diff options
-rw-r--r-- | main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch | 20 | ||||
-rw-r--r-- | main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch | 68 | ||||
-rw-r--r-- | main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch | 18 | ||||
-rw-r--r-- | main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch | 16 | ||||
-rw-r--r-- | main/strongswan/2001-support-gre-key-in-ikev1.patch | 220 | ||||
-rw-r--r-- | main/strongswan/2002-vici-add-deprecated-async-parameter.patch (renamed from main/strongswan/2002-vici-support-asynchronous-initiation.patch) | 8 | ||||
-rw-r--r-- | main/strongswan/APKBUILD | 48 |
7 files changed, 200 insertions, 198 deletions
diff --git a/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch b/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch index 6f960e2e33..1d13f7dab2 100644 --- a/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch +++ b/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch @@ -1,19 +1,19 @@ -From c36fc076075f94176d0c95bd7437822e07f8c5c0 Mon Sep 17 00:00:00 2001 +From 5a5b26a7dce4c112f62882cfe16dc37659d766e8 Mon Sep 17 00:00:00 2001 From: Tobias Brunner <tobias@strongswan.org> Date: Fri, 17 Jul 2015 11:53:58 +0200 -Subject: [PATCH] ike: Adhere to IKE_SA limit when checking out by config +Subject: [PATCH 1/5] ike: Adhere to IKE_SA limit when checking out by config This prevents new SAs from getting created if we hit the global IKE_SA limit (we still allow checkout_new(), which is used for rekeying). --- - src/libcharon/sa/ike_sa_manager.c | 69 ++++++++++++++++++++------------------- - 1 file changed, 36 insertions(+), 33 deletions(-) + src/libcharon/sa/ike_sa_manager.c | 71 ++++++++++++++++++++------------------- + 1 file changed, 37 insertions(+), 34 deletions(-) diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c -index 307ea3b..e8190a9 100644 +index ce44207..37d49da 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c -@@ -1401,47 +1401,50 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, +@@ -1401,48 +1401,51 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, DBG2(DBG_MGR, "checkout IKE_SA by config"); @@ -34,7 +34,8 @@ index 307ea3b..e8190a9 100644 { - continue; - } -- if (entry->ike_sa->get_state(entry->ike_sa) == IKE_DELETING) +- if (entry->ike_sa->get_state(entry->ike_sa) == IKE_DELETING || +- entry->ike_sa->get_state(entry->ike_sa) == IKE_REKEYED) - { /* skip IKE_SAs which are not usable, wake other waiting threads */ - entry->condvar->signal(entry->condvar); - continue; @@ -55,7 +56,8 @@ index 307ea3b..e8190a9 100644 - break; + continue; } -+ if (entry->ike_sa->get_state(entry->ike_sa) == IKE_DELETING) ++ if (entry->ike_sa->get_state(entry->ike_sa) == IKE_DELETING || ++ entry->ike_sa->get_state(entry->ike_sa) == IKE_REKEYED) + { /* skip IKE_SAs which are not usable, wake other waiting threads */ + entry->condvar->signal(entry->condvar); + continue; @@ -98,5 +100,5 @@ index 307ea3b..e8190a9 100644 } charon->bus->set_sa(charon->bus, ike_sa); -- -2.7.4 +2.5.0 diff --git a/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch b/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch index b722ad65c6..6d5fa223bf 100644 --- a/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch +++ b/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch @@ -1,7 +1,8 @@ -From 8cea97341b063bde31cbc4cdf6834fd2a57f609c Mon Sep 17 00:00:00 2001 +From a3e5318ef98f47761ec2c2fc6d106ec9f5dc294b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> Date: Mon, 21 Sep 2015 13:41:58 +0300 -Subject: [PATCH] charon: add optional source and remote overrides for initiate +Subject: [PATCH 2/5] charon: add optional source and remote overrides for + initiate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -26,15 +27,15 @@ Signed-off-by: Timo Teräs <timo.teras@iki.fi> src/libcharon/processing/jobs/start_action_job.c | 2 +- src/libcharon/sa/ike_sa_manager.c | 51 ++++++++++++++++++- src/libcharon/sa/ike_sa_manager.h | 8 ++- - src/libcharon/sa/trap_manager.c | 46 +++++++---------- + src/libcharon/sa/trap_manager.c | 45 +++++++---------- src/swanctl/commands/initiate.c | 40 ++++++++++++++- - 13 files changed, 220 insertions(+), 49 deletions(-) + 13 files changed, 219 insertions(+), 49 deletions(-) diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c -index 0c6a504..dc4eca3 100644 +index 71df92f..13b31de 100644 --- a/src/charon-cmd/cmd/cmd_connection.c +++ b/src/charon-cmd/cmd/cmd_connection.c -@@ -434,7 +434,7 @@ static job_requeue_t initiate(private_cmd_connection_t *this) +@@ -436,7 +436,7 @@ static job_requeue_t initiate(private_cmd_connection_t *this) child_cfg = create_child_cfg(this, peer_cfg); if (charon->controller->initiate(charon->controller, peer_cfg, child_cfg, @@ -44,7 +45,7 @@ index 0c6a504..dc4eca3 100644 terminate(pid); } diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c -index fc7e899..4f4461a 100644 +index 