aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/ipsec-tools/60-debug-quick.patch211
-rw-r--r--main/ipsec-tools/90-dpd-window-fix.patch85
-rw-r--r--main/ipsec-tools/90-openssl-oneshot.patch210
-rw-r--r--main/ipsec-tools/APKBUILD19
-rw-r--r--main/ipsec-tools/fd-priorities.patch285
-rw-r--r--main/ipsec-tools/initial-contact-fix.diff71
6 files changed, 91 insertions, 790 deletions
diff --git a/main/ipsec-tools/60-debug-quick.patch b/main/ipsec-tools/60-debug-quick.patch
deleted file mode 100644
index a5c3346ee9..0000000000
--- a/main/ipsec-tools/60-debug-quick.patch
+++ /dev/null
@@ -1,211 +0,0 @@
-debugging prints for quick mode errors
-
-From: Timo Teras <timo.teras@iki.fi>
-
-
----
-
- src/racoon/isakmp.c | 21 ++++++++++++++-------
- src/racoon/isakmp_quick.c | 46 ++++++++++++++++++++++++++++++++++++++-------
- 2 files changed, 53 insertions(+), 14 deletions(-)
-
-
-diff --git a/src/racoon/isakmp.c b/src/racoon/isakmp.c
-index 2dfda2f..87ce598 100644
---- a/src/racoon/isakmp.c
-+++ b/src/racoon/isakmp.c
-@@ -817,7 +817,8 @@ ph1_main(iph1, msg)
-
- if (iph1->side == RESPONDER && iph1->status == PHASE1ST_START) {
- plog(LLV_ERROR, LOCATION, iph1->remote,
-- "failed to pre-process packet.\n");
-+ "failed to pre-process ph1 packet (side: %d, status %d).\n",
-+ iph1->side, iph1->status);
- return -1;
- } else {
- /* ignore the error and keep phase 1 handler */
-@@ -845,7 +846,8 @@ ph1_main(iph1, msg)
- [iph1->side]
- [iph1->status])(iph1, msg) != 0) {
- plog(LLV_ERROR, LOCATION, iph1->remote,
-- "failed to process packet.\n");
-+ "failed to process ph1 packet (side: %d, status: %d).\n",
-+ iph1->side, iph1->status);
- return -1;
- }
-
-@@ -997,7 +999,8 @@ quick_main(iph2, msg)
- [iph2->status])(iph2, msg);
- if (error != 0) {
- plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-- "failed to pre-process packet.\n");
-+ "failed to pre-process ph2 packet (side: %d, status %d).\n",
-+ iph2->side, iph2->status);
- if (error == ISAKMP_INTERNAL_ERROR)
- return 0;
- isakmp_info_send_n1(iph2->ph1, error, NULL);
-@@ -1025,7 +1028,8 @@ quick_main(iph2, msg)
- [iph2->side]
- [iph2->status])(iph2, msg) != 0) {
- plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-- "failed to process packet.\n");
-+ "failed to process ph2 packet (side: %d, status: %d).\n",
-+ iph2->side, iph2->status);
- return -1;
- }
-
-@@ -1233,7 +1237,8 @@ isakmp_ph1begin_r(msg, remote, local, etype)
- [iph1->side]
- [iph1->status])(iph1, msg) < 0) {
- plog(LLV_ERROR, LOCATION, remote,
-- "failed to process packet.\n");
-+ "failed to process ph1 packet (side: %d, status: %d).\n",
-+ iph1->side, iph1->status);
- remph1(iph1);
- delph1(iph1);
- return -1;
-@@ -1386,7 +1391,8 @@ isakmp_ph2begin_r(iph1, msg)
- [iph2->status])(iph2, msg);
- if (error != 0) {
- plog(LLV_ERROR, LOCATION, iph1->remote,
-- "failed to pre-process packet.\n");
-+ "failed to pre-process ph2 packet (side: %d, status: %d).\n",
-+ iph2->side, iph2->status);
- if (error != ISAKMP_INTERNAL_ERROR)
- isakmp_info_send_n1(iph2->ph1, error, NULL);
- /*
-@@ -1404,7 +1410,8 @@ isakmp_ph2begin_r(iph1, msg)
- [iph2->side]
- [iph2->status])(iph2, msg) < 0) {
- plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-- "failed to process packet.\n");
-+ "failed to process ph2 packet (side: %d, status: %d).\n",
-+ iph2->side, iph2->status);
- /* don't release handler */
- return -1;
- }
-diff --git a/src/racoon/isakmp_quick.c b/src/racoon/isakmp_quick.c
-index 46c84c1..2657407 100644
---- a/src/racoon/isakmp_quick.c
-+++ b/src/racoon/isakmp_quick.c
-@@ -495,18 +495,27 @@ quick_i2recv(iph2, msg0)
- "isn't supported.\n");
- break;
- }
-- if (isakmp_p2ph(&iph2->sa_ret, pa->ptr) < 0)
-+ if (isakmp_p2ph(&iph2->sa_ret, pa->ptr) < 0) {
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "duplicate ISAKMP_NPTYPE_SA.\n");
- goto end;
-+ }
- break;
-
- case ISAKMP_NPTYPE_NONCE:
