aboutsummaryrefslogtreecommitdiffstats
path: root/main/ipsec-tools
diff options
context:
space:
mode:
Diffstat (limited to 'main/ipsec-tools')
-rw-r--r--main/ipsec-tools/10-cmpsaddr-fix.patch421
-rw-r--r--main/ipsec-tools/APKBUILD11
2 files changed, 4 insertions, 428 deletions
diff --git a/main/ipsec-tools/10-cmpsaddr-fix.patch b/main/ipsec-tools/10-cmpsaddr-fix.patch
deleted file mode 100644
index af73c2e5e1..0000000000
--- a/main/ipsec-tools/10-cmpsaddr-fix.patch
+++ /dev/null
@@ -1,421 +0,0 @@
-Index: ipsec-tools-cvs-HEAD/src/racoon/grabmyaddr.c
-===================================================================
---- ipsec-tools-cvs-HEAD.orig/src/racoon/grabmyaddr.c 2011-03-03 17:54:33.000000000 +0200
-+++ ipsec-tools-cvs-HEAD/src/racoon/grabmyaddr.c 2011-03-03 18:45:24.000000000 +0200
-@@ -100,7 +100,7 @@
- return TRUE;
-
- LIST_FOREACH(cfg, &configured, chain) {
-- if (cmpsaddr(addr, (struct sockaddr *) &cfg->addr) == 0)
-+ if (cmpsaddr(addr, (struct sockaddr *) &cfg->addr) <= CMPSADDR_WILDPORT_MATCH)
- return TRUE;
- }
-
-@@ -116,7 +116,7 @@
-
- /* Already open? */
- LIST_FOREACH(my, &opened, chain) {
-- if (cmpsaddr(addr, (struct sockaddr *) &my->addr) == 0)
-+ if (cmpsaddr(addr, (struct sockaddr *) &my->addr) <= CMPSADDR_WILDPORT_MATCH)
- return TRUE;
- }
-
-@@ -156,7 +156,7 @@
-
- LIST_FOREACH(cfg, &configured, chain) {
- if (addr != NULL &&
-- cmpsaddr(addr, (struct sockaddr *) &cfg->addr) != 0)
-+ cmpsaddr(addr, (struct sockaddr *) &cfg->addr) > CMPSADDR_WILDPORT_MATCH)
- continue;
- if (!myaddr_open((struct sockaddr *) &cfg->addr, cfg->udp_encap))
- return FALSE;
-@@ -262,7 +262,7 @@
- struct myaddr *my;
-
- LIST_FOREACH(my, &opened, chain) {
-- if (cmpsaddr((struct sockaddr *) &my->addr, addr) == 0)
-+ if (cmpsaddr((struct sockaddr *) &my->addr, addr) <= CMPSADDR_WILDPORT_MATCH)
- return my->fd;
- }
-
-@@ -276,7 +276,7 @@
- struct myaddr *my;
-
- LIST_FOREACH(my, &opened, chain) {
-- if (cmpsaddr((struct sockaddr *) &my->addr, addr) == 0)
-+ if (cmpsaddr((struct sockaddr *) &my->addr, addr) <= CMPSADDR_WILDPORT_MATCH)
- return extract_port((struct sockaddr *) &my->addr);
- }
-
-Index: ipsec-tools-cvs-HEAD/src/racoon/handler.c
-===================================================================
---- ipsec-tools-cvs-HEAD.orig/src/racoon/handler.c 2011-03-03 17:54:33.000000000 +0200
-+++ ipsec-tools-cvs-HEAD/src/racoon/handler.c 2011-03-03 18:48:10.000000000 +0200
-@@ -120,11 +120,11 @@
- LIST_FOREACH(p, &ph1tree, chain) {
- if (sel != NULL) {
- if (sel->local != NULL &&
-- cmpsaddr(sel->local, p->local) != 0)
-+ cmpsaddr(sel->local, p->local) > CMPSADDR_WILDPORT_MATCH)
- continue;
-
- if (sel->remote != NULL &&
-- cmpsaddr(sel->remote, p->remote) != 0)
-+ cmpsaddr(sel->remote, p->remote) > CMPSADDR_WILDPORT_MATCH)
- continue;
- }
-
-@@ -300,8 +300,8 @@
- if (p->status < PHASE1ST_DYING)
- continue;
-
-- if (cmpsaddr(iph1->local, p->local) == 0
-- && cmpsaddr(iph1->remote, p->remote) == 0)
-+ if (cmpsaddr(iph1->local, p->local) == CMPSADDR_MATCH
-+ && cmpsaddr(iph1->remote, p->remote) == CMPSADDR_MATCH)
