Commit e0484509 authored by Timo Teräs's avatar Timo Teräs

main/strongswan: cherry-pick netlink buffer size fixes from upstream

and rename the patches so that we have groups for upstream
cherry-picks, patches we want to upstream, and locally carried patches.
parent 43c0e0d4
From e0e3b6d92b37ba6633a9cd7f0ed2bd3ce56fdcc0 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 16 Jul 2015 11:43:44 +0200
Subject: [PATCH] kernel-netlink: Actually verify if the netlink message
exceeds the buffer size
It might equal it and that's fine. With MSG_TRUNC we get the actual
message size and can only report an error if we haven't received the
complete message.
---
src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
index b0e3103..809d0f4 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
@@ -185,8 +185,8 @@ static ssize_t read_msg(private_netlink_socket_t *this,
return -1;
}
}
- len = recv(this->socket, buf, buflen, block ? 0 : MSG_DONTWAIT);
- if (len == buflen)
+ len = recv(this->socket, buf, buflen, (block ? 0 : MSG_DONTWAIT)|MSG_TRUNC);
+ if (len > buflen)
{
DBG1(DBG_KNL, "netlink response exceeds buffer size");
return 0;
--
2.4.5
From 7e40d9705de5e94ff64684573c573deb97950b5e Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 16 Jul 2015 11:50:22 +0200
Subject: [PATCH] kernel-netlink: Use the PAGE_SIZE as default for the netlink
receive buffer
The kernel uses NLMSG_GOODSIZE as default buffer size, which defaults to
the PAGE_SIZE if it is lower than 8192 or to that value otherwise.
In some cases (e.g. for dump messages) the kernel might use up to 16k
for messages, which might require increasing this value.
---
conf/plugins/kernel-netlink.opt | 2 +-
src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c | 12 +++++++++++-
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/conf/plugins/kernel-netlink.opt b/conf/plugins/kernel-netlink.opt
index 4338a5f..6adefd8 100644
--- a/conf/plugins/kernel-netlink.opt
+++ b/conf/plugins/kernel-netlink.opt
@@ -1,4 +1,4 @@
-charon.plugins.kernel-netlink.buflen = 4096
+charon.plugins.kernel-netlink.buflen = <min(PAGE_SIZE, 8192)>
Buffer size for received Netlink messages.
charon.plugins.kernel-netlink.fwmark =
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
index 809d0f4..ddb2254 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
@@ -571,7 +571,7 @@ netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names,
.protocol = protocol,
.names = names,
.buflen = lib->settings->get_int(lib->settings,
- "%s.plugins.kernel-netlink.buflen", 4096, lib->ns),
+ "%s.plugins.kernel-netlink.buflen", 0, lib->ns),
.timeout = lib->settings->get_int(lib->settings,
"%s.plugins.kernel-netlink.timeout", 0, lib->ns),
.retries = lib->settings->get_int(lib->settings,
@@ -582,6 +582,16 @@ netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names,
.parallel = parallel,
);
+ if (!this->buflen)
+ {
+ long pagesize = sysconf(_SC_PAGESIZE);
+ if (pagesize == -1)
+ {
+ pagesize = 4096;
+ }
+ /* base this on NLMSG_GOODSIZE */
+ this->buflen = min(pagesize, 8192);
+ }
if (this->socket == -1)
{
DBG1(DBG_KNL, "unable to create netlink socket");
--
2.4.5
......@@ -3,7 +3,7 @@
pkgname=strongswan
pkgver=5.3.2
_pkgver=${pkgver//_rc/rc}
pkgrel=2
pkgrel=3
pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
