INTERNAL_ERROR) - isakmp_info_send_n1(iph2->ph1, error, NULL); - /* -@@ -1404,7 +1410,8 @@ isakmp_ph2begin_r(iph1, msg) - [iph2->side] - [iph2->status])(iph2, msg) < 0) { - plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -- "failed to process packet.\n"); -+ "failed to process ph2 packet (side: %d, status: %d).\n", -+ iph2->side, iph2->status); - /* don't release handler */ - return -1; - } -diff --git a/src/racoon/isakmp_quick.c b/src/racoon/isakmp_quick.c -index 46c84c1..2657407 100644 ---- a/src/racoon/isakmp_quick.c -+++ b/src/racoon/isakmp_quick.c -@@ -495,18 +495,27 @@ quick_i2recv(iph2, msg0) - "isn't supported.\n"); - break; - } -- if (isakmp_p2ph(&iph2->sa_ret, pa->ptr) < 0) -+ if (isakmp_p2ph(&iph2->sa_ret, pa->ptr) < 0) { -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "duplicate ISAKMP_NPTYPE_SA.\n"); - goto end; -+ } - break; - - case ISAKMP_NPTYPE_NONCE: -- if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0) -+ if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0) { -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "duplicate ISAKMP_NPTYPE_NONCE.\n"); - goto end; -+ } - break; - - case ISAKMP_NPTYPE_KE: -- if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0) -+ if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0) { -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "duplicate ISAKMP_NPTYPE_KE.\n"); - goto end; -+ } - break; - - case ISAKMP_NPTYPE_ID: -@@ -517,6 +526,8 @@ quick_i2recv(iph2, msg0) - if (isakmp_p2ph(&idcr, pa->ptr) < 0) - goto end; - } else { -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "too many ISAKMP_NPTYPE_ID payloads.\n"); - goto end; - } - break; -@@ -557,6 +568,8 @@ quick_i2recv(iph2, msg0) - iph2->natoa_dst = daddr; - else { - racoon_free(daddr); -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "too many ISAKMP_NPTYPE_NATOA payloads.\n"); - goto end; - } - } -@@ -718,6 +731,8 @@ quick_i2recv(iph2, msg0) - - /* validity check SA payload sent from responder */ - if (ipsecdoi_checkph2proposal(iph2) < 0) { -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "proposal check failed.\n"); - error = ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN; - goto end; - } -@@ -1077,8 +1092,11 @@ quick_r1recv(iph2, msg0) - } - /* decrypt packet */ - msg = oakley_do_decrypt(iph2->ph1, msg0, iph2->ivm->iv, iph2->ivm->ive); -- if (msg == NULL) -+ if (msg == NULL) { -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "Packet decryption failed.\n"); - goto end; -+ } - - /* create buffer for using to validate HASH(1) */ - /* -@@ -1162,18 +1180,27 @@ quick_r1recv(iph2, msg0) - "Multi SAs isn't supported.\n"); - goto end; - } -- if (isakmp_p2ph(&iph2->sa, pa->ptr) < 0) -+ if (isakmp_p2ph(&iph2->sa, pa->ptr) < 0) { -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "duplicate ISAKMP_NPTYPE_SA.\n"); - goto end; -+ } - break; - - case ISAKMP_NPTYPE_NONCE: -- if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0) -+ if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0) { -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "duplicate ISAKMP_NPTYPE_NONCE.