Commit d8510349 authored by Timo Teräs's avatar Timo Teräs

main/ipsec-tools: update to 2010-10-22 snapshot

remove patches committed upstream. and add a patch for dpd related
minor fix.
parent 3ac77156
debugging prints for quick mode errors
From: Timo Teras <timo.teras@iki.fi>
---
src/racoon/isakmp.c | 21 ++++++++++++++-------
src/racoon/isakmp_quick.c | 46 ++++++++++++++++++++++++++++++++++++++-------
2 files changed, 53 insertions(+), 14 deletions(-)
diff --git a/src/racoon/isakmp.c b/src/racoon/isakmp.c
index 2dfda2f..87ce598 100644
--- a/src/racoon/isakmp.c
+++ b/src/racoon/isakmp.c
@@ -817,7 +817,8 @@ ph1_main(iph1, msg)
if (iph1->side == RESPONDER && iph1->status == PHASE1ST_START) {
plog(LLV_ERROR, LOCATION, iph1->remote,
- "failed to pre-process packet.\n");
+ "failed to pre-process ph1 packet (side: %d, status %d).\n",
+ iph1->side, iph1->status);
return -1;
} else {
/* ignore the error and keep phase 1 handler */
@@ -845,7 +846,8 @@ ph1_main(iph1, msg)
[iph1->side]
[iph1->status])(iph1, msg) != 0) {
plog(LLV_ERROR, LOCATION, iph1->remote,
- "failed to process packet.\n");
+ "failed to process ph1 packet (side: %d, status: %d).\n",
+ iph1->side, iph1->status);
return -1;
}
@@ -997,7 +999,8 @@ quick_main(iph2, msg)
[iph2->status])(iph2, msg);
if (error != 0) {
plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
- "failed to pre-process packet.\n");
+ "failed to pre-process ph2 packet (side: %d, status %d).\n",
+ iph2->side, iph2->status);
if (error == ISAKMP_INTERNAL_ERROR)
return 0;
isakmp_info_send_n1(iph2->ph1, error, NULL);
@@ -1025,7 +1028,8 @@ quick_main(iph2, msg)
[iph2->side]
[iph2->status])(iph2, msg) != 0) {
plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
- "failed to process packet.\n");
+ "failed to process ph2 packet (side: %d, status: %d).\n",
+ iph2->side, iph2->status);
return -1;
}
@@ -1233,7 +1237,8 @@ isakmp_ph1begin_r(msg, remote, local, etype)
[iph1->side]
[iph1->status])(iph1, msg) < 0) {
plog(LLV_ERROR, LOCATION, remote,
- "failed to process packet.\n");
+ "failed to process ph1 packet (side: %d, status: %d).\n",
+ iph1->side, iph1->status);
remph1(iph1);
delph1(iph1);
return -1;
@@ -1386,7 +1391,8 @@ isakmp_ph2begin_r(iph1, msg)
[iph2->status])(iph2, msg);
if (error != 0) {
plog(LLV_ERROR, LOCATION, iph1->remote,
- "failed to pre-process packet.\n");
+ "failed to pre-process ph2 packet (side: %d, status: %d).\n",
+ iph2->side, iph2->status);
if (error != ISAKMP_INTERNAL_ERROR)
isakmp_info_send_n1(iph2->ph1, error, NULL);
/*
@@ -1404,7 +1410,8 @@ isakmp_ph2begin_r(iph1, msg)
[iph2->side]
[iph2->status])(iph2, msg) < 0) {
plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
- "failed to process packet.\n");
+ "failed to process ph2 packet (side: %d, status: %d).\n",
+ iph2->side, iph2->status);
/* don't release handler */
return -1;
}
diff --git a/src/racoon/isakmp_quick.c b/src/racoon/isakmp_quick.c
index 46c84c1..2657407 100644
--- a/src/racoon/isakmp_quick.c
+++ b/src/racoon/isakmp_quick.c
@@ -495,18 +495,27 @@ quick_i2recv(iph2, msg0)
"isn't supported.\n");
break;
}
- if (isakmp_p2ph(&iph2->sa_ret, pa->ptr) < 0)
+ if (isakmp_p2ph(&iph2->sa_ret, pa->ptr) < 0) {
+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
+ "duplicate ISAKMP_NPTYPE_SA.\n");
goto end;
+ }
break;
case ISAKMP_NPTYPE_NONCE:
- if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0)
