aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch20
-rw-r--r--main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch61
-rw-r--r--main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch31
-rw-r--r--main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch14
-rw-r--r--main/strongswan/2001-support-gre-key-in-ikev1.patch6
-rw-r--r--main/strongswan/2002-vici-support-asynchronous-initiation.patch (renamed from main/strongswan/1004-vici-support-asynchronous-initiation.patch)42
-rw-r--r--main/strongswan/APKBUILD48
7 files changed, 114 insertions, 108 deletions
diff --git a/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch b/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
index 24c1537b16..6f960e2e33 100644
--- a/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
+++ b/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
@@ -1,4 +1,4 @@
-From f60c91a440d8b8a0969d99c9c84df40fe2ffc8c4 Mon Sep 17 00:00:00 2001
+From c36fc076075f94176d0c95bd7437822e07f8c5c0 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 17 Jul 2015 11:53:58 +0200
Subject: [PATCH] ike: Adhere to IKE_SA limit when checking out by config
@@ -10,23 +10,23 @@ limit (we still allow checkout_new(), which is used for rekeying).
1 file changed, 36 insertions(+), 33 deletions(-)
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
-index 4625df5..aeed6fe 100644
+index 307ea3b..e8190a9 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
-@@ -1385,47 +1385,50 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
+@@ -1401,47 +1401,50 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
DBG2(DBG_MGR, "checkout IKE_SA by config");
-- if (!this->reuse_ikesa)
-- { /* IKE_SA reuse disable by config */
+- if (!this->reuse_ikesa && peer_cfg->get_ike_version(peer_cfg) != IKEV1)
+- { /* IKE_SA reuse disabled by config (not possible for IKEv1) */
- ike_sa = checkout_new(this, peer_cfg->get_ike_version(peer_cfg), TRUE);
- charon->bus->set_sa(charon->bus, ike_sa);
-- return ike_sa;
+- goto out;
- }
-
- enumerator = create_table_enumerator(this);
- while (enumerator->enumerate(enumerator, &entry, &segment))
-+ if (this->reuse_ikesa)
++ if (this->reuse_ikesa || peer_cfg->get_ike_version(peer_cfg) == IKEV1)
{
- if (!wait_for_entry(this, entry, segment))
+ enumerator = create_table_enumerator(this);
@@ -47,7 +47,7 @@ index 4625df5..aeed6fe 100644
- if (current_ike->equals(current_ike, peer_cfg->get_ike_cfg(peer_cfg)))
+ if (!wait_for_entry(this, entry, segment))
{
-- entry->checked_out = TRUE;
+- entry->checked_out = thread_current();
- ike_sa = entry->ike_sa;
- DBG2(DBG_MGR, "found existing IKE_SA %u with a '%s' config",
- ike_sa->get_unique_id(ike_sa),
@@ -67,7 +67,7 @@ index 4625df5..aeed6fe 100644
+ if (current_ike->equals(current_ike,
+ peer_cfg->get_ike_cfg(peer_cfg)))
+ {
-+ entry->checked_out = TRUE;
++ entry->checked_out = thread_current();
+ ike_sa = entry->ike_sa;
+ DBG2(DBG_MGR, "found existing IKE_SA %u with a '%s' config",
+ ike_sa->get_unique_id(ike_sa),
@@ -98,5 +98,5 @@ index 4625df5..aeed6fe 100644
}
charon->bus->set_sa(charon->bus, ike_sa);
--
-2.6.3
+2.7.4
diff --git a/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch b/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch
index 3dda65152b..b722ad65c6 100644
