rpms/ipsec-tools/devel ipsec-tools-0.7.1-loopback.patch,1.2,1.3
Tomáš Mráz (tmraz)
fedora-extras-commits at redhat.com
Wed Jul 30 19:37:27 UTC 2008
- Previous message (by thread): rpms/maxima/devel maxima.spec,1.108,1.109
- Next message (by thread): rpms/galculator/F-8 .cvsignore, 1.5, 1.6 galculator.spec, 1.13, 1.14 sources, 1.5, 1.6 galculator-1.2.5.2-color-to-string.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tmraz
Update of /cvs/pkgs/rpms/ipsec-tools/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12633
Modified Files:
ipsec-tools-0.7.1-loopback.patch
Log Message:
- Update the patch to new api
ipsec-tools-0.7.1-loopback.patch:
Index: ipsec-tools-0.7.1-loopback.patch
===================================================================
RCS file: /cvs/pkgs/rpms/ipsec-tools/devel/ipsec-tools-0.7.1-loopback.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- ipsec-tools-0.7.1-loopback.patch 30 Jul 2008 18:51:56 -0000 1.2
+++ ipsec-tools-0.7.1-loopback.patch 30 Jul 2008 19:36:57 -0000 1.3
@@ -1,6 +1,6 @@
diff -up ipsec-tools-0.7.1/configure.ac.loopback ipsec-tools-0.7.1/configure.ac
--- ipsec-tools-0.7.1/configure.ac.loopback 2008-07-22 15:53:46.000000000 +0200
-+++ ipsec-tools-0.7.1/configure.ac 2008-07-30 20:00:21.000000000 +0200
++++ ipsec-tools-0.7.1/configure.ac 2008-07-30 21:14:30.000000000 +0200
@@ -794,6 +794,27 @@ if test "$enable_security_context" = "ye
fi
fi
@@ -30,8 +30,8 @@
CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
diff -up ipsec-tools-0.7.1/src/racoon/pfkey.c.loopback ipsec-tools-0.7.1/src/racoon/pfkey.c
---- ipsec-tools-0.7.1/src/racoon/pfkey.c.loopback 2008-07-30 19:59:10.000000000 +0200
-+++ ipsec-tools-0.7.1/src/racoon/pfkey.c 2008-07-30 20:34:11.000000000 +0200
+--- ipsec-tools-0.7.1/src/racoon/pfkey.c.loopback 2008-07-30 21:14:30.000000000 +0200
++++ ipsec-tools-0.7.1/src/racoon/pfkey.c 2008-07-30 21:33:20.000000000 +0200
@@ -99,6 +99,7 @@
#include "nattraversal.h"
#include "crypto_openssl.h"
@@ -40,7 +40,7 @@
#if defined(SADB_X_EALG_RIJNDAELCBC) && !defined(SADB_X_EALG_AESCBC)
#define SADB_X_EALG_AESCBC SADB_X_EALG_RIJNDAELCBC
-@@ -972,6 +973,45 @@ pk_recvgetspi(mhp)
+@@ -972,6 +973,56 @@ pk_recvgetspi(mhp)
return -1;
}
@@ -51,6 +51,7 @@
+
+ src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
+ if (cmpsaddrstrict(src, dst) == 0) {
++ struct pfkey_send_sa_args sa_args;
+ /* yep, this is loopback. install SA */
+ satype = ipsecdoi2pfkey_proto(iph2->proposal->head->proto_id);
+ if (satype == ~0) {
@@ -63,14 +64,24 @@
+ reqid = iph2->proposal->head->reqid_in;
+
+ iph2->status = PHASE2ST_ADDSA;
-+ if (pfkey_send_update(lcconf->sock_pfkey, satype,
-+ IPSEC_MODE_TRANSPORT, src, dst, sa->sadb_sa_spi,