+ if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0) {
+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
+ "duplicate ISAKMP_NPTYPE_NONCE.\n");
goto end;
+ }
break;
case ISAKMP_NPTYPE_KE:
- if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0)
+ if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0) {
+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
+ "duplicate ISAKMP_NPTYPE_KE.\n");
goto end;
+ }
break;
case ISAKMP_NPTYPE_ID:
@@ -517,6 +526,8 @@ quick_i2recv(iph2, msg0)
if (isakmp_p2ph(&idcr, pa->ptr) < 0)
goto end;
} else {
+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
+ "too many ISAKMP_NPTYPE_ID payloads.\n");
goto end;
}
break;
@@ -557,6 +568,8 @@ quick_i2recv(iph2, msg0)
iph2->natoa_dst = daddr;
else {
racoon_free(daddr);
+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
+ "too many ISAKMP_NPTYPE_NATOA payloads.\n");
goto end;
}
}
@@ -718,6 +731,8 @@ quick_i2recv(iph2, msg0)
/* validity check SA payload sent from responder */
if (ipsecdoi_checkph2proposal(iph2) < 0) {
+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
+ "proposal check failed.\n");
error = ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN;
goto end;
}
@@ -1077,8 +1092,11 @@ quick_r1recv(iph2, msg0)
}
/* decrypt packet */
msg = oakley_do_decrypt(iph2->ph1, msg0, iph2->ivm->iv, iph2->ivm->ive);
- if (msg == NULL)
+ if (msg == NULL) {
+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
+ "Packet decryption failed.\n");
goto end;
+ }
/* create buffer for using to validate HASH(1) */
/*
@@ -1162,18 +1180,27 @@ quick_r1recv(iph2, msg0)
"Multi SAs isn't supported.\n");
goto end;
}
- if (isakmp_p2ph(&iph2->sa, pa->ptr) < 0)
+ if (isakmp_p2ph(&iph2->sa, pa->ptr) < 0) {
+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
+ "duplicate ISAKMP_NPTYPE_SA.\n");
goto end;
+ }
break;
case ISAKMP_NPTYPE_NONCE:
- if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0)
+ if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0) {
+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
+ "duplicate ISAKMP_NPTYPE_NONCE.\n");
goto end;
+ }
break;
case ISAKMP_NPTYPE_KE:
- if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0)
+ if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0) {
+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
+ "duplicate ISAKMP_NPTYPE_KE.\n");
goto end;
+ }
break;
case ISAKMP_NPTYPE_ID:
@@ -1241,6 +1268,9 @@ quick_r1recv(iph2, msg0)
iph2->natoa_src = daddr;
else {
racoon_free(daddr);
+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
+ "received too many NAT-OA payloads.\n");
+ error = ISAKMP_NTYPE_PAYLOAD_MALFORMED;
goto end;
}
}
@@ -1333,6 +1363,8 @@ quick_r1recv(iph2, msg0)
case 0:
/* select single proposal or reject it. */
if (ipsecdoi_selectph2proposal(iph2) < 0) {
+ plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
+ "no proposal chosen.\n");
error = ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN;
goto end;
}
Index: src/racoon/isakmp_inf.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c,v
retrieving revision 1.41
diff -u -r1.41 isakmp_inf.c
--- a/src/racoon/isakmp_inf.c 3 Jul 2009 06:41:46 -0000 1.41
+++ b/src/racoon/isakmp_inf.c 5 May 2010 15:56:38 -0000
@@ -1450,17 +1450,16 @@
struct isakmp_pl_ru *ru;
u_int32_t msgid;
{
+ u_int32_t seq;
plog(LLV_DEBUG, LOCATION, iph1->remote,
"DPD R-U-There-Ack received\n");
- /* XXX Maintain window of acceptable sequence numbers ?
