diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2011-03-04 13:57:21 +0200 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2011-03-04 13:59:01 +0200 |
| commit | ba7a48af9f538f6b5ebd8c8039a5a92804236587 (patch) | |
| tree | 4eed1b2ba785f978c21fa9d7d80d351392cdc7af /main/ipsec-tools/50-reverse-connect.patch | |
| parent | 3c275f33865a0dbd194848ddd80532ae977bb866 (diff) | |
| download | aports-ba7a48af9f538f6b5ebd8c8039a5a92804236587.tar.bz2 aports-ba7a48af9f538f6b5ebd8c8039a5a92804236587.tar.xz | |
main/ipsec-tools: update to 0.8.0 RC, and include additional patches
* improve handling of setups where single node participates to
multiple dmvpn networks. enable using of grekey in setkey,
SPD and sainfo; also match remoteconfs using sainfo ph1id
Diffstat (limited to 'main/ipsec-tools/50-reverse-connect.patch')
| -rw-r--r-- | main/ipsec-tools/50-reverse-connect.patch | 70 |
1 files changed, 30 insertions, 40 deletions
diff --git a/main/ipsec-tools/50-reverse-connect.patch b/main/ipsec-tools/50-reverse-connect.patch index f29c3d509..54e77a397 100644 --- a/main/ipsec-tools/50-reverse-connect.patch +++ b/main/ipsec-tools/50-reverse-connect.patch @@ -13,11 +13,11 @@ over pending phase1:s. Useful when the other party is firewalled or NATted. 5 files changed, 83 insertions(+), 12 deletions(-) -diff --git a/src/racoon/admin.c b/src/racoon/admin.c -index b67e545..710c9bf 100644 ---- a/src/racoon/admin.c -+++ b/src/racoon/admin.c -@@ -414,11 +414,23 @@ admin_process(so2, combuf) +Index: ipsec-tools-cvs-HEAD/src/racoon/admin.c +=================================================================== +--- ipsec-tools-cvs-HEAD.orig/src/racoon/admin.c 2011-03-03 21:16:47.000000000 +0200 ++++ ipsec-tools-cvs-HEAD/src/racoon/admin.c 2011-03-04 13:50:30.000000000 +0200 +@@ -414,11 +414,23 @@ struct sockaddr *dst; struct sockaddr *src; char *name = NULL; @@ -41,11 +41,11 @@ index b67e545..710c9bf 100644 if (com->ac_cmd == ADMIN_ESTABLISH_SA && com->ac_len > sizeof(*com) + sizeof(*ndx)) name = (char *) ((caddr_t) ndx + sizeof(*ndx)); -diff --git a/src/racoon/evt.c b/src/racoon/evt.c -index 4ce1334..000c1f8 100644 ---- a/src/racoon/evt.c -+++ b/src/racoon/evt.c -@@ -396,4 +396,17 @@ evt_list_cleanup(list) +Index: ipsec-tools-cvs-HEAD/src/racoon/evt.c +=================================================================== +--- ipsec-tools-cvs-HEAD.orig/src/racoon/evt.c 2011-03-03 19:25:50.000000000 +0200 ++++ ipsec-tools-cvs-HEAD/src/racoon/evt.c 2011-03-04 13:50:30.000000000 +0200 +@@ -396,4 +396,17 @@ evt_unsubscribe(LIST_FIRST(list)); } @@ -63,11 +63,11 @@ index 4ce1334..000c1f8 100644 +} + #endif /* ENABLE_ADMINPORT */ -diff --git a/src/racoon/evt.h b/src/racoon/evt.h -index 0ce65bd..ba7fb57 100644 ---- a/src/racoon/evt.h -+++ b/src/racoon/evt.h -@@ -124,6 +124,8 @@ void evt_phase2 __P((const struct ph2handle *ph2, int type, vchar_t *optdata)); +Index: ipsec-tools-cvs-HEAD/src/racoon/evt.h +=================================================================== +--- ipsec-tools-cvs-HEAD.orig/src/racoon/evt.h 2011-03-03 