rpms/ipsec-tools/devel ipsec-tools-0.7.1-purge.patch, NONE, 1.1 ipsec-tools.spec, 1.57, 1.58
Tomáš Mráz (tmraz)
fedora-extras-commits at redhat.com
Fri Aug 8 21:01:50 UTC 2008
Author: tmraz
Update of /cvs/pkgs/rpms/ipsec-tools/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17855
Modified Files:
ipsec-tools.spec
Added Files:
ipsec-tools-0.7.1-purge.patch
Log Message:
* Fri Aug 8 2008 Tomas Mraz <tmraz at redhat.com> - 0.7.1-3
- Fix IPSEC SA purge with NAT_T enabled
ipsec-tools-0.7.1-purge.patch:
--- NEW FILE ipsec-tools-0.7.1-purge.patch ---
diff -up ipsec-tools-0.7.1/src/racoon/isakmp.c.purge ipsec-tools-0.7.1/src/racoon/isakmp.c
--- ipsec-tools-0.7.1/src/racoon/isakmp.c.purge 2008-08-08 16:34:53.000000000 +0200
+++ ipsec-tools-0.7.1/src/racoon/isakmp.c 2008-08-08 22:57:00.000000000 +0200
@@ -3194,6 +3194,10 @@ purge_remote(iph1)
u_int proto_id;
struct ph2handle *iph2;
struct ph1handle *new_iph1;
+#ifdef ENABLE_NATT
+ struct sadb_x_nat_t_type *natt_type;
+ struct sadb_x_nat_t_port *natt_port;
+#endif
plog(LLV_INFO, LOCATION, NULL,
"purging ISAKMP-SA spi=%s.\n",
@@ -3252,6 +3256,21 @@ purge_remote(iph1)
continue;
}
+#ifdef ENABLE_NATT
+ natt_type = (void *)mhp[SADB_X_EXT_NAT_T_TYPE];
+ if (natt_type && natt_type->sadb_x_nat_t_type_type) {
+ /* NAT-T is enabled for this SADB entry; copy *
+ * the ports from NAT-T extensions */
+ natt_port = (void *)mhp[SADB_X_EXT_NAT_T_SPORT];
+ if (extract_port(src) == 0 && natt_port != NULL)
+ set_port(src, ntohs(natt_port->sadb_x_nat_t_port_port));
+
+ natt_port = (void *)mhp[SADB_X_EXT_NAT_T_DPORT];
+ if (extract_port(dst) == 0 && natt_port != NULL)
+ set_port(dst, ntohs(natt_port->sadb_x_nat_t_port_port));
+ }
+#endif
+
/*
* check in/outbound SAs.
* Select only SAs where src == local and dst == remote (outgoing)
Index: ipsec-tools.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ipsec-tools/devel/ipsec-tools.spec,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -r1.57 -r1.58
--- ipsec-tools.spec 30 Jul 2008 18:51:56 -0000 1.57
+++ ipsec-tools.spec 8 Aug 2008 21:01:19 -0000 1.58
@@ -1,6 +1,6 @@
Name: ipsec-tools
Version: 0.7.1
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: Tools for configuring and using IPSEC
License: BSD
Group: System Environment/Base
@@ -16,6 +16,7 @@
Patch5: ipsec-tools-0.7-iface.patch
Patch6: ipsec-tools-0.7-dupsplit.patch
Patch9: ipsec-tools-0.7-splitcidr.patch
+Patch10: ipsec-tools-0.7.1-purge.patch
BuildRequires: openssl-devel, krb5-devel, bison, flex, automake, libtool
BuildRequires: libselinux-devel >= 1.30.28-2
@@ -38,6 +39,7 @@
%patch5 -p1 -b .iface
%patch6 -p1 -b .dupsplit
%patch9 -p1 -b .splitcidr
+%patch10 -p1 -b .purge
./bootstrap
@@ -116,6 +118,9 @@
%config(noreplace) /etc/racoon/racoon.conf
%changelog
+* Fri Aug 8 2008 Tomas Mraz <tmraz at redhat.com> - 0.7.1-3
+- Fix IPSEC SA purge with NAT_T enabled
+
* Wed Jul 30 2008 Tomas Mraz <tmraz at redhat.com> - 0.7.1-2
- Different approach to allow racoon to add loopback SAs for
labeled IPSec (without ISAKMP)
More information about the fedora-extras-commits
mailing list