\n"); - goto end; -+ } - break; - - case ISAKMP_NPTYPE_KE: -- if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0) -+ if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0) { -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "duplicate ISAKMP_NPTYPE_KE.\n"); - goto end; -+ } - break; - - case ISAKMP_NPTYPE_ID: -@@ -1241,6 +1268,9 @@ quick_r1recv(iph2, msg0) - iph2->natoa_src = daddr; - else { - racoon_free(daddr); -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "received too many NAT-OA payloads.\n"); -+ error = ISAKMP_NTYPE_PAYLOAD_MALFORMED; - goto end; - } - } -@@ -1333,6 +1363,8 @@ quick_r1recv(iph2, msg0) - case 0: - /* select single proposal or reject it. */ - if (ipsecdoi_selectph2proposal(iph2) < 0) { -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "no proposal chosen.\n"); - error = ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN; - goto end; - } diff --git a/main/ipsec-tools/70-defer-isakmp-ident-handling.patch b/main/ipsec-tools/70-defer-isakmp-ident-handling.patch new file mode 100644 index 0000000000..9be37aa154 --- /dev/null +++ b/main/ipsec-tools/70-defer-isakmp-ident-handling.patch @@ -0,0 +1,179 @@ +Index: src/racoon/isakmp.c +=================================================================== +RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c,v +retrieving revision 1.63 +diff -u -r1.63 isakmp.c +--- a/src/racoon/isakmp.c 21 Oct 2010 06:15:28 -0000 1.63 ++++ b/src/racoon/isakmp.c 29 Oct 2010 10:51:28 -0000 +@@ -130,6 +130,10 @@ + # define SOL_UDP IPPROTO_UDP + # endif /* __NetBSD__ / __FreeBSD__ */ + ++vchar_t *postponed_buf; ++struct sockaddr_storage postponed_remote; ++struct sockaddr_storage postponed_local; ++ + static int nostate1 __P((struct ph1handle *, vchar_t *)); + static int nostate2 __P((struct ph2handle *, vchar_t *)); + +@@ -177,7 +181,7 @@ + + static u_char r_ck0[] = { 0,0,0,0,0,0,0,0 }; /* used to verify the r_ck. */ + +-static int isakmp_main __P((vchar_t *, struct sockaddr *, struct sockaddr *)); ++/* static int isakmp_main __P((vchar_t *, struct sockaddr *, struct sockaddr *)); */ + static int ph1_main __P((struct ph1handle *, vchar_t *)); + static int quick_main __P((struct ph2handle *, vchar_t *)); + static int isakmp_ph1begin_r __P((vchar_t *, +@@ -374,10 +378,17 @@ + } + + /* isakmp main routine */ +- if (isakmp_main(buf, (struct sockaddr *)&remote, +- (struct sockaddr *)&local) != 0) goto end; +- +- error = 0; ++ res = isakmp_main(buf, (struct sockaddr *)&remote, ++ (struct sockaddr *)&local); ++ if (res == 0) { ++ error = 0; ++ } else if (res == -42424 && postponed_buf == NULL) { ++ postponed_buf = buf; ++ postponed_remote = remote; ++ postponed_local = local; ++ buf = NULL; ++ error = 0; ++ } + + end: + if (tmpbuf != NULL) +@@ -390,7 +401,7 @@ + /* + * main processing to handle isakmp payload + */ +-static int ++int + isakmp_main(msg, remote, local) + vchar_t *msg; + struct sockaddr *remote, *local; +@@ -399,6 +410,7 @@ + isakmp_index *index = (isakmp_index *)isakmp; + u_int32_t msgid = isakmp->msgid; + struct ph1handle *iph1; ++ int rc; + + #ifdef HAVE_PRINT_ISAKMP_C + isakmp_printpacket(msg, remote, local, 0); +@@ -604,12 +616,14 @@ + #endif + + /* call main process of phase 1 */ +- if (ph1_main(iph1, msg) < 0) { +- plog(LLV_ERROR, LOCATION, iph1->remote, +- "phase1 negotiation failed.