-- if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0)
-+ if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0) {
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "duplicate ISAKMP_NPTYPE_NONCE.\n");
- goto end;
-+ }
- break;
-
- case ISAKMP_NPTYPE_KE:
-- if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0)
-+ if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0) {
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "duplicate ISAKMP_NPTYPE_KE.\n");
- goto end;
-+ }
- break;
-
- case ISAKMP_NPTYPE_ID:
-@@ -517,6 +526,8 @@ quick_i2recv(iph2, msg0)
- if (isakmp_p2ph(&idcr, pa->ptr) < 0)
- goto end;
- } else {
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "too many ISAKMP_NPTYPE_ID payloads.\n");
- goto end;
- }
- break;
-@@ -557,6 +568,8 @@ quick_i2recv(iph2, msg0)
- iph2->natoa_dst = daddr;
- else {
- racoon_free(daddr);
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "too many ISAKMP_NPTYPE_NATOA payloads.\n");
- goto end;
- }
- }
-@@ -718,6 +731,8 @@ quick_i2recv(iph2, msg0)
-
- /* validity check SA payload sent from responder */
- if (ipsecdoi_checkph2proposal(iph2) < 0) {
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "proposal check failed.\n");
- error = ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN;
- goto end;
- }
-@@ -1077,8 +1092,11 @@ quick_r1recv(iph2, msg0)
- }
- /* decrypt packet */
- msg = oakley_do_decrypt(iph2->ph1, msg0, iph2->ivm->iv, iph2->ivm->ive);
-- if (msg == NULL)
-+ if (msg == NULL) {
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "Packet decryption failed.\n");
- goto end;
-+ }
-
- /* create buffer for using to validate HASH(1) */
- /*
-@@ -1162,18 +1180,27 @@ quick_r1recv(iph2, msg0)
- "Multi SAs isn't supported.\n");
- goto end;
- }
-- if (isakmp_p2ph(&iph2->sa, pa->ptr) < 0)
-+ if (isakmp_p2ph(&iph2->sa, pa->ptr) < 0) {
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "duplicate ISAKMP_NPTYPE_SA.\n");
- goto end;
-+ }
- break;
-
- case ISAKMP_NPTYPE_NONCE:
-- if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0)
-+ if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0) {
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "duplicate ISAKMP_NPTYPE_NONCE.\n");
- goto end;
-+ }
- break;
-
- case ISAKMP_NPTYPE_KE:
-- if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0)
-+ if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0) {
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "duplicate ISAKMP_NPTYPE_KE.\n");
- goto end;
-+ }
- break;
-
- case ISAKMP_NPTYPE_ID:
-@@ -1241,6 +1268,9 @@ quick_r1recv(iph2, msg0)
- iph2->natoa_src = daddr;
- else {
- racoon_free(daddr);
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "received too many NAT-OA payloads.\n");
-+ error = ISAKMP_NTYPE_PAYLOAD_MALFORMED;
- goto end;
- }
- }
-@@ -1333,6 +1363,8 @@ quick_r1recv(iph2, msg0)
- case 0:
- /* select single proposal or reject it. */
- if (ipsecdoi_selectph2proposal(iph2) < 0) {
-+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
-+ "no proposal chosen.\n");
- error = ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN;
- goto end;
- }
diff --git a/main/ipsec-tools/90-dpd-window-fix.patch b/main/ipsec-tools/90-dpd-window-fix.patch
new file mode 100644
index 0000000000..d3ac9a9aa2
--- /dev/null
+++ b/main/ipsec-tools/90-dpd-window-fix.patch
@@ -0,0 +1,85 @@
+Index: src/racoon/isakmp_inf.c
+===================================================================
+RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c,v
+retrieving revision 1.41
+diff -u -r1.41 isakmp_inf.c
+--- a/src/racoon/isakmp_inf.c 3 Jul 2009 06:41:46 -0000 1.41
++++ b/src/racoon/isakmp_inf.c 5 May 2010 15:56:38 -0000
+@@ -1450,17 +1450,16 @@
+ struct isakmp_pl_ru *ru;
+ u_int32_t msgid;
+ {
++ u_int32_t seq;
+
+ plog(LLV_DEBUG, LOCATION, iph1->remote,
+ "DPD R-U-There-Ack received\n");
+
+- /* XXX Maintain window of acceptable sequence numbers ?