- migrate_ph12(p, iph1);
- }
- }
-@@ -547,11 +547,11 @@
- continue;
-
- if (sel->src != NULL &&
-- cmpsaddr(sel->src, p->src) != 0)
-+ cmpsaddr(sel->src, p->src) != CMPSADDR_MATCH)
- continue;
-
- if (sel->dst != NULL &&
-- cmpsaddr(sel->dst, p->dst) != 0)
-+ cmpsaddr(sel->dst, p->dst) != CMPSADDR_MATCH)
- continue;
- }
-
-@@ -615,8 +615,8 @@
-
- LIST_FOREACH(p, &ph2tree, chain) {
- if (spid == p->spid &&
-- cmpsaddr(src, p->src) == 0 &&
-- cmpsaddr(dst, p->dst) == 0){
-+ cmpsaddr(src, p->src) <= CMPSADDR_WILDPORT_MATCH &&
-+ cmpsaddr(dst, p->dst) <= CMPSADDR_WILDPORT_MATCH){
- /* Sanity check to detect zombie handlers
- * XXX Sould be done "somewhere" more interesting,
- * because we have lots of getph2byxxxx(), but this one
-@@ -643,8 +643,8 @@
- struct ph2handle *p;
-
- LIST_FOREACH(p, &ph2tree, chain) {
-- if (cmpsaddr(src, p->src) == 0 &&
-- cmpsaddr(dst, p->dst) == 0)
-+ if (cmpsaddr(src, p->src) <= CMPSADDR_WILDPORT_MATCH &&
-+ cmpsaddr(dst, p->dst) <= CMPSADDR_WILDPORT_MATCH)
- return p;
- }
-
-@@ -947,7 +947,7 @@
- struct contacted *p;
-
- LIST_FOREACH(p, &ctdtree, chain) {
-- if (cmpsaddr(remote, p->remote) == 0)
-+ if (cmpsaddr(remote, p->remote) <= CMPSADDR_WILDPORT_MATCH)
- return p;
- }
-
-@@ -988,7 +988,7 @@
- struct contacted *p;
-
- LIST_FOREACH(p, &ctdtree, chain) {
-- if (cmpsaddr(remote, p->remote) == 0) {
-+ if (cmpsaddr(remote, p->remote) <= CMPSADDR_WILDPORT_MATCH) {
- LIST_REMOVE(p, chain);
- racoon_free(p->remote);
- racoon_free(p);
-@@ -1042,7 +1042,7 @@
- /*
- * the packet was processed before, but the remote address mismatches.
- */
-- if (cmpsaddr(remote, r->remote) != 0)
-+ if (cmpsaddr(remote, r->remote) != CMPSADDR_MATCH)
- return 2;
-
- /*
-Index: ipsec-tools-cvs-HEAD/src/racoon/isakmp.c
-===================================================================
---- ipsec-tools-cvs-HEAD.orig/src/racoon/isakmp.c 2011-03-03 17:54:33.000000000 +0200
-+++ ipsec-tools-cvs-HEAD/src/racoon/isakmp.c 2011-03-03 18:50:22.000000000 +0200
-@@ -468,8 +468,8 @@
- /* Floating ports for NAT-T */
- if (NATT_AVAILABLE(iph1) &&
- ! (iph1->natt_flags & NAT_PORTS_CHANGED) &&
-- ((cmpsaddr(iph1->remote, remote) != 0) ||
-- (cmpsaddr(iph1->local, local) != 0)))
-+ ((cmpsaddr(iph1->remote, remote) != CMPSADDR_MATCH) ||
-+ (cmpsaddr(iph1->local, local) != CMPSADDR_MATCH)))
- {
- /* prevent memory leak */
- racoon_free(iph1->remote);
-@@ -510,7 +510,7 @@
- #endif
-
- /* must be same addresses in one stream of a phase at least. */
-- if (cmpsaddr(iph1->remote, remote) != 0) {
-+ if (cmpsaddr(iph1->remote, remote) != CMPSADDR_MATCH) {
- char *saddr_db, *saddr_act;
-
- saddr_db = racoon_strdup(saddr2str(iph1->remote));
-@@ -636,7 +636,7 @@
- "exchange received.\n");
- return -1;
- }
-- if (cmpsaddr(iph1->remote, remote) != 0) {
-+ if (cmpsaddr(iph1->remote, remote) != CMPSADDR_MATCH) {
- plog(LLV_WARNING, LOCATION, remote,
- "remote address mismatched. "
- "db=%s\n",
-@@ -3322,10 +3322,10 @@
- * Select only SAs where src == local and dst == remote (outgoing)
- * or src == remote and dst == local (incoming).