--- a/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch
+++ b/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch
@@ -1,4 +1,4 @@
-From 9ff109798ae6d9dab4a60e0b26ef7242252bc735 Mon Sep 17 00:00:00 2001
+From 8cea97341b063bde31cbc4cdf6834fd2a57f609c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Mon, 21 Sep 2015 13:41:58 +0300
Subject: [PATCH] charon: add optional source and remote overrides for initiate
@@ -182,10 +182,10 @@ index 2e96f8f..e594a71 100644
{
peer_cfg->destroy(peer_cfg);
diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c
-index 5a1a507..9100883 100644
+index 36da5ff..f2910ab 100644
--- a/src/libcharon/plugins/stroke/stroke_control.c
+++ b/src/libcharon/plugins/stroke/stroke_control.c
-@@ -109,7 +109,7 @@ static void charon_initiate(private_stroke_control_t *this, peer_cfg_t *peer_cfg
+@@ -108,7 +108,7 @@ static void charon_initiate(private_stroke_control_t *this, peer_cfg_t *peer_cfg
if (msg->output_verbosity < 0)
{
charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
@@ -194,7 +194,7 @@ index 5a1a507..9100883 100644
}
else
{
-@@ -117,7 +117,8 @@ static void charon_initiate(private_stroke_control_t *this, peer_cfg_t *peer_cfg
+@@ -116,7 +116,8 @@ static void charon_initiate(private_stroke_control_t *this, peer_cfg_t *peer_cfg
status_t status;
status = charon->controller->initiate(charon->controller,
@@ -205,10 +205,10 @@ index 5a1a507..9100883 100644
switch (status)
{
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
-index ea6d295..5537ed9 100644
+index 6ebbedc..94222cc 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
-@@ -1589,7 +1589,7 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg,
+@@ -1693,7 +1693,7 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg,
DBG1(DBG_CFG, "initiating '%s'", child_cfg->get_name(child_cfg));
charon->controller->initiate(charon->controller,
peer_cfg->get_ref(peer_cfg), child_cfg->get_ref(child_cfg),
@@ -218,10 +218,10 @@ index ea6d295..5537ed9 100644
case ACTION_ROUTE:
DBG1(DBG_CFG, "installing '%s'", child_cfg->get_name(child_cfg));
diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
-index 752007c..174bae4 100644
+index c526d2f..593d3c7 100644
--- a/src/libcharon/plugins/vici/vici_control.c
+++ b/src/libcharon/plugins/vici/vici_control.c
-@@ -13,6 +13,28 @@
+@@ -16,6 +16,28 @@
* for more details.
*/
@@ -250,20 +250,20 @@ index 752007c..174bae4 100644
#include "vici_control.h"
#include "vici_builder.h"
-@@ -159,9 +181,11 @@ static child_cfg_t* find_child_cfg(char *name, peer_cfg_t **out)
+@@ -167,9 +189,11 @@ static child_cfg_t* find_child_cfg(char *name, char *pname, peer_cfg_t **out)
CALLBACK(initiate, vici_message_t*,
private_vici_control_t *this, char *name, u_int id, vici_message_t *request)
{
+ vici_message_t* msg;
child_cfg_t *child_cfg = NULL;
peer_cfg_t *peer_cfg;
-- char *child;
+- char *child, *ike;
+ host_t *my_host = NULL, *other_host = NULL;
-+ char *child, *my_host_str, *other_host_str;
- u_int timeout;
++ char *child, *ike, *my_host_str, *other_host_str;
+ int timeout;
bool limits;
- log_info_t log = {
-@@ -173,34 +197,55 @@ CALLBACK(initiate, vici_message_t*,
+ controller_cb_t log_cb = NULL;
+@@ -183,6 +207,8 @@ CALLBACK(initiate, vici_message_t*,
timeout = request->get_int(request, 0, "timeout");
limits = request->get_bool(request, FALSE, "init-limits");