- * => ru->data <= iph2->dpd_seq &&
- * ru->data >= iph2->dpd_seq - iph2->dpd_fails ? */
- if (ntohl(ru->data) != iph1->dpd_seq-1) {
+ seq = ntohl(ru->data);
+ if (seq <= iph1->dpd_last_ack || seq > iph1->dpd_seq) {
plog(LLV_ERROR, LOCATION, iph1->remote,
- "Wrong DPD sequence number (%d, %d expected).\n",
- ntohl(ru->data), iph1->dpd_seq-1);
+ "Wrong DPD sequence number (%d; last_ack=%d, seq=%d).\n",
+ seq, iph1->dpd_last_ack, iph1->dpd_seq);
return 0;
}
@@ -1472,6 +1471,7 @@
}
iph1->dpd_fails = 0;
+ iph1->dpd_last_ack = seq;
sched_cancel(&iph1->dpd_r_u);
isakmp_sched_r_u(iph1, 0);
@@ -1535,12 +1535,13 @@
memcpy(ru->i_ck, iph1->index.i_ck, sizeof(cookie_t));
memcpy(ru->r_ck, iph1->index.r_ck, sizeof(cookie_t));
- if (iph1->dpd_seq == 0){
+ if (iph1->dpd_seq == 0) {
/* generate a random seq which is not too big */
- srand(time(NULL));
- iph1->dpd_seq = rand() & 0x0fff;
+ iph1->dpd_seq = iph1->dpd_last_ack = rand() & 0x0fff;
}
+ iph1->dpd_seq++;
+ iph1->dpd_fails++;
ru->data = htonl(iph1->dpd_seq);
error = isakmp_info_send_common(iph1, payload, ISAKMP_NPTYPE_N, 0);
@@ -1549,12 +1550,6 @@
plog(LLV_DEBUG, LOCATION, iph1->remote,
"DPD R-U-There sent (%d)\n", error);
- /* will be decreased if ACK received... */
- iph1->dpd_fails++;
-
- /* XXX should be increased only when ACKed ? */
- iph1->dpd_seq++;
-
/* Reschedule the r_u_there with a short delay,
* will be deleted/rescheduled if ACK received before */
isakmp_sched_r_u(iph1, 1);
Index: src/racoon/handler.h
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.h,v
retrieving revision 1.22
diff -u -r1.22 handler.h
--- a/src/racoon/handler.h 3 Sep 2009 09:29:07 -0000 1.22
+++ b/src/racoon/handler.h 5 May 2010 15:56:39 -0000
@@ -202,7 +202,8 @@
#ifdef ENABLE_DPD
int dpd_support; /* Does remote supports DPD ? */
- u_int16_t dpd_seq; /* DPD seq number to receive */
+ u_int32_t dpd_last_ack;
+ u_int32_t dpd_seq; /* DPD seq number to receive */
u_int8_t dpd_fails; /* number of failures */
struct sched dpd_r_u;
#endif
Index: src/racoon/crypto_openssl.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c,v
retrieving revision 1.19
diff -u -r1.19 crypto_openssl.c
--- a/src/racoon/crypto_openssl.c 29 Apr 2009 10:50:01 -0000 1.19
+++ b/src/racoon/crypto_openssl.c 4 Jun 2010 09:13:18 -0000
@@ -1800,6 +1800,42 @@
return (caddr_t)c;
}
+static vchar_t *eay_hmac_one(key, data, type)
+ vchar_t *key, *data;
+ const EVP_MD *type;
+{
+ vchar_t *res;
+
+ if ((res = vmalloc(EVP_MD_size(type))) == 0)
+ return NULL;
+
+ if (!HMAC(type, (void *) key->v, key->l,
+ (void *) data->v, data->l, (void *) res->v, NULL)) {
+ vfree(res);
+ return NULL;
+ }
+
+ return res;
+}
+
+static vchar_t *eay_digest_one(data, type)
+ vchar_t *data;
+ const EVP_MD *type;
+{
+ vchar_t *res;
+
+ if ((res = vmalloc(EVP_MD_size(type))) == 0)
+ return NULL;
+
+ if (!EVP_Digest((void *) data->v, data->l,
+ (void *) res->v, NULL, type, NULL)) {
+ vfree(res);
+ return NULL;
+ }
+
+ return res;
+}
+
#ifdef WITH_SHA2
/*
* HMAC SHA2-512
@@ -1808,14 +1844,7 @@
eay_hmacsha2_512_one(key, data)
vchar_t *key, *data;
{
- vchar_t *res;
- caddr_t ctx;
-
- ctx = eay_hmacsha2_512_init(key);
- eay_hmacsha2_512_update(ctx, data);
- res = eay_hmacsha2_512_final(ctx);