19:25:50.000000000 +0200 ++++ ipsec-tools-cvs-HEAD/src/racoon/evt.h 2011-03-04 13:50:30.000000000 +0200 +@@ -124,6 +124,8 @@ vchar_t *evt_dump __P((void)); int evt_subscribe __P((struct evt_listener_list *list, int fd)); @@ -76,7 +76,7 @@ index 0ce65bd..ba7fb57 100644 void evt_list_init __P((struct evt_listener_list *list)); void evt_list_cleanup __P((struct evt_listener_list *list)); -@@ -136,6 +138,7 @@ void evt_list_cleanup __P((struct evt_listener_list *list)); +@@ -136,6 +138,7 @@ #define evt_phase2(ph2, type, optdata) ; #define evt_subscribe(eventlist, fd) ; @@ -84,17 +84,11 @@ index 0ce65bd..ba7fb57 100644 #define evt_list_init(eventlist) ; #define evt_list_cleanup(eventlist) ; #define evt_get_fdmask(nfds, fdset) nfds -diff --git a/src/racoon/handler.c b/src/racoon/handler.c -index b33986f..9fd3817 100644 ---- a/src/racoon/handler.c -+++ b/src/racoon/handler.c -@@ -269,26 +269,40 @@ migrate_ph12(old_iph1, new_iph1) - } - - /* -- * the iph1 is new, migrate all phase2s that belong to a dying or dead ph1 -+ * the iph1 is new, migrate all phase2s that belong to a dying or dead ph1. - */ +Index: ipsec-tools-cvs-HEAD/src/racoon/handler.c +=================================================================== +--- ipsec-tools-cvs-HEAD.orig/src/racoon/handler.c 2011-03-03 19:29:31.000000000 +0200 ++++ ipsec-tools-cvs-HEAD/src/racoon/handler.c 2011-03-04 13:53:01.000000000 +0200 +@@ -292,17 +292,32 @@ void migrate_dying_ph12(iph1) struct ph1handle *iph1; { @@ -114,8 +108,8 @@ index b33986f..9fd3817 100644 + iph1->rmconf != p->rmconf) continue; -- if (cmpsaddr(iph1->local, p->local) == 0 -- && cmpsaddr(iph1->remote, p->remote) == 0) +- if (cmpsaddr(iph1->local, p->local) == CMPSADDR_MATCH +- && cmpsaddr(iph1->remote, p->remote) == CMPSADDR_MATCH) + /* migrate phase2:s from expiring entries */ + if (p->status >= PHASE1ST_DYING) migrate_ph12(p, iph1); @@ -132,15 +126,11 @@ index b33986f..9fd3817 100644 } } -- - /* - * dump isakmp-sa - */ -diff --git a/src/racoon/isakmp.c b/src/racoon/isakmp.c -index 0de16d1..2dfda2f 100644 ---- a/src/racoon/isakmp.c -+++ b/src/racoon/isakmp.c -@@ -2138,13 +2138,33 @@ isakmp_ph2delete(iph2) +Index: ipsec-tools-cvs-HEAD/src/racoon/isakmp.c +=================================================================== +--- ipsec-tools-cvs-HEAD.orig/src/racoon/isakmp.c 2011-03-03 21:14:13.000000000 +0200 ++++ ipsec-tools-cvs-HEAD/src/racoon/isakmp.c 2011-03-04 13:50:30.000000000 +0200 +@@ -2138,13 +2138,33 @@ remph2(iph2); delph2(iph2); @@ -176,7 +166,7 @@ index 0de16d1..2dfda2f 100644 /* * receive ACQUIRE from kernel, and begin either phase1 or phase2. * if phase1 has been finished, begin phase2. -@@ -2220,8 +2240,14 @@ isakmp_post_acquire(iph2) +@@ -2235,8 +2255,14 @@ /*NOTREACHED*/ } @@ -193,7 +183,7 @@ index 0de16d1..2dfda2f 100644 /* found ISAKMP-SA. */ plog(LLV_DEBUG, LOCATION, NULL, "begin QUICK mode.\n"); -@@ -2388,7 +2414,10 @@ isakmp_chkph1there(iph2) +@@ -2403,7 +2429,10 @@ plog(LLV_DEBUG2, LOCATION, NULL, "dst: %s\n", saddr2str(iph2->dst)); /* begin quick mode */ |