From f8781c234e11c85203a088bda2daf1509be2afaf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= Date: Wed, 8 Dec 2010 13:12:31 +0200 Subject: main/ipsec-tools: upgrade to snapshot 2010-12-08 * remove patches merged upstream (cherry picked from commit fd5fc13c1d89fa53425315ffba5c2676b2f30b71) --- main/ipsec-tools/80-admin-big-reply-fix.patch | 123 ----------------------- main/ipsec-tools/90-dpd-window-fix.patch | 85 ---------------- main/ipsec-tools/95-purge-on-delete-notify.patch | 57 ----------- main/ipsec-tools/99-purge-on-delete-fix.patch | 110 -------------------- main/ipsec-tools/APKBUILD | 18 +--- 5 files changed, 5 insertions(+), 388 deletions(-) delete mode 100644 main/ipsec-tools/80-admin-big-reply-fix.patch delete mode 100644 main/ipsec-tools/90-dpd-window-fix.patch delete mode 100644 main/ipsec-tools/95-purge-on-delete-notify.patch delete mode 100644 main/ipsec-tools/99-purge-on-delete-fix.patch (limited to 'main') diff --git a/main/ipsec-tools/80-admin-big-reply-fix.patch b/main/ipsec-tools/80-admin-big-reply-fix.patch deleted file mode 100644 index d3e4b5d570..0000000000 --- a/main/ipsec-tools/80-admin-big-reply-fix.patch +++ /dev/null @@ -1,123 +0,0 @@ -Index: src/racoon/admin.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/admin.c,v -retrieving revision 1.35 -diff -u -r1.35 admin.c ---- a/src/racoon/admin.c 21 Oct 2010 06:15:28 -0000 1.35 -+++ b/src/racoon/admin.c 29 Oct 2010 10:51:28 -0000 -@@ -638,9 +638,15 @@ - } - - combuf = (struct admin_com *) retbuf; -- combuf->ac_len = tlen; -+ combuf->ac_len = (u_int16_t) tlen; - combuf->ac_cmd = req->ac_cmd & ~ADMIN_FLAG_VERSION; -- combuf->ac_errno = l_ac_errno; -+ if (tlen != (u_int32_t) combuf->ac_len && -+ l_ac_errno == 0) { -+ combuf->ac_len_high = tlen >> 16; -+ combuf->ac_cmd |= ADMIN_FLAG_LONG_REPLY; -+ } else { -+ combuf->ac_errno = l_ac_errno; -+ } - combuf->ac_proto = req->ac_proto; - - if (buf != NULL) -Index: src/racoon/admin.h -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/admin.h,v -retrieving revision 1.7 -diff -u -r1.7 admin.h ---- a/src/racoon/admin.h 29 Aug 2008 00:30:15 -0000 1.7 -+++ b/src/racoon/admin.h 29 Oct 2010 10:51:28 -0000 -@@ -49,16 +49,19 @@ - union { - int16_t ac_un_errno; - uint16_t ac_un_version; -+ uint16_t ac_un_len_high; - } u; - u_int16_t ac_proto; - }; - #define ac_errno u.ac_un_errno - #define ac_version u.ac_un_version -+#define ac_len_high u.ac_un_len_high - - /* - * Version field in request is valid. - */ - #define ADMIN_FLAG_VERSION 0x8000 -+#define ADMIN_FLAG_LONG_REPLY 0x8000 - - /* - * No data follows as the data. -Index: src/racoon/kmpstat.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/kmpstat.c,v -retrieving revision 1.6 -diff -u -r1.6 kmpstat.c ---- a/src/racoon/kmpstat.c 2 Oct 2007 09:47:45 -0000 1.6 -+++ b/src/racoon/kmpstat.c 29 Oct 2010 10:51:29 -0000 -@@ -138,7 +138,7 @@ - { - struct admin_com h, *com; - caddr_t buf; -- int len; -+ int len, rlen; - int l = 0; - caddr_t p; - -@@ -153,19 +153,25 @@ - if (len < sizeof(h)) - goto bad1; - -- if (h.ac_errno) { -+ if (h.ac_errno && !(h.ac_cmd & ADMIN_FLAG_LONG_REPLY)) { - errno = h.ac_errno; - goto bad1; - } - -+ /* real length */ -+ if (h.ac_cmd & ADMIN_FLAG_LONG_REPLY) -+ rlen = ((u_int32_t)h.ac_len) + (((u_int32_t)h.ac_len_high) << 16); -+ else -+ rlen = h.ac_len; -+ - /* allocate buffer */ -- if ((*combufp = vmalloc(h.ac_len)) == NULL) -+ if ((*combufp = vmalloc(rlen)) == NULL) - goto bad1; - - /* read real message */ - p = (*combufp)->v; -- while (l < len) { -- if ((len = recv(so, p, h.ac_len, 0)) < 0) { -+ while (l < rlen) { -+ if ((len = recv(so, p, rlen - l, 0)) < 0) { - perror("recv"); - goto bad2; - } -Index: src/racoon/racoonctl.