- */
-- if ((cmpsaddr(iph1->local, src) ||
-- cmpsaddr(iph1->remote, dst)) &&
-- (cmpsaddr(iph1->local, dst) ||
-- cmpsaddr(iph1->remote, src))) {
-+ if ((cmpsaddr(iph1->local, src) != CMPSADDR_MATCH ||
-+ cmpsaddr(iph1->remote, dst) != CMPSADDR_MATCH) &&
-+ (cmpsaddr(iph1->local, dst) != CMPSADDR_MATCH ||
-+ cmpsaddr(iph1->remote, src) != CMPSADDR_MATCH)) {
- msg = next;
- continue;
- }
-Index: ipsec-tools-cvs-HEAD/src/racoon/isakmp_inf.c
-===================================================================
---- ipsec-tools-cvs-HEAD.orig/src/racoon/isakmp_inf.c 2011-03-03 17:54:34.000000000 +0200
-+++ ipsec-tools-cvs-HEAD/src/racoon/isakmp_inf.c 2011-03-03 18:51:05.000000000 +0200
-@@ -1177,7 +1177,7 @@
-
- /* don't delete inbound SAs at the moment */
- /* XXX should we remove SAs with opposite direction as well? */
-- if (cmpsaddr(dst0, dst)) {
-+ if (cmpsaddr(dst0, dst) != CMPSADDR_MATCH) {
- msg = next;
- continue;
- }
-@@ -1355,10 +1355,10 @@
- * ports. Correct thing to do is delete all entries with
- * same identity. -TT
- */
-- if ((cmpsaddr(iph1->local, src) != 0 ||
-- cmpsaddr(iph1->remote, dst) != 0) &&
-- (cmpsaddr(iph1->local, dst) != 0 ||
-- cmpsaddr(iph1->remote, src) != 0))
-+ if ((cmpsaddr(iph1->local, src) != CMPSADDR_MATCH ||
-+ cmpsaddr(iph1->remote, dst) != CMPSADDR_MATCH) &&
-+ (cmpsaddr(iph1->local, dst) != CMPSADDR_MATCH ||
-+ cmpsaddr(iph1->remote, src) != CMPSADDR_MATCH))
- continue;
-
- /*
-Index: ipsec-tools-cvs-HEAD/src/racoon/isakmp_quick.c
-===================================================================
---- ipsec-tools-cvs-HEAD.orig/src/racoon/isakmp_quick.c 2011-03-03 17:54:34.000000000 +0200
-+++ ipsec-tools-cvs-HEAD/src/racoon/isakmp_quick.c 2011-03-03 18:51:48.000000000 +0200
-@@ -629,7 +629,7 @@
- #endif
-
- if (cmpsaddr((struct sockaddr *) &proposed_addr,
-- (struct sockaddr *) &got_addr) == 0) {
-+ (struct sockaddr *) &got_addr) == CMPSADDR_MATCH) {
- plog(LLV_DEBUG, LOCATION, NULL,
- "IDci matches proposal.\n");
- #ifdef ENABLE_NATT
-@@ -677,13 +677,13 @@
- #endif
-
- if (cmpsaddr((struct sockaddr *) &proposed_addr,
-- (struct sockaddr *) &got_addr) == 0) {
-+ (struct sockaddr *) &got_addr) == CMPSADDR_MATCH) {
- plog(LLV_DEBUG, LOCATION, NULL,
- "IDcr matches proposal.\n");
- #ifdef ENABLE_NATT
- } else if (iph2->natoa_dst != NULL
- && cmpsaddr(iph2->natoa_dst,
-- (struct sockaddr *) &got_addr) == 0) {
-+ (struct sockaddr *) &got_addr) == CMPSADDR_MATCH) {
- plog(LLV_DEBUG, LOCATION, NULL,
- "IDcr matches NAT-OAr.\n");
- #endif
-Index: ipsec-tools-cvs-HEAD/src/racoon/nattraversal.c
-===================================================================