url="http://www.strongswan.org/"
arch="all"
......@@ -16,11 +16,13 @@ makedepends="$depends_dev linux-headers"
install="$pkgname.pre-install"
subpackages="$pkgname-doc $pkgname-dbg"
source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
0001-charon-add-optional-source-and-remote-overrides-for-.patch
0002-vici-send-certificates-for-ike-sa-events.patch
0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
0004-vici-support-asynchronous-initiation.patch
1000-support-gre-key-in-ikev1.patch
0001-kernel-netlink-Actually-verify-if-the-netlink-messag.patch
0002-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch
1001-charon-add-optional-source-and-remote-overrides-for-.patch
1002-vici-send-certificates-for-ike-sa-events.patch
1003-vici-add-support-rekeying-events-and-individual-sa-s.patch
1004-vici-support-asynchronous-initiation.patch
2001-support-gre-key-in-ikev1.patch
strongswan.initd
charon.initd"
......@@ -104,26 +106,32 @@ package() {
}
md5sums="fab014be1477ef4ebf9a765e10f8802c strongswan-5.3.2.tar.bz2
e553c5e9a895a2d95b1cbc33407d64a0 0001-charon-add-optional-source-and-remote-overrides-for-.patch
8bea05feac6f4e90c4973b2459864437 0002-vici-send-certificates-for-ike-sa-events.patch
125c4e648f73b0dbdaa741ac13ed6d87 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
f65811bd1ae6e7f98cf9d76928a0aa03 0004-vici-support-asynchronous-initiation.patch
b9f874287c35cce075b761087c28ab50 1000-support-gre-key-in-ikev1.patch
eb8d38dbf918e5f3adfd55f8ace7aeb1 0001-kernel-netlink-Actually-verify-if-the-netlink-messag.patch
53982788f8ab0962193f695da30a8a94 0002-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch
e553c5e9a895a2d95b1cbc33407d64a0 1001-charon-add-optional-source-and-remote-overrides-for-.patch
8bea05feac6f4e90c4973b2459864437 1002-vici-send-certificates-for-ike-sa-events.patch
125c4e648f73b0dbdaa741ac13ed6d87 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch
f65811bd1ae6e7f98cf9d76928a0aa03 1004-vici-support-asynchronous-initiation.patch
b9f874287c35cce075b761087c28ab50 2001-support-gre-key-in-ikev1.patch
85ebc1b6c6b9c0c6640d8136e97da8e1 strongswan.initd
7962a720ebef6892d80a3cbdab72c204 charon.initd"
sha256sums="a4a9bc8c4e42bdc4366a87a05a02bf9f425169a7ab0c6f4482d347e44acbf225 strongswan-5.3.2.tar.bz2
a472df28677d4f43a063926a65b52b317dfca0b74f8c6a2e3bf852b94fbf5f0f 0001-charon-add-optional-source-and-remote-overrides-for-.patch
c1cfe3d1e3345238e125a46a492f8dc0800aa3dc75aea060d54cdbab35fd60cb 0002-vici-send-certificates-for-ike-sa-events.patch
4e08d4fe01717de0601411b4756141394ced2d3107adc47f2c2beac2f92a967e 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
42171ee35e7679fe3d4efb80fdb121b0a7ea8df5cf3395bbcccb97d56327027c 0004-vici-support-asynchronous-initiation.patch
ec58de15c3856a2fd9ea003b7e78a7434dad54f9a4c54d499b09a6eef3761d18 1000-support-gre-key-in-ikev1.patch
bce611d5f3d773589c6a751aec7fbaab39c8926134cab6fe2d5586639244bdc0 0001-kernel-netlink-Actually-verify-if-the-netlink-messag.patch
4e1f76a76278c7621ca860156c25dfda90a7d9010b6426a9fd7c74c190166043 0002-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch
a472df28677d4f43a063926a65b52b317dfca0b74f8c6a2e3bf852b94fbf5f0f 1001-charon-add-optional-source-and-remote-overrides-for-.patch
