diff options
-rw-r--r-- | main/ipsec-tools/60-debug-quick.patch | 211 | ||||
-rw-r--r-- | main/ipsec-tools/90-dpd-window-fix.patch | 85 | ||||
-rw-r--r-- | main/ipsec-tools/90-openssl-oneshot.patch | 210 | ||||
-rw-r--r-- | main/ipsec-tools/APKBUILD | 19 | ||||
-rw-r--r-- | main/ipsec-tools/fd-priorities.patch | 285 | ||||
-rw-r--r-- | main/ipsec-tools/initial-contact-fix.diff | 71 |
6 files changed, 91 insertions, 790 deletions
diff --git a/main/ipsec-tools/60-debug-quick.patch b/main/ipsec-tools/60-debug-quick.patch deleted file mode 100644 index a5c3346ee9..0000000000 --- a/main/ipsec-tools/60-debug-quick.patch +++ /dev/null @@ -1,211 +0,0 @@ -debugging prints for quick mode errors - -From: Timo Teras <timo.teras@iki.fi> - - ---- - - src/racoon/isakmp.c | 21 ++++++++++++++------- - src/racoon/isakmp_quick.c | 46 ++++++++++++++++++++++++++++++++++++++------- - 2 files changed, 53 insertions(+), 14 deletions(-) - - -diff --git a/src/racoon/isakmp.c b/src/racoon/isakmp.c -index 2dfda2f..87ce598 100644 ---- a/src/racoon/isakmp.c -+++ b/src/racoon/isakmp.c -@@ -817,7 +817,8 @@ ph1_main(iph1, msg) - - if (iph1->side == RESPONDER && iph1->status == PHASE1ST_START) { - plog(LLV_ERROR, LOCATION, iph1->remote, -- "failed to pre-process packet.\n"); -+ "failed to pre-process ph1 packet (side: %d, status %d).\n", -+ iph1->side, iph1->status); - return -1; - } else { - /* ignore the error and keep phase 1 handler */ -@@ -845,7 +846,8 @@ ph1_main(iph1, msg) - [iph1->side] - [iph1->status])(iph1, msg) != 0) { - plog(LLV_ERROR, LOCATION, iph1->remote, -- "failed to process packet.\n"); -+ "failed to process ph1 packet (side: %d, status: %d).\n", -+ iph1->side, iph1->status); - return -1; - } - -@@ -997,7 +999,8 @@ quick_main(iph2, msg) - [iph2->status])(iph2, msg); - if (error != 0) { - plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -- "failed to pre-process packet.\n"); -+ "failed to pre-process ph2 packet (side: %d, status %d).\n", -+ iph2->side, iph2->status); - if (error == ISAKMP_INTERNAL_ERROR) - return 0; - isakmp_info_send_n1(iph2->ph1, error, NULL); -@@ -1025,7 +1028,8 @@ quick_main(iph2, msg) - [iph2->side] - [iph2->status])(iph2, msg) != 0) { - plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -- "failed to process packet.\n"); -+ "failed to process ph2 packet (side: %d, status: %d).\n", -+ iph2->side, iph2->status); - return -1; - } - -@@ -1233,7 +1237,8 @@ isakmp_ph1begin_r(msg, remote, local, etype) - [iph1->side] - [iph1->status])(iph1, msg) < 0) { - plog(LLV_ERROR, LOCATION, remote, -- "failed to process packet.\n"); -+ "failed to process ph1 packet (side: %d, status: %d).\n", -+ iph1->side, iph1->status); - remph1(iph1); - delph1(iph1); - return -1; -@@ -1386,7 +1391,8 @@ isakmp_ph2begin_r(iph1, msg) - [iph2->status])(iph2, msg); - if (error != 0) { - plog(LLV_ERROR, LOCATION, iph1->remote, -- "failed to pre-process packet.\n"); -+ "failed to pre-process ph2 packet (side: %d, status: %d).\n", -+ iph2->side, iph2->status); - if (error != ISAKMP_INTERNAL_ERROR) - isakmp_info_send_n1(iph2->ph1, error, NULL); - /* -@@ -1404,7 +1410,8 @@ isakmp_ph2begin_r(iph1, msg) - [iph2->side] - [iph2->status])(iph2, msg) < 0) { - plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -- "failed to process packet.