---- ipsec-tools-cvs-HEAD.orig/src/racoon/nattraversal.c 2011-03-03 17:54:34.000000000 +0200
-+++ ipsec-tools-cvs-HEAD/src/racoon/nattraversal.c 2011-03-03 18:52:20.000000000 +0200
-@@ -398,8 +398,8 @@
- struct natt_ka_addrs *ka = NULL, *new_addr;
-
- TAILQ_FOREACH (ka, &ka_tree, chain) {
-- if (cmpsaddr(ka->src, src) == 0 &&
-- cmpsaddr(ka->dst, dst) == 0) {
-+ if (cmpsaddr(ka->src, src) == CMPSADDR_MATCH &&
-+ cmpsaddr(ka->dst, dst) == CMPSADDR_MATCH) {
- ka->in_use++;
- plog (LLV_INFO, LOCATION, NULL, "KA found: %s (in_use=%u)\n",
- saddr2str_fromto("%s->%s", src, dst), ka->in_use);
-@@ -462,8 +462,8 @@
- plog (LLV_DEBUG, LOCATION, NULL, "KA tree dump: %s (in_use=%u)\n",
- saddr2str_fromto("%s->%s", src, dst), ka->in_use);
-
-- if (cmpsaddr(ka->src, src) == 0 &&
-- cmpsaddr(ka->dst, dst) == 0 &&
-+ if (cmpsaddr(ka->src, src) == CMPSADDR_MATCH &&
-+ cmpsaddr(ka->dst, dst) == CMPSADDR_MATCH &&
- -- ka->in_use <= 0) {
-
- plog (LLV_DEBUG, LOCATION, NULL, "KA removing this one...\n");
-Index: ipsec-tools-cvs-HEAD/src/racoon/pfkey.c
-===================================================================
---- ipsec-tools-cvs-HEAD.orig/src/racoon/pfkey.c 2011-03-03 17:54:34.000000000 +0200
-+++ ipsec-tools-cvs-HEAD/src/racoon/pfkey.c 2011-03-03 18:52:50.000000000 +0200
-@@ -2882,8 +2882,8 @@
- u_int16_t port;
-
- /* Already up-to-date? */
-- if (cmpsaddr(iph1->local, ma->local) == 0 &&
-- cmpsaddr(iph1->remote, ma->remote) == 0)
-+ if (cmpsaddr(iph1->local, ma->local) == CMPSADDR_MATCH &&
-+ cmpsaddr(iph1->remote, ma->remote) == CMPSADDR_MATCH)
- return 0;
-
- if (iph1->status < PHASE1ST_ESTABLISHED) {
-@@ -2983,8 +2983,8 @@
- migrate_ph1_ike_addresses(iph2->ph1, arg);
-
- /* Already up-to-date? */
-- if (cmpsaddr(iph2->src, ma->local) == 0 &&
-- cmpsaddr(iph2->dst, ma->remote) == 0)
-+ if (cmpsaddr(iph2->src, ma->local) == CMPSADDR_MATCH &&
-+ cmpsaddr(iph2->dst, ma->remote) == CMPSADDR_MATCH)
- return 0;
-
- /* save src/dst as sa_src/sa_dst before rewriting */
-@@ -3207,8 +3207,8 @@
- "changing address families (%d to %d) for endpoints.\n",
- osaddr->sa_family, nsaddr->sa_family);
-
-- if (cmpsaddr(osaddr, (struct sockaddr *) &saidx->src) ||
-- cmpsaddr(odaddr, (struct sockaddr *) &saidx->dst)) {
-+ if (cmpsaddr(osaddr, (struct sockaddr *) &saidx->src) != CMPSADDR_MATCH ||
-+ cmpsaddr(odaddr, (struct sockaddr *) &saidx->dst) != CMPSADDR_MATCH) {
- plog(LLV_DEBUG, LOCATION, NULL, "SADB_X_MIGRATE: "
- "mismatch of addresses in saidx and xisr.\n");
- return -1;
-Index: ipsec-tools-cvs-HEAD/src/racoon/policy.c
-===================================================================