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c,v -retrieving revision 1.17 -diff -u -r1.17 racoonctl.c ---- a/src/racoon/racoonctl.c 20 Apr 2009 13:22:00 -0000 1.17 -+++ b/src/racoon/racoonctl.c 29 Oct 2010 10:51:29 -0000 -@@ -1426,10 +1426,14 @@ - int len; - - com = (struct admin_com *)combuf->v; -- len = com->ac_len - sizeof(*com); -+ if (com->ac_cmd & ADMIN_FLAG_LONG_REPLY) -+ len = ((u_int32_t)com->ac_len) + (((u_int32_t)com->ac_len_high) << 16); -+ else -+ len = com->ac_len; -+ len -= sizeof(*com); - buf = combuf->v + sizeof(*com); - -- switch (com->ac_cmd) { -+ switch (com->ac_cmd & ~ADMIN_FLAG_LONG_REPLY) { - case ADMIN_SHOW_SCHED: - print_schedule(buf, len); - break; - diff --git a/main/ipsec-tools/90-dpd-window-fix.patch b/main/ipsec-tools/90-dpd-window-fix.patch deleted file mode 100644 index d3ac9a9aa2..0000000000 --- a/main/ipsec-tools/90-dpd-window-fix.patch +++ /dev/null @@ -1,85 +0,0 @@ -Index: src/racoon/isakmp_inf.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c,v -retrieving revision 1.41 -diff -u -r1.41 isakmp_inf.c ---- a/src/racoon/isakmp_inf.c 3 Jul 2009 06:41:46 -0000 1.41 -+++ b/src/racoon/isakmp_inf.c 5 May 2010 15:56:38 -0000 -@@ -1450,17 +1450,16 @@ - struct isakmp_pl_ru *ru; - u_int32_t msgid; - { -+ u_int32_t seq; - - plog(LLV_DEBUG, LOCATION, iph1->remote, - "DPD R-U-There-Ack received\n"); - -- /* XXX Maintain window of acceptable sequence numbers ? -- * => ru->data <= iph2->dpd_seq && -- * ru->data >= iph2->dpd_seq - iph2->dpd_fails ? */ -- if (ntohl(ru->data) != iph1->dpd_seq-1) { -+ seq = ntohl(ru->data); -+ if (seq <= iph1->dpd_last_ack || seq > iph1->dpd_seq) { - plog(LLV_ERROR, LOCATION, iph1->remote, -- "Wrong DPD sequence number (%d, %d expected).\n", -- ntohl(ru->data), iph1->dpd_seq-1); -+ "Wrong DPD sequence number (%d; last_ack=%d, seq=%d).\n", -+ seq, iph1->dpd_last_ack, iph1->dpd_seq); - return 0; - } - -@@ -1472,6 +1471,7 @@ - } - - iph1->dpd_fails = 0; -+ iph1->dpd_last_ack = seq; - sched_cancel(&iph1->dpd_r_u); - isakmp_sched_r_u(iph1, 0); - -@@ -1535,12 +1535,13 @@ - memcpy(ru->i_ck, iph1->index.i_ck, sizeof(cookie_t)); - memcpy(ru->r_ck, iph1->index.r_ck, sizeof(cookie_t)); - -- if (iph1->dpd_seq == 0){ -+ if (iph1->dpd_seq == 0) { - /* generate a random seq which is not too big */ -- srand(time(NULL)); -- iph1->dpd_seq = rand() & 0x0fff; -+ iph1->dpd_seq = iph1->dpd_last_ack = rand() & 0x0fff; - } - -+ iph1->dpd_seq++; -+ iph1->dpd_fails++; - ru->data = htonl(iph1->dpd_seq); - - error = isakmp_info_send_common(iph1, payload, ISAKMP_NPTYPE_N, 0); -@@ -1549,12 +1550,6 @@ - plog(LLV_DEBUG, LOCATION, iph1->remote, - "DPD R-U-There sent (%d)\n", error); - -- /* will be decreased if ACK received... */ -- iph1->dpd_fails++; -- -- /* XXX should be increased only when ACKed ? */ -- iph1->dpd_seq++; -- - /* Reschedule the r_u_there with a short delay, - * will be deleted/rescheduled if ACK received before */ - isakmp_sched_r_u(iph1, 1); -Index: src/racoon/handler.h -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.h,v -retrieving revision 1.22 -diff -u -r1.22 handler.h ---- a/src/racoon/handler.h 3 Sep 2009 09:29:07 -0000 1.22 -+++ b/src/racoon/handler.h 