\n"); -+ "failed to process ph2 packet (side: %d, status: %d).\n", -+ iph2->side, iph2->status); - /* don't release handler */ - return -1; - } -diff --git a/src/racoon/isakmp_quick.c b/src/racoon/isakmp_quick.c -index 46c84c1..2657407 100644 ---- a/src/racoon/isakmp_quick.c -+++ b/src/racoon/isakmp_quick.c -@@ -495,18 +495,27 @@ quick_i2recv(iph2, msg0) - "isn't supported.\n"); - break; - } -- if (isakmp_p2ph(&iph2->sa_ret, pa->ptr) < 0) -+ if (isakmp_p2ph(&iph2->sa_ret, pa->ptr) < 0) { -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "duplicate ISAKMP_NPTYPE_SA.\n"); - goto end; -+ } - break; - - case ISAKMP_NPTYPE_NONCE: -- if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0) -+ if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0) { -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "duplicate ISAKMP_NPTYPE_NONCE.\n"); - goto end; -+ } - break; - - case ISAKMP_NPTYPE_KE: -- if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0) -+ if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0) { -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "duplicate ISAKMP_NPTYPE_KE.\n"); - goto end; -+ } - break; - - case ISAKMP_NPTYPE_ID: -@@ -517,6 +526,8 @@ quick_i2recv(iph2, msg0) - if (isakmp_p2ph(&idcr, pa->ptr) < 0) - goto end; - } else { -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "too many ISAKMP_NPTYPE_ID payloads.\n"); - goto end; - } - break; -@@ -557,6 +568,8 @@ quick_i2recv(iph2, msg0) - iph2->natoa_dst = daddr; - else { - racoon_free(daddr); -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "too many ISAKMP_NPTYPE_NATOA payloads.\n"); - goto end; - } - } -@@ -718,6 +731,8 @@ quick_i2recv(iph2, msg0) - - /* validity check SA payload sent from responder */ - if (ipsecdoi_checkph2proposal(iph2) < 0) { -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "proposal check failed.\n"); - error = ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN; - goto end; - } -@@ -1077,8 +1092,11 @@ quick_r1recv(iph2, msg0) - } - /* decrypt packet */ - msg = oakley_do_decrypt(iph2->ph1, msg0, iph2->ivm->iv, iph2->ivm->ive); -- if (msg == NULL) -+ if (msg == NULL) { -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "Packet decryption failed.\n"); - goto end; -+ } - - /* create buffer for using to validate HASH(1) */ - /* -@@ -1162,18 +1180,27 @@ quick_r1recv(iph2, msg0) - "Multi SAs isn't supported.\n"); - goto end; - } -- if (isakmp_p2ph(&iph2->sa, pa->ptr) < 0) -+ if (isakmp_p2ph(&iph2->sa, pa->ptr) < 0) { -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "duplicate ISAKMP_NPTYPE_SA.\n"); - goto end; -+ } - break; - - case ISAKMP_NPTYPE_NONCE: -- if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0) -+ if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0) { -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "duplicate ISAKMP_NPTYPE_NONCE.\n"); - goto end; -+ } - break; - - case ISAKMP_NPTYPE_KE: -- if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0) -+ if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0) { -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "duplicate ISAKMP_NPTYPE_KE.