+- * => ru->data <= iph2->dpd_seq &&
+- * ru->data >= iph2->dpd_seq - iph2->dpd_fails ? */
+- if (ntohl(ru->data) != iph1->dpd_seq-1) {
++ seq = ntohl(ru->data);
++ if (seq <= iph1->dpd_last_ack || seq > iph1->dpd_seq) {
+ plog(LLV_ERROR, LOCATION, iph1->remote,
+- "Wrong DPD sequence number (%d, %d expected).\n",
+- ntohl(ru->data), iph1->dpd_seq-1);
++ "Wrong DPD sequence number (%d; last_ack=%d, seq=%d).\n",
++ seq, iph1->dpd_last_ack, iph1->dpd_seq);
+ return 0;
+ }
+
+@@ -1472,6 +1471,7 @@
+ }
+
+ iph1->dpd_fails = 0;
++ iph1->dpd_last_ack = seq;
+ sched_cancel(&iph1->dpd_r_u);
+ isakmp_sched_r_u(iph1, 0);
+
+@@ -1535,12 +1535,13 @@
+ memcpy(ru->i_ck, iph1->index.i_ck, sizeof(cookie_t));
+ memcpy(ru->r_ck, iph1->index.r_ck, sizeof(cookie_t));
+
+- if (iph1->dpd_seq == 0){
++ if (iph1->dpd_seq == 0) {
+ /* generate a random seq which is not too big */
+- srand(time(NULL));
+- iph1->dpd_seq = rand() & 0x0fff;
++ iph1->dpd_seq = iph1->dpd_last_ack = rand() & 0x0fff;
+ }
+
++ iph1->dpd_seq++;
++ iph1->dpd_fails++;
+ ru->data = htonl(iph1->dpd_seq);
+
+ error = isakmp_info_send_common(iph1, payload, ISAKMP_NPTYPE_N, 0);
+@@ -1549,12 +1550,6 @@
+ plog(LLV_DEBUG, LOCATION, iph1->remote,
+ "DPD R-U-There sent (%d)\n", error);
+
+- /* will be decreased if ACK received... */
+- iph1->dpd_fails++;
+-
+- /* XXX should be increased only when ACKed ? */
+- iph1->dpd_seq++;
+-
+ /* Reschedule the r_u_there with a short delay,
+ * will be deleted/rescheduled if ACK received before */
+ isakmp_sched_r_u(iph1, 1);
+Index: src/racoon/handler.h
+===================================================================
+RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.h,v
+retrieving revision 1.22
+diff -u -r1.22 handler.h
+--- a/src/racoon/handler.h 3 Sep 2009 09:29:07 -0000 1.22
++++ b/src/racoon/handler.h 5 May 2010 15:56:39 -0000
+@@ -202,7 +202,8 @@
+
+ #ifdef ENABLE_DPD
+ int dpd_support; /* Does remote supports DPD ? */
+- u_int16_t dpd_seq; /* DPD seq number to receive */
++ u_int32_t dpd_last_ack;
++ u_int32_t dpd_seq; /* DPD seq number to receive */
+ u_int8_t dpd_fails; /* number of failures */
+ struct sched dpd_r_u;
+ #endif
diff --git a/main/ipsec-tools/90-openssl-oneshot.patch b/main/ipsec-tools/90-openssl-oneshot.patch
deleted file mode 100644
index ece12a52dd..0000000000
--- a/main/ipsec-tools/90-openssl-oneshot.patch
+++ /dev/null
@@ -1,210 +0,0 @@
-Index: src/racoon/crypto_openssl.c
-===================================================================
-RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c,v
-retrieving revision 1.19
-diff -u -r1.19 crypto_openssl.c
---- a/src/racoon/crypto_openssl.c 29 Apr 2009 10:50:01 -0000 1.19
-+++ b/src/racoon/crypto_openssl.c 4 Jun 2010 09:13:18 -0000
-@@ -1800,6 +1800,42 @@
- return (caddr_t)c;
- }
-
-+static vchar_t *eay_hmac_one(key, data, type)
-+ vchar_t *key, *data;
-+ const EVP_MD *type;
-+{
-+ vchar_t *res;
-+
-+ if ((res = vmalloc(EVP_MD_size(type))) == 0)
-+ return NULL;
-+
-+ if (!HMAC(type, (void *) key->v, key->l,
-+ (void *) data->v, data->l, (void *) res->v, NULL)) {
-+ vfree(res);
-+ return NULL;
-+ }
-+
-+ return res;
-+}
-+