log.level = request->get_int(request, 1, "loglevel");
@@ -272,7 +272,8 @@ index 752007c..174bae4 100644
if (!child)
{
- return send_reply(this, "missing configuration name");
+@@ -193,28 +219,47 @@ CALLBACK(initiate, vici_message_t*,
+ log_cb = (controller_cb_t)log_vici;
}
- DBG1(DBG_CFG, "vici initiate '%s'", child);
@@ -287,7 +288,7 @@ index 752007c..174bae4 100644
+
+ DBG1(DBG_CFG, "vici initiate '%s', me %H, other %H, limits %d", child, my_host, other_host, limits);
- child_cfg = find_child_cfg(child, &peer_cfg);
+ child_cfg = find_child_cfg(child, ike, &peer_cfg);
if (!child_cfg)
{
- return send_reply(this, "CHILD_SA config '%s' not found", child);
@@ -295,10 +296,10 @@ index 752007c..174bae4 100644
+ goto ret;
}
- switch (charon->controller->initiate(charon->controller, peer_cfg,
-- child_cfg, (controller_cb_t)log_vici, &log, timeout, limits))
+- child_cfg, log_cb, &log, timeout, limits))
+ switch (charon->controller->initiate(charon->controller,
+ peer_cfg, child_cfg, my_host, other_host,
-+ (controller_cb_t)log_vici, &log, timeout, limits))
++ log_cb, &log, timeout, limits))
{
case SUCCESS:
- return send_reply(this, NULL);
@@ -341,7 +342,7 @@ index 5e88ac2..7043332 100644
case ACTION_ROUTE:
DBG1(DBG_JOB, "start action: route '%s'", name);
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
-index aeed6fe..b2791cb 100644
+index e8190a9..38a6b9d 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -16,6 +16,28 @@
@@ -371,9 +372,9 @@ index aeed6fe..b2791cb 100644
+ */
+
#include <string.h>
+ #include <inttypes.h>
- #include "ike_sa_manager.h"
-@@ -1374,7 +1396,8 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*,
+@@ -1390,7 +1412,8 @@ out:
}
METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
@@ -383,7 +384,7 @@ index aeed6fe..b2791cb 100644
{
enumerator_t *enumerator;
entry_t *entry;
-@@ -1383,7 +1406,17 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
+@@ -1399,7 +1422,17 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
ike_cfg_t *current_ike;
u_int segment;
@@ -400,9 +401,9 @@ index aeed6fe..b2791cb 100644
+ DBG2(DBG_MGR, "checkout IKE_SA by config '%s', me %H, other %H",
+ peer_cfg->get_name(peer_cfg), my_host, other_host);
- if (this->reuse_ikesa)
+ if (this->reuse_ikesa || peer_cfg->get_ike_version(peer_cfg) == IKEV1)
{
-@@ -1399,6 +1432,16 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
+@@ -1415,6 +1448,16 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
entry->condvar->signal(entry->condvar);
continue;
}
@@ -419,7 +420,7 @@ index aeed6fe..b2791cb 100644
current_peer = entry->ike_sa->get_peer_cfg(entry->ike_sa);
if (current_peer && current_peer->equals(current_peer, peer_cfg))
{
-@@ -1430,6 +1473,10 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
+@@ -1446,6 +1489,10 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
return NULL;
}
ike_sa = checkout_new(this, peer_cfg->get_ike_version(peer_cfg), TRUE);
@@ -429,7 +430,7 @@ index aeed6fe..b2791cb 100644
+ }
}
charon->bus->set_sa(charon->bus, ike_sa);
- return ike_sa;
+
diff --git a/src/libcharon/sa/ike_sa_manager.h b/src/libcharon/sa/ike_sa_manager.h
index f1b7c25..dbe1e7d 100644
--- a/src/libcharon/sa/ike_sa_manager.h
@@ -460,10 +461,10 @@ index f1b7c25..dbe1e7d 100644
/**
* Check for duplicates of the given IKE_SA.
diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c
-index 90ad7e4..8e642e8 100644
+index 85e2207..2760f0b 100644
--- a/src/libcharon/sa/trap_manager.c
+++ b/src/libcharon/sa/trap_manager.c
-@@ -403,7 +403,7 @@ METHOD(trap_manager_t, acquire, void,
+@@ -401,7 +401,7 @@ METHOD(trap_manager_t, acquire, void,
peer_cfg_t *peer;
child_cfg_t *child;
ike_sa_t *ike_sa;
@@ -472,7 +473,7 @@ index 90ad7e4..8e642e8 100644
bool wildcard, ignore = FALSE;
this->lock->read_lock(this->lock);
-@@ -479,36 +479,28 @@ METHOD(trap_manager_t, acquire, void,
+@@ -477,36 +477,28 @@ METHOD(trap_manager_t, acquire, void,
this->lock->unlock(this->lock);
if (wildcard)
@@ -607,5 +608,5 @@ index eb7b6ad..706fa57 100644
{"raw", 'r', 0, "dump raw response message"},
{"pretty", 'P', 0, "dump raw response message in pretty print"},
--
-2.6.3
+2.7.4
diff --git a/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch b/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch
index 792d11381e..f5f5945889 100644
--- a/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch
+++ b/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch
@@ -1,4 +1,4 @@
-From b24d03c86cedbaa8d2c89ab98aab9f974e4d4f27 Mon Sep 17 00:00:00 2001
+From 549ee919f0d94d5b2377fc9d5ad7fa6ebbb43374 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Mon, 21 Sep 2015 13:42:05 +0300
Subject: [PATCH] vici: send certificates for ike-sa events
@@ -12,10 +12,10 @@ Signed-off-by: Timo Teräs <timo.teras@iki.fi>
1 file changed, 41 insertions(+), 7 deletions(-)
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
-index 9a3d832..e66ef45 100644
+index 284c23e..8c538f0 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
-@@ -264,13 +264,15 @@ static void list_vips(private_vici_query_t *this, vici_builder_t *b,
+@@ -266,7 +266,7 @@ static void list_vips(private_vici_query_t *this, vici_builder_t *b,
* List details of an IKE_SA
*/
static void list_ike(private_vici_query_t *this, vici_builder_t *b,
@@ -24,17 +24,18 @@ index 9a3d832..e66ef45 100644
{
time_t t;
ike_sa_id_t *id;
- identification_t *eap;
+@@ -274,6 +274,8 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
proposal_t *proposal;
u_int16_t alg, ks;
+ host_t *host;
+ auth_cfg_t *auth_cfg;
+ enumerator_t *enumerator;
b->add_kv(b, "uniqueid", "%u", ike_sa->get_unique_id(ike_sa));
b->add_kv(b, "version", "%u", ike_sa->get_version(ike_sa));
-@@ -278,9 +280,41 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
-
- b->add_kv(b, "local-host", "%H", ike_sa->get_my_host(ike_sa));
+@@ -283,11 +285,43 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
+ b->add_kv(b, "local-host", "%H", host);
+ b->add_kv(b, "local-port", "%d", host->get_port(host));
b->add_kv(b, "local-id", "%Y", ike_sa->get_my_id(ike_sa));
+ if (add_certs)
+ {
@@ -53,7 +54,9 @@ index 9a3d832..e66ef45 100644
+ enumerator->destroy(enumerator);
+ }
- b->add_kv(b, "remote-host", "%H", ike_sa->get_other_host(ike_sa));
+ host = ike_sa->get_other_host(ike_sa);
+ b->add_kv(b, "remote-host", "%H", host);
+ b->add_kv(b, "remote-port", "%d", host->get_port(host));
b->add_kv(b, "remote-id", "%Y", ike_sa->get_other_id(ike_sa));
+ if (add_certs)
+ {
@@ -74,7 +77,7 @@ index 9a3d832..e66ef45 100644
eap = ike_sa->get_other_eap_id(ike_sa);
-@@ -395,7 +429,7 @@ CALLBACK(list_sas, vici_message_t*,
+@@ -404,7 +438,7 @@ CALLBACK(list_sas, vici_message_t*,
b = vici_builder_create();
b->begin_section(b, ike_sa->get_name(ike_sa));
@@ -83,7 +86,7 @@ index 9a3d832..e66ef45 100644
b->begin_section(b, "child-sas");
csas = ike_sa->create_child_sa_enumerator(ike_sa);
-@@ -1110,7 +1144,7 @@ METHOD(listener_t, ike_updown, bool,
+@@ -1354,7 +1388,7 @@ METHOD(listener_t, ike_updown, bool,
}
b->begin_section(b, ike_sa->get_name(ike_sa));
@@ -92,7 +95,7 @@ index 9a3d832..e66ef45 100644
b->end_section(b);
this->dispatcher->raise_event(this->dispatcher,
-@@ -1135,10 +1169,10 @@ METHOD(listener_t, ike_rekey, bool,
+@@ -1379,10 +1413,10 @@ METHOD(listener_t, ike_rekey, bool,
b = vici_builder_create();
b->begin_section(b, old->get_name(old));
b->begin_section(b, "old");
@@ -105,7 +108,7 @@ index 9a3d832..e66ef45 100644
b->end_section(b);
b->end_section(b);
-@@ -1168,7 +1202,7 @@ METHOD(listener_t, child_updown, bool,
+@@ -1412,7 +1446,7 @@ METHOD(listener_t, child_updown, bool,
}
b->begin_section(b, ike_sa->get_name(ike_sa));
@@ -114,7 +117,7 @@ index 9a3d832..e66ef45 100644