\n"); +- remph1(iph1); +- delph1(iph1); +- return -1; ++ if ((rc=ph1_main(iph1, msg)) < 0) { ++ if (rc != -42424) { ++ plog(LLV_ERROR, LOCATION, iph1->remote, ++ "phase1 negotiation failed.\n"); ++ remph1(iph1); ++ delph1(iph1); ++ } ++ return rc; + } + break; + +@@ -813,10 +827,11 @@ + "failed to pre-process ph1 packet (side: %d, status %d).\n", + iph1->side, iph1->status); + return -1; +- } else { +- /* ignore the error and keep phase 1 handler */ +- return 0; + } ++ if (error == -42424) ++ return error; ++ /* ignore the error and keep phase 1 handler */ ++ return 0; + } + + #ifndef ENABLE_FRAG +Index: src/racoon/isakmp_ident.c +=================================================================== +RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp_ident.c,v +retrieving revision 1.13 +diff -u -r1.13 isakmp_ident.c +--- a/src/racoon/isakmp_ident.c 18 Sep 2009 10:31:11 -0000 1.13 ++++ b/src/racoon/isakmp_ident.c 29 Oct 2010 10:51:29 -0000 +@@ -1128,6 +1128,11 @@ + goto end; + } + ++ if (postponed_buf != msg) { ++ error = -42424; ++ goto end; ++ } ++ + /* validate the type of next payload */ + pbuf = isakmp_parse(msg); + if (pbuf == NULL) +Index: src/racoon/isakmp_var.h +=================================================================== +RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h,v +retrieving revision 1.16 +diff -u -r1.16 isakmp_var.h +--- a/src/racoon/isakmp_var.h 3 Sep 2009 09:29:07 -0000 1.16 ++++ b/src/racoon/isakmp_var.h 29 Oct 2010 10:51:29 -0000 +@@ -141,4 +141,10 @@ + u_int32_t setscopeid __P((struct sockaddr *, struct sockaddr *)); + #endif + ++int isakmp_main __P((vchar_t *, struct sockaddr *, struct sockaddr *)); ++ ++extern vchar_t *postponed_buf; ++extern struct sockaddr_storage postponed_remote; ++extern struct sockaddr_storage postponed_local; ++ + #endif /* _ISAKMP_VAR_H */ +Index: src/racoon/session.c +=================================================================== +RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/session.c,v +retrieving revision 1.28 +diff -u -r1.28 session.c +--- a/src/racoon/session.c 21 Oct 2010 06:15:28 -0000 1.28 ++++ b/src/racoon/session.c 29 Oct 2010 10:51:29 -0000 +@@ -172,7 +172,7 @@ + int + session(void) + { +- struct timeval *timeout; ++ struct timeval *timeout, to_zero = { 0, 0 }; + int error; + char pid_file[MAXPATHLEN]; + FILE *fp; +@@ -295,6 +295,8 @@ + + /* scheduling */ + timeout = schedular(); ++ if (postponed_buf != NULL) ++ timeout = &to_zero; + + /* schedular can change select() mask, so we reset + * the working copy here */ +@@ -332,6 +334,14 @@ + break; + } + ++ if (count == 0 && postponed_buf != NULL) { ++ (void) isakmp_main( ++ postponed_buf, ++ (struct sockaddr *) &postponed_remote, ++ (struct sockaddr *) &postponed_local); ++ vfree(postponed_buf); ++ postponed_buf = NULL; ++ } + } + } + diff --git a/main/ipsec-tools/75-racoonctl-rcvbuf.patch b/main/ipsec-tools/75-racoonctl-rcvbuf.patch new file mode 100644 index 0000000000..3a68bfc2ae --- /dev/null +++ b/main/ipsec-tools/75-racoonctl-rcvbuf.patch @@ -0,0 +1,33 @@ +Index: src/racoon/kmpstat.c +=================================================================== +RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/kmpstat.c,v +retrieving revision 1.6 +diff -u -r1.6 kmpstat.c +--- a/src/racoon/kmpstat.c 2 Oct 2007 09:47:45 -0000 1.6 ++++ b/src/racoon/kmpstat.c 14 Oct 2010 12:48:22 -0000 +@@ -99,6 +99,7 @@ + com_init() + { + struct sockaddr_un name; ++ int rcvSize; + + memset(&name, 0, sizeof(name)); + name.sun_family = AF_UNIX; +@@ -114,6 +115,17 @@ + return -1; + } + ++ /* set receive buffer size - should be relative large: ++ * racoon daemon will try to send all info in one go, if ++ * it does not fit we'll miss stuff */ ++ rcvSize = 1024 * 1024; ++ if (setsockopt(so, SOL_SOCKET, SO_RCVBUF, ++ (void*) &rcvSize, sizeof(rcvSize)) < 0) { ++ rcvSize = 512 * 1024; ++ (void) setsockopt(so, SOL_SOCKET, SO_RCVBUF, ++ (void*) &rcvSize, sizeof(rcvSize)); ++ } ++ + return 0; + } + diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD index 4d8ef0d0c4..f12b208093 100644 --- a/main/ipsec-tools/APKBUILD +++ b/main/ipsec-tools/APKBUILD @@ -1,10 +1,11 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=ipsec-tools -pkgver=0.8_alpha20090903 -_myver=0.8-alpha20090903 -pkgrel=8 +pkgver=0.8_alpha20101208 +_myver=0.8-alpha20101208 +pkgrel=0 pkgdesc="User-space IPsec tools for various IPsec implementations" url="http://ipsec-tools.sourceforge.net/" +arch="x86 x86_64" license="BSD" depends="" makedepends="openssl-dev bison flex" @@ -13,9 +14,8 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$_myver.tar.gz racoon.initd racoon.confd 50-reverse-connect.patch - 60-debug-quick.patch - initial-contact-fix.diff - fd-priorities.patch + 70-defer-isakmp-ident-handling.patch + 75-racoonctl-rcvbuf.patch " _builddir="$srcdir"/$pkgname-$_myver @@ -25,7 +25,6 @@ prepare() { msg "Applying $i..." patch -p1 -i $i || return 1 done - patch -p0 -i "$srcdir"/initial-contact-fix.diff || return 1 sed -i 's:-Werror::g' configure } @@ -56,10 +55,9 @@ package() { install -D -m644 ../racoon.confd "$pkgdir"/etc/conf.d/racoon } -md5sums="8ec28d4e89c0f5e49ae2caa7463fbcfd ipsec-tools-0.8-alpha20090903.tar.gz +md5sums="9da0417ea19629777d7d7a555667f6d8 ipsec-tools-0.8-alpha20101208.tar.gz 74f12ed04ed273a738229c0bfbf829cc racoon.initd 2d00250cf72da7f2f559c91b65a48747 racoon.confd 13bda94a598aabf593280e04ea16065d 50-reverse-connect.patch -baa13d7f0f48955c792f7fcd42a8587a 60-debug-quick.patch -69e06c5cc3a0c1cc8b10ddc89d1e644b initial-contact-fix.diff -c1e8b8dc80ef4b5d79fece52a4865e68 fd-priorities.patch" +94773c94233e14cdce0fa02ff780a43e 70-defer-isakmp-ident-handling.patch +2d5d24c4a3684a38584f88720f71c7d6 75-racoonctl-rcvbuf.patch" diff --git a/main/ipsec-tools/fd-priorities.patch b/main/ipsec-tools/fd-priorities.patch deleted file mode 100644 index 68fc4b3455..0000000000 --- a/main/ipsec-tools/fd-priorities.patch +++ /dev/null @@ -1,285 +0,0 @@ -? .msg -? ChangeLog -? alpine-config -? commiters.txt -? fd-priorities-2.patch -? fd-priorities.patch -? ipsec-tools-0.8-alpha20090820.tar.bz2 -? ipsec-tools-0.8-alpha20090903.tar.bz2 -? local-changes.diff -? patch-to-support-cast128-cbc-algorithm.patch -? racoon.txt -? rpm/Makefile -? rpm/Makefile.in -? rpm/ipsec-tools.spec -? rpm/suse/Makefile -? rpm/suse/Makefile.in -? rpm/suse/ipsec-tools.spec -? src/Makefile -? src/Makefile.in -? src/include-glibc/.includes -? src/include-glibc/Makefile -? src/include-glibc/Makefile.in -? src/libipsec/.deps -? src/libipsec/.libs -? src/libipsec/Makefile -? src/libipsec/Makefile.in -? src/libipsec/ipsec_dump_policy.lo -? src/libipsec/ipsec_get_policylen.lo -? src/libipsec/ipsec_strerror.lo -? src/libipsec/key_debug.lo -? src/libipsec/libipsec.la -? src/libipsec/pfkey.lo -? src/libipsec/pfkey_dump.lo -? src/libipsec/policy_parse.c -? src/libipsec/policy_parse.h -? src/libipsec/policy_parse.lo -? src/libipsec/policy_token.c -? src/libipsec/policy_token.lo -? src/racoon/.deps -? src/racoon/.libs -? src/racoon/Makefile -? src/racoon/Makefile.in -? src/racoon/cfparse.c -? src/racoon/cfparse.h -? src/racoon/cftoken.c -? src/racoon/eaytest -? src/racoon/libracoon.la -? src/racoon/libracoon_la-kmpstat.lo -? src/racoon/libracoon_la-misc.lo -? src/racoon/libracoon_la-sockmisc.lo -? src/racoon/libracoon_la-vmbuf.lo -? src/racoon/plainrsa-gen -? src/racoon/prsa_par.c -? src/racoon/prsa_par.h -? src/racoon/prsa_tok.c -? src/racoon/racoon -? src/racoon/racoonctl -? src/racoon/samples/psk.txt -? src/racoon/samples/racoon.conf -? src/setkey/.deps -? src/setkey/.libs -? src/setkey/Makefile -? src/setkey/Makefile.in -? src/setkey/parse.c -? src/setkey/parse.h -? src/setkey/setkey -? src/setkey/token.c -Index: src/racoon/admin.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/admin.c,v -retrieving revision 1.32 -diff -u -r1.32 admin.c ---- a/src/racoon/admin.c 3 Sep 2009 09:29:07 -0000 1.32 -+++ b/src/racoon/admin.c 9 Mar 2010 07:50:46 -0000 -@@ -734,7 +734,7 @@ - return -1; - } - -- monitor_fd(lcconf->sock_admin, admin_handler, NULL); -+ monitor_fd(lcconf->sock_admin, admin_handler, NULL, 0); - plog(LLV_DEBUG, LOCATION, NULL, - "open %s as racoon management.\n", sunaddr.sun_path); - -Index: src/racoon/evt.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/evt.c,v -retrieving revision 1.9 -diff -u -r1.9 evt.c ---- a/src/racoon/evt.c 23 Jan 2009 08:05:58 -0000 1.9 -+++ b/src/racoon/evt.c 9 Mar 2010 07:50:46 -0000 -@@ -373,7 +373,7 @@ - - LIST_INSERT_HEAD(list, l, ll_chain); - l->fd = fd; -- monitor_fd(l->fd, evt_unsubscribe_cb, l); -+ monitor_fd(l->fd, evt_unsubscribe_cb, l, 0); - - plog(LLV_DEBUG, LOCATION, NULL, - "[%d] admin connection is polling events\n", fd); -Index: src/racoon/grabmyaddr.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c,v -retrieving revision 1.23 -diff -u -r1.23 grabmyaddr.c ---- a/src/racoon/grabmyaddr.c 3 Jul 2009 06:41:46 -0000 1.23 -+++ b/src/racoon/grabmyaddr.c 9 Mar 2010 07:50:46 -0000 -@@ -296,7 +296,7 @@ - lcconf->rtsock = kernel_open_socket(); - if (lcconf->rtsock < 0) - return -1; -- monitor_fd(lcconf->rtsock, kernel_receive, NULL); -+ monitor_fd(lcconf->rtsock, kernel_receive, NULL, 0); - } else { - lcconf->rtsock = -1; - if (!myaddr_open_all_configured(NULL)) -Index: src/racoon/isakmp.