5991c24..2d37942 100644 --- a/src/charon-nm/nm/nm_service.c +++ b/src/charon-nm/nm/nm_service.c @@ -579,7 +579,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, @@ -57,7 +58,7 @@ index fc7e899..4f4461a 100644 { peer_cfg->destroy(peer_cfg); diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c -index 6dd54b4..d0524a5 100644 +index 93ff70b..49ef998 100644 --- a/src/libcharon/control/controller.c +++ b/src/libcharon/control/controller.c @@ -15,6 +15,28 @@ @@ -105,8 +106,8 @@ index 6dd54b4..d0524a5 100644 + /** * unique ID, used for various methods */ - u_int32_t id; -@@ -355,9 +387,14 @@ METHOD(job_t, initiate_execute, job_requeue_t, + uint32_t id; +@@ -405,9 +437,14 @@ METHOD(job_t, initiate_execute, job_requeue_t, ike_sa_t *ike_sa; interface_listener_t *listener = &job->listener; peer_cfg_t *peer_cfg = listener->peer_cfg; @@ -122,7 +123,7 @@ index 6dd54b4..d0524a5 100644 if (!ike_sa) { listener->child_cfg->destroy(listener->child_cfg); -@@ -366,6 +403,7 @@ METHOD(job_t, initiate_execute, job_requeue_t, +@@ -416,6 +453,7 @@ METHOD(job_t, initiate_execute, job_requeue_t, listener_done(listener); return JOB_REQUEUE_NONE; } @@ -130,7 +131,7 @@ index 6dd54b4..d0524a5 100644 listener->lock->lock(listener->lock); listener->ike_sa = ike_sa; listener->lock->unlock(listener->lock); -@@ -438,6 +476,7 @@ METHOD(job_t, initiate_execute, job_requeue_t, +@@ -488,6 +526,7 @@ METHOD(job_t, initiate_execute, job_requeue_t, METHOD(controller_t, initiate, status_t, private_controller_t *this, peer_cfg_t *peer_cfg, child_cfg_t *child_cfg, @@ -138,7 +139,7 @@ index 6dd54b4..d0524a5 100644 controller_cb_t callback, void *param, u_int timeout, bool limits) { interface_job_t *job; -@@ -460,6 +499,8 @@ METHOD(controller_t, initiate, status_t, +@@ -510,6 +549,8 @@ METHOD(controller_t, initiate, status_t, .status = FAILED, .child_cfg = child_cfg, .peer_cfg = peer_cfg, @@ -148,7 +149,7 @@ index 6dd54b4..d0524a5 100644 .limits = limits, }, diff --git a/src/libcharon/control/controller.h b/src/libcharon/control/controller.h -index 5ffeac5..fb2e787 100644 +index 9524f53..7c51ba4 100644 --- a/src/libcharon/control/controller.h +++ b/src/libcharon/control/controller.h @@ -79,6 +79,8 @@ struct controller_t { @@ -169,10 +170,10 @@ index 5ffeac5..fb2e787 100644 bool limits); diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c -index 2e96f8f..e594a71 100644 +index 3e5861b..5a6e03d 100644 --- a/src/libcharon/plugins/maemo/maemo_service.c +++ b/src/libcharon/plugins/maemo/maemo_service.c -@@ -362,7 +362,7 @@ static gboolean initiate_connection(private_maemo_service_t *this, +@@ -364,7 +364,7 @@ static gboolean initiate_connection(private_maemo_service_t *this, /* get us an IKE_SA */ ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager, @@ -182,7 +183,7 @@ index 2e96f8f..e594a71 100644 { peer_cfg->destroy(peer_cfg); diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c -index 36da5ff..f2910ab 100644 +index fb60d39..83f8ae5 100644 --- a/src/libcharon/plugins/stroke/stroke_control.c +++ b/src/libcharon/plugins/stroke/stroke_control.c @@ -108,7 +108,7 @@ static void charon_initiate(private_stroke_control_t *this, peer_cfg_t *peer_cfg @@ -205,10 +206,10 @@ index 36da5ff..f2910ab 100644 switch (status) { diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c -index 6ebbedc..94222cc 100644 +index d919e1d..2cac93f 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c -@@ -1693,7 +1693,7 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg, +@@ -1691,7 +1691,7 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg, DBG1(DBG_CFG, "initiating '%s'", child_cfg->get_name(child_cfg)); charon->controller->initiate(charon->controller, peer_cfg->get_ref(peer_cfg), child_cfg->get_ref(child_cfg), @@ -218,7 +219,7 @@ index 6ebbedc..94222cc 100644 case ACTION_ROUTE: DBG1(DBG_CFG, "installing '%s'", child_cfg->get_name(child_cfg)); diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c -index c526d2f..593d3c7 100644 +index 4400381..55b8c99 100644 --- a/src/libcharon/plugins/vici/vici_control.c +++ b/src/libcharon/plugins/vici/vici_control.c @@ -16,6 +16,28 @@ @@ -342,7 +343,7 @@ index 5e88ac2..7043332 100644 case ACTION_ROUTE: DBG1(DBG_JOB, "start action: route '%s'", name); diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c -index e8190a9..38a6b9d 100644 +index 37d49da..9593356 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -16,6 +16,28 @@ @@ -403,7 +404,7 @@ index e8190a9..38a6b9d 100644 if (this->reuse_ikesa || peer_cfg->get_ike_version(peer_cfg) == IKEV1) { -@@ -1415,6 +1448,16 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, +@@ -1416,6 +1449,16 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, entry->condvar->signal(entry->condvar); continue; } @@ -420,7 +421,7 @@ index e8190a9..38a6b9d 100644 current_peer = entry->ike_sa->get_peer_cfg(entry->ike_sa); if (current_peer && current_peer->equals(current_peer, peer_cfg)) { -@@ -1446,6 +1489,10 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, +@@ -1447,6 +1490,10 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, return NULL; } ike_sa = checkout_new(this, peer_cfg->get_ike_version(peer_cfg), TRUE); @@ -432,7 +433,7 @@ index e8190a9..38a6b9d 100644 charon->bus->set_sa(charon->bus, ike_sa); diff --git a/src/libcharon/sa/ike_sa_manager.h b/src/libcharon/sa/ike_sa_manager.h -index f1b7c25..dbe1e7d 100644 +index 4298c54..47d6e6a 100644 --- a/src/libcharon/sa/ike_sa_manager.h +++ b/src/libcharon/sa/ike_sa_manager.h @@ -93,7 +93,8 @@ struct ike_sa_manager_t { @@ -461,10 +462,10 @@ index f1b7c25..dbe1e7d 100644 /** * Check for duplicates of the given IKE_SA. diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c -index 85e2207..2760f0b 100644 +index 40a0682..ea79d95 100644 --- a/src/libcharon/sa/trap_manager.c +++ b/src/libcharon/sa/trap_manager.c -@@ -401,7 +401,7 @@ METHOD(trap_manager_t, acquire, void, +@@ -399,7 +399,7 @@ METHOD(trap_manager_t, acquire, void, peer_cfg_t *peer; child_cfg_t *child; ike_sa_t *ike_sa; @@ -473,7 +474,7 @@ index 85e2207..2760f0b 100644 bool wildcard, ignore = FALSE; this->lock->read_lock(this->lock); -@@ -477,36 +477,28 @@ METHOD(trap_manager_t, acquire, void, +@@ -475,36 +475,27 @@ METHOD(trap_manager_t, acquire, void, this->lock->unlock(this->lock); if (wildcard) @@ -483,22 +484,21 @@ index 85e2207..2760f0b 100644 - if (ike_sa) - { - ike_cfg_t *ike_cfg; -- u_int16_t port; -- u_int8_t mask; +- uint16_t port; +- uint8_t mask; - - ike_sa->set_peer_cfg(ike_sa, peer); - ike_cfg = ike_sa->get_ike_cfg(ike_sa); + { + ike_cfg_t *ike_cfg; -+ u_int16_t port; -+ u_int8_t mask; ++ uint16_t port; ++ uint8_t mask; - port = ike_cfg->get_other_port(ike_cfg); - dst->to_subnet(dst, &host, &mask); - host->set_port(host, port); - ike_sa->set_other_host(ike_sa, host); -+ ike_sa->set_peer_cfg(ike_sa, peer); -+ ike_cfg = ike_sa->get_ike_cfg(ike_sa); ++ ike_cfg = peer->get_ike_cfg(peer); - port = ike_cfg->get_my_port(ike_cfg); - src->to_subnet(src, &host, &mask); @@ -608,5 +608,5 @@ index eb7b6ad..706fa57 100644 {"raw", 'r', 0, "dump raw response message"}, {"pretty", 'P', 0, "dump raw response message in pretty print"}, -- -2.7.4 +2.5.0 diff --git a/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch b/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch index f5f5945889..a69d162407 100644 --- a/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch +++ b/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch @@ -1,7 +1,7 @@ -From 549ee919f0d94d5b2377fc9d5ad7fa6ebbb43374 Mon Sep 17 00:00:00 2001 +From cc2ce031ea6a8b6d85331804b29335a9470765f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> Date: Mon, 21 Sep 2015 13:42:05 +0300 -Subject: [PATCH] vici: send certificates for ike-sa events +Subject: [PATCH 3/5] vici: send certificates for ike-sa events MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -12,7 +12,7 @@ Signed-off-by: Timo Teräs <timo.teras@iki.fi> 1 file changed, 41 insertions(+), 7 deletions(-) diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c -index 284c23e..8c538f0 100644 +index 04cea00..89655f1 100644 --- a/src/libcharon/plugins/vici/vici_query.c +++ b/src/libcharon/plugins/vici/vici_query.c @@ -266,7 +266,7 @@ static void list_vips(private_vici_query_t *this, vici_builder_t *b, @@ -26,7 +26,7 @@ index 284c23e..8c538f0 100644 ike_sa_id_t *id; @@ -274,6 +274,8 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b, proposal_t *proposal; - u_int16_t alg, ks; + uint16_t alg, ks; host_t *host; + auth_cfg_t *auth_cfg; + enumerator_t *enumerator; @@ -86,7 +86,7 @@ index 284c23e..8c538f0 100644 b->begin_section(b, "child-sas"); csas = ike_sa->create_child_sa_enumerator(ike_sa); -@@ -1354,7 +1388,7 @@ METHOD(listener_t, ike_updown, bool, +@@ -1378,7 +1412,7 @@ METHOD(listener_t, ike_updown, bool, } b->begin_section(b, ike_sa->get_name(ike_sa)); @@ -95,7 +95,7 @@ index 284c23e..8c538f0 100644 b->end_section(b); this->dispatcher->raise_event(this->dispatcher, -@@ -1379,10 +1413,10 @@ METHOD(listener_t, ike_rekey, bool, +@@ -1403,10 +1437,10 @@ METHOD(listener_t, ike_rekey, bool, b = vici_builder_create(); b->begin_section(b, old->get_name(old)); b->begin_section(b, "old"); @@ -108,7 +108,7 @@ index 284c23e..8c538f0 100644 b->end_section(b); b->end_section(b); -@@ -1412,7 +1446,7 @@ METHOD(listener_t, child_updown, bool, +@@ -1436,7 +1470,7 @@ METHOD(listener_t, child_updown, bool, } b->begin_section(b, ike_sa->get_name(ike_sa)); @@ -117,7 +117,7 @@ index 284c23e..8c538f0 100644 b->begin_section(b, "child-sas"); b->begin_section(b, child_sa->get_name(child_sa)); -@@ -1444,7 +1478,7 @@ METHOD(listener_t, child_rekey, bool, +@@ -1468,7 +1502,7 @@ METHOD(listener_t, child_rekey, bool, b = vici_builder_create(); b->begin_section(b, ike_sa->get_name(ike_sa)); @@ -127,5 +127,5 @@ index 284c23e..8c538f0 100644 b->begin_section(b, old->get_name(old)); -- -2.7.4 +2.5.0 diff --git a/main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch b/main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch index 779a909b59..ab8f9dda5d 100644 --- a/main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch +++ b/main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch @@ -1,7 +1,7 @@ -From edcf42dc988f92161db85898705b9b6d5a56c94e Mon Sep 17 00:00:00 2001 +From a8312ad8f39bba86558602550468ed98ff30da84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> Date: Mon, 21 Sep 2015 13:42:11 +0300 -Subject: [PATCH] vici: add support for individual sa state changes +Subject: [PATCH 4/5] vici: add support for individual sa state changes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -14,10 +14,10 @@ Signed-off-by: Timo Teräs <timo.teras@iki.fi> 1 file changed, 105 insertions(+) diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c -index 8c538f0..b49f65b 100644 +index 89655f1..bec9c94 100644 --- a/src/libcharon/plugins/vici/vici_query.c +++ b/src/libcharon/plugins/vici/vici_query.c -@@ -1356,8 +1356,16 @@ static void manage_commands(private_vici_query_t *this, bool reg) +@@ -1380,8 +1380,16 @@ static void manage_commands(private_vici_query_t *this, bool reg) this->dispatcher->manage_event(this->dispatcher, "list-cert", reg); this->dispatcher->manage_event(this->dispatcher, "ike-updown", reg); this->dispatcher->manage_event(this->dispatcher, "ike-rekey", reg); @@ -34,7 +34,7 @@ index 8c538f0..b49f65b 100644 manage_command(this, "list-sas", list_sas, reg); manage_command(this, "list-policies", list_policies, reg); manage_command(this, "list-conns", list_conns, reg); -@@ -1426,6 +1434,45 @@ METHOD(listener_t, ike_rekey, bool, +@@ -1450,6 +1458,45 @@ METHOD(listener_t, ike_rekey, bool, return TRUE; } @@ -80,7 +80,7 @@ index 8c538f0..b49f65b 100644 METHOD(listener_t, child_updown, bool, private_vici_query_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, bool up) { -@@ -1501,6 +1548,62 @@ METHOD(listener_t, child_rekey, bool, +@@ -1525,6 +1572,62 @@ METHOD(listener_t, child_rekey, bool, return TRUE; } @@ -143,7 +143,7 @@ index 8c538f0..b49f65b 100644 METHOD(vici_query_t, destroy, void, private_vici_query_t *this) { -@@ -1520,8 +1623,10 @@ vici_query_t *vici_query_create(vici_dispatcher_t *dispatcher) +@@ -1544,8 +1647,10 @@ vici_query_t *vici_query_create(vici_dispatcher_t *dispatcher) .listener = { .ike_updown = _ike_updown, .ike_rekey = _ike_rekey, @@ -155,5 +155,5 @@ index 8c538f0..b49f65b 100644 .destroy = _destroy, }, -- -2.7.4 +2.5.0 diff --git a/main/strongswan/2001-support-gre-key-in-ikev1.patch b/main/strongswan/2001-support-gre-key-in-ikev1.patch index 00d8d3cc7d..e33d997d4b 100644 --- a/main/strongswan/2001-support-gre-key-in-ikev1.patch +++ b/main/strongswan/2001-support-gre-key-in-ikev1.patch @@ -1,4 +1,4 @@ -From 8addb45c033b13f3063ece56823a925c2b8bf9a8 Mon Sep 17 00:00:00 2001 +From 9ebc52171e912a58288c24b74668ffa7af61bee8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> Date: Mon, 21 Sep 2015 13:42:18 +0300 Subject: [PATCH] support gre key in ikev1 @@ -17,17 +17,17 @@ racoon for the time being. --- src/libcharon/encoding/payloads/id_payload.c | 68 +++++++++++++++++----- src/libcharon/encoding/payloads/id_payload.h | 6 +- + .../plugins/kernel_netlink/kernel_netlink_ipsec.c | 40 ++++++++++--- src/libcharon/plugins/stroke/stroke_config.c | 5 ++ src/libcharon/plugins/unity/unity_narrow.c | 2 +- src/libcharon/plugins/vici/vici_config.c | 9 ++- src/libcharon/sa/ikev1/tasks/quick_mode.c | 16 ++--- - .../plugins/kernel_netlink/kernel_netlink_ipsec.c | 40 ++++++++++--- src/libstrongswan/selectors/traffic_selector.c | 33 ++++++++++- src/libstrongswan/selectors/traffic_selector.h | 31 ++++++++++ 9 files changed, 171 insertions(+), 39 deletions(-) diff --git a/src/libcharon/encoding/payloads/id_payload.c b/src/libcharon/encoding/payloads/id_payload.c -index bb8aab7..2cf08e9 100644 +index ae0b19a..b8a6500 100644 --- a/src/libcharon/encoding/payloads/id_payload.c +++ b/src/libcharon/encoding/payloads/id_payload.c @@ -245,18 +245,20 @@ METHOD(id_payload_t, get_identification, identification_t*, @@ -36,7 +36,7 @@ index bb8aab7..2cf08e9 100644 static traffic_selector_t *get_ts_from_range(private_id_payload_t *this, - ts_type_t type) + ts_type_t type, -+ u_int16_t from_port, u_int16_t to_port) ++ uint16_t from_port, uint16_t to_port) { return traffic_selector_create_from_bytes(this->protocol_id, type, - chunk_create(this->id_data.ptr, this->id_data.len / 2), this->port, @@ -51,7 +51,7 @@ index bb8aab7..2cf08e9 100644 static traffic_selector_t *get_ts_from_subnet(private_id_payload_t *this, - ts_type_t type) + ts_type_t type, -+ u_int16_t from_port, u_int16_t to_port) ++ uint16_t from_port, uint16_t to_port) { traffic_selector_t *ts; chunk_t net, netmask; @@ -70,7 +70,7 @@ index bb8aab7..2cf08e9 100644 static traffic_selector_t *get_ts_from_ip(private_id_payload_t *this, - ts_type_t type) + ts_type_t type, -+ u_int16_t from_port, u_int16_t to_port) ++ uint16_t from_port, uint16_t to_port) { return traffic_selector_create_from_bytes(this->protocol_id, type, - this->id_data, this->port, this->id_data, this->port ?: 65535); @@ -82,7 +82,7 @@ index bb8aab7..2cf08e9 100644 + private_id_payload_t *this, id_payload_t *other_, bool initiator) { + private_id_payload_t *other = (private_id_payload_t *) other_; -+ u_int16_t from_port, to_port; ++ uint16_t from_port, to_port; + + if (other && this->protocol_id == IPPROTO_GRE && other->protocol_id == IPPROTO_GRE) + { @@ -158,7 +158,7 @@ index bb8aab7..2cf08e9 100644 +id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts, bool initiator) { private_id_payload_t *this; - u_int8_t mask; + uint8_t mask; @@ -460,8 +487,17 @@ id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts) ts->get_from_address(ts), ts->get_to_address(ts)); net->destroy(net); @@ -204,11 +204,94 @@ index df1d075..7558e91 100644 +id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts, bool initiator); #endif /** ID_PAYLOAD_H_ @}*/ +diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c +index 9c2a7c3..c39db9d 100644 +--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c ++++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c +@@ -812,7 +812,18 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src, + ts2subnet(src, &sel.saddr, &sel.prefixlen_s); + ts2ports(dst, &sel.dport, &sel.dport_mask); + ts2ports(src, &sel.sport, &sel.sport_mask); +- if ((sel.proto == IPPROTO_ICMP || sel.proto == IPPROTO_ICMPV6) && ++ if (sel.proto == IPPROTO_GRE) ++ { ++ sel.sport = htons(src->get_from_port(src)); ++ sel.dport = htons(src->get_to_port(src)); ++ sel.sport_mask = ~0; ++ sel.dport_mask = ~0; ++ if (sel.sport == htons(0) && sel.dport == htons(0xffff)) ++ { ++ sel.sport = sel.dport = sel.sport_mask = sel.dport_mask = 0; ++ } ++ } ++ else if ((sel.proto == IPPROTO_ICMP || sel.proto == IPPROTO_ICMPV6) && + (sel.dport || sel.sport)) + { + /* the kernel expects the ICMP type and code in the source and +@@ -836,7 +847,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src) + { + u_char *addr; + uint8_t prefixlen; +- uint16_t port = 0; ++ uint16_t from_port = 0, to_port = 65535; + host_t *host = NULL; + + if (src) +@@ -845,7 +856,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src) + prefixlen = sel->prefixlen_s; + if (sel->sport_mask) + { +- port = ntohs(sel->sport); ++ from_port = to_port = ntohs(sel->sport); + } + } + else +@@ -854,14 +865,27 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src) + prefixlen = sel->prefixlen_d; + if (sel->dport_mask) + { +- port = ntohs(sel->dport); ++ from_port = to_port = ntohs(sel->dport); ++ } ++ } ++ if (sel->proto == IPPROTO_GRE) ++ { ++ if (sel->sport_mask) ++ { ++ from_port = ntohs(sel->sport); ++ to_port = ntohs(sel->dport); ++ } ++ else ++ { ++ from_port = 0; ++ to_port = 0xffff; + } + } +- if (sel->proto == IPPROTO_ICMP || sel->proto == IPPROTO_ICMPV6) ++ else if (sel->proto == IPPROTO_ICMP || sel->proto == IPPROTO_ICMPV6) + { /* convert ICMP[v6] message type and code as supplied by the kernel in + * source and destination ports (both in network order) */ +- port = (sel->sport >> 8) | (sel->dport & 0xff00); +- port = ntohs(port); ++ from_port = (sel->sport >> 8) | (sel->dport & 0xff00); ++ from_port = to_port = ntohs(from_port); + } + /* The Linux 2.6 kernel does not set the selector's family field, + * so as a kludge we additionally test the prefix length. +@@ -878,7 +902,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src) + if (host) + { + return traffic_selector_create_from_subnet(host, prefixlen, +- sel->proto, port, port ?: 65535); ++ sel->proto, from_port, to_port); + } + return NULL; + } diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c -index f717194..cde175f 100644 +index f2d1104..9caf12e 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c -@@ -1049,6 +1049,11 @@ static bool parse_protoport(char *token, u_int16_t *from_port, +@@ -941,6 +941,11 @@ static bool parse_protoport(char *token, uint16_t *from_port, *from_port = 0xffff; *to_port = 0; } @@ -234,10 +317,10 @@ index 227d24b..7749d8c 100644 } first = FALSE; diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c -index 5537ed9..70c83d4 100644 +index 30e3484..553f04c 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c -@@ -596,8 +596,13 @@ CALLBACK(parse_ts, bool, +@@ -626,8 +626,13 @@ CALLBACK(parse_ts, bool, } else if (*port && !streq(port, "any")) { @@ -254,10 +337,10 @@ index 5537ed9..70c83d4 100644 from = to = ntohs(svc->s_port); } diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c -index d6a3f2c..8533112 100644 +index bbd1cb0..fe5d33d 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c -@@ -541,9 +541,9 @@ static void add_ts(private_quick_mode_t *this, message_t *message) +@@ -555,9 +555,9 @@ static void add_ts(private_quick_mode_t *this, message_t *message) { id_payload_t *id_payload; @@ -269,7 +352,7 @@ index d6a3f2c..8533112 100644 message->add_payload(message, &id_payload->payload_interface); } -@@ -554,7 +554,7 @@ static bool get_ts(private_quick_mode_t *this, message_t *message) +@@ -568,7 +568,7 @@ static bool get_ts(private_quick_mode_t *this, message_t *message) { traffic_selector_t *tsi = NULL, *tsr = NULL; enumerator_t *enumerator; @@ -278,7 +361,7 @@ index d6a3f2c..8533112 100644 payload_t *payload; host_t *hsi, *hsr; bool first = TRUE; -@@ -564,20 +564,22 @@ static bool get_ts(private_quick_mode_t *this, message_t *message) +@@ -578,20 +578,22 @@ static bool get_ts(private_quick_mode_t *this, message_t *message) { if (payload->get_type(payload) == PLV1_ID) { @@ -305,100 +388,17 @@ index d6a3f2c..8533112 100644 enumerator->destroy(enumerator); /* create host2host selectors if ID payloads missing */ -diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c -index 605476e..ef94c26 100644 ---- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c -+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c -@@ -745,7 +745,18 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src, - ts2subnet(src, &sel.saddr, &sel.prefixlen_s); - ts2ports(dst, &sel.dport, &sel.dport_mask); - ts2ports(src, &sel.sport, &sel.sport_mask); -- if ((sel.proto == IPPROTO_ICMP || sel.proto == IPPROTO_ICMPV6) && -+ if (sel.proto == IPPROTO_GRE) -+ { -+ sel.sport = htons(src->get_from_port(src)); -+ sel.dport = htons(src->get_to_port(src)); -+ sel.sport_mask = ~0; -+ sel.dport_mask = ~0; -+ if (sel.sport == htons(0) && sel.dport == htons(0xffff)) -+ { -+ sel.sport = sel.dport = sel.sport_mask = sel.dport_mask = 0; -+ } -+ } -+ else if ((sel.proto == IPPROTO_ICMP || sel.proto == IPPROTO_ICMPV6) && - (sel.dport || sel.sport)) - { - /* the kernel expects the ICMP type and code in the source and -@@ -769,7 +780,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src) - { - u_char *addr; - u_int8_t prefixlen; -- u_int16_t port = 0; -+ u_int16_t from_port = 0, to_port = 65535; - host_t *host = NULL; - - if (src) -@@ -778,7 +789,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src) - prefixlen = sel->prefixlen_s; - if (sel->sport_mask) - { -- port = ntohs(sel->sport); -+ from_port = to_port = ntohs(sel->sport); - } - } - else -@@ -787,14 +798,27 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src) - prefixlen = sel->prefixlen_d; - if (sel->dport_mask) - { -- port = ntohs(sel->dport); -+ from_port = to_port = ntohs(sel->dport); -+ } -+ } -+ if (sel->proto == IPPROTO_GRE) -+ { -+ if (sel->sport_mask) -+ { -+ from_port = ntohs(sel->sport); -+ to_port = ntohs(sel->dport); -+ } -+ else -+ { -+ from_port = 0; -+ to_port = 0xffff; - } - } -- if (sel->proto == IPPROTO_ICMP || sel->proto == IPPROTO_ICMPV6) -+ else if (sel->proto == IPPROTO_ICMP || sel->proto == IPPROTO_ICMPV6) - { /* convert ICMP[v6] message type and code as supplied by the kernel in - * source and destination ports (both in network order) */ -- port = (sel->sport >> 8) | (sel->dport & 0xff00); -- port = ntohs(port); -+ from_port = (sel->sport >> 8) | (sel->dport & 0xff00); -+ from_port = to_port = ntohs(from_port); - } - /* The Linux 2.6 kernel does not set the selector's family field, - * so as a kludge we additionally test the prefix length. -@@ -811,7 +835,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src) - if (host) - { - return traffic_selector_create_from_subnet(host, prefixlen, -- sel->proto, port, port ?: 65535); -+ sel->proto, from_port, to_port); - } - return NULL; - } diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c -index 6686324..776c765 100644 +index da3ba97..ee2af19 100644 --- a/src/libstrongswan/selectors/traffic_selector.c +++ b/src/libstrongswan/selectors/traffic_selector.c -@@ -209,6 +209,14 @@ static int print_icmp(printf_hook_data_t *data, u_int16_t port) +@@ -209,6 +209,14 @@ static int print_icmp(printf_hook_data_t *data, uint16_t port) } /** + * Print GRE key + */ -+static int print_grekey(printf_hook_data_t *data, u_int16_t from_port, u_int16_t to_port) ++static int print_grekey(printf_hook_data_t *data, uint16_t from_port, uint16_t to_port) +{ + return print_in_hook(data, "%d", traffic_selector_grekey(from_port, to_port)); +} @@ -407,7 +407,7 @@ index 6686324..776c765 100644 * Described in header. */ int traffic_selector_printf_hook(printf_hook_data_t *data, -@@ -313,7 +321,11 @@ int traffic_selector_printf_hook(printf_hook_data_t *data, +@@ -312,7 +320,11 @@ int traffic_selector_printf_hook(printf_hook_data_t *data, /* build port string */ if (has_ports) { @@ -420,7 +420,7 @@ index 6686324..776c765 100644 { struct servent *serv; -@@ -398,7 +410,24 @@ METHOD(traffic_selector_t, get_subset, traffic_selector_t*, +@@ -397,7 +409,24 @@ METHOD(traffic_selector_t, get_subset, traffic_selector_t*, /* select protocol, which is not zero */ protocol = max(this->protocol, other->protocol); @@ -447,7 +447,7 @@ index 6686324..776c765 100644 (is_opaque(other) && is_any(this))) { diff --git a/src/libstrongswan/selectors/traffic_selector.h b/src/libstrongswan/selectors/traffic_selector.h -index cf9a286..d458c68 100644 +index cc66c34..a2a95b9 100644 --- a/src/libstrongswan/selectors/traffic_selector.h +++ b/src/libstrongswan/selectors/traffic_selector.h @@ -120,6 +120,9 @@ struct traffic_selector_t { @@ -459,7 +459,7 @@ index cf9a286..d458c68 100644 + * * @return port */ - u_int16_t (*get_from_port) (traffic_selector_t *this); + uint16_t (*get_from_port) (traffic_selector_t *this); @@ -134,6 +137,9 @@ struct traffic_selector_t { * 8 bits and the code in the least significant 8 bits. Use the utility * functions to extract them. @@ -469,7 +469,7 @@ index cf9a286..d458c68 100644 + * * @return port */ - u_int16_t (*get_to_port) (traffic_selector_t *this); + uint16_t (*get_to_port) (traffic_selector_t *this); @@ -268,6 +274,31 @@ int traffic_selector_cmp(traffic_selector_t *a, traffic_selector_t *b, void *opts); @@ -480,7 +480,7 @@ index cf9a286..d458c68 100644 + * @param to_port port number in host order + * @return GRE KEY in host order + */ -+static inline u_int32_t traffic_selector_grekey(u_int16_t from_port, u_int16_t to_port) ++static inline uint32_t traffic_selector_grekey(uint16_t from_port, uint16_t to_port) +{ + return (from_port << 16) | to_port; +} @@ -492,7 +492,7 @@ index cf9a286..d458c68 100644 + * @param from_port from port in host order + * @param to_port to port in host order + */ -+static inline void traffic_selector_split_grekey(u_int32_t grekey, u_int16_t *from_port, u_int16_t *to_port) ++static inline void traffic_selector_split_grekey(uint32_t grekey, uint16_t *from_port, uint16_t *to_port) +{ + *from_port = grekey >> 16; + *to_port = grekey & 0xffff; @@ -503,5 +503,5 @@ index cf9a286..d458c68 100644 * * If protocol is ICMP or ICMPv6 the ports are interpreted as follows: If they -- -2.5.3 +2.9.1 diff --git a/main/strongswan/2002-vici-support-asynchronous-initiation.patch b/main/strongswan/2002-vici-add-deprecated-async-parameter.patch index a5fec12019..577532867c 100644 --- a/main/strongswan/2002-vici-support-asynchronous-initiation.patch +++ b/main/strongswan/2002-vici-add-deprecated-async-parameter.patch @@ -1,7 +1,7 @@ -From 9694c2dd70aeb1ea43754490f4ed038da7245887 Mon Sep 17 00:00:00 2001 +From d3c1585742909cbf306da1bf489b7f1560e8dab5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> Date: Mon, 21 Sep 2015 13:42:15 +0300 -Subject: [PATCH] vici: add (deprecated) async parameter +Subject: [PATCH 5/5] vici: add (deprecated) async parameter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -15,7 +15,7 @@ Signed-off-by: Timo Teräs <timo.teras@iki.fi> 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c -index 593d3c7..b93d4ef 100644 +index 55b8c99..eba7640 100644 --- a/src/libcharon/plugins/vici/vici_control.c +++ b/src/libcharon/plugins/vici/vici_control.c @@ -195,7 +195,7 @@ CALLBACK(initiate, vici_message_t*, @@ -45,5 +45,5 @@ index 593d3c7..b93d4ef 100644 log_cb = (controller_cb_t)log_vici; } -- -2.7.4 +2.5.0 diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD index fd4a6c6a73..8c1b019069 100644 --- a/main/strongswan/APKBUILD +++ b/main/strongswan/APKBUILD @@ -1,9 +1,9 @@ # Contributor: Jesse Young <jlyo@jlyo.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=strongswan -pkgver=5.4.0 +pkgver=5.5.0 _pkgver=${pkgver//_rc/rc} -pkgrel=1 +pkgrel=0 pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE" url="http://www.strongswan.org/" arch="all" @@ -22,7 +22,7 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2 1002-vici-send-certificates-for-ike-sa-events.patch 1003-vici-add-support-for-individual-sa-state-changes.patch 2001-support-gre-key-in-ikev1.patch - 2002-vici-support-asynchronous-initiation.patch + 2002-vici-add-deprecated-async-parameter.patch strongswan.initd charon.initd" @@ -112,30 +112,30 @@ package() { install -m755 -D "$srcdir/charon.initd" "$pkgdir/etc/init.d/charon" || return 1 } -md5sums="9d7c77b0da9b69f859624897e5e9ebbf strongswan-5.4.0.tar.bz2 -9285f6edb3efcd6bf61ed6da982bdbc8 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch -6df5e2362a275b552747928e83842c5c 1001-charon-add-optional-source-and-remote-overrides-for-.patch -d4c5facf86f02ecd50288e16633d80c8 1002-vici-send-certificates-for-ike-sa-events.patch -3fc0bb2d80ffc4cca0db5fe2e29dec35 1003-vici-add-support-for-individual-sa-state-changes.patch -6ace16d48653028ec1982e6940fd2b1d 2001-support-gre-key-in-ikev1.patch -6cc10c571ee50199e741f7d5ce9bcc85 2002-vici-support-asynchronous-initiation.patch +md5sums="a96fa7eb6c62b40143dadb064b6bd586 strongswan-5.5.0.tar.bz2 +0a82059a9bd45d7a189864843560afe9 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch +6e596d747a158bf6760aa85490f368b1 1001-charon-add-optional-source-and-remote-overrides-for-.patch +1d174dd2c9fcfdc9e2260a249395ab8d 1002-vici-send-certificates-for-ike-sa-events.patch +167c525d4945d4e9a36fe75aabbbb895 1003-vici-add-support-for-individual-sa-state-changes.patch +97bb0e061ba1576bab0e053afc2a4a72 2001-support-gre-key-in-ikev1.patch +31f4bda273d364095e9e6167da417e08 2002-vici-add-deprecated-async-parameter.patch 72a956819c451931d3d31a528a0d1b9c strongswan.initd a7993f28e4eacc61f51722044645587e charon.initd" -sha256sums="f8288faaea6a9cd8a7d413c0b76b7922be5da3dfcd01fd05cb30d2c55d3bbe89 strongswan-5.4.0.tar.bz2 -1ce5125db88c815e9daece12a9bffade46e104fb4faeb2a3f4fa9935a3a6fd1d 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch -3e250759b05738884a933f31bd9eacc32ad6a5b913298f533b4d4ebe3fa636ca 1001-charon-add-optional-source-and-remote-overrides-for-.patch -4dcb0e4a5456773a8d1ab474403812172bc82408a47fe2fbf1bc7199a2bf5682 1002-vici-send-certificates-for-ike-sa-events.patch -8ea09e018c860121a3bc67ae74f98276af1184928507bcb99c87db7e588366ed 1003-vici-add-support-for-individual-sa-state-changes.patch -db5a6474de0727ea6c10550358f1dda7a849a9729f93d26db351e35df14a3962 2001-support-gre-key-in-ikev1.patch -ed40940d6208f5bbe5104d55d53cdfbcad1ca6ac190c81279dcd78dbbb460c21 2002-vici-support-asynchronous-initiation.patch +sha256sums="58463998ac6725eac3687e8a20c1f69803c3772657076d06c43386a24b4c8454 strongswan-5.5.0.tar.bz2 +89934062b4d400019752bb8140a60dacd832e4be7e86e7f573397bc56f87109e 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch +b8a7a12582329244bb28b41d52e8f52cdcde84722c9c00d72ed1c799ad575011 1001-charon-add-optional-source-and-remote-overrides-for-.patch +e2de070bdb5fd9e19d02d18829ad9684e3a9fa64f0bc45015249c7f1f738f7be 1002-vici-send-certificates-for-ike-sa-events.patch +c92a8641093e343f1f652213fb4469622a82f9f3c759e065b2b553ef3cf8cfec 1003-vici-add-support-for-individual-sa-state-changes.patch +f038cadddde9f0ea2f36df03f81445b2f6a6d6b09cf4a21bfcdb61c62706a66b 2001-support-gre-key-in-ikev1.patch +fec398ec01dbc3f10693ec128b0f39b90284c89ae65cad6230fd277e6f67e023 2002-vici-add-deprecated-async-parameter.patch fdb781fa59700ca83b9fd2f2ff0b9c45467448ebd82da96286b3e2aa477ef7f4 strongswan.initd 7bcc57e4a778f87645c6b9d76ba2c04e1c11c326bc9a4968561788711c7fe58a charon.initd" -sha512sums="633d17ac0a55d333b358a538a47c53077bcc462e2a64af6643b2fe4f777184bd81fc7e4c384e8da81326834f571bf4c0a6caff1ec773043f471a82ea06d97459 strongswan-5.4.0.tar.bz2 -4e3f86d4cc67aa5e498b1c02f0590ba0bb8033a6fb0b0ad56d19168d46e5db3853652510c7473e44f2df7054c92e8d28c8d95db112a1c1f62b4969e2679a16f9 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch -78f2f1a5bc490d788ce13a82aea821507f4e7b1dc74bdbc154f27a1629ccee59025604552651054b176a30fa1568486d58ab78fff6086d9ed56fef257736633f 1001-charon-add-optional-source-and-remote-overrides-for-.patch -4d9a999b9684c100d850d290e95aaadc330b144c049d585cbbfa09b1f58e2a09c95ed96d959d90264efdf9fd66085625c28e75393af12e139b5c7d39b3a9fb84 1002-vici-send-certificates-for-ike-sa-events.patch -abea53573a95ae6599b6f60851ca11d4d3dd30367fd995a1d07284f5f02b491b10d7fafb32389bf38d177835fed6796aba99541e187731333bec191de467f669 1003-vici-add-support-for-individual-sa-state-changes.patch -2d1ff7f48f652e489ddb0c54f8f15fb4fedb188de35a7028335dde5e623077ef7adc2fad4484330acc26db3f5fa0479cd0bebeeb75ecc5e61bf361d837c259f5 2001-support-gre-key-in-ikev1.patch -f5e244b44e1682ddc2175c35a39c4b33b8ec4983a7b7da5df2b5a103841b0826c919817b685f1959e783e19434558d75e15b353b43ad7b020d122721cd96a4f2 2002-vici-support-asynchronous-initiation.patch +sha512sums="dbbd26fa21f940e8b959387f174084c811bb6af6950295be724bd8507713918ffda931a65a5db00f2a4611ee4edf893e55ca56cfd5d4efb394eeeb8968c889d4 strongswan-5.5.0.tar.bz2 +768a144be4c84395bc28b91e509c8319521d68a9eae0a5d5ff96830bf8cf3154bce046d2128d1aba092bb5d3d2dceb35296c13778294f88a14c2267865766db1 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch +66fcaaf19ed17472b52ed178ffdd7454dce80849d4ebaafb8ab3f2d4119bfbc975f7854709c45cec7dfc6f6060834c840da683f45ac1de71688a1ff731564c24 1001-charon-add-optional-source-and-remote-overrides-for-.patch +f1aa4eed2258527dcc787ef41af7fdb9d6eb83e18d1ac2d8eebace47d0f41d5b719f80508691f271e67f2fac2f041b57a02cfea4a289eb38b3619c3ae2e18b9a 1002-vici-send-certificates-for-ike-sa-events.patch +9c94dd2063265581aff60960f795e7e5a7f8992dfb875d2bceff8028ae1c45afd6ec48a0729a0da14e86245b5017c85cdd33b1baa5b7faff4edc1783b5ffedcc 1003-vici-add-support-for-individual-sa-state-changes.patch +1544a409ad08f46a5dffbe3b4e8cf0e973c58140bf225f7c4e9b29be7fe6178f63d73730d1b2f7a755ed0d5dc09ee9fa0a08ac35761b01c5914d9bde1044ce7a 2001-support-gre-key-in-ikev1.patch +769536476e941882c3a244b3c47eb4cc8ab1ec026862acfa1e00469114b532f8965890b21ff2e9e129778ead9b273ce47923b9bc0e788be3c0292023f5a32ee5 2002-vici-add-deprecated-async-parameter.patch 8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9 strongswan.initd 1c44c801f66305c0331f76e580c0d60f1b7d5cd3cc371be55826b06c3899f542664628a912a7fb48626e34d864f72ca5dcd34b2f0d507c4f19c510d0047054c1 charon.initd" |