b->begin_section(b, "child-sas");
b->begin_section(b, child_sa->get_name(child_sa));
-@@ -1200,7 +1234,7 @@ METHOD(listener_t, child_rekey, bool,
+@@ -1444,7 +1478,7 @@ METHOD(listener_t, child_rekey, bool,
b = vici_builder_create();
b->begin_section(b, ike_sa->get_name(ike_sa));
@@ -124,5 +127,5 @@ index 9a3d832..e66ef45 100644
b->begin_section(b, old->get_name(old));
--
-2.6.3
+2.7.4
diff --git a/main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch b/main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch
index ccd943e1c3..779a909b59 100644
--- a/main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch
+++ b/main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch
@@ -1,4 +1,4 @@
-From c8d0da1b9b9a15b24938038cc386cee387f886e6 Mon Sep 17 00:00:00 2001
+From edcf42dc988f92161db85898705b9b6d5a56c94e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Mon, 21 Sep 2015 13:42:11 +0300
Subject: [PATCH] vici: add support for individual sa state changes
@@ -14,10 +14,10 @@ Signed-off-by: Timo Teräs <timo.teras@iki.fi>
1 file changed, 105 insertions(+)
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
-index e66ef45..6488774 100644
+index 8c538f0..b49f65b 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
-@@ -1113,8 +1113,16 @@ static void manage_commands(private_vici_query_t *this, bool reg)
+@@ -1356,8 +1356,16 @@ static void manage_commands(private_vici_query_t *this, bool reg)
this->dispatcher->manage_event(this->dispatcher, "list-cert", reg);
this->dispatcher->manage_event(this->dispatcher, "ike-updown", reg);
this->dispatcher->manage_event(this->dispatcher, "ike-rekey", reg);
@@ -34,7 +34,7 @@ index e66ef45..6488774 100644
manage_command(this, "list-sas", list_sas, reg);
manage_command(this, "list-policies", list_policies, reg);
manage_command(this, "list-conns", list_conns, reg);
-@@ -1182,6 +1190,45 @@ METHOD(listener_t, ike_rekey, bool,
+@@ -1426,6 +1434,45 @@ METHOD(listener_t, ike_rekey, bool,
return TRUE;
}
@@ -80,7 +80,7 @@ index e66ef45..6488774 100644
METHOD(listener_t, child_updown, bool,
private_vici_query_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, bool up)
{
-@@ -1257,6 +1304,62 @@ METHOD(listener_t, child_rekey, bool,
+@@ -1501,6 +1548,62 @@ METHOD(listener_t, child_rekey, bool,
return TRUE;
}
@@ -143,7 +143,7 @@ index e66ef45..6488774 100644
METHOD(vici_query_t, destroy, void,
private_vici_query_t *this)
{
-@@ -1276,8 +1379,10 @@ vici_query_t *vici_query_create(vici_dispatcher_t *dispatcher)
+@@ -1520,8 +1623,10 @@ vici_query_t *vici_query_create(vici_dispatcher_t *dispatcher)
.listener = {
.ike_updown = _ike_updown,
.ike_rekey = _ike_rekey,
@@ -155,5 +155,5 @@ index e66ef45..6488774 100644
.destroy = _destroy,
},
--
-2.6.3
+2.7.4
diff --git a/main/strongswan/2001-support-gre-key-in-ikev1.patch b/main/strongswan/2001-support-gre-key-in-ikev1.patch
index 9c1d9e0d8d..00d8d3cc7d 100644
--- a/main/strongswan/2001-support-gre-key-in-ikev1.patch
+++ b/main/strongswan/2001-support-gre-key-in-ikev1.patch
@@ -305,10 +305,10 @@ index d6a3f2c..8533112 100644
enumerator->destroy(enumerator);
/* create host2host selectors if ID payloads missing */
-diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 605476e..ef94c26 100644
---- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
-+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
++++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -745,7 +745,18 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src,
ts2subnet(src, &sel.saddr, &sel.prefixlen_s);
ts2ports(dst, &sel.dport, &sel.dport_mask);
diff --git a/main/strongswan/1004-vici-support-asynchronous-initiation.patch b/main/strongswan/2002-vici-support-asynchronous-initiation.patch
index 94f82f4b9a..a5fec12019 100644
--- a/main/strongswan/1004-vici-support-asynchronous-initiation.patch
+++ b/main/strongswan/2002-vici-support-asynchronous-initiation.patch
@@ -1,47 +1,49 @@
-From b96502164de6b648a672cc55c53b8d4fdfcd1db7 Mon Sep 17 00:00:00 2001
+From 9694c2dd70aeb1ea43754490f4ed038da7245887 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Mon, 21 Sep 2015 13:42:15 +0300
-Subject: [PATCH] vici: support asynchronous initiation
+Subject: [PATCH] vici: add (deprecated) async parameter
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
+This is obsoleted by the new "timeout=-1" option that achieves
+the same. Only for compatibility with old versions of quagga-nhrp.
+
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
---
- src/libcharon/plugins/vici/vici_control.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
+ src/libcharon/plugins/vici/vici_control.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
-index 174bae4..5a83cb1 100644
+index 593d3c7..b93d4ef 100644
--- a/src/libcharon/plugins/vici/vici_control.c
+++ b/src/libcharon/plugins/vici/vici_control.c
-@@ -187,7 +187,7 @@ CALLBACK(initiate, vici_message_t*,
+@@ -195,7 +195,7 @@ CALLBACK(initiate, vici_message_t*,
host_t *my_host = NULL, *other_host = NULL;
- char *child, *my_host_str, *other_host_str;
- u_int timeout;
+ char *child, *ike, *my_host_str, *other_host_str;
+ int timeout;
- bool limits;
+ bool limits, async;
+ controller_cb_t log_cb = NULL;
log_info_t log = {
.dispatcher = this->dispatcher,
- .id = id,
-@@ -196,6 +196,7 @@ CALLBACK(initiate, vici_message_t*,
- child = request->get_str(request, NULL, "child");
+@@ -206,6 +206,7 @@ CALLBACK(initiate, vici_message_t*,
+ ike = request->get_str(request, NULL, "ike");
timeout = request->get_int(request, 0, "timeout");
limits = request->get_bool(request, FALSE, "init-limits");
+ async = request->get_bool(request, FALSE, "async");
log.level = request->get_int(request, 1, "loglevel");
my_host_str = request->get_str(request, NULL, "my-host");
other_host_str = request->get_str(request, NULL, "other-host");
-@@ -224,7 +225,8 @@ CALLBACK(initiate, vici_message_t*,
+@@ -214,7 +215,7 @@ CALLBACK(initiate, vici_message_t*,
+ {
+ return send_reply(this, "missing configuration name");
}
- switch (charon->controller->initiate(charon->controller,
- peer_cfg, child_cfg, my_host, other_host,
-- (controller_cb_t)log_vici, &log, timeout, limits))
-+ async ? NULL : (controller_cb_t)log_vici,
-+ &log, timeout, limits))
+- if (timeout >= 0)
++ if (timeout >= 0 && !async)
{
- case SUCCESS:
- msg = send_reply(this, NULL);
+ log_cb = (controller_cb_t)log_vici;
+ }
--
-2.6.3
+2.7.4
diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD
index 6a4259144b..912210f32c 100644
--- a/main/strongswan/APKBUILD
+++ b/main/strongswan/APKBUILD
@@ -1,9 +1,9 @@
# Contributor: Jesse Young <jlyo@jlyo.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=strongswan
-pkgver=5.3.5
+pkgver=5.4.0
_pkgver=${pkgver//_rc/rc}
-pkgrel=2
+pkgrel=0
pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
url="http://www.strongswan.org/"
arch="all"
@@ -21,8 +21,8 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
1001-charon-add-optional-source-and-remote-overrides-for-.patch
1002-vici-send-certificates-for-ike-sa-events.patch
1003-vici-add-support-for-individual-sa-state-changes.patch
- 1004-vici-support-asynchronous-initiation.patch
2001-support-gre-key-in-ikev1.patch
+ 2002-vici-support-asynchronous-initiation.patch
strongswan.initd
charon.initd"
@@ -112,30 +112,30 @@ package() {
install -m755 -D "$srcdir/charon.initd" "$pkgdir/etc/init.d/charon" || return 1
}