-
- return(res);
+ return eay_hmac_one(key, data, EVP_sha2_512());
}
caddr_t
@@ -1865,14 +1894,7 @@
eay_hmacsha2_384_one(key, data)
vchar_t *key, *data;
{
- vchar_t *res;
- caddr_t ctx;
-
- ctx = eay_hmacsha2_384_init(key);
- eay_hmacsha2_384_update(ctx, data);
- res = eay_hmacsha2_384_final(ctx);
-
- return(res);
+ return eay_hmac_one(key, data, EVP_sha2_384());
}
caddr_t
@@ -1922,14 +1944,7 @@
eay_hmacsha2_256_one(key, data)
vchar_t *key, *data;
{
- vchar_t *res;
- caddr_t ctx;
-
- ctx = eay_hmacsha2_256_init(key);
- eay_hmacsha2_256_update(ctx, data);
- res = eay_hmacsha2_256_final(ctx);
-
- return(res);
+ return eay_hmac_one(key, data, EVP_sha2_256());
}
caddr_t
@@ -1980,14 +1995,7 @@
eay_hmacsha1_one(key, data)
vchar_t *key, *data;
{
- vchar_t *res;
- caddr_t ctx;
-
- ctx = eay_hmacsha1_init(key);
- eay_hmacsha1_update(ctx, data);
- res = eay_hmacsha1_final(ctx);
-
- return(res);
+ return eay_hmac_one(key, data, EVP_sha1());
}
caddr_t
@@ -2037,14 +2045,7 @@
eay_hmacmd5_one(key, data)
vchar_t *key, *data;
{
- vchar_t *res;
- caddr_t ctx;
-
- ctx = eay_hmacmd5_init(key);
- eay_hmacmd5_update(ctx, data);
- res = eay_hmacmd5_final(ctx);
-
- return(res);
+ return eay_hmac_one(key, data, EVP_md5());
}
caddr_t
@@ -2130,14 +2131,7 @@
eay_sha2_512_one(data)
vchar_t *data;
{
- caddr_t ctx;
- vchar_t *res;
-
- ctx = eay_sha2_512_init();
- eay_sha2_512_update(ctx, data);
- res = eay_sha2_512_final(ctx);
-
- return(res);
+ return eay_digest_one(data, EVP_sha512());
}
int
@@ -2190,14 +2184,7 @@
eay_sha2_384_one(data)
vchar_t *data;
{
- caddr_t ctx;
- vchar_t *res;
-
- ctx = eay_sha2_384_init();
- eay_sha2_384_update(ctx, data);
- res = eay_sha2_384_final(ctx);
-
- return(res);
+ return eay_digest_one(data, EVP_sha2_384());
}
int
@@ -2250,14 +2237,7 @@
eay_sha2_256_one(data)
vchar_t *data;
{
- caddr_t ctx;
- vchar_t *res;
-
- ctx = eay_sha2_256_init();
- eay_sha2_256_update(ctx, data);
- res = eay_sha2_256_final(ctx);
-
- return(res);
+ return eay_digest_one(data, EVP_sha2_256());
}
int
@@ -2309,14 +2289,7 @@
eay_sha1_one(data)
vchar_t *data;
{
- caddr_t ctx;
- vchar_t *res;
-
- ctx = eay_sha1_init();
- eay_sha1_update(ctx, data);
- res = eay_sha1_final(ctx);
-
- return(res);
+ return eay_digest_one(data, EVP_sha1());
}
int
@@ -2367,14 +2340,7 @@
eay_md5_one(data)
vchar_t *data;
{
- caddr_t ctx;
- vchar_t *res;
-
- ctx = eay_md5_init();
- eay_md5_update(ctx, data);
- res = eay_md5_final(ctx);
-
- return(res);
+ return eay_digest_one(data, EVP_md5());
}
int
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ipsec-tools
pkgver=0.8_alpha20090903
_myver=0.8-alpha20090903
pkgrel=11
pkgver=0.8_alpha20101022
_myver=0.8-alpha20101022
pkgrel=0
pkgdesc="User-space IPsec tools for various IPsec implementations"
url="http://ipsec-tools.sourceforge.net/"
license="BSD"
......@@ -13,12 +13,9 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$_myver.tar.gz
racoon.initd
racoon.confd
50-reverse-connect.patch
60-debug-quick.patch
initial-contact-fix.diff
fd-priorities.patch
70-rcvbuf-size.patch
75-racoonctl-rcvbuf.patch
90-openssl-oneshot.patch
90-dpd-window-fix.patch
"
_builddir="$srcdir"/$pkgname-$_myver
......@@ -28,7 +25,6 @@ prepare() {
msg "Applying $i..."