\n"); - goto end; -+ } - break; - - case ISAKMP_NPTYPE_ID: -@@ -1241,6 +1268,9 @@ quick_r1recv(iph2, msg0) - iph2->natoa_src = daddr; - else { - racoon_free(daddr); -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "received too many NAT-OA payloads.\n"); -+ error = ISAKMP_NTYPE_PAYLOAD_MALFORMED; - goto end; - } - } -@@ -1333,6 +1363,8 @@ quick_r1recv(iph2, msg0) - case 0: - /* select single proposal or reject it. */ - if (ipsecdoi_selectph2proposal(iph2) < 0) { -+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote, -+ "no proposal chosen.\n"); - error = ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN; - goto end; - } diff --git a/main/ipsec-tools/90-dpd-window-fix.patch b/main/ipsec-tools/90-dpd-window-fix.patch new file mode 100644 index 0000000000..d3ac9a9aa2 --- /dev/null +++ b/main/ipsec-tools/90-dpd-window-fix.patch @@ -0,0 +1,85 @@ +Index: src/racoon/isakmp_inf.c +=================================================================== +RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c,v +retrieving revision 1.41 +diff -u -r1.41 isakmp_inf.c +--- a/src/racoon/isakmp_inf.c 3 Jul 2009 06:41:46 -0000 1.41 ++++ b/src/racoon/isakmp_inf.c 5 May 2010 15:56:38 -0000 +@@ -1450,17 +1450,16 @@ + struct isakmp_pl_ru *ru; + u_int32_t msgid; + { ++ u_int32_t seq; + + plog(LLV_DEBUG, LOCATION, iph1->remote, + "DPD R-U-There-Ack received\n"); + +- /* XXX Maintain window of acceptable sequence numbers ? +- * => ru->data <= iph2->dpd_seq && +- * ru->data >= iph2->dpd_seq - iph2->dpd_fails ? */ +- if (ntohl(ru->data) != iph1->dpd_seq-1) { ++ seq = ntohl(ru->data); ++ if (seq <= iph1->dpd_last_ack || seq > iph1->dpd_seq) { + plog(LLV_ERROR, LOCATION, iph1->remote, +- "Wrong DPD sequence number (%d, %d expected).\n", +- ntohl(ru->data), iph1->dpd_seq-1); ++ "Wrong DPD sequence number (%d; last_ack=%d, seq=%d).\n", ++ seq, iph1->dpd_last_ack, iph1->dpd_seq); + return 0; + } + +@@ -1472,6 +1471,7 @@ + } + + iph1->dpd_fails = 0; ++ iph1->dpd_last_ack = seq; + sched_cancel(&iph1->dpd_r_u); + isakmp_sched_r_u(iph1, 0); + +@@ -1535,12 +1535,13 @@ + memcpy(ru->i_ck, iph1->index.i_ck, sizeof(cookie_t)); + memcpy(ru->r_ck, iph1->index.r_ck, sizeof(cookie_t)); + +- if (iph1->dpd_seq == 0){ ++ if (iph1->dpd_seq == 0) { + /* generate a random seq which is not too big */ +- srand(time(NULL)); +- iph1->dpd_seq = rand() & 0x0fff; ++ iph1->dpd_seq = iph1->dpd_last_ack = rand() & 0x0fff; + } + ++ iph1->dpd_seq++; ++ iph1->dpd_fails++; + ru->data = htonl(iph1->dpd_seq); + + error = isakmp_info_send_common(iph1, payload, ISAKMP_NPTYPE_N, 0); +@@ -1549,12 +1550,6 @@ + plog(LLV_DEBUG, LOCATION, iph1->remote, + "DPD R-U-There sent (%d)\n", error); + +- /* will be decreased if ACK received... */ +- iph1->dpd_fails++; +- +- /* XXX should be increased only when ACKed ? */ +- iph1->dpd_seq++; +- + /* Reschedule the r_u_there with a short delay, + * will be deleted/rescheduled if ACK received before */ + isakmp_sched_r_u(iph1, 1); +Index: src/racoon/handler.h +=================================================================== +RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.h,v +retrieving revision 1.22 +diff -u -r1.22 handler.h +--- a/src/racoon/handler.h 3 Sep 2009 09:29:07 -0000 1.22 ++++ b/src/racoon/handler.h 5 May 2010 15:56:39 -0000 +@@ -202,7 +202,8 @@ + + #ifdef ENABLE_DPD + int dpd_support; /* Does