-+static vchar_t *eay_digest_one(data, type)
-+ vchar_t *data;
-+ const EVP_MD *type;
-+{
-+ vchar_t *res;
-+
-+ if ((res = vmalloc(EVP_MD_size(type))) == 0)
-+ return NULL;
-+
-+ if (!EVP_Digest((void *) data->v, data->l,
-+ (void *) res->v, NULL, type, NULL)) {
-+ vfree(res);
-+ return NULL;
-+ }
-+
-+ return res;
-+}
-+
- #ifdef WITH_SHA2
- /*
- * HMAC SHA2-512
-@@ -1808,14 +1844,7 @@
- eay_hmacsha2_512_one(key, data)
- vchar_t *key, *data;
- {
-- vchar_t *res;
-- caddr_t ctx;
--
-- ctx = eay_hmacsha2_512_init(key);
-- eay_hmacsha2_512_update(ctx, data);
-- res = eay_hmacsha2_512_final(ctx);
--
-- return(res);
-+ return eay_hmac_one(key, data, EVP_sha2_512());
- }
-
- caddr_t
-@@ -1865,14 +1894,7 @@
- eay_hmacsha2_384_one(key, data)
- vchar_t *key, *data;
- {
-- vchar_t *res;
-- caddr_t ctx;
--
-- ctx = eay_hmacsha2_384_init(key);
-- eay_hmacsha2_384_update(ctx, data);
-- res = eay_hmacsha2_384_final(ctx);
--
-- return(res);
-+ return eay_hmac_one(key, data, EVP_sha2_384());
- }
-
- caddr_t
-@@ -1922,14 +1944,7 @@
- eay_hmacsha2_256_one(key, data)
- vchar_t *key, *data;
- {
-- vchar_t *res;
-- caddr_t ctx;
--
-- ctx = eay_hmacsha2_256_init(key);
-- eay_hmacsha2_256_update(ctx, data);
-- res = eay_hmacsha2_256_final(ctx);
--
-- return(res);
-+ return eay_hmac_one(key, data, EVP_sha2_256());
- }
-
- caddr_t
-@@ -1980,14 +1995,7 @@
- eay_hmacsha1_one(key, data)
- vchar_t *key, *data;
- {
-- vchar_t *res;
-- caddr_t ctx;
--
-- ctx = eay_hmacsha1_init(key);
-- eay_hmacsha1_update(ctx, data);
-- res = eay_hmacsha1_final(ctx);
--
-- return(res);
-+ return eay_hmac_one(key, data, EVP_sha1());
- }
-
- caddr_t
-@@ -2037,14 +2045,7 @@
- eay_hmacmd5_one(key, data)
- vchar_t *key, *data;
- {
-- vchar_t *res;
-- caddr_t ctx;
--
-- ctx = eay_hmacmd5_init(key);
-- eay_hmacmd5_update(ctx, data);
-- res = eay_hmacmd5_final(ctx);
--
-- return(res);
-+ return eay_hmac_one(key, data, EVP_md5());
- }
-
- caddr_t
-@@ -2130,14 +2131,7 @@
- eay_sha2_512_one(data)
- vchar_t *data;
- {
-- caddr_t ctx;
-- vchar_t *res;
--
-- ctx = eay_sha2_512_init();
-- eay_sha2_512_update(ctx, data);
-- res = eay_sha2_512_final(ctx);
--
-- return(res);
-+ return eay_digest_one(data, EVP_sha512());
- }
-
- int
-@@ -2190,14 +2184,7 @@
- eay_sha2_384_one(data)
- vchar_t *data;
- {
-- caddr_t ctx;
-- vchar_t *res;
--
-- ctx = eay_sha2_384_init();
-- eay_sha2_384_update(ctx, data);
-- res = eay_sha2_384_final(ctx);
--
-- return(res);
-+ return eay_digest_one(data, EVP_sha2_384());
- }
-
- int
-@@ -2250,14 +2237,7 @@
- eay_sha2_256_one(data)
- vchar_t *data;
- {
-- caddr_t ctx;
-- vchar_t *res;
--
-- ctx = eay_sha2_256_init();
-- eay_sha2_256_update(ctx, data);
-- res = eay_sha2_256_final(ctx);
--
-- return(res);
-+ return eay_digest_one(data, EVP_sha2_256());
- }
-
- int
-@@ -2309,14 +2289,7 @@
- eay_sha1_one(data)
- vchar_t *data;
- {
-- caddr_t ctx;
-- vchar_t *res;
--
-- ctx = eay_sha1_init();
-- eay_sha1_update(ctx, data);
-- res = eay_sha1_final(ctx);
--
-- return(res);
-+ return eay_digest_one(data, EVP_sha1());
- }
-
- int
-@@ -2367,14 +2340,7 @@
- eay_md5_one(data)
- vchar_t *data;
- {
-- caddr_t ctx;
-- vchar_t *res;
--
-- ctx = eay_md5_init();