patch -p1 -i $i || return 1
done
patch -p0 -i "$srcdir"/initial-contact-fix.diff || return 1
sed -i 's:-Werror::g' configure
}
......@@ -59,13 +55,10 @@ package() {
install -D -m644 ../racoon.confd "$pkgdir"/etc/conf.d/racoon
}
md5sums="8ec28d4e89c0f5e49ae2caa7463fbcfd ipsec-tools-0.8-alpha20090903.tar.gz
md5sums="1492b83edc944b5d32d2eff51e33399e ipsec-tools-0.8-alpha20101022.tar.gz
74f12ed04ed273a738229c0bfbf829cc racoon.initd
2d00250cf72da7f2f559c91b65a48747 racoon.confd
13bda94a598aabf593280e04ea16065d 50-reverse-connect.patch
baa13d7f0f48955c792f7fcd42a8587a 60-debug-quick.patch
69e06c5cc3a0c1cc8b10ddc89d1e644b initial-contact-fix.diff
c1e8b8dc80ef4b5d79fece52a4865e68 fd-priorities.patch
f40c78e4ca4b92d2bf74e4fcf3a8d91f 70-rcvbuf-size.patch
2d5d24c4a3684a38584f88720f71c7d6 75-racoonctl-rcvbuf.patch
11e2c21e443edab17725f74ffeaddb76 90-openssl-oneshot.patch"
0391a6967ad19673588302bc8b17e0e2 90-dpd-window-fix.patch"
? .msg
? ChangeLog
? alpine-config
? commiters.txt
? fd-priorities-2.patch
? fd-priorities.patch
? ipsec-tools-0.8-alpha20090820.tar.bz2
? ipsec-tools-0.8-alpha20090903.tar.bz2
? local-changes.diff
? patch-to-support-cast128-cbc-algorithm.patch
? racoon.txt
? rpm/Makefile
? rpm/Makefile.in
? rpm/ipsec-tools.spec
? rpm/suse/Makefile
? rpm/suse/Makefile.in
? rpm/suse/ipsec-tools.spec
? src/Makefile
? src/Makefile.in
? src/include-glibc/.includes
? src/include-glibc/Makefile
? src/include-glibc/Makefile.in
? src/libipsec/.deps
? src/libipsec/.libs
? src/libipsec/Makefile
? src/libipsec/Makefile.in
? src/libipsec/ipsec_dump_policy.lo
? src/libipsec/ipsec_get_policylen.lo
? src/libipsec/ipsec_strerror.lo
? src/libipsec/key_debug.lo
? src/libipsec/libipsec.la
? src/libipsec/pfkey.lo
? src/libipsec/pfkey_dump.lo
? src/libipsec/policy_parse.c
? src/libipsec/policy_parse.h
? src/libipsec/policy_parse.lo
? src/libipsec/policy_token.c
? src/libipsec/policy_token.lo
? src/racoon/.deps
? src/racoon/.libs
? src/racoon/Makefile
? src/racoon/Makefile.in
? src/racoon/cfparse.c
? src/racoon/cfparse.h
? src/racoon/cftoken.c
? src/racoon/eaytest
? src/racoon/libracoon.la
? src/racoon/libracoon_la-kmpstat.lo
? src/racoon/libracoon_la-misc.lo
? src/racoon/libracoon_la-sockmisc.lo
? src/racoon/libracoon_la-vmbuf.lo
? src/racoon/plainrsa-gen
? src/racoon/prsa_par.c
? src/racoon/prsa_par.h
? src/racoon/prsa_tok.c
? src/racoon/racoon
? src/racoon/racoonctl
? src/racoon/samples/psk.txt
? src/racoon/samples/racoon.conf
? src/setkey/.deps
? src/setkey/.libs
? src/setkey/Makefile
? src/setkey/Makefile.in
? src/setkey/parse.c
? src/setkey/parse.h
? src/setkey/setkey
? src/setkey/token.c