remote supports DPD ? */ +- u_int16_t dpd_seq; /* DPD seq number to receive */ ++ u_int32_t dpd_last_ack; ++ u_int32_t dpd_seq; /* DPD seq number to receive */ + u_int8_t dpd_fails; /* number of failures */ + struct sched dpd_r_u; + #endif diff --git a/main/ipsec-tools/90-openssl-oneshot.patch b/main/ipsec-tools/90-openssl-oneshot.patch deleted file mode 100644 index ece12a52dd..0000000000 --- a/main/ipsec-tools/90-openssl-oneshot.patch +++ /dev/null @@ -1,210 +0,0 @@ -Index: src/racoon/crypto_openssl.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c,v -retrieving revision 1.19 -diff -u -r1.19 crypto_openssl.c ---- a/src/racoon/crypto_openssl.c 29 Apr 2009 10:50:01 -0000 1.19 -+++ b/src/racoon/crypto_openssl.c 4 Jun 2010 09:13:18 -0000 -@@ -1800,6 +1800,42 @@ - return (caddr_t)c; - } - -+static vchar_t *eay_hmac_one(key, data, type) -+ vchar_t *key, *data; -+ const EVP_MD *type; -+{ -+ vchar_t *res; -+ -+ if ((res = vmalloc(EVP_MD_size(type))) == 0) -+ return NULL; -+ -+ if (!HMAC(type, (void *) key->v, key->l, -+ (void *) data->v, data->l, (void *) res->v, NULL)) { -+ vfree(res); -+ return NULL; -+ } -+ -+ return res; -+} -+ -+static vchar_t *eay_digest_one(data, type) -+ vchar_t *data; -+ const EVP_MD *type; -+{ -+ vchar_t *res; -+ -+ if ((res = vmalloc(EVP_MD_size(type))) == 0) -+ return NULL; -+ -+ if (!EVP_Digest((void *) data->v, data->l, -+ (void *) res->v, NULL, type, NULL)) { -+ vfree(res); -+ return NULL; -+ } -+ -+ return res; -+} -+ - #ifdef WITH_SHA2 - /* - * HMAC SHA2-512 -@@ -1808,14 +1844,7 @@ - eay_hmacsha2_512_one(key, data) - vchar_t *key, *data; - { -- vchar_t *res; -- caddr_t ctx; -- -- ctx = eay_hmacsha2_512_init(key); -- eay_hmacsha2_512_update(ctx, data); -- res = eay_hmacsha2_512_final(ctx); -- -- return(res); -+ return eay_hmac_one(key, data, EVP_sha2_512()); - } - - caddr_t -@@ -1865,14 +1894,7 @@ - eay_hmacsha2_384_one(key, data) - vchar_t *key, *data; - { -- vchar_t *res; -- caddr_t ctx; -- -- ctx = eay_hmacsha2_384_init(key); -- eay_hmacsha2_384_update(ctx, data); -- res = eay_hmacsha2_384_final(ctx); -- -- return(res); -+ return eay_hmac_one(key, data, EVP_sha2_384()); - } - - caddr_t -@@ -1922,14 +1944,7 @@ - eay_hmacsha2_256_one(key, data) - vchar_t *key, *data; - { -- vchar_t *res; -- caddr_t ctx; -- -- ctx = eay_hmacsha2_256_init(key); -- eay_hmacsha2_256_update(ctx, data); -- res = eay_hmacsha2_256_final(ctx); -- -- return(res); -+ return eay_hmac_one(key, data, EVP_sha2_256()); - } - - caddr_t -@@ -1980,14 +1995,7 @@ - eay_hmacsha1_one(key, data) - vchar_t *key, *data; - { -- vchar_t *res; -- caddr_t ctx; -- -- ctx = eay_hmacsha1_init(key); -- eay_hmacsha1_update(ctx, data); -- res = eay_hmacsha1_final(ctx); -- -- return(res); -+ return eay_hmac_one(key, data, EVP_sha1()); - } - - caddr_t -@@ -2037,14 +2045,7 @@ - eay_hmacmd5_one(key, data) - vchar_t *key, *data; - { -- vchar_t *res; -- caddr_t ctx; -- -- ctx = eay_hmacmd5_init(key); -- eay_hmacmd5_update(ctx, data); -- res = eay_hmacmd5_final(ctx); -- -- return(res); -+ return eay_hmac_one(key, data, EVP_md5()); - } - - caddr_t -@@ -2130,14 +2131,7 @@ - eay_sha2_512_one(data) - vchar_t *data; - { -- caddr_t ctx; -- vchar_t *res; -- -- ctx = eay_sha2_512_init(); -- eay_sha2_512_update(ctx, data); -- res = eay_sha2_512_final(ctx); -- -- return(res); -+ return eay_digest_one(data, EVP_sha512()); - } - - int -@@ -2190,14 +2184,7 @@ - eay_sha2_384_one(data) - vchar_t *data; - { -- caddr_t ctx; -- vchar_t *res; -- -- ctx = eay_sha2_384_init(); -- eay_sha2_384_update(ctx, data); -- res = eay_sha2_384_final(ctx); -- -- return(res); -+ return eay_digest_one(data, EVP_sha2_384()); - } - - int -@@ -2250,14 +2237,7 @@ - eay_sha2_256_one(data) - vchar_t *data; - { -- caddr_t ctx; -- vchar_t *res; -- -- ctx = eay_sha2_256_init(); -- eay_sha2_256_update(ctx, data); -- res = eay_sha2_256_final(ctx); -- -- return(res); -+ return eay_digest_one(data, EVP_sha2_256()); - } - - int -@@ -2309,14 +2289,7 @@ - eay_sha1_one(data) - vchar_t *data; - { -- caddr_t ctx; -- vchar_t *res; -- -- ctx = eay_sha1_init(); -- eay_sha1_update(ctx, data); -- res = eay_sha1_final(ctx); -- -- return(res); -+ return eay_digest_one(data, EVP_sha1()); - } - - int -@@ -2367,14 +2340,7 @@ - eay_md5_one(data) - vchar_t *data; - { -- caddr_t ctx; -- vchar_t *res; -- -- ctx = eay_md5_init(); -- eay_md5_update(ctx, data); -- res = eay_md5_final(ctx); -- -- return(res); -+ return eay_digest_one(data, EVP_md5()); - } - - int diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD index dc5fca1b55..7421b05d77 100644 --- a/main/ipsec-tools/APKBUILD +++ b/main/ipsec-tools/APKBUILD @@ -1,8 +1,8 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=ipsec-tools -pkgver=0.8_alpha20090903 -_myver=0.8-alpha20090903 -pkgrel=11 +pkgver=0.8_alpha20101022 +_myver=0.8-alpha20101022 +pkgrel=0 pkgdesc="User-space IPsec tools for various IPsec implementations" url="http://ipsec-tools.sourceforge.net/" license="BSD" @@ -13,12 +13,9 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$_myver.tar.gz racoon.initd racoon.confd 50-reverse-connect.patch - 60-debug-quick.patch - initial-contact-fix.diff - fd-priorities.patch 70-rcvbuf-size.patch 75-racoonctl-rcvbuf.patch - 90-openssl-oneshot.patch + 90-dpd-window-fix.patch " _builddir="$srcdir"/$pkgname-$_myver @@ -28,7 +25,6 @@ prepare() { msg "Applying $i..." patch -p1 -i $i || return 1 done - patch -p0 -i "$srcdir"/initial-contact-fix.diff || return 1 sed -i 's:-Werror::g' configure } @@ -59,13 +55,10 @@ package() { install -D -m644 ../racoon.confd "$pkgdir"/etc/conf.d/racoon } -md5sums="8ec28d4e89c0f5e49ae2caa7463fbcfd ipsec-tools-0.8-alpha20090903.tar.gz +md5sums="1492b83edc944b5d32d2eff51e33399e ipsec-tools-0.8-alpha20101022.tar.gz 74f12ed04ed273a738229c0bfbf829cc racoon.initd 2d00250cf72da7f2f559c91b65a48747 racoon.confd 13bda94a598aabf593280e04ea16065d 50-reverse-connect.patch -baa13d7f0f48955c792f7fcd42a8587a 60-debug-quick.patch -69e06c5cc3a0c1cc8b10ddc89d1e644b initial-contact-fix.diff -c1e8b8dc80ef4b5d79fece52a4865e68 fd-priorities.patch f40c78e4ca4b92d2bf74e4fcf3a8d91f 70-rcvbuf-size.patch 2d5d24c4a3684a38584f88720f71c7d6 75-racoonctl-rcvbuf.patch -11e2c21e443edab17725f74ffeaddb76 90-openssl-oneshot.patch" +0391a6967ad19673588302bc8b17e0e2 90-dpd-window-fix.patch" diff --git a/main/ipsec-tools/fd-priorities.patch b/main/ipsec-tools/fd-priorities.patch deleted file mode 100644 index 68fc4b3455..0000000000 --- a/main/ipsec-tools/fd-priorities.patch +++ /dev/null @@ -1,285 +0,0 @@ -? .msg -? ChangeLog -? alpine-config -? commiters.txt -? fd-priorities-2.patch -? fd-priorities.patch -? ipsec-tools-0.8-alpha20090820.tar.bz2 -? ipsec-tools-0.8-alpha20090903.tar.bz2 -? local-changes.diff -? patch-to-support-cast128-cbc-algorithm.patch -? racoon.txt -? rpm/Makefile -? rpm/Makefile.in -? rpm/ipsec-tools.spec -? rpm/suse/Makefile -? rpm/suse/Makefile.in -? rpm/suse/ipsec-tools.spec -? src/Makefile -? src/Makefile.in -? src/include-glibc/.includes -? src/include-glibc/Makefile -? src/include-glibc/Makefile.in -? src/libipsec/.deps -? src/libipsec/.libs -? src/libipsec/Makefile -? src/libipsec/Makefile.in -? src/libipsec/ipsec_dump_policy.lo -? src/libipsec/ipsec_get_policylen.lo -? src/libipsec/ipsec_strerror.lo -? src/libipsec/key_debug.lo -? src/libipsec/libipsec.la -? src/libipsec/pfkey.lo -? src/libipsec/pfkey_dump.lo -? src/libipsec/policy_parse.c -? src/libipsec/policy_parse.h -? src/libipsec/policy_parse.lo -? src/libipsec/policy_token.c -? src/libipsec/policy_token.lo -? src/racoon/.deps -? src/racoon/.libs -? src/racoon/Makefile -? src/racoon/Makefile.in -? src/racoon/cfparse.c -? src/racoon/cfparse.h -? src/racoon/cftoken.c -? src/racoon/eaytest -? src/racoon/libracoon.la -? src/racoon/libracoon_la-kmpstat.lo -? src/racoon/libracoon_la-misc.lo -? src/racoon/libracoon_la-sockmisc.lo -? src/racoon/libracoon_la-vmbuf.lo -? src/racoon/plainrsa-gen -? src/racoon/prsa_par.c -? src/racoon/prsa_par.h -? src/racoon/prsa_tok.c -? src/racoon/racoon -? src/racoon/racoonctl -? src/racoon/samples/psk.txt -? src/racoon/samples/racoon.conf -? src/setkey/.deps -? src/setkey/.libs -? src/setkey/Makefile -? src/setkey/Makefile.in -? src/setkey/parse.c -? src/setkey/parse.h -? src/setkey/setkey -? src/setkey/token.c -Index: src/racoon/admin.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/admin.c,v -retrieving revision 1.32 -diff -u -r1.32 admin.c ---- a/src/racoon/admin.c 3 Sep 2009 09:29:07 -0000 1.32 -+++ b/src/racoon/admin.c 9 Mar 2010 07:50:46 -0000 -@@ -734,7 +734,7 @@ - return -1; - } - -- monitor_fd(lcconf->sock_admin, admin_handler, NULL); -+ monitor_fd(lcconf->sock_admin, admin_handler, NULL, 0); - plog(LLV_DEBUG, LOCATION, NULL, - "open %s as racoon management.\n", sunaddr.sun_path); - -Index: src/racoon/evt.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/evt.c,v -retrieving revision 1.9 -diff -u -r1.9 evt.c ---- a/src/racoon/evt.c 23 Jan 2009 08:05:58 -0000 1.9 -+++ b/src/racoon/evt.c 9 Mar 2010 07:50:46 -0000 -@@ -373,7 +373,7 @@ - - LIST_INSERT_HEAD(list, l, ll_chain); - l->fd = fd; -- monitor_fd(l->fd, evt_unsubscribe_cb, l); -+ monitor_fd(l->fd, evt_unsubscribe_cb, l, 0); - - plog(LLV_DEBUG, LOCATION, NULL, - "[%d] admin connection is polling events\n", fd); -Index: src/racoon/grabmyaddr.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c,v -retrieving revision 1.23 -diff -u -r1.23 grabmyaddr.c ---- a/src/racoon/grabmyaddr.c 3 Jul 2009 06:41:46 -0000 1.23 -+++ b/src/racoon/grabmyaddr.c 9 Mar 2010 07:50:46 -0000 -@@ -296,7 +296,7 @@ - lcconf->rtsock = kernel_open_socket(); - if (lcconf->rtsock < 0) - return -1; -- monitor_fd(lcconf->rtsock, kernel_receive, NULL); -+ monitor_fd(lcconf->rtsock, kernel_receive, NULL, 0); - } else { - lcconf->rtsock = -1; - if (!myaddr_open_all_configured(NULL)) -Index: src/racoon/isakmp.