---- ipsec-tools-cvs-HEAD.orig/src/racoon/policy.c 2011-03-03 17:54:34.000000000 +0200
-+++ ipsec-tools-cvs-HEAD/src/racoon/policy.c 2011-03-03 19:09:42.000000000 +0200
-@@ -142,7 +142,7 @@
- plog(LLV_DEBUG, LOCATION, NULL, "src2: %s\n",
- saddr2str((struct sockaddr *)&spidx->src));
-
-- if (cmpsaddr(iph2->src, (struct sockaddr *) &spidx->src) ||
-+ if (cmpsaddr(iph2->src, (struct sockaddr *) &spidx->src) != CMPSADDR_MATCH ||
- spidx->prefs != prefixlen)
- return NULL;
-
-@@ -151,7 +151,7 @@
- plog(LLV_DEBUG, LOCATION, NULL, "dst2: %s\n",
- saddr2str((struct sockaddr *)&spidx->dst));
-
-- if (cmpsaddr(iph2->dst, (struct sockaddr *) &spidx->dst) ||
-+ if (cmpsaddr(iph2->dst, (struct sockaddr *) &spidx->dst) != CMPSADDR_MATCH ||
- spidx->prefd != prefixlen)
- return NULL;
-
-@@ -201,10 +201,10 @@
- return 1;
-
- if (cmpsaddr((struct sockaddr *) &a->src,
-- (struct sockaddr *) &b->src))
-+ (struct sockaddr *) &b->src) != CMPSADDR_MATCH)
- return 1;
- if (cmpsaddr((struct sockaddr *) &a->dst,
-- (struct sockaddr *) &b->dst))
-+ (struct sockaddr *) &b->dst) != CMPSADDR_MATCH)
- return 1;
-
- #ifdef HAVE_SECCTX
-@@ -261,7 +261,7 @@
- a, b->prefs, saddr2str((struct sockaddr *)&sa1));
- plog(LLV_DEBUG, LOCATION, NULL, "%p masked with /%d: %s\n",
- b, b->prefs, saddr2str((struct sockaddr *)&sa2));
-- if (cmpsaddr((struct sockaddr *)&sa1, (struct sockaddr *)&sa2))
-+ if (cmpsaddr((struct sockaddr *)&sa1, (struct sockaddr *)&sa2) > CMPSADDR_WILDPORT_MATCH)
- return 1;
-
- #ifndef __linux__
-@@ -279,7 +279,7 @@
- a, b->prefd, saddr2str((struct sockaddr *)&sa1));
- plog(LLV_DEBUG, LOCATION, NULL, "%p masked with /%d: %s\n",
- b, b->prefd, saddr2str((struct sockaddr *)&sa2));
-- if (cmpsaddr((struct sockaddr *)&sa1, (struct sockaddr *)&sa2))
-+ if (cmpsaddr((struct sockaddr *)&sa1, (struct sockaddr *)&sa2) > CMPSADDR_WILDPORT_MATCH)
- return 1;
-
- #ifdef HAVE_SECCTX
-Index: ipsec-tools-cvs-HEAD/src/racoon/sockmisc.c
-===================================================================
---- ipsec-tools-cvs-HEAD.orig/src/racoon/sockmisc.c 2011-03-03 17:54:35.000000000 +0200
-+++ ipsec-tools-cvs-HEAD/src/racoon/sockmisc.c 2011-03-03 18:55:01.000000000 +0200
-@@ -132,11 +132,13 @@
- return CMPSADDR_MISMATCH;
- }
-
-- if (port1 == port2 ||
-- port1 == IPSEC_PORT_ANY ||
-- port2 == IPSEC_PORT_ANY)
-+ if (port1 == port2)
- return CMPSADDR_MATCH;
-
-+ if (port1 == IPSEC_PORT_ANY ||
-+ port2 == IPSEC_PORT_ANY)
-+ return CMPSADDR_WILDPORT_MATCH;
-+
- return CMPSADDR_WOP_MATCH;
- }
-
-@@ -934,7 +936,7 @@
- free(a2);
- free(a3);
- }
-- if (cmpsaddr(&sa, &naddr->sa.sa) == 0)
-+ if (cmpsaddr(&sa, &naddr->sa.sa) <= CMPSADDR_WOP_MATCH)
- return naddr->prefix + port_score;
