rpms/ipsec-tools/devel ipsec-tools-0.7.1-loopback.patch,1.2,1.3

Wed Jul 30 19:37:27 UTC 2008

Author: tmraz

Update of /cvs/pkgs/rpms/ipsec-tools/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12633

Modified Files:
	ipsec-tools-0.7.1-loopback.patch 
Log Message:
- Update the patch to new api


ipsec-tools-0.7.1-loopback.patch:

Index: ipsec-tools-0.7.1-loopback.patch
===================================================================
RCS file: /cvs/pkgs/rpms/ipsec-tools/devel/ipsec-tools-0.7.1-loopback.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3

--- ipsec-tools-0.7.1-loopback.patch	30 Jul 2008 18:51:56 -0000	1.2
+++ ipsec-tools-0.7.1-loopback.patch	30 Jul 2008 19:36:57 -0000	1.3
@@ -1,6 +1,6 @@
 diff -up ipsec-tools-0.7.1/configure.ac.loopback ipsec-tools-0.7.1/configure.ac
 --- ipsec-tools-0.7.1/configure.ac.loopback	2008-07-22 15:53:46.000000000 +0200
-+++ ipsec-tools-0.7.1/configure.ac	2008-07-30 20:00:21.000000000 +0200
++++ ipsec-tools-0.7.1/configure.ac	2008-07-30 21:14:30.000000000 +0200
 @@ -794,6 +794,27 @@ if test "$enable_security_context" = "ye
  	fi
  fi
@@ -30,8 +30,8 @@
  CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
  
 diff -up ipsec-tools-0.7.1/src/racoon/pfkey.c.loopback ipsec-tools-0.7.1/src/racoon/pfkey.c
---- ipsec-tools-0.7.1/src/racoon/pfkey.c.loopback	2008-07-30 19:59:10.000000000 +0200
-+++ ipsec-tools-0.7.1/src/racoon/pfkey.c	2008-07-30 20:34:11.000000000 +0200
+--- ipsec-tools-0.7.1/src/racoon/pfkey.c.loopback	2008-07-30 21:14:30.000000000 +0200
++++ ipsec-tools-0.7.1/src/racoon/pfkey.c	2008-07-30 21:33:20.000000000 +0200
 @@ -99,6 +99,7 @@
  #include "nattraversal.h"
  #include "crypto_openssl.h"
@@ -40,7 +40,7 @@
  
  #if defined(SADB_X_EALG_RIJNDAELCBC) && !defined(SADB_X_EALG_AESCBC)
  #define SADB_X_EALG_AESCBC  SADB_X_EALG_RIJNDAELCBC
-@@ -972,6 +973,45 @@ pk_recvgetspi(mhp) 
+@@ -972,6 +973,56 @@ pk_recvgetspi(mhp) 
  		return -1;
  	}
  