-md5sums="a2f9ea185f27e7f8413d4cd2ee61efe4 strongswan-5.3.5.tar.bz2
-5f476baa26448b8eb463b3ccc7416c59 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
-63d8d76d3af822819adc7db7e94d8248 1001-charon-add-optional-source-and-remote-overrides-for-.patch
-82b8d2b282888abd7fe12fa3325ea946 1002-vici-send-certificates-for-ike-sa-events.patch
-2fb36e79e83640044d0010fd23db27bf 1003-vici-add-support-for-individual-sa-state-changes.patch
-12089aa81c7bdd472d1be27371e0effe 1004-vici-support-asynchronous-initiation.patch
-ccb77ee342e1b3108a49262549bbbf36 2001-support-gre-key-in-ikev1.patch
+md5sums="9d7c77b0da9b69f859624897e5e9ebbf strongswan-5.4.0.tar.bz2
+9285f6edb3efcd6bf61ed6da982bdbc8 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
+6df5e2362a275b552747928e83842c5c 1001-charon-add-optional-source-and-remote-overrides-for-.patch
+d4c5facf86f02ecd50288e16633d80c8 1002-vici-send-certificates-for-ike-sa-events.patch
+3fc0bb2d80ffc4cca0db5fe2e29dec35 1003-vici-add-support-for-individual-sa-state-changes.patch
+6ace16d48653028ec1982e6940fd2b1d 2001-support-gre-key-in-ikev1.patch
+6cc10c571ee50199e741f7d5ce9bcc85 2002-vici-support-asynchronous-initiation.patch
72a956819c451931d3d31a528a0d1b9c strongswan.initd
a7993f28e4eacc61f51722044645587e charon.initd"
-sha256sums="2c84b663da652b1ff180a1a73c24a3d7b9fc4b9b8ba6bd07f94a1e33092e6350 strongswan-5.3.5.tar.bz2
-7a7f9fa4ec183f62e3e01564aa6b303a7a883b959391cd7b63336afb6357b6ef 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
-3570f7e209b8efc91f4b7d1f9b2747c47d391357ac871b82966f781b71e6f59c 1001-charon-add-optional-source-and-remote-overrides-for-.patch
-3201072d73e875189b2d982c9144be824ecc6448f614d51de4c22b3810789099 1002-vici-send-certificates-for-ike-sa-events.patch
-55418460a0fde9429b1f2f0138a3723f9b0a51502fd5eb71329fb6d945a585d7 1003-vici-add-support-for-individual-sa-state-changes.patch
-15954f7b3b357806f32bc1cfc1afd6a0832e97bffc2bfc3aee4b522016f3aa51 1004-vici-support-asynchronous-initiation.patch
-bbdbc73ba6cafaaab1ea303eec6d026ebb50ecd12b7c32be0b4dfeaf8ae24245 2001-support-gre-key-in-ikev1.patch
+sha256sums="f8288faaea6a9cd8a7d413c0b76b7922be5da3dfcd01fd05cb30d2c55d3bbe89 strongswan-5.4.0.tar.bz2
+1ce5125db88c815e9daece12a9bffade46e104fb4faeb2a3f4fa9935a3a6fd1d 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
+3e250759b05738884a933f31bd9eacc32ad6a5b913298f533b4d4ebe3fa636ca 1001-charon-add-optional-source-and-remote-overrides-for-.patch
+4dcb0e4a5456773a8d1ab474403812172bc82408a47fe2fbf1bc7199a2bf5682 1002-vici-send-certificates-for-ike-sa-events.patch
+8ea09e018c860121a3bc67ae74f98276af1184928507bcb99c87db7e588366ed 1003-vici-add-support-for-individual-sa-state-changes.patch
+db5a6474de0727ea6c10550358f1dda7a849a9729f93d26db351e35df14a3962 2001-support-gre-key-in-ikev1.patch
+ed40940d6208f5bbe5104d55d53cdfbcad1ca6ac190c81279dcd78dbbb460c21 2002-vici-support-asynchronous-initiation.patch