-
- return -1;
-Index: ipsec-tools-cvs-HEAD/src/racoon/sockmisc.h
-===================================================================
---- ipsec-tools-cvs-HEAD.orig/src/racoon/sockmisc.h 2011-03-03 17:54:35.000000000 +0200
-+++ ipsec-tools-cvs-HEAD/src/racoon/sockmisc.h 2011-03-03 18:40:30.000000000 +0200
-@@ -57,8 +57,9 @@
- extern const int niflags;
-
- #define CMPSADDR_MATCH 0
--#define CMPSADDR_WOP_MATCH 1
--#define CMPSADDR_MISMATCH 2
-+#define CMPSADDR_WILDPORT_MATCH 1
-+#define CMPSADDR_WOP_MATCH 2
-+#define CMPSADDR_MISMATCH 3
-
- extern int cmpsaddr __P((const struct sockaddr *, const struct sockaddr *));
-
-Index: ipsec-tools-cvs-HEAD/src/racoon/throttle.c
-===================================================================
---- ipsec-tools-cvs-HEAD.orig/src/racoon/throttle.c 2011-03-03 17:54:35.000000000 +0200
-+++ ipsec-tools-cvs-HEAD/src/racoon/throttle.c 2011-03-03 18:55:31.000000000 +0200
-@@ -104,7 +104,7 @@
- goto restart;
- }
-
-- if (cmpsaddr(addr, (struct sockaddr *) &te->host) == 0) {
-+ if (cmpsaddr(addr, (struct sockaddr *) &te->host) <= CMPSADDR_WOP_MATCH) {
- found = 1;
- break;
- }
diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD
index 3e9609bb77..6e8341cb87 100644
--- a/main/ipsec-tools/APKBUILD
+++ b/main/ipsec-tools/APKBUILD
@@ -1,7 +1,6 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ipsec-tools
-pkgver=0.8.0_rc1
-_myver=0.8.0.RC
+pkgver=0.8.0
pkgrel=0
pkgdesc="User-space IPsec tools for various IPsec implementations"
url="http://ipsec-tools.sourceforge.net/"
@@ -10,17 +9,16 @@ license="BSD"
depends=""
makedepends="openssl-dev bison flex"
subpackages="$pkgname-doc $pkgname-dev"
-source="http://downloads.sourceforge.net/$pkgname/$pkgname-$_myver.tar.gz
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
racoon.initd
racoon.confd
- 10-cmpsaddr-fix.patch
20-grekey-support.patch
50-reverse-connect.patch
70-defer-isakmp-ident-handling.patch
75-racoonctl-rcvbuf.patch
"
-_builddir="$srcdir"/$pkgname-$_myver
+_builddir="$srcdir"/$pkgname-$pkgver
prepare() {
cd "$_builddir"
for i in ../*.patch; do
@@ -57,10 +55,9 @@ package() {
install -D -m644 ../racoon.confd "$pkgdir"/etc/conf.d/racoon
}
-md5sums="9473d0ce8746f16281fce1b75a9fffa3 ipsec-tools-0.8.0.RC.tar.gz
+md5sums="c9a318cdbc0946f4e51464866d529739 ipsec-tools-0.8.0.tar.gz
74f12ed04ed273a738229c0bfbf829cc racoon.initd
2d00250cf72da7f2f559c91b65a48747 racoon.confd
-e4c9ae678bf80518107690bde97dc14b 10-cmpsaddr-fix.patch
64a859d51f57206a11e52f6ad4830ec5 20-grekey-support.patch
f97205eea3dc68d2437a2ad8720f4520 50-reverse-connect.patch
94773c94233e14cdce0fa02ff780a43e 70-defer-isakmp-ident-handling.patch