@@ -51,6 +51,7 @@
 +
 +		src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
 +		if (cmpsaddrstrict(src, dst) == 0) {
++			struct pfkey_send_sa_args sa_args;
 +			/* yep, this is loopback. install SA */
 +			satype = ipsecdoi2pfkey_proto(iph2->proposal->head->proto_id);
 +			if (satype == ~0) {
@@ -63,14 +64,24 @@
 +			reqid = iph2->proposal->head->reqid_in;
 +			
 +			iph2->status = PHASE2ST_ADDSA;
-+			if (pfkey_send_update(lcconf->sock_pfkey, satype, 
-+			    IPSEC_MODE_TRANSPORT, src, dst, sa->sadb_sa_spi, 
-+			    reqid, 0, NULL, SADB_EALG_NULL, 0, SADB_AALG_NONE,
-+			    0, 0, 0, 0, iph2->proposal->lifetime, 0, 
-+			    iph2->seq, iph2->proposal->sctx.ctx_doi, 
-+			    iph2->proposal->sctx.ctx_alg,
-+			    iph2->proposal->sctx.ctx_str, 
-+			    iph2->proposal->sctx.ctx_strlen) < 0) {
++
++			memset (&sa_args, 0, sizeof (sa_args));
++			sa_args.so = lcconf->sock_pfkey;
++			sa_args.satype = satype;
++			sa_args.mode = IPSEC_MODE_TRANSPORT;
++			sa_args.src = src;
++			sa_args.dst = dst;
++			sa_args.spi = sa->sadb_sa_spi;
++			sa_args.reqid = reqid;
++			sa_args.e_type = SADB_EALG_NULL;
++			sa_args.a_type = SADB_AALG_NONE;
++			sa_args.l_addtime = iph2->proposal->lifetime;
++			sa_args.seq = iph2->seq;
++			sa_args.ctxdoi = iph2->proposal->sctx.ctx_doi;
++			sa_args.ctxalg = iph2->proposal->sctx.ctx_alg;
++			sa_args.ctxstr = iph2->proposal->sctx.ctx_str;
++			sa_args.ctxstrlen = iph2->proposal->sctx.ctx_strlen;
++			if (pfkey_send_update2(&sa_args) < 0) {
 +				plog(LLV_ERROR, LOCATION, NULL, 
 +				     "failed to update loopback SA: %s\n", 
 +				     ipsec_strerror());
@@ -86,7 +97,7 @@
  	/* set SPI, and check to get all spi whether or not */
  	allspiok = 1;
  	notfound = 1;
-@@ -1222,6 +1262,26 @@ pk_recvupdate(mhp)
+@@ -1222,6 +1273,26 @@ pk_recvupdate(mhp)
  		return -1;
  	}
  
@@ -113,7 +124,7 @@
  	/* check to complete all keys ? */
  	for (pr = iph2->approval->head; pr != NULL; pr = pr->next) {
  		proto_id = pfkey2ipsecdoi_proto(msg->sadb_msg_satype);
-@@ -1264,11 +1324,6 @@ pk_recvupdate(mhp)
+@@ -1264,11 +1335,6 @@ pk_recvupdate(mhp)
  	/* turn off the timer for calling pfkey_timeover() */
  	SCHED_KILL(iph2->sce);
  	
@@ -125,7 +136,7 @@
  #ifdef ENABLE_STATS
  	gettimeofday(&iph2->end, NULL);
  	syslog(LOG_NOTICE, "%s(%s): %8.6f",
-@@ -1657,6 +1712,7 @@ pk_recvacquire(mhp)
+@@ -1657,6 +1723,7 @@ pk_recvacquire(mhp)
  	struct sadb_x_sec_ctx *m_sec_ctx;
  #endif /* HAVE_SECCTX */
  	struct policyindex spidx;
@@ -133,7 +144,7 @@
  
  
  	/* ignore this message because of local test mode. */
-@@ -1681,6 +1737,12 @@ pk_recvacquire(mhp)
+@@ -1681,6 +1748,12 @@ pk_recvacquire(mhp)
  	m_sec_ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
  
  	if (m_sec_ctx != NULL) {
@@ -146,7 +157,7 @@
  		plog(LLV_INFO, LOCATION, NULL, "security context doi: %u\n",
  		     m_sec_ctx->sadb_x_ctx_doi);
  		plog(LLV_INFO, LOCATION, NULL, 
-@@ -1730,7 +1792,6 @@ pk_recvacquire(mhp)
+@@ -1730,7 +1803,6 @@ pk_recvacquire(mhp)
  		 */
  		struct sockaddr *sa = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
  		struct myaddrs *p;
@@ -154,7 +165,7 @@
  		for (p = lcconf->myaddrs; p; p = p->next) {
  			if (!cmpsaddrwop(p->addr, sa)) {
  				do_listen = 1;
-@@ -1853,6 +1914,73 @@ pk_recvacquire(mhp)
+@@ -1853,6 +1925,73 @@ pk_recvacquire(mhp)
  	plog(LLV_DEBUG, LOCATION, NULL,
  		"new acquire %s\n", spidx2str(&sp_out->spidx));
  