c1cfe3d1e3345238e125a46a492f8dc0800aa3dc75aea060d54cdbab35fd60cb 1002-vici-send-certificates-for-ike-sa-events.patch
4e08d4fe01717de0601411b4756141394ced2d3107adc47f2c2beac2f92a967e 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch
42171ee35e7679fe3d4efb80fdb121b0a7ea8df5cf3395bbcccb97d56327027c 1004-vici-support-asynchronous-initiation.patch
ec58de15c3856a2fd9ea003b7e78a7434dad54f9a4c54d499b09a6eef3761d18 2001-support-gre-key-in-ikev1.patch
ad43d1ed2585d84e12ad1e67fbdfe93983c424c5c64b230d5027c0aae496c65f strongswan.initd
97b018796f0f15106b70694449cff36e8fc586292aab09ef83a05c0c13142e73 charon.initd"
sha512sums="60b17645c00769d497f4cea2229b41a217c29fe1109b58be256a0d4a6ccf4765348b9eb89466539c2528756344c2fa969f25ea1cd8856d56c5d55aa78e632e68 strongswan-5.3.2.tar.bz2
682c768e82c6b8e48680ab73db49eb3a462b90ee317c943a42a82812d171a19da27ff4139bff0fc9af7b228cdcef44a75b86979f4b1b3af0bbc9698e4329fb4a 0001-charon-add-optional-source-and-remote-overrides-for-.patch
ca6eec72f75f243234baa1b361ab6dba82a810d1efb01dbcfd16cd7ce104c3f18fb932c1f6f280a566bfcbe16bc67d7d55e024f72c9eef82a62fe78505293c5c 0002-vici-send-certificates-for-ike-sa-events.patch
2e28af9043cab41f16c57f41ccb65b6591ec32d50a811bd393c4dcf7f0ffe81fac67679c41b716dfc74fca9ebedd178fe0b572b1c2cda3ccc685a0ad0d02f65a 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
39e4a9839b2f6f42f662620b20697c684b90949622f8cc21c393ca55ab40e669befd1d2055e0f0c799cf37733a37bbf4df2b9cebc984a45bb66ecba6fa0ef116 0004-vici-support-asynchronous-initiation.patch
723aad9269ae7da54b1d551b290c80951c3b779737353fa845c00d190c9ef6c6bc406d8ed22254a27844985b7ffaa12b99acce91ec0b192caf639c81b06bf771 1000-support-gre-key-in-ikev1.patch
5ec6fd6160a55d7313f8dd3315a353d426f98ea57d167e73e97bff25ca175d2848f7ea0956cb2ec9cbca24f2be1dc0c1b1d123ee947f64baa6dfc712d04e77e1 0001-kernel-netlink-Actually-verify-if-the-netlink-messag.patch
ee5dc2d2c719895e69d9a0324b48d43b4b86122eb8848143db7a4a629e79d594deeb4a000a429c85a31552358e9e1e2a7de8a1917c6ebb075a77281f074e0740 0002-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch
682c768e82c6b8e48680ab73db49eb3a462b90ee317c943a42a82812d171a19da27ff4139bff0fc9af7b228cdcef44a75b86979f4b1b3af0bbc9698e4329fb4a 1001-charon-add-optional-source-and-remote-overrides-for-.patch
ca6eec72f75f243234baa1b361ab6dba82a810d1efb01dbcfd16cd7ce104c3f18fb932c1f6f280a566bfcbe16bc67d7d55e024f72c9eef82a62fe78505293c5c 1002-vici-send-certificates-for-ike-sa-events.patch
2e28af9043cab41f16c57f41ccb65b6591ec32d50a811bd393c4dcf7f0ffe81fac67679c41b716dfc74fca9ebedd178fe0b572b1c2cda3ccc685a0ad0d02f65a 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch
39e4a9839b2f6f42f662620b20697c684b90949622f8cc21c393ca55ab40e669befd1d2055e0f0c799cf37733a37bbf4df2b9cebc984a45bb66ecba6fa0ef116 1004-vici-support-asynchronous-initiation.patch
723aad9269ae7da54b1d551b290c80951c3b779737353fa845c00d190c9ef6c6bc406d8ed22254a27844985b7ffaa12b99acce91ec0b192caf639c81b06bf771 2001-support-gre-key-in-ikev1.patch
b56008c07b804dacb3441d3802880058986ab7b314297fe485649a771861885b9232f9fd53b94faa3388a5e9330e2b38a86af5c04f3ff119199720043967ec64 strongswan.initd
6f3abaaa8da0925f06cdd184fdf534518e40c49533dba427dbf31dbe88172e5626bdc9aadf798d791f82fbded08801c1f565d514e2c289e1f28448d0c2e72b79 charon.initd"
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment