rpms/ipsec-tools/devel ipsec-tools-0.7-loopback.patch, 1.1, 1.2 ipsec-tools.spec, 1.43, 1.44
Steve Conklin (sconklin)
fedora-extras-commits at redhat.com
Wed Aug 29 04:53:17 UTC 2007
Author: sconklin
Update of /cvs/pkgs/rpms/ipsec-tools/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9902
Modified Files:
ipsec-tools-0.7-loopback.patch ipsec-tools.spec
Log Message:
Fixed the empty loopback patch file that was accidentally committed
ipsec-tools-0.7-loopback.patch:
Index: ipsec-tools-0.7-loopback.patch
===================================================================
RCS file: /cvs/pkgs/rpms/ipsec-tools/devel/ipsec-tools-0.7-loopback.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ipsec-tools-0.7-loopback.patch 29 Aug 2007 04:04:57 -0000 1.1
+++ ipsec-tools-0.7-loopback.patch 29 Aug 2007 04:53:14 -0000 1.2
@@ -0,0 +1,515 @@
+--- ipsec-tools-0.7/src/racoon/isakmp.c.loopback 2007-08-28 23:46:38.000000000 -0500
++++ ipsec-tools-0.7/src/racoon/isakmp.c 2007-08-28 23:46:38.000000000 -0500
+@@ -414,6 +414,36 @@
+ return(error);
+ }
+
++#ifdef ENABLE_RACOON_OVER_LOOPBACK
++/*
++ * isakmp phase 1 search helper
++ */
++static struct ph1handle *
++isakmp_ph1pickside(iph1_i, iph1_r, local)
++ struct ph1handle *iph1_i, *iph1_r;
++ struct sockaddr *local;
++{
++ if (iph1_i == NULL && iph1_r != NULL) {
++ if (cmpsaddrstrict(iph1_r->remote, local) != 0)
++ return iph1_r;
++ else
++ return NULL;
++ } else if (iph1_i != NULL && iph1_r == NULL) {
++ if (cmpsaddrstrict(iph1_i->remote, local) != 0)
++ return iph1_i;
++ else
++ return NULL;
++ } else if (iph1_i != NULL && iph1_r != NULL) {
++ if (iph1_r->status < iph1_i->status)
++ return iph1_r;
++ else
++ return iph1_i;
++ }
++
++ return NULL;
++}
++#endif
++
+ /*
+ * main processing to handle isakmp payload
+ */
+@@ -480,7 +510,15 @@
+ }
+ }
+
+- iph1 = getph1byindex(index);
++
++#ifdef ENABLE_RACOON_OVER_LOOPBACK
++ iph1 = isakmp_ph1pickside(getph1byindex(index, INITIATOR),
++ getph1byindex(index, RESPONDER),
++ local);
++#else
++ iph1 = getph1byindex(index, ANYSIDE);
++#endif
++
+ if (iph1 != NULL) {
+ /* validity check */
+ if (memcmp(&isakmp->r_ck, r_ck0, sizeof(cookie_t)) == 0 &&
+@@ -580,7 +618,15 @@
+ */
+
+ /* search for phase1 handle by index without r_ck */
+- iph1 = getph1byindex0(index);
++#ifdef ENABLE_RACOON_OVER_LOOPBACK
++ iph1 = isakmp_ph1pickside(
++ getph1byindex0(index, INITIATOR),
++ getph1byindex0(index, RESPONDER),
++ local);
++#else
++ iph1=getph1byindex0(index, ANYSIDE);
++#endif
++
+ if (iph1 == NULL) {
+ /*it must be the 1st message from a initiator.*/
+ if (memcmp(&isakmp->r_ck, r_ck0,
+@@ -656,7 +702,7 @@
+ * NOTE: We think such informational exchange should be ignored.
+ */
+ if (iph1 == NULL) {
+- iph1 = getph1byindex0(index);
++ iph1 = getph1byindex0(index, INITIATOR);
+ if (iph1 == NULL) {
+ plog(LLV_ERROR, LOCATION, remote,
+ "unknown Informational "
+@@ -683,6 +729,9 @@
+ case ISAKMP_ETYPE_QUICK:
+ {
+ struct ph2handle *iph2;
++#ifdef ENABLE_RACOON_OVER_LOOPBACK
++ struct ph2handle *iph2_i, *iph2_r;
++#endif
+
+ if (iph1 == NULL) {
+ isakmp_info_send_nx(isakmp, remote, local,
+@@ -715,8 +764,31 @@
+ return -1;
+ }
+
+- /* search isakmp phase 2 stauts record. */
+- iph2 = getph2bymsgid(iph1, msgid);
++ /* search isakmp phase 2 status record. */
++#ifdef ENABLE_RACOON_OVER_LOOPBACK
++ iph2_i = getph2bymsgid(iph1, msgid, INITIATOR);
++ iph2_r = getph2bymsgid(iph1, msgid, RESPONDER);
++ if (iph2_i == NULL && iph2_r != NULL) {
++ if (cmpsaddrstrict(iph1->remote, local) != 0)
++ iph2 = iph2_r;
++ else
++ iph2 = NULL;
++ } else if (iph2_i != NULL && iph2_r == NULL) {
++ if (cmpsaddrstrict(iph1->remote, local) != 0)
++ iph2 = iph2_i;
++ else
++ iph2 = NULL;
++ } else if (iph2_i != NULL && iph2_r != NULL) {
++ if (iph2_r->status < iph2_i->status)
++ iph2 = iph2_r;
++ else
++ iph2 = iph2_i;
++ } else
++ iph2 = NULL;
++#else
++ iph2 = getph2bymsgid(iph1, msgid, ANYSIDE);
++#endif
++
+ if (iph2 == NULL) {
+ /* it must be new negotiation as responder */
+ if (isakmp_ph2begin_r(iph1, msg) < 0)
+@@ -2226,15 +2298,17 @@
+ */
+ #ifdef ENABLE_NATT
+ if (!extract_port(iph2->src) && !extract_port(iph2->dst)) {
+- if ((iph1 = getph1byaddrwop(iph2->src, iph2->dst)) != NULL) {
++ if ((iph1 = getph1byaddrwop(iph2->src,
++ iph2->dst,
++ ANYSIDE)) != NULL) {
+ set_port(iph2->src, extract_port(iph1->local));
+ set_port(iph2->dst, extract_port(iph1->remote));
+ }
+ } else {
+- iph1 = getph1byaddr(iph2->src, iph2->dst);
++ iph1 = getph1byaddr(iph2->src, iph2->dst, ANYSIDE);
+ }
+ #else
+- iph1 = getph1byaddr(iph2->src, iph2->dst);
++ iph1 = getph1byaddr(iph2->src, iph2->dst, ANYSIDE);
+ #endif
+
+ /* no ISAKMP-SA found. */
+@@ -2361,17 +2435,19 @@
+ #ifdef ENABLE_NATT
+ if (!extract_port(iph2->src) && !extract_port(iph2->dst)) {
+ plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: extract_port.\n");
+- if( (iph1 = getph1byaddrwop(iph2->src, iph2->dst)) != NULL){
++ if ((iph1 = getph1byaddrwop(iph2->src,
++ iph2->dst,
++ ANYSIDE)) != NULL) {
+ plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: found a ph1 wop.\n");
+ }
+ } else {
+ plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: searching byaddr.\n");
+- iph1 = getph1byaddr(iph2->src, iph2->dst);
++ iph1 = getph1byaddr(iph2->src, iph2->dst, ANYSIDE);
+ if(iph1 != NULL)
+ plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: found byaddr.\n");
+ }
+ #else
+- iph1 = getph1byaddr(iph2->src, iph2->dst);
++ iph1 = getph1byaddr(iph2->src, iph2->dst, ANYSIDE);
+ #endif
+
+ /* XXX Even if ph1 as responder is there, should we not start
+@@ -2635,7 +2711,7 @@
+
+ do {
+ msgid2 = eay_random();
+- } while (getph2bymsgid(iph1, msgid2));
++ } while (getph2bymsgid(iph1, msgid2, iph1->side));
+
+ return msgid2;
+ }
+@@ -3298,7 +3374,7 @@
+ iph1->status = PHASE1ST_EXPIRED;
+
+ /* Check if we have another, still valid, phase1 SA. */
+- new_iph1 = getph1byaddr(iph1->local, iph1->remote);
++ new_iph1 = getph1byaddr(iph1->local, iph1->remote, ANYSIDE);
+
+ /*
+ * Delete all orphaned or binded to the deleting ph1handle phase2 SAs.
+--- ipsec-tools-0.7/src/racoon/handler.h.loopback 2007-08-28 23:46:38.000000000 -0500
++++ ipsec-tools-0.7/src/racoon/handler.h 2007-08-28 23:46:38.000000000 -0500
+@@ -425,13 +425,13 @@
+ struct ph2handle;
+ struct policyindex;
+
+-extern struct ph1handle *getph1byindex __P((isakmp_index *));
+-extern struct ph1handle *getph1byindex0 __P((isakmp_index *));
++extern struct ph1handle *getph1byindex __P((isakmp_index *, int));
++extern struct ph1handle *getph1byindex0 __P((isakmp_index *, int));
+ extern struct ph1handle *getph1byaddr __P((struct sockaddr *,
+- struct sockaddr *));
++ struct sockaddr *, int));
+ extern struct ph1handle *getph1byaddrwop __P((struct sockaddr *,
+- struct sockaddr *));
+-extern struct ph1handle *getph1bydstaddrwop __P((struct sockaddr *));
++ struct sockaddr *, int));
++extern struct ph1handle *getph1bydstaddrwop __P((struct sockaddr *, int));
+ #ifdef ENABLE_HYBRID
+ struct ph1handle *getph1bylogin __P((char *));
+ int purgeph1bylogin __P((char *));
+@@ -448,8 +448,9 @@
+ extern struct ph2handle *getph2byspid __P((u_int32_t));
+ extern struct ph2handle *getph2byseq __P((u_int32_t));
+ extern struct ph2handle *getph2bysaddr __P((struct sockaddr *,
+- struct sockaddr *));
+-extern struct ph2handle *getph2bymsgid __P((struct ph1handle *, u_int32_t));
++ struct sockaddr *, int));
++extern struct ph2handle *getph2bymsgid __P((struct ph1handle *, u_int32_t,
++ int));
+ extern struct ph2handle *getph2byid __P((struct sockaddr *,
+ struct sockaddr *, u_int32_t));
+ extern struct ph2handle *getph2bysaidx __P((struct sockaddr *,
+--- ipsec-tools-0.7/src/racoon/isakmp.h.loopback 2006-09-09 11:22:09.000000000 -0500
++++ ipsec-tools-0.7/src/racoon/isakmp.h 2007-08-28 23:46:38.000000000 -0500
+@@ -39,6 +39,8 @@
+ /* must include <netinet/in.h> first. */
+ /* must include "isakmp_var.h" first. */
+
++#define ANYSIDE -1 /* either INITIATOR or RESPONDER */
++
+ #define INITIATOR 0 /* synonym sender */
+ #define RESPONDER 1 /* synonym receiver */
+
+--- ipsec-tools-0.7/src/racoon/handler.c.loopback 2007-06-06 04:20:12.000000000 -0500
++++ ipsec-tools-0.7/src/racoon/handler.c 2007-08-28 23:46:38.000000000 -0500
+@@ -101,14 +101,19 @@
+ extern caddr_t val2str(const char *, size_t);
+
+ struct ph1handle *
+-getph1byindex(index)
++getph1byindex(index, side)
+ isakmp_index *index;
++ int side;
+ {
+ struct ph1handle *p;
+
+ LIST_FOREACH(p, &ph1tree, chain) {
+ if (p->status == PHASE1ST_EXPIRED)
+ continue;
++#ifdef ENABLE_RACOON_OVER_LOOPBACK
++ if (p->side != side && side != ANYSIDE)
++ continue;
++#endif
+ if (memcmp(&p->index, index, sizeof(*index)) == 0)
+ return p;
+ }
+@@ -121,14 +126,19 @@
+ * search for isakmp handler by i_ck in index.
+ */
+ struct ph1handle *
+-getph1byindex0(index)
++getph1byindex0(index, side)
+ isakmp_index *index;
++ int side;
+ {
+ struct ph1handle *p;
+
+ LIST_FOREACH(p, &ph1tree, chain) {
+ if (p->status == PHASE1ST_EXPIRED)
+ continue;
++#ifdef ENABLE_RACOON_OVER_LOOPBACK
++ if (p->side != side && side != ANYSIDE)
++ continue;
++#endif
+ if (memcmp(&p->index, index, sizeof(cookie_t)) == 0)
+ return p;
+ }
+@@ -142,8 +152,9 @@
+ * with phase 2's destinaion.
+ */
+ struct ph1handle *
+-getph1byaddr(local, remote)
++getph1byaddr(local, remote, side)
+ struct sockaddr *local, *remote;
++ int side;
+ {
+ struct ph1handle *p;
+
+@@ -154,6 +165,10 @@
+ LIST_FOREACH(p, &ph1tree, chain) {
+ if (p->status == PHASE1ST_EXPIRED)
+ continue;
++ #ifdef ENABLE_RACOON_OVER_LOOPBACK
++ if (p->side != side && side != ANYSIDE)
++ continue;
++ #endif
+ plog(LLV_DEBUG2, LOCATION, NULL, "p->local: %s\n", saddr2str(p->local));
+ plog(LLV_DEBUG2, LOCATION, NULL, "p->remote: %s\n", saddr2str(p->remote));
+ if (CMPSADDR(local, p->local) == 0
+@@ -169,14 +184,19 @@
+ }
+
+ struct ph1handle *
+-getph1byaddrwop(local, remote)
++getph1byaddrwop(local, remote, side)
+ struct sockaddr *local, *remote;
++ int side;
+ {
+ struct ph1handle *p;
+
+ LIST_FOREACH(p, &ph1tree, chain) {
+ if (p->status == PHASE1ST_EXPIRED)
+ continue;
++#ifdef ENABLE_RACOON_OVER_LOOPBACK
++ if (p->side != side && side != ANYSIDE)
++ continue;
++#endif
+ if (cmpsaddrwop(local, p->local) == 0
+ && cmpsaddrwop(remote, p->remote) == 0)
+ return p;
+@@ -191,14 +211,19 @@
+ * with phase 2's destinaion.
+ */
+ struct ph1handle *
+-getph1bydstaddrwop(remote)
++getph1bydstaddrwop(remote, side)
+ struct sockaddr *remote;
++ int side;
+ {
+ struct ph1handle *p;
+
+ LIST_FOREACH(p, &ph1tree, chain) {
+ if (p->status == PHASE1ST_EXPIRED)
+ continue;
++#ifdef ENABLE_RACOON_OVER_LOOPBACK
++ if (p->side != side && side != ANYSIDE)
++ continue;
++#endif
+ if (cmpsaddrwop(remote, p->remote) == 0)
+ return p;
+ }
+@@ -466,13 +491,18 @@
+ * search ph2handle with message id.
+ */
+ struct ph2handle *
+-getph2bymsgid(iph1, msgid)
++getph2bymsgid(iph1, msgid, side)
+ struct ph1handle *iph1;
+ u_int32_t msgid;
++ int side;
+ {
+ struct ph2handle *p;
+
+ LIST_FOREACH(p, &ph2tree, chain) {
++#ifdef ENABLE_RACOON_OVER_LOOPBACK
++ if (p->side != side && side != ANYSIDE)
++ continue;
++#endif
+ if (p->msgid == msgid)
+ return p;
+ }
+@@ -511,12 +541,17 @@
+ }
+
+ struct ph2handle *
+-getph2bysaddr(src, dst)
++getph2bysaddr(src, dst, side)
+ struct sockaddr *src, *dst;
++ int side;
+ {
+ struct ph2handle *p;
+
+ LIST_FOREACH(p, &ph2tree, chain) {
++#ifdef ENABLE_RACOON_OVER_LOOPBACK
++ if (p->side != side && side != ANYSIDE)
++ continue;
++#endif
+ if (cmpsaddrstrict(src, p->src) == 0 &&
+ cmpsaddrstrict(dst, p->dst) == 0)
+ return p;
+@@ -1122,7 +1157,7 @@
+ if (iph2->ph1 != NULL)
+ iph1=iph2->ph1;
+ else
+- iph1=getph1byaddr(iph2->src, iph2->dst);
++ iph1=getph1byaddr(iph2->src, iph2->dst, ANYSIDE);
+
+ if(iph1 != NULL && iph1->rmconf != NULL) {
+ check_level = iph1->rmconf->pcheck_level;
+--- ipsec-tools-0.7/src/racoon/pfkey.c.loopback 2007-08-28 23:46:38.000000000 -0500
++++ ipsec-tools-0.7/src/racoon/pfkey.c 2007-08-28 23:46:38.000000000 -0500
+@@ -1264,10 +1264,11 @@
+ /* turn off the timer for calling pfkey_timeover() */
+ SCHED_KILL(iph2->sce);
+
++#ifdef ENABLE_RACOON_OVER_LOOPBACK
+ /* update status */
+- /* Do this in pk_recvadd
+- * iph2->status = PHASE2ST_ESTABLISHED;
+- */
++ if (cmpsaddrstrict(iph2->ph1->local, iph2->ph1->remote) == 0)
++ iph2->status = PHASE2ST_ESTABLISHED;
++#endif
+
+ #ifdef ENABLE_STATS
+ gettimeofday(&iph2->end, NULL);
+@@ -1322,6 +1323,12 @@
+ return -1;
+ }
+
++#ifdef ENABLE_RACOON_OVER_LOOPBACK
++ /* This prevents adding the same SA twice, since done in update */
++ if (cmpsaddrstrict(iph2->ph1->local, iph2->ph1->remote) == 0)
++ return 0;
++#endif
++
+ if (iph2->side == INITIATOR)
+ proxy = iph2->ph1->rmconf->support_proxy;
+ else if (iph2->sainfo && iph2->sainfo->id_i)
+@@ -1764,7 +1771,7 @@
+ */
+ iph2[0] = getph2byid(src, dst, xpl->sadb_x_policy_id);
+ if (iph2[0] == NULL)
+- iph2[0] = getph2bysaddr(src, dst);
++ iph2[0] = getph2bysaddr(src, dst, ANYSIDE);
+
+ if (iph2[0] != NULL) {
+ if (iph2[0]->status < PHASE2ST_ESTABLISHED) {
+--- ipsec-tools-0.7/src/racoon/admin.c.loopback 2007-08-01 06:52:19.000000000 -0500
++++ ipsec-tools-0.7/src/racoon/admin.c 2007-08-28 23:46:38.000000000 -0500
+@@ -289,7 +289,7 @@
+ STRDUP_FATAL(loc);
+ STRDUP_FATAL(rem);
+
+- if ((iph1 = getph1byaddrwop(src, dst)) == NULL) {
++ if ((iph1 = getph1byaddrwop(src, dst, ANYSIDE)) == NULL) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "phase 1 for %s -> %s not found\n", loc, rem);
+ } else {
+@@ -340,7 +340,7 @@
+ plog(LLV_INFO, LOCATION, NULL,
+ "Flushing all SAs for peer %s\n", rem);
+
+- while ((iph1 = getph1bydstaddrwop(dst)) != NULL) {
++ while ((iph1 = getph1bydstaddrwop(dst, ANYSIDE)) != NULL) {
+ loc = racoon_strdup(saddrwop2str(iph1->local));
+ STRDUP_FATAL(loc);
+
+--- ipsec-tools-0.7/src/racoon/isakmp_xauth.c.loopback 2007-08-06 23:49:24.000000000 -0500
++++ ipsec-tools-0.7/src/racoon/isakmp_xauth.c 2007-08-28 23:46:38.000000000 -0500
+@@ -360,7 +360,7 @@
+ struct xauth_reply_arg *xra = (struct xauth_reply_arg *)args;
+ struct ph1handle *iph1;
+
+- if ((iph1 = getph1byindex(&xra->index)) != NULL)
++ if ((iph1 = getph1byindex(&xra->index, ANYSIDE)) != NULL)
+ (void)xauth_reply(iph1, xra->port, xra->id, xra->res);
+ else
+ plog(LLV_ERROR, LOCATION, NULL,
+--- ipsec-tools-0.7/src/racoon/isakmp_inf.c.loopback 2007-08-01 06:52:20.000000000 -0500
++++ ipsec-tools-0.7/src/racoon/isakmp_inf.c 2007-08-28 23:49:47.000000000 -0500
+@@ -383,7 +383,7 @@
+ "delete phase1 handle.\n");
+ return -1;
+ } else {
+- if (getph2bymsgid(iph1, msgid) == NULL) {
++ if (getph2bymsgid(iph1, msgid, iph1->side) == NULL) {
+ plog(LLV_ERROR, LOCATION, iph1->remote,
+ "fatal %s notify messsage, "
+ "phase1 should be deleted.\n",
+@@ -512,7 +512,7 @@
+ return 0;
+ }
+
+- del_ph1=getph1byindex((isakmp_index *)(delete + 1));
++ del_ph1=getph1byindex((isakmp_index *)(delete + 1), ANYSIDE);
+ if(del_ph1 != NULL){
+
+ EVT_PUSH(del_ph1->local, del_ph1->remote,
+@@ -641,7 +641,7 @@
+ * don't send delete information if there is no phase 1 handler.
+ * It's nonsensical to negotiate phase 1 to send the information.
+ */
+- iph1 = getph1byaddr(iph2->src, iph2->dst);
++ iph1 = getph1byaddr(iph2->src, iph2->dst, ANYSIDE);
+ if (iph1 == NULL){
+ plog(LLV_DEBUG2, LOCATION, NULL,
+ "No ph1 handler found, could not send DELETE_SA\n");
+@@ -1127,7 +1127,7 @@
+ size_t i;
+
+ for (i = 0; i < n; i++) {
+- iph1 = getph1byindex(&spi[i]);
++ iph1 = getph1byindex(&spi[i], ANYSIDE);
+ if (!iph1)
+ continue;
+
+--- ipsec-tools-0.7/configure.ac.loopback 2007-08-09 11:16:37.000000000 -0500
++++ ipsec-tools-0.7/configure.ac 2007-08-28 23:46:38.000000000 -0500
+@@ -786,6 +786,16 @@
+ fi
+ fi
+
++# Option --enable-racoon-over-loopback
++AC_MSG_CHECKING(if --enable-racoon-over-loopback option is specified)
++AC_ARG_ENABLE(racoon-over-loopback,
++ [ --enable-racoon-over-loopback enable racoon to use loopback],
++ [], [enable_racoon_over_loopback=no])
++if test $enable_racoon_over_loopback = "yes"; then
++ AC_DEFINE([ENABLE_RACOON_OVER_LOOPBACK], [], [Enable racoon to use loopback])
++fi
++AC_MSG_RESULT($enable_racoon_over_loopback)
++
+ CFLAGS="$CFLAGS $CFLAGS_ADD"
+ CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
+
Index: ipsec-tools.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ipsec-tools/devel/ipsec-tools.spec,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- ipsec-tools.spec 29 Aug 2007 04:04:57 -0000 1.43
+++ ipsec-tools.spec 29 Aug 2007 04:53:14 -0000 1.44
@@ -1,6 +1,6 @@
Name: ipsec-tools
Version: 0.7
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Tools for configuring and using IPSEC
License: BSD
Group: System Environment/Base
@@ -97,6 +97,9 @@
%config(noreplace) /etc/racoon/racoon.conf
%changelog
+* Tue Aug 28 2007 Steve Conklin <sconklin at redhat.com> - 0.7-2
+- Fixed the loopback patch
+
* Tue Aug 28 2007 Steve Conklin <sconklin at redhat.com> - 0.7-1
- Rebase to upstream 0.7
More information about the fedora-extras-commits
mailing list