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c,v -retrieving revision 1.60 -diff -u -r1.60 isakmp.c ---- a/src/racoon/isakmp.c 3 Sep 2009 09:29:07 -0000 1.60 -+++ b/src/racoon/isakmp.c 9 Mar 2010 07:50:48 -0000 -@@ -1720,7 +1720,7 @@ - "%s used as isakmp port (fd=%d)\n", - saddr2str(addr), fd); - -- monitor_fd(fd, isakmp_handler, NULL); -+ monitor_fd(fd, isakmp_handler, NULL, 1); - return fd; - - err: -Index: src/racoon/pfkey.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/pfkey.c,v -retrieving revision 1.52 -diff -u -r1.52 pfkey.c ---- a/src/racoon/pfkey.c 9 Feb 2010 23:05:16 -0000 1.52 -+++ b/src/racoon/pfkey.c 9 Mar 2010 07:50:49 -0000 -@@ -487,7 +487,7 @@ - return -1; - } - #endif -- monitor_fd(lcconf->sock_pfkey, pfkey_handler, NULL); -+ monitor_fd(lcconf->sock_pfkey, pfkey_handler, NULL, 0); - return 0; - } - -Index: src/racoon/session.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/session.c,v -retrieving revision 1.27 -diff -u -r1.27 session.c ---- a/src/racoon/session.c 4 Mar 2010 15:13:53 -0000 1.27 -+++ b/src/racoon/session.c 9 Mar 2010 07:50:50 -0000 -@@ -103,8 +103,13 @@ - struct fd_monitor { - int (*callback)(void *ctx, int fd); - void *ctx; -+ int prio; -+ int fd; -+ TAILQ_ENTRY(fd_monitor) chain; - }; - -+#define NUM_PRIORITIES 2 -+ - static void close_session __P((void)); - static void initfds __P((void)); - static void init_signal __P((void)); -@@ -115,13 +120,14 @@ - - static fd_set preset_mask, active_mask; - static struct fd_monitor fd_monitors[FD_SETSIZE]; -+static TAILQ_HEAD(fd_monitor_list, fd_monitor) fd_monitor_tree[NUM_PRIORITIES]; - static int nfds = 0; - - static volatile sig_atomic_t sigreq[NSIG + 1]; - static struct sched scflushsa = SCHED_INITIALIZER(); - - void --monitor_fd(int fd, int (*callback)(void *, int), void *ctx) -+monitor_fd(int fd, int (*callback)(void *, int), void *ctx, int priority) - { - if (fd < 0 || fd >= FD_SETSIZE) { - plog(LLV_ERROR, LOCATION, NULL, "fd_set overrun"); -@@ -131,9 +137,17 @@ - FD_SET(fd, &preset_mask); - if (fd > nfds) - nfds = fd; -+ if (priority <= 0) -+ priority = 0; -+ if (priority >= NUM_PRIORITIES) -+ priority = NUM_PRIORITIES - 1; - - fd_monitors[fd].callback = callback; - fd_monitors[fd].ctx = ctx; -+ fd_monitors[fd].prio = priority; -+ fd_monitors[fd].fd = fd; -+ TAILQ_INSERT_TAIL(&fd_monitor_tree[priority], -+ &fd_monitors[fd], chain); - } - - void -@@ -144,10 +158,15 @@ - exit(1); - } - -+ if (fd_monitors[fd].callback == NULL) -+ return; -+ - FD_CLR(fd, &preset_mask); - FD_CLR(fd, &active_mask); - fd_monitors[fd].callback = NULL; - fd_monitors[fd].ctx = NULL; -+ TAILQ_REMOVE(&fd_monitor_tree[fd_monitors[fd].prio], -+ &fd_monitors[fd], chain); - } - - int -@@ -158,11 +177,15 @@ - char pid_file[MAXPATHLEN]; - FILE *fp; - pid_t racoon_pid = 0; -- int i; -+ int i, count; -+ struct fd_monitor *fdm; - - nfds = 0; - FD_ZERO(&preset_mask); - -+ for (i = 0; i < NUM_PRIORITIES; i++) -+ TAILQ_INIT(&fd_monitor_tree[i]); -+ - /* initialize schedular */ - sched_init(); - init_signal(); -@@ -291,16 +314,24 @@ - /*NOTREACHED*/ - } - -- for (i = 0; i <= nfds; i++) { -- if (!FD_ISSET(i, &active_mask)) -- continue; -- -- if (fd_monitors[i].callback != NULL) -- fd_monitors[i].callback(fd_monitors[i].ctx, i); -- else -- plog(LLV_ERROR, LOCATION, NULL, -- "fd %d set, but no active callback\n", i); -+ count = 0; -+ for (i = 0; i < NUM_PRIORITIES; i++) { -+ TAILQ_FOREACH(fdm, &fd_monitor_tree[i], chain) { -+ if (!FD_ISSET(fdm->fd, &active_mask)) -+ continue; -+ -+ FD_CLR(fdm->fd, &active_mask); -+ if (fdm->callback != NULL) { -+ fdm->callback(fdm->ctx, fdm->fd); -+ count++; -+ } else -+ plog(LLV_ERROR, LOCATION, NULL, -+ "fd %d set, but no active callback\n", i); -+ } -+ if (count != 0) -+ break; - } -+ - } - } - -Index: src/racoon/session.h -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/session.h,v -retrieving revision 1.8 -diff -u -r1.8 session.h ---- a/src/racoon/session.h 23 Jan 2009 08:05:58 -0000 1.8 -+++ b/src/racoon/session.h 9 Mar 2010 07:50:50 -0000 -@@ -37,7 +37,7 @@ - extern int session __P((void)); - extern RETSIGTYPE signal_handler __P((int)); - --extern void monitor_fd __P((int fd, int (*callback)(void *, int), void *ctx)); -+extern void monitor_fd __P((int fd, int (*callback)(void *, int), void *ctx, int priority)); - extern void unmonitor_fd __P((int fd)); - - #endif /* _SESSION_H */ diff --git a/main/ipsec-tools/initial-contact-fix.diff b/main/ipsec-tools/initial-contact-fix.diff deleted file mode 100644 index 370418be09..0000000000 --- a/main/ipsec-tools/initial-contact-fix.diff +++ /dev/null @@ -1,71 +0,0 @@ -Index: src/racoon/admin.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/admin.c,v -retrieving revision 1.32 -diff -u -r1.32 admin.c ---- src/racoon/admin.c 3 Sep 2009 09:29:07 -0000 1.32 -+++ src/racoon/admin.c 10 Dec 2009 14:38:47 -0000 -@@ -299,9 +299,8 @@ - break; - - case ADMIN_DELETE_SA: { -- struct ph1handle *iph1; -- struct ph1selector sel; - char *loc, *rem; -+ struct ph1selector sel; - - memset(&sel, 0, sizeof(sel)); - sel.local = (struct sockaddr *) -@@ -319,6 +318,7 @@ - plog(LLV_INFO, LOCATION, NULL, - "admin delete-sa %s %s\n", loc, rem); - enumph1(&sel, admin_ph1_delete_sa, NULL); -+ remcontacted(sel.remote); - - racoon_free(loc); - racoon_free(rem); -Index: src/racoon/handler.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.c,v -retrieving revision 1.31 -diff -u -r1.31 handler.c ---- src/racoon/handler.c 22 Nov 2009 19:34:55 -0000 1.31 -+++ src/racoon/handler.c 10 Dec 2009 14:38:48 -0000 -@@ -966,6 +966,22 @@ - } - - void -+remcontacted(remote) -+ struct sockaddr *remote; -+{ -+ struct contacted *p; -+ -+ LIST_FOREACH(p, &ctdtree, chain) { -+ if (cmpsaddr(remote, p->remote) == 0) { -+ LIST_REMOVE(p, chain); -+ racoon_free(p->remote); -+ racoon_free(p); -+ break; -+ } -+ } -+} -+ -+void - initctdtree() - { - LIST_INIT(&ctdtree); -Index: src/racoon/handler.h -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.h,v -retrieving revision 1.22 -diff -u -r1.22 handler.h ---- src/racoon/handler.h 3 Sep 2009 09:29:07 -0000 1.22 -+++ src/racoon/handler.h 10 Dec 2009 14:38:48 -0000 -@@ -518,6 +518,7 @@ - - extern struct contacted *getcontacted __P((struct sockaddr *)); - extern int inscontacted __P((struct sockaddr *)); -+extern void remcontacted __P((struct sockaddr *)); - extern void initctdtree __P((void)); - - extern int check_recvdpkt __P((struct sockaddr *, |