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c,v -retrieving revision 1.60 -diff -u -r1.60 isakmp.c ---- a/src/racoon/isakmp.c 3 Sep 2009 09:29:07 -0000 1.60 -+++ b/src/racoon/isakmp.c 9 Mar 2010 07:50:48 -0000 -@@ -1720,7 +1720,7 @@ - "%s used as isakmp port (fd=%d)\n", - saddr2str(addr), fd); - -- monitor_fd(fd, isakmp_handler, NULL); -+ monitor_fd(fd, isakmp_handler, NULL, 1); - return fd; - - err: -Index: src/racoon/pfkey.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/pfkey.c,v -retrieving revision 1.52 -diff -u -r1.52 pfkey.c ---- a/src/racoon/pfkey.c 9 Feb 2010 23:05:16 -0000 1.52 -+++ b/src/racoon/pfkey.c 9 Mar 2010 07:50:49 -0000 -@@ -487,7 +487,7 @@ - return -1; - } - #endif -- monitor_fd(lcconf->sock_pfkey, pfkey_handler, NULL); -+ monitor_fd(lcconf->sock_pfkey, pfkey_handler, NULL, 0); - return 0; - } - -Index: src/racoon/session.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/session.c,v -retrieving revision 1.27 -diff -u -r1.27 session.c ---- a/src/racoon/session.c 4 Mar 2010 15:13:53 -0000 1.27 -+++ b/src/racoon/session.c 9 Mar 2010 07:50:50 -0000 -@@ -103,8 +103,13 @@ - struct fd_monitor { - int (*callback)(void *ctx, int fd); - void *ctx; -+ int prio; -+ int fd; -+ TAILQ_ENTRY(fd_monitor) chain; - }; - -+#define NUM_PRIORITIES 2 -+ - static void close_session __P((void)); - static void initfds __P((void)); - static void init_signal __P((void)); -@@ -115,13 +120,14 @@ - - static fd_set preset_mask, active_mask; - static struct fd_monitor fd_monitors[FD_SETSIZE]; -+static TAILQ_HEAD(fd_monitor_list, fd_monitor) fd_monitor_tree[NUM_PRIORITIES]; - static int nfds = 0; - - static volatile sig_atomic_t sigreq[NSIG + 1]; - static struct sched scflushsa = SCHED_INITIALIZER(); - - void --monitor_fd(int fd, int (*callback)(void *, int), void *ctx) -+monitor_fd(int fd, int (*callback)(void *, int), void *ctx, int priority) - { - if (fd < 0 || fd >= FD_SETSIZE) { - plog(LLV_ERROR, LOCATION, NULL, "fd_set overrun"); -@@ -131,9 +137,17 @@ - FD_SET(fd, &preset_mask); - if (fd > nfds) - nfds = fd; -+ if (priority <= 0) -+ priority = 0; -+ if (priority >= NUM_PRIORITIES) -+ priority = NUM_PRIORITIES - 1; - - fd_monitors[fd].callback = callback; - fd_monitors[fd].ctx = ctx; -+ fd_monitors[fd].prio = priority; -+ fd_monitors[fd].fd = fd; -+ TAILQ_INSERT_TAIL(&fd_monitor_tree[priority], -+ &fd_monitors[fd], chain); - } - - void -@@ -144,10 +158,15 @@ - exit(1); - } - -+ if (fd_monitors[fd].callback == NULL) -+ return; -+ - FD_CLR(fd, &preset_mask); - FD_CLR(fd, &active_mask); - fd_monitors[fd].callback = NULL; - fd_monitors[fd].ctx = NULL; -+ TAILQ_REMOVE(&fd_monitor_tree[fd_monitors[fd].prio], -+ &fd_monitors[fd], chain); - } - - int -@@ -158,11 +177,15 @@ - char pid_file[MAXPATHLEN]; - FILE *fp; - pid_t racoon_pid = 0; -- int i; -+ int i, count; -+ struct fd_monitor *fdm; - - nfds = 0; - FD_ZERO(&preset_mask); - -+ for (i = 0; i < NUM_PRIORITIES; i++) -+ TAILQ_INIT(&fd_monitor_tree[i]); -+ - /* initialize schedular */ - sched_init(); - init_signal(); -@@ -291,16 +314,24 @@ - /*NOTREACHED*/ - } - -- for (i = 0; i <= nfds; i++) { -- if (!FD_ISSET(i, &active_mask)) -- continue; -- -- if (fd_monitors[i].callback != NULL) -- fd_monitors[i].callback(fd_monitors[i].ctx, i); -- else -- plog(LLV_ERROR, LOCATION, NULL, -- "fd %d set, but no active callback\n", i); -+ count = 0; -+ for (i = 0; i < NUM_PRIORITIES; i++) { -+ TAILQ_FOREACH(fdm, &fd_monitor_tree[i], chain) { -+ if (!FD_ISSET(fdm->fd, &active_mask)) -+ continue; -+ -+ FD_CLR(fdm->fd, &active_mask); -+ if (fdm->callback != NULL) { -+ fdm->callback(fdm->ctx, fdm->fd); -+ count++; -+ } else -+ plog(LLV_ERROR, LOCATION, NULL, -+ "fd %d set, but no active callback\n", i); -+ } -+ if (count != 0) -+ break; - } -+ - } - } - -Index: src/racoon/session.h -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/session.h,v -retrieving revision 1.8 -diff -u -r1.8 session.h ---- a/src/racoon/session.h 23 Jan 2009 08:05:58 -0000 1.8 -+++ b/src/racoon/session.h 9 Mar 2010 07:50:50 -0000 -@@ -37,7 +37,7 @@ - extern int session __P((void)); - extern RETSIGTYPE signal_handler __P((int)); - --extern void monitor_fd __P((int fd, int (*callback)(void *, int), void *ctx)); -+extern void monitor_fd __P((int fd, int (*callback)(void *, int), void *ctx, int priority)); - extern void unmonitor_fd __P((int fd)); - - #endif /* _SESSION_H */ diff --git a/main/ipsec-tools/initial-contact-fix.diff b/main/ipsec-tools/initial-contact-fix.diff deleted file mode 100644 index 370418be09..0000000000 --- a/main/ipsec-tools/initial-contact-fix.diff +++ /dev/null @@ -1,71 +0,0 @@ -Index: src/racoon/admin.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/admin.c,v -retrieving revision 1.32 -diff -u -r1.32 admin.c ---- src/racoon/admin.c 3 Sep 2009 09:29:07 -0000 1.32 -+++ src/racoon/admin.c 10 Dec 2009 14:38:47 -0000 -@@ -299,9 +299,8 @@ - break; - - case ADMIN_DELETE_SA: { -- struct ph1handle *iph1; -- struct ph1selector sel; - char *loc, *rem; -+ struct ph1selector sel; - - memset(&sel, 0, sizeof(sel)); - sel.local = (struct sockaddr *) -@@ -319,6 +318,7 @@ - plog(LLV_INFO, LOCATION, NULL, - "admin delete-sa %s %s\n", loc, rem); - enumph1(&sel, admin_ph1_delete_sa, NULL); -+ remcontacted(sel.remote); - - racoon_free(loc); - racoon_free(rem); -Index: src/racoon/handler.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.c,v -retrieving revision 1.31 -diff -u -r1.31 handler.c ---- src/racoon/handler.c 22 Nov 2009 19:34:55 -0000 1.31 -+++ src/racoon/handler.c 10 Dec 2009 14:38:48 -0000 -@@ -966,6 +966,22 @@ - } - - void -+remcontacted(remote) -+ struct sockaddr *remote; -+{ -+ struct contacted *p; -+ -+ LIST_FOREACH(p, &ctdtree, chain) { -+ if (cmpsaddr(remote, p->remote) == 0) { -+ LIST_REMOVE(p, chain); -+ racoon_free(p->remote); -+ racoon_free(p); -+ break; -+ } -+ } -+} -+ -+void - initctdtree() - { - LIST_INIT(&ctdtree); -Index: src/racoon/handler.h -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.h,v -retrieving revision 1.22 -diff -u -r1.22 handler.h ---- src/racoon/handler.h 3 Sep 2009 09:29:07 -0000 1.22 -+++ src/racoon/handler.h 10 Dec 2009 14:38:48 -0000 -@@ -518,6 +518,7 @@ - - extern struct contacted *getcontacted __P((struct sockaddr *)); - extern int inscontacted __P((struct sockaddr *)); -+extern void remcontacted __P((struct sockaddr *)); - extern void initctdtree __P((void)); - - extern int check_recvdpkt __P((struct sockaddr *, |