5 May 2010 15:56:39 -0000 -@@ -202,7 +202,8 @@ - - #ifdef ENABLE_DPD - int dpd_support; /* Does remote supports DPD ? */ -- u_int16_t dpd_seq; /* DPD seq number to receive */ -+ u_int32_t dpd_last_ack; -+ u_int32_t dpd_seq; /* DPD seq number to receive */ - u_int8_t dpd_fails; /* number of failures */ - struct sched dpd_r_u; - #endif diff --git a/main/ipsec-tools/95-purge-on-delete-notify.patch b/main/ipsec-tools/95-purge-on-delete-notify.patch deleted file mode 100644 index aa92135bc4..0000000000 --- a/main/ipsec-tools/95-purge-on-delete-notify.patch +++ /dev/null @@ -1,57 +0,0 @@ -Index: src/racoon/isakmp.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c,v -retrieving revision 1.63 -diff -u -p -r1.63 isakmp.c ---- a/src/racoon/isakmp.c 21 Oct 2010 06:15:28 -0000 1.63 -+++ b/src/racoon/isakmp.c 4 Nov 2010 14:52:39 -0000 -@@ -766,6 +766,20 @@ isakmp_main(msg, remote, local) - return 0; - } - -+static int -+ph1_rekey_enabled(iph1) -+ struct ph1handle *iph1; -+{ -+ if (iph1->rmconf->rekey == REKEY_FORCE) -+ return 1; -+#ifdef ENABLE_DPD -+ if (iph1->rmconf->rekey == REKEY_ON && iph1->dpd_support && -+ iph1->rmconf->dpd_interval) -+ return 1; -+#endif -+ return 0; -+} -+ - /* - * main function of phase 1. - */ -@@ -866,13 +880,7 @@ ph1_main(iph1, msg) - migrate_dying_ph12(iph1); - - /* add to the schedule to expire, and seve back pointer. */ -- if ((iph1->rmconf->rekey == REKEY_FORCE) --#ifdef ENABLE_DPD -- || -- (iph1->rmconf->rekey == REKEY_ON && iph1->dpd_support && -- iph1->rmconf->dpd_interval) --#endif -- ) { -+ if (ph1_rekey_enabled(iph1)) { - sched_schedule(&iph1->sce, - iph1->approval->lifetime * - PFKEY_SOFT_LIFETIME_RATE / 100, -@@ -2071,7 +2079,13 @@ isakmp_ph1delete(iph1) - plog(LLV_INFO, LOCATION, NULL, - "ISAKMP-SA deleted %s-%s spi:%s\n", - src, dst, isakmp_pindex(&iph1->index, 0)); -+ - evt_phase1(iph1, EVT_PHASE1_DOWN, NULL); -+ -+ if (new_iph1 == NULL && ph1_rekey_enabled(iph1)) { -+ purge_remote(iph1); -+ script_hook(iph1, SCRIPT_PHASE1_DEAD); -+ } - racoon_free(src); - racoon_free(dst); - diff --git a/main/ipsec-tools/99-purge-on-delete-fix.patch b/main/ipsec-tools/99-purge-on-delete-fix.patch deleted file mode 100644 index edcc28ac8e..0000000000 --- a/main/ipsec-tools/99-purge-on-delete-fix.patch +++ /dev/null @@ -1,110 +0,0 @@ -Index: src/racoon/handler.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.c,v -retrieving revision 1.33 -diff -u -r1.33 handler.c ---- a/src/racoon/handler.c 21 Oct 2010 06:04:33 -0000 1.33 -+++ b/src/racoon/handler.c 15 Nov 2010 07:26:44 -0000 -@@ -514,6 +514,22 @@ - LIST_INIT(&ph1tree); - } - -+int -+ph1_rekey_enabled(iph1) -+ struct ph1handle *iph1; -+{ -+ if (iph1->rmconf == NULL) -+ return 0; -+ if (iph1->rmconf->rekey == REKEY_FORCE) -+ return 1; -+#ifdef ENABLE_DPD -+ if (iph1->rmconf->rekey == REKEY_ON && iph1->dpd_support && -+ iph1->rmconf->dpd_interval) -+ return 1; -+#endif -+ return 0; -+} -+ - /* %%% management phase 2 handler */ - - int -Index: src/racoon/handler.h -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.h,v -retrieving revision 1.24 -diff -u -r1.24 handler.h ---- a/src/racoon/handler.h 12 Nov 2010 09:09:47 -0000 1.24 -+++ b/src/racoon/handler.h 15 Nov 2010 07:26:44 -0000 -@@ -493,6 +493,7 @@ - extern int resolveph1rmconf __P((struct ph1handle *)); - extern void flushph1 __P((void)); - extern void initph1tree __P((void)); -+extern int ph1_rekey_enabled __P((struct ph1handle *)); - - extern int enumph2 __P((struct ph2selector *ph2sel, - int (* enum_func)(struct ph2handle *iph2, void *arg), -Index: src/racoon/isakmp.