-+ reqid, 0, NULL, SADB_EALG_NULL, 0, SADB_AALG_NONE,
-+ 0, 0, 0, 0, iph2->proposal->lifetime, 0,
-+ iph2->seq, iph2->proposal->sctx.ctx_doi,
-+ iph2->proposal->sctx.ctx_alg,
-+ iph2->proposal->sctx.ctx_str,
-+ iph2->proposal->sctx.ctx_strlen) < 0) {
++
++ memset (&sa_args, 0, sizeof (sa_args));
++ sa_args.so = lcconf->sock_pfkey;
++ sa_args.satype = satype;
++ sa_args.mode = IPSEC_MODE_TRANSPORT;
++ sa_args.src = src;
++ sa_args.dst = dst;
++ sa_args.spi = sa->sadb_sa_spi;
++ sa_args.reqid = reqid;
++ sa_args.e_type = SADB_EALG_NULL;
++ sa_args.a_type = SADB_AALG_NONE;
++ sa_args.l_addtime = iph2->proposal->lifetime;
++ sa_args.seq = iph2->seq;
++ sa_args.ctxdoi = iph2->proposal->sctx.ctx_doi;
++ sa_args.ctxalg = iph2->proposal->sctx.ctx_alg;
++ sa_args.ctxstr = iph2->proposal->sctx.ctx_str;
++ sa_args.ctxstrlen = iph2->proposal->sctx.ctx_strlen;
++ if (pfkey_send_update2(&sa_args) < 0) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "failed to update loopback SA: %s\n",
+ ipsec_strerror());
@@ -86,7 +97,7 @@
/* set SPI, and check to get all spi whether or not */
allspiok = 1;
notfound = 1;
-@@ -1222,6 +1262,26 @@ pk_recvupdate(mhp)
+@@ -1222,6 +1273,26 @@ pk_recvupdate(mhp)
return -1;
}
@@ -113,7 +124,7 @@
/* check to complete all keys ? */
for (pr = iph2->approval->head; pr != NULL; pr = pr->next) {
proto_id = pfkey2ipsecdoi_proto(msg->sadb_msg_satype);
-@@ -1264,11 +1324,6 @@ pk_recvupdate(mhp)
+@@ -1264,11 +1335,6 @@ pk_recvupdate(mhp)
/* turn off the timer for calling pfkey_timeover() */
SCHED_KILL(iph2->sce);
@@ -125,7 +136,7 @@
#ifdef ENABLE_STATS
gettimeofday(&iph2->end, NULL);
syslog(LOG_NOTICE, "%s(%s): %8.6f",
-@@ -1657,6 +1712,7 @@ pk_recvacquire(mhp)
+@@ -1657,6 +1723,7 @@ pk_recvacquire(mhp)
struct sadb_x_sec_ctx *m_sec_ctx;
#endif /* HAVE_SECCTX */
struct policyindex spidx;
@@ -133,7 +144,7 @@
/* ignore this message because of local test mode. */
-@@ -1681,6 +1737,12 @@ pk_recvacquire(mhp)
+@@ -1681,6 +1748,12 @@ pk_recvacquire(mhp)
m_sec_ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
if (m_sec_ctx != NULL) {
@@ -146,7 +157,7 @@
plog(LLV_INFO, LOCATION, NULL, "security context doi: %u\n",
m_sec_ctx->sadb_x_ctx_doi);
plog(LLV_INFO, LOCATION, NULL,
-@@ -1730,7 +1792,6 @@ pk_recvacquire(mhp)
+@@ -1730,7 +1803,6 @@ pk_recvacquire(mhp)
*/
struct sockaddr *sa = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
struct myaddrs *p;
@@ -154,7 +165,7 @@
for (p = lcconf->myaddrs; p; p = p->next) {
if (!cmpsaddrwop(p->addr, sa)) {
do_listen = 1;
-@@ -1853,6 +1914,73 @@ pk_recvacquire(mhp)
+@@ -1853,6 +1925,73 @@ pk_recvacquire(mhp)
plog(LLV_DEBUG, LOCATION, NULL,
"new acquire %s\n", spidx2str(&sp_out->spidx));
@@ -230,7 +241,7 @@
vchar_t *idsrc, *iddst;