-- eay_md5_update(ctx, data);
-- res = eay_md5_final(ctx);
--
-- return(res);
-+ return eay_digest_one(data, EVP_md5());
- }
-
- int
diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD
index dc5fca1b55..7421b05d77 100644
--- a/main/ipsec-tools/APKBUILD
+++ b/main/ipsec-tools/APKBUILD
@@ -1,8 +1,8 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ipsec-tools
-pkgver=0.8_alpha20090903
-_myver=0.8-alpha20090903
-pkgrel=11
+pkgver=0.8_alpha20101022
+_myver=0.8-alpha20101022
+pkgrel=0
pkgdesc="User-space IPsec tools for various IPsec implementations"
url="http://ipsec-tools.sourceforge.net/"
license="BSD"
@@ -13,12 +13,9 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$_myver.tar.gz
racoon.initd
racoon.confd
50-reverse-connect.patch
- 60-debug-quick.patch
- initial-contact-fix.diff
- fd-priorities.patch
70-rcvbuf-size.patch
75-racoonctl-rcvbuf.patch
- 90-openssl-oneshot.patch
+ 90-dpd-window-fix.patch
"
_builddir="$srcdir"/$pkgname-$_myver
@@ -28,7 +25,6 @@ prepare() {
msg "Applying $i..."
patch -p1 -i $i || return 1
done
- patch -p0 -i "$srcdir"/initial-contact-fix.diff || return 1
sed -i 's:-Werror::g' configure
}
@@ -59,13 +55,10 @@ package() {
install -D -m644 ../racoon.confd "$pkgdir"/etc/conf.d/racoon
}
-md5sums="8ec28d4e89c0f5e49ae2caa7463fbcfd ipsec-tools-0.8-alpha20090903.tar.gz
+md5sums="1492b83edc944b5d32d2eff51e33399e ipsec-tools-0.8-alpha20101022.tar.gz
74f12ed04ed273a738229c0bfbf829cc racoon.initd
2d00250cf72da7f2f559c91b65a48747 racoon.confd
13bda94a598aabf593280e04ea16065d 50-reverse-connect.patch
-baa13d7f0f48955c792f7fcd42a8587a 60-debug-quick.patch
-69e06c5cc3a0c1cc8b10ddc89d1e644b initial-contact-fix.diff
-c1e8b8dc80ef4b5d79fece52a4865e68 fd-priorities.patch
f40c78e4ca4b92d2bf74e4fcf3a8d91f 70-rcvbuf-size.patch
2d5d24c4a3684a38584f88720f71c7d6 75-racoonctl-rcvbuf.patch
-11e2c21e443edab17725f74ffeaddb76 90-openssl-oneshot.patch"
+0391a6967ad19673588302bc8b17e0e2 90-dpd-window-fix.patch"
diff --git a/main/ipsec-tools/fd-priorities.patch b/main/ipsec-tools/fd-priorities.patch
deleted file mode 100644
index 68fc4b3455..0000000000
--- a/main/ipsec-tools/fd-priorities.patch
+++ /dev/null
@@ -1,285 +0,0 @@
-? .msg
-? ChangeLog
-? alpine-config
-? commiters.txt
-? fd-priorities-2.patch
-? fd-priorities.patch
-? ipsec-tools-0.8-alpha20090820.tar.bz2
-? ipsec-tools-0.8-alpha20090903.tar.bz2
-? local-changes.diff
-? patch-to-support-cast128-cbc-algorithm.patch
-? racoon.txt
-? rpm/Makefile
-? rpm/Makefile.in
-? rpm/ipsec-tools.spec
-? rpm/suse/Makefile
-? rpm/suse/Makefile.in
-? rpm/suse/ipsec-tools.spec
-? src/Makefile
-? src/Makefile.in
-? src/include-glibc/.includes
-? src/include-glibc/Makefile
-? src/include-glibc/Makefile.in
-? src/libipsec/.deps
-? src/libipsec/.libs
-? src/libipsec/Makefile
-? src/libipsec/Makefile.in
-? src/libipsec/ipsec_dump_policy.lo
-? src/libipsec/ipsec_get_policylen.lo
-? src/libipsec/ipsec_strerror.lo
-? src/libipsec/key_debug.lo
-? src/libipsec/libipsec.la
-? src/libipsec/pfkey.lo
-? src/libipsec/pfkey_dump.lo
-? src/libipsec/policy_parse.c
-? src/libipsec/policy_parse.h
-? src/libipsec/policy_parse.lo
-? src/libipsec/policy_token.c