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c,v -retrieving revision 1.65 -diff -u -r1.65 isakmp.c ---- a/src/racoon/isakmp.c 12 Nov 2010 10:36:37 -0000 1.65 -+++ b/src/racoon/isakmp.c 15 Nov 2010 07:26:45 -0000 -@@ -766,20 +766,6 @@ - return 0; - } - --static int --ph1_rekey_enabled(iph1) -- struct ph1handle *iph1; --{ -- if (iph1->rmconf->rekey == REKEY_FORCE) -- return 1; --#ifdef ENABLE_DPD -- if (iph1->rmconf->rekey == REKEY_ON && iph1->dpd_support && -- iph1->rmconf->dpd_interval) -- return 1; --#endif -- return 0; --} -- - /* - * main function of phase 1. - */ -@@ -2081,11 +2067,9 @@ - src, dst, isakmp_pindex(&iph1->index, 0)); - - evt_phase1(iph1, EVT_PHASE1_DOWN, NULL); -- -- if (new_iph1 == NULL && ph1_rekey_enabled(iph1)) { -- purge_remote(iph1); -+ if (new_iph1 == NULL && ph1_rekey_enabled(iph1)) - script_hook(iph1, SCRIPT_PHASE1_DEAD); -- } -+ - racoon_free(src); - racoon_free(dst); - -Index: src/racoon/isakmp_inf.c -=================================================================== -RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c,v -retrieving revision 1.43 -diff -u -r1.43 isakmp_inf.c ---- a/src/racoon/isakmp_inf.c 12 Nov 2010 09:09:47 -0000 1.43 -+++ b/src/racoon/isakmp_inf.c 15 Nov 2010 07:26:45 -0000 -@@ -516,10 +516,12 @@ - sched_cancel(&del_ph1->scr); - - /* -- * Do not delete IPsec SAs when receiving an IKE delete notification. -- * Just delete the IKE SA. -+ * Delete also IPsec-SAs if rekeying is enabled. - */ -- isakmp_ph1expire(del_ph1); -+ if (ph1_rekey_enabled(del_ph1)) -+ purge_remote(del_ph1); -+ else -+ isakmp_ph1expire(del_ph1); - } - break; - diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD index 26182b6b91..6e071b9547 100644 --- a/main/ipsec-tools/APKBUILD +++ b/main/ipsec-tools/APKBUILD @@ -1,8 +1,8 @@ # Maintainer: Natanael Copa pkgname=ipsec-tools -pkgver=0.8_alpha20101022 -_myver=0.8-alpha20101022 -pkgrel=3 +pkgver=0.8_alpha20101208 +_myver=0.8-alpha20101208 +pkgrel=0 pkgdesc="User-space IPsec tools for various IPsec implementations" url="http://ipsec-tools.sourceforge.net/" license="BSD" @@ -15,10 +15,6 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$_myver.tar.gz 50-reverse-connect.patch 70-defer-isakmp-ident-handling.patch 75-racoonctl-rcvbuf.patch - 80-admin-big-reply-fix.patch - 90-dpd-window-fix.patch - 95-purge-on-delete-notify.patch - 99-purge-on-delete-fix.patch " _builddir="$srcdir"/$pkgname-$_myver @@ -58,13 +54,9 @@ package() { install -D -m644 ../racoon.confd "$pkgdir"/etc/conf.d/racoon } -md5sums="1492b83edc944b5d32d2eff51e33399e ipsec-tools-0.8-alpha20101022.tar.gz +md5sums="9da0417ea19629777d7d7a555667f6d8 ipsec-tools-0.8-alpha20101208.tar.gz 74f12ed04ed273a738229c0bfbf829cc racoon.initd 2d00250cf72da7f2f559c91b65a48747 racoon.confd 13bda94a598aabf593280e04ea16065d 50-reverse-connect.patch 94773c94233e14cdce0fa02ff780a43e 70-defer-isakmp-ident-handling.patch -2d5d24c4a3684a38584f88720f71c7d6 75-racoonctl-rcvbuf.patch -c3898b162d284bc163f99cc52925b52a 80-admin-big-reply-fix.patch -0391a6967ad19673588302bc8b17e0e2 90-dpd-window-fix.patch -8bc73a15407564321c8f571b5656b28d 95-purge-on-delete-notify.patch -e8bee665227335d75880cf3753d2279e 99-purge-on-delete-fix.patch" +2d5d24c4a3684a38584f88720f71c7d6 75-racoonctl-rcvbuf.patch" -- cgit v1.2.3