fdb781fa59700ca83b9fd2f2ff0b9c45467448ebd82da96286b3e2aa477ef7f4 strongswan.initd
7bcc57e4a778f87645c6b9d76ba2c04e1c11c326bc9a4968561788711c7fe58a charon.initd"
-sha512sums="4e6dd124d9a73ad5baf08998a284aba5c02c9dc79e4377e2cbd14c285d1df8e29c0548d347a0fdfa19341b1ae27b560ae9d8d25260898630351230b11c6eb2bb strongswan-5.3.5.tar.bz2
-591cc0ebc746dee4ded51aa131d705d6edd6f0d840661732162c80781ae99bb629ad844d8601637d81f71dbde46d2017b3067fc7eee4ab87071f4cb6b0470a76 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
-dd6d8bad4de89d77d92c93c890935880eaa55dc056eac92100fe034c1c045e0771995db58f9787a9f29cc42c4887ed5cf850035d559a471aea12c7d69fe174d7 1001-charon-add-optional-source-and-remote-overrides-for-.patch
-00c4e5303c16cd2921af6dd319ae3955e9fd91a59b45f18283d6329623c0a2dca76ba2fc2aed92c14cab226de6c240b1675f2b3a62b5087d46a8fb1f1e9bfa92 1002-vici-send-certificates-for-ike-sa-events.patch
-4c538557b21621ebcdac6d57a3e9997e1c3780c926eea28f0d3b762826dddc9f1e748cee6fe136f6b568f4c49740e2262110fe4038030463d1b9ee1b6f658154 1003-vici-add-support-for-individual-sa-state-changes.patch
-82ac04c4f093e19f031538de3da7632d7126f87fcbffb41461022a707f89c24f9388b1ba71138572f7a437065f6347cfabd86474884c86ffff50267facfc580d 1004-vici-support-asynchronous-initiation.patch
-0e554a6117f51a564a1b269c9ed2f2858d22ef61df483e2eb09997a3075444deb10df9d0cc8b9ddbe2bb2f740640860c21b1492a9ec28657844fa9c41b822bfc 2001-support-gre-key-in-ikev1.patch
+sha512sums="633d17ac0a55d333b358a538a47c53077bcc462e2a64af6643b2fe4f777184bd81fc7e4c384e8da81326834f571bf4c0a6caff1ec773043f471a82ea06d97459 strongswan-5.4.0.tar.bz2
+4e3f86d4cc67aa5e498b1c02f0590ba0bb8033a6fb0b0ad56d19168d46e5db3853652510c7473e44f2df7054c92e8d28c8d95db112a1c1f62b4969e2679a16f9 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
+78f2f1a5bc490d788ce13a82aea821507f4e7b1dc74bdbc154f27a1629ccee59025604552651054b176a30fa1568486d58ab78fff6086d9ed56fef257736633f 1001-charon-add-optional-source-and-remote-overrides-for-.patch
+4d9a999b9684c100d850d290e95aaadc330b144c049d585cbbfa09b1f58e2a09c95ed96d959d90264efdf9fd66085625c28e75393af12e139b5c7d39b3a9fb84 1002-vici-send-certificates-for-ike-sa-events.patch
+abea53573a95ae6599b6f60851ca11d4d3dd30367fd995a1d07284f5f02b491b10d7fafb32389bf38d177835fed6796aba99541e187731333bec191de467f669 1003-vici-add-support-for-individual-sa-state-changes.patch
+2d1ff7f48f652e489ddb0c54f8f15fb4fedb188de35a7028335dde5e623077ef7adc2fad4484330acc26db3f5fa0479cd0bebeeb75ecc5e61bf361d837c259f5 2001-support-gre-key-in-ikev1.patch
+f5e244b44e1682ddc2175c35a39c4b33b8ec4983a7b7da5df2b5a103841b0826c919817b685f1959e783e19434558d75e15b353b43ad7b020d122721cd96a4f2 2002-vici-support-asynchronous-initiation.patch
8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9 strongswan.initd
1c44c801f66305c0331f76e580c0d60f1b7d5cd3cc371be55826b06c3899f542664628a912a7fb48626e34d864f72ca5dcd34b2f0d507c4f19c510d0047054c1 charon.initd"
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-18 07:21:38 +0000