@@ -230,7 +241,7 @@
  	vchar_t *idsrc, *iddst;
 diff -up ipsec-tools-0.7.1/src/racoon/Makefile.am.loopback ipsec-tools-0.7.1/src/racoon/Makefile.am
 --- ipsec-tools-0.7.1/src/racoon/Makefile.am.loopback	2008-07-23 15:54:16.000000000 +0200
-+++ ipsec-tools-0.7.1/src/racoon/Makefile.am	2008-07-30 20:25:07.000000000 +0200
++++ ipsec-tools-0.7.1/src/racoon/Makefile.am	2008-07-30 21:14:30.000000000 +0200
 @@ -39,7 +39,7 @@ racoon_SOURCES = \
  EXTRA_racoon_SOURCES = isakmp_xauth.c isakmp_cfg.c isakmp_unity.c throttle.c \
  	isakmp_frag.c nattraversal.c security.c $(MISSING_ALGOS)
@@ -242,7 +253,7 @@
  	vmbuf.o sockmisc.o misc.o
 diff -up ipsec-tools-0.7.1/src/racoon/policy.h.loopback ipsec-tools-0.7.1/src/racoon/policy.h
 --- ipsec-tools-0.7.1/src/racoon/policy.h.loopback	2007-06-07 22:34:19.000000000 +0200
-+++ ipsec-tools-0.7.1/src/racoon/policy.h	2008-07-30 20:27:48.000000000 +0200
++++ ipsec-tools-0.7.1/src/racoon/policy.h	2008-07-30 21:14:30.000000000 +0200
 @@ -38,7 +38,12 @@
  
  
@@ -269,7 +280,7 @@
  extern int get_security_context __P((vchar_t *, struct policyindex *));
 diff -up ipsec-tools-0.7.1/src/racoon/main.c.loopback ipsec-tools-0.7.1/src/racoon/main.c
 --- ipsec-tools-0.7.1/src/racoon/main.c.loopback	2007-06-07 22:34:18.000000000 +0200
-+++ ipsec-tools-0.7.1/src/racoon/main.c	2008-07-30 20:31:07.000000000 +0200
++++ ipsec-tools-0.7.1/src/racoon/main.c	2008-07-30 21:14:30.000000000 +0200
 @@ -169,6 +169,9 @@ main(ac, av)
  #ifdef HAVE_SECCTX
  	init_avc();
@@ -281,8 +292,8 @@
  	initlcconf();
  	initrmconf();
 diff -up ipsec-tools-0.7.1/src/racoon/handler.h.loopback ipsec-tools-0.7.1/src/racoon/handler.h
---- ipsec-tools-0.7.1/src/racoon/handler.h.loopback	2008-07-30 19:59:10.000000000 +0200
-+++ ipsec-tools-0.7.1/src/racoon/handler.h	2008-07-30 20:29:25.000000000 +0200
+--- ipsec-tools-0.7.1/src/racoon/handler.h.loopback	2008-07-30 21:14:30.000000000 +0200
++++ ipsec-tools-0.7.1/src/racoon/handler.h	2008-07-30 21:14:30.000000000 +0200
 @@ -286,6 +286,7 @@ struct ph2handle {
  	u_int32_t msgid;		/* msgid for phase 2 */
    
@@ -293,7 +304,7 @@
  	struct saprop *proposal;	/* SA(s) proposal. */
 diff -up ipsec-tools-0.7.1/src/racoon/security.c.loopback ipsec-tools-0.7.1/src/racoon/security.c
 --- ipsec-tools-0.7.1/src/racoon/security.c.loopback	2007-06-07 22:34:19.000000000 +0200
-+++ ipsec-tools-0.7.1/src/racoon/security.c	2008-07-30 20:00:34.000000000 +0200
++++ ipsec-tools-0.7.1/src/racoon/security.c	2008-07-30 21:14:30.000000000 +0200
 @@ -55,6 +55,60 @@
  #include "proposal.h"
  #include "strnames.h"