diff -up ipsec-tools-0.7.1/src/racoon/Makefile.am.loopback ipsec-tools-0.7.1/src/racoon/Makefile.am
--- ipsec-tools-0.7.1/src/racoon/Makefile.am.loopback 2008-07-23 15:54:16.000000000 +0200
-+++ ipsec-tools-0.7.1/src/racoon/Makefile.am 2008-07-30 20:25:07.000000000 +0200
++++ ipsec-tools-0.7.1/src/racoon/Makefile.am 2008-07-30 21:14:30.000000000 +0200
@@ -39,7 +39,7 @@ racoon_SOURCES = \
EXTRA_racoon_SOURCES = isakmp_xauth.c isakmp_cfg.c isakmp_unity.c throttle.c \
isakmp_frag.c nattraversal.c security.c $(MISSING_ALGOS)
@@ -242,7 +253,7 @@
vmbuf.o sockmisc.o misc.o
diff -up ipsec-tools-0.7.1/src/racoon/policy.h.loopback ipsec-tools-0.7.1/src/racoon/policy.h
--- ipsec-tools-0.7.1/src/racoon/policy.h.loopback 2007-06-07 22:34:19.000000000 +0200
-+++ ipsec-tools-0.7.1/src/racoon/policy.h 2008-07-30 20:27:48.000000000 +0200
++++ ipsec-tools-0.7.1/src/racoon/policy.h 2008-07-30 21:14:30.000000000 +0200
@@ -38,7 +38,12 @@
@@ -269,7 +280,7 @@
extern int get_security_context __P((vchar_t *, struct policyindex *));
diff -up ipsec-tools-0.7.1/src/racoon/main.c.loopback ipsec-tools-0.7.1/src/racoon/main.c
--- ipsec-tools-0.7.1/src/racoon/main.c.loopback 2007-06-07 22:34:18.000000000 +0200
-+++ ipsec-tools-0.7.1/src/racoon/main.c 2008-07-30 20:31:07.000000000 +0200
++++ ipsec-tools-0.7.1/src/racoon/main.c 2008-07-30 21:14:30.000000000 +0200
@@ -169,6 +169,9 @@ main(ac, av)
#ifdef HAVE_SECCTX
init_avc();
@@ -281,8 +292,8 @@
initlcconf();
initrmconf();
diff -up ipsec-tools-0.7.1/src/racoon/handler.h.loopback ipsec-tools-0.7.1/src/racoon/handler.h
---- ipsec-tools-0.7.1/src/racoon/handler.h.loopback 2008-07-30 19:59:10.000000000 +0200
-+++ ipsec-tools-0.7.1/src/racoon/handler.h 2008-07-30 20:29:25.000000000 +0200
+--- ipsec-tools-0.7.1/src/racoon/handler.h.loopback 2008-07-30 21:14:30.000000000 +0200
++++ ipsec-tools-0.7.1/src/racoon/handler.h 2008-07-30 21:14:30.000000000 +0200
@@ -286,6 +286,7 @@ struct ph2handle {
u_int32_t msgid; /* msgid for phase 2 */
@@ -293,7 +304,7 @@
struct saprop *proposal; /* SA(s) proposal. */
diff -up ipsec-tools-0.7.1/src/racoon/security.c.loopback ipsec-tools-0.7.1/src/racoon/security.c
--- ipsec-tools-0.7.1/src/racoon/security.c.loopback 2007-06-07 22:34:19.000000000 +0200
-+++ ipsec-tools-0.7.1/src/racoon/security.c 2008-07-30 20:00:34.000000000 +0200
++++ ipsec-tools-0.7.1/src/racoon/security.c 2008-07-30 21:14:30.000000000 +0200
@@ -55,6 +55,60 @@
#include "proposal.h"
#include "strnames.h"
- Previous message (by thread): rpms/maxima/devel maxima.spec,1.108,1.109
- Next message (by thread): rpms/galculator/F-8 .cvsignore, 1.5, 1.6 galculator.spec, 1.13, 1.14 sources, 1.5, 1.6 galculator-1.2.5.2-color-to-string.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list