-? src/libipsec/policy_token.lo
-? src/racoon/.deps
-? src/racoon/.libs
-? src/racoon/Makefile
-? src/racoon/Makefile.in
-? src/racoon/cfparse.c
-? src/racoon/cfparse.h
-? src/racoon/cftoken.c
-? src/racoon/eaytest
-? src/racoon/libracoon.la
-? src/racoon/libracoon_la-kmpstat.lo
-? src/racoon/libracoon_la-misc.lo
-? src/racoon/libracoon_la-sockmisc.lo
-? src/racoon/libracoon_la-vmbuf.lo
-? src/racoon/plainrsa-gen
-? src/racoon/prsa_par.c
-? src/racoon/prsa_par.h
-? src/racoon/prsa_tok.c
-? src/racoon/racoon
-? src/racoon/racoonctl
-? src/racoon/samples/psk.txt
-? src/racoon/samples/racoon.conf
-? src/setkey/.deps
-? src/setkey/.libs
-? src/setkey/Makefile
-? src/setkey/Makefile.in
-? src/setkey/parse.c
-? src/setkey/parse.h
-? src/setkey/setkey
-? src/setkey/token.c
-Index: src/racoon/admin.c
-===================================================================
-RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/admin.c,v
-retrieving revision 1.32
-diff -u -r1.32 admin.c
---- a/src/racoon/admin.c 3 Sep 2009 09:29:07 -0000 1.32
-+++ b/src/racoon/admin.c 9 Mar 2010 07:50:46 -0000
-@@ -734,7 +734,7 @@
- return -1;
- }
-
-- monitor_fd(lcconf->sock_admin, admin_handler, NULL);
-+ monitor_fd(lcconf->sock_admin, admin_handler, NULL, 0);
- plog(LLV_DEBUG, LOCATION, NULL,
- "open %s as racoon management.\n", sunaddr.sun_path);
-
-Index: src/racoon/evt.c
-===================================================================
-RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/evt.c,v
-retrieving revision 1.9
-diff -u -r1.9 evt.c
---- a/src/racoon/evt.c 23 Jan 2009 08:05:58 -0000 1.9
-+++ b/src/racoon/evt.c 9 Mar 2010 07:50:46 -0000
-@@ -373,7 +373,7 @@
-
- LIST_INSERT_HEAD(list, l, ll_chain);
- l->fd = fd;
-- monitor_fd(l->fd, evt_unsubscribe_cb, l);
-+ monitor_fd(l->fd, evt_unsubscribe_cb, l, 0);
-
- plog(LLV_DEBUG, LOCATION, NULL,
- "[%d] admin connection is polling events\n", fd);
-Index: src/racoon/grabmyaddr.c
-===================================================================
-RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c,v
-retrieving revision 1.23
-diff -u -r1.23 grabmyaddr.c
---- a/src/racoon/grabmyaddr.c 3 Jul 2009 06:41:46 -0000 1.23
-+++ b/src/racoon/grabmyaddr.c 9 Mar 2010 07:50:46 -0000
-@@ -296,7 +296,7 @@
- lcconf->rtsock = kernel_open_socket();
- if (lcconf->rtsock < 0)
- return -1;
-- monitor_fd(lcconf->rtsock, kernel_receive, NULL);
-+ monitor_fd(lcconf->rtsock, kernel_receive, NULL, 0);
- } else {
- lcconf->rtsock = -1;
- if (!myaddr_open_all_configured(NULL))
-Index: src/racoon/isakmp.c
-===================================================================
-RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c,v
-retrieving revision 1.60
-diff -u -r1.60 isakmp.c
---- a/src/racoon/isakmp.c 3 Sep 2009 09:29:07 -0000 1.60
-+++ b/src/racoon/isakmp.c 9 Mar 2010 07:50:48 -0000
-@@ -1720,7 +1720,7 @@
- "%s used as isakmp port (fd=%d)\n",
- saddr2str(addr), fd);
-
-- monitor_fd(fd, isakmp_handler, NULL);
-+ monitor_fd(fd, isakmp_handler, NULL, 1);
- return fd;
-
- err:
-Index: src/racoon/pfkey.c
-===================================================================
-RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/pfkey.c,v
-retrieving revision 1.52
-diff -u -r1.52 pfkey.c
---- a/src/racoon/pfkey.c 9 Feb 2010 23:05:16 -0000 1.52
-+++ b/src/racoon/pfkey.c 9 Mar 2010 07:50:49 -0000
-@@ -487,7 +487,7 @@
- return -1;
- }
- #endif
-- monitor_fd(lcconf->sock_pfkey, pfkey_handler, NULL);
-+ monitor_fd(lcconf->sock_pfkey, pfkey_handler, NULL, 0);
- return 0;
- }
-
-Index: src/racoon/session.c
-===================================================================
-RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/session.c,v
-retrieving revision 1.27
-diff -u -r1.27 session.c
---- a/src/racoon/session.c 4 Mar 2010 15:13:53 -0000 1.27
-+++ b/src/racoon/session.c 9 Mar 2010 07:50:50 -0000
-@@ -103,8 +103,13 @@
- struct fd_monitor {
- int (*callback)(void *ctx, int fd);
- void *ctx;
-+ int prio;
-+ int fd;
-+ TAILQ_ENTRY(fd_monitor) chain;
- };
-
-+#define NUM_PRIORITIES 2
-+
- static void close_session __P((void));
- static void initfds __P((void));
- static void init_signal __P((void));
-@@ -115,13 +120,14 @@
-
- static fd_set preset_mask, active_mask;
- static struct fd_monitor fd_monitors[FD_SETSIZE];
-+static TAILQ_HEAD(fd_monitor_list, fd_monitor) fd_monitor_tree[NUM_PRIORITIES];
- static int nfds = 0;
-
- static volatile sig_atomic_t sigreq[NSIG + 1];
- static struct sched scflushsa = SCHED_INITIALIZER();
-
- void
--monitor_fd(int fd, int (*callback)(void *, int), void *ctx)
-+monitor_fd(int fd, int (*callback)(void *, int), void *ctx, int priority)
- {
- if (fd < 0 || fd >= FD_SETSIZE) {
- plog(LLV_ERROR, LOCATION, NULL, "fd_set overrun");
-@@ -131,9 +137,17 @@
- FD_SET(fd, &preset_mask);
- if (fd > nfds)
- nfds = fd;
-+ if (priority <= 0)
-+ priority = 0;
-+ if (priority >= NUM_PRIORITIES)
-+ priority = NUM_PRIORITIES - 1;
-
- fd_monitors[fd].callback = callback;
- fd_monitors[fd].ctx = ctx;
-+ fd_monitors[fd].prio = priority;
-+ fd_monitors[fd].fd = fd;
-+ TAILQ_INSERT_TAIL(&fd_monitor_tree[priority],
-+ &fd_monitors[fd], chain);
- }
-
- void
-@@ -144,10 +158,15 @@
- exit(1);
- }
-
-+ if (fd_monitors[fd].callback == NULL)
-+ return;
-+
- FD_CLR(fd, &preset_mask);
- FD_CLR(fd, &active_mask);
- fd_monitors[fd].callback = NULL;
- fd_monitors[fd].ctx = NULL;
-+ TAILQ_REMOVE(&fd_monitor_tree[fd_monitors[fd].prio],
-+ &fd_monitors[fd], chain);
- }
-
- int
-@@ -158,11 +177,15 @@
- char pid_file[MAXPATHLEN];
- FILE *fp;
- pid_t racoon_pid = 0;
-- int i;
-+ int i, count;
-+ struct fd_monitor *fdm;
-
- nfds = 0;
- FD_ZERO(&preset_mask);
-
-+ for (i = 0; i < NUM_PRIORITIES; i++)
-+ TAILQ_INIT(&fd_monitor_tree[i]);
-+
- /* initialize schedular */
- sched_init();
- init_signal();
-@@ -291,16 +314,24 @@
- /*NOTREACHED*/
- }
-
-- for (i = 0; i <= nfds; i++) {
-- if (!FD_ISSET(i, &active_mask))
-- continue;
--
-- if (fd_monitors[i].callback != NULL)
-- fd_monitors[i].callback(fd_monitors[i].ctx, i);
-- else
-- plog(LLV_ERROR, LOCATION, NULL,
-- "fd %d set, but no active callback\n", i);
-+ count = 0;
-+ for (i = 0; i < NUM_PRIORITIES; i++) {
-+ TAILQ_FOREACH(fdm, &fd_monitor_tree[i], chain) {
-+ if (!FD_ISSET(fdm->fd, &active_mask))
-+ continue;
-+
-+ FD_CLR(fdm->fd, &active_mask);
-+ if (fdm->callback != NULL) {
-+ fdm->callback(fdm->ctx, fdm->fd);
-+ count++;
-+ } else
-+ plog(LLV_ERROR, LOCATION, NULL,
-+ "fd %d set, but no active callback\n", i);
-+ }
-+ if (count != 0)
-+ break;
- }
-+
- }
- }
-
-Index: src/racoon/session.h
-===================================================================
-RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/session.h,v
-retrieving revision 1.8
-diff -u -r1.8 session.h
---- a/src/racoon/session.h 23 Jan 2009 08:05:58 -0000 1.8
-+++ b/src/racoon/session.h 9 Mar 2010 07:50:50 -0000
-@@ -37,7 +37,7 @@
- extern int session __P((void));
- extern RETSIGTYPE signal_handler __P((int));
-
--extern void monitor_fd __P((int fd, int (*callback)(void *, int), void *ctx));
-+extern void monitor_fd __P((int fd, int (*callback)(void *, int), void *ctx, int priority));
- extern void unmonitor_fd __P((int fd));
-
- #endif /* _SESSION_H */
diff --git a/main/ipsec-tools/initial-contact-fix.diff b/main/ipsec-tools/initial-contact-fix.diff
deleted file mode 100644
index 370418be09..0000000000
--- a/main/ipsec-tools/initial-contact-fix.diff
+++ /dev/null
@@ -1,71 +0,0 @@
-Index: src/racoon/admin.c
-===================================================================
-RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/admin.c,v
-retrieving revision 1.32
-diff -u -r1.32 admin.c
---- src/racoon/admin.c 3 Sep 2009 09:29:07 -0000 1.32
-+++ src/racoon/admin.c 10 Dec 2009 14:38:47 -0000
-@@ -299,9 +299,8 @@
- break;
-
- case ADMIN_DELETE_SA: {
-- struct ph1handle *iph1;
-- struct ph1selector sel;
- char *loc, *rem;
-+ struct ph1selector sel;
-
- memset(&sel, 0, sizeof(sel));
- sel.local = (struct sockaddr *)
-@@ -319,6 +318,7 @@
- plog(LLV_INFO, LOCATION, NULL,
- "admin delete-sa %s %s\n", loc, rem);
- enumph1(&sel, admin_ph1_delete_sa, NULL);
-+ remcontacted(sel.remote);
-
- racoon_free(loc);
- racoon_free(rem);
-Index: src/racoon/handler.c
-===================================================================
-RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.c,v
-retrieving revision 1.31
-diff -u -r1.31 handler.c
---- src/racoon/handler.c 22 Nov 2009 19:34:55 -0000 1.31
-+++ src/racoon/handler.c 10 Dec 2009 14:38:48 -0000
-@@ -966,6 +966,22 @@
- }
-
- void
-+remcontacted(remote)
-+ struct sockaddr *remote;
-+{
-+ struct contacted *p;
-+
-+ LIST_FOREACH(p, &ctdtree, chain) {
-+ if (cmpsaddr(remote, p->remote) == 0) {
-+ LIST_REMOVE(p, chain);
-+ racoon_free(p->remote);
-+ racoon_free(p);
-+ break;
-+ }
-+ }
-+}
-+
-+void
- initctdtree()
- {
- LIST_INIT(&ctdtree);
-Index: src/racoon/handler.h
-===================================================================
-RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.h,v
-retrieving revision 1.22
-diff -u -r1.22 handler.h
---- src/racoon/handler.h 3 Sep 2009 09:29:07 -0000 1.22
-+++ src/racoon/handler.h 10 Dec 2009 14:38:48 -0000
-@@ -518,6 +518,7 @@
-
- extern struct contacted *getcontacted __P((struct sockaddr *));
- extern int inscontacted __P((struct sockaddr *));
-+extern void remcontacted __P((struct sockaddr *));
- extern void initctdtree __P((void));
-
- extern int check_recvdpkt __P((struct sockaddr *,