Index: src/racoon/admin.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/admin.c,v
retrieving revision 1.32
diff -u -r1.32 admin.c
--- a/src/racoon/admin.c 3 Sep 2009 09:29:07 -0000 1.32
+++ b/src/racoon/admin.c 9 Mar 2010 07:50:46 -0000
@@ -734,7 +734,7 @@
return -1;
}
- monitor_fd(lcconf->sock_admin, admin_handler, NULL);
+ monitor_fd(lcconf->sock_admin, admin_handler, NULL, 0);
plog(LLV_DEBUG, LOCATION, NULL,
"open %s as racoon management.\n", sunaddr.sun_path);
Index: src/racoon/evt.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/evt.c,v
retrieving revision 1.9
diff -u -r1.9 evt.c
--- a/src/racoon/evt.c 23 Jan 2009 08:05:58 -0000 1.9
+++ b/src/racoon/evt.c 9 Mar 2010 07:50:46 -0000
@@ -373,7 +373,7 @@
LIST_INSERT_HEAD(list, l, ll_chain);
l->fd = fd;
- monitor_fd(l->fd, evt_unsubscribe_cb, l);
+ monitor_fd(l->fd, evt_unsubscribe_cb, l, 0);
plog(LLV_DEBUG, LOCATION, NULL,
"[%d] admin connection is polling events\n", fd);
Index: src/racoon/grabmyaddr.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c,v
retrieving revision 1.23
diff -u -r1.23 grabmyaddr.c
--- a/src/racoon/grabmyaddr.c 3 Jul 2009 06:41:46 -0000 1.23
+++ b/src/racoon/grabmyaddr.c 9 Mar 2010 07:50:46 -0000
@@ -296,7 +296,7 @@
lcconf->rtsock = kernel_open_socket();
if (lcconf->rtsock < 0)
return -1;
- monitor_fd(lcconf->rtsock, kernel_receive, NULL);
+ monitor_fd(lcconf->rtsock, kernel_receive, NULL, 0);
} else {
lcconf->rtsock = -1;
if (!myaddr_open_all_configured(NULL))
Index: src/racoon/isakmp.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c,v
retrieving revision 1.60
diff -u -r1.60 isakmp.c
--- a/src/racoon/isakmp.c 3 Sep 2009 09:29:07 -0000 1.60
+++ b/src/racoon/isakmp.c 9 Mar 2010 07:50:48 -0000
@@ -1720,7 +1720,7 @@
"%s used as isakmp port (fd=%d)\n",
saddr2str(addr), fd);
- monitor_fd(fd, isakmp_handler, NULL);
+ monitor_fd(fd, isakmp_handler, NULL, 1);
return fd;
err:
Index: src/racoon/pfkey.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/pfkey.c,v
retrieving revision 1.52
diff -u -r1.52 pfkey.c
--- a/src/racoon/pfkey.c 9 Feb 2010 23:05:16 -0000 1.52
+++ b/src/racoon/pfkey.c 9 Mar 2010 07:50:49 -0000
@@ -487,7 +487,7 @@
return -1;
}
#endif
- monitor_fd(lcconf->sock_pfkey, pfkey_handler, NULL);
+ monitor_fd(lcconf->sock_pfkey, pfkey_handler, NULL, 0);
return 0;
}
Index: src/racoon/session.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/session.c,v
retrieving revision 1.27
diff -u -r1.27 session.c
--- a/src/racoon/session.c 4 Mar 2010 15:13:53 -0000 1.27
+++ b/src/racoon/session.c 9 Mar 2010 07:50:50 -0000
@@ -103,8 +103,13 @@
struct fd_monitor {
int (*callback)(void *ctx, int fd);