rpms/ipsec-tools/F-11 ipsec-tools-0.7.2-natt-linux.patch, NONE, 1.1 .cvsignore, 1.13, 1.14 ipsec-tools.spec, 1.63, 1.64 sources, 1.13, 1.14 ipsec-tools-0.7.1-natt-linux.patch, 1.1, NONE
Tomáš Mráz
tmraz at fedoraproject.org
Tue May 5 12:32:58 UTC 2009
- Previous message: rpms/ecryptfs-utils/F-11 ecryptfs-utils-75-werror.patch,1.3,1.4
- Next message: rpms/ipsec-tools/F-10 ipsec-tools-0.7.2-natt-linux.patch, NONE, 1.1 .cvsignore, 1.13, 1.14 ipsec-tools.spec, 1.61, 1.62 sources, 1.13, 1.14 ipsec-tools-0.7.1-natt-linux.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tmraz
Update of /cvs/pkgs/rpms/ipsec-tools/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25378
Modified Files:
.cvsignore ipsec-tools.spec sources
Added Files:
ipsec-tools-0.7.2-natt-linux.patch
Removed Files:
ipsec-tools-0.7.1-natt-linux.patch
Log Message:
* Tue May 5 2009 Tomas Mraz <tmraz at redhat.com> - 0.7.2-1
- Update to a new upstream version
ipsec-tools-0.7.2-natt-linux.patch:
--- NEW FILE ipsec-tools-0.7.2-natt-linux.patch ---
diff -up ipsec-tools-0.7.2/src/racoon/isakmp_inf.c.natt-linux ipsec-tools-0.7.2/src/racoon/isakmp_inf.c
--- ipsec-tools-0.7.2/src/racoon/isakmp_inf.c.natt-linux 2009-04-20 15:35:36.000000000 +0200
+++ ipsec-tools-0.7.2/src/racoon/isakmp_inf.c 2009-04-23 14:46:55.000000000 +0200
@@ -1144,7 +1144,6 @@ purge_ipsec_spi(dst0, proto, spi, n)
caddr_t mhp[SADB_EXT_MAX + 1];
#ifdef ENABLE_NATT
struct sadb_x_nat_t_type *natt_type;
- struct sadb_x_nat_t_port *natt_port;
#endif
plog(LLV_DEBUG2, LOCATION, NULL,
@@ -1200,17 +1199,8 @@ purge_ipsec_spi(dst0, proto, spi, n)
}
#ifdef ENABLE_NATT
natt_type = (void *)mhp[SADB_X_EXT_NAT_T_TYPE];
- if (natt_type && natt_type->sadb_x_nat_t_type_type) {
- /* NAT-T is enabled for this SADB entry; copy
- * the ports from NAT-T extensions */
- natt_port = (void *)mhp[SADB_X_EXT_NAT_T_SPORT];
- if (extract_port(src) == 0 && natt_port != NULL)
- set_port(src, ntohs(natt_port->sadb_x_nat_t_port_port));
-
- natt_port = (void *)mhp[SADB_X_EXT_NAT_T_DPORT];
- if (extract_port(dst) == 0 && natt_port != NULL)
- set_port(dst, ntohs(natt_port->sadb_x_nat_t_port_port));
- }else{
+ if (natt_type == NULL ||
+ ! natt_type->sadb_x_nat_t_type_type) {
/* Force default UDP ports, so CMPSADDR will match SAs with NO encapsulation
*/
set_port(src, PORT_ISAKMP);
diff -up ipsec-tools-0.7.2/src/racoon/pfkey.c.natt-linux ipsec-tools-0.7.2/src/racoon/pfkey.c
--- ipsec-tools-0.7.2/src/racoon/pfkey.c.natt-linux 2009-04-23 14:40:08.000000000 +0200
+++ ipsec-tools-0.7.2/src/racoon/pfkey.c 2009-04-23 14:40:08.000000000 +0200
@@ -290,6 +290,13 @@ pfkey_dump_sadb(satype)
struct sadb_msg *msg = NULL;
size_t bl, ml;
int len;
+#if defined(__linux__) && defined(ENABLE_NATT)
+ caddr_t mhp[SADB_EXT_MAX + 1];
+ struct sadb_sa *sa;
+ struct sockaddr *src, *dst;
+ struct sadb_x_nat_t_type *natt_type;
+ struct sadb_x_nat_t_port *natt_port;
+#endif
if ((s = privsep_pfkey_open()) < 0) {
plog(LLV_ERROR, LOCATION, NULL,
@@ -325,6 +332,45 @@ pfkey_dump_sadb(satype)
continue;
}
+#if defined(__linux__) && defined(ENABLE_NATT)
+ /*
+ * NetBSD returns the NAT-T ports in the src and dst sockaddrs
+ * in addition to the SADB_X_EXT_NAT_T_*PORT structs.
+ *
+ * Linux only returns them in the SADB_X_EXT_NAT_T_*PORT
+ * structs. The racoon codebase is making the assumption that
+ * the NAT-T ports are reflected by the ports in the src and
+ * dst sockaddrs. We stick that information into those structs
+ * here to meet the assumptions elsewhere.
+ */
+ if (pfkey_align(msg, mhp) || pfkey_check(mhp)) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "pfkey_check (%s)\n", ipsec_strerror());
+ goto no_fixup;
+ }
+
+ sa = (struct sadb_sa *)(mhp[SADB_EXT_SA]);
+ if (!sa || !mhp[SADB_EXT_ADDRESS_SRC] || !mhp[SADB_EXT_ADDRESS_DST]) {
+ goto no_fixup;
+ }
+
+ src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
+ dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
+
+ natt_type = (struct sadb_x_nat_t_type *)(mhp[SADB_X_EXT_NAT_T_TYPE]);
+
+ if (natt_type && natt_type->sadb_x_nat_t_type_type) {
+ /* set the src and dst ports */
+ natt_port = (struct sadb_x_nat_t_port *)(mhp[SADB_X_EXT_NAT_T_SPORT]);
+ if (natt_port != NULL && extract_port(src) == 0)
+ set_port(src, ntohs(natt_port->sadb_x_nat_t_port_port));
+
+ natt_port = (void *)mhp[SADB_X_EXT_NAT_T_DPORT];
+ if (natt_port != NULL && extract_port(dst) == 0)
+ set_port(dst, ntohs(natt_port->sadb_x_nat_t_port_port));
+ }
+no_fixup:
+#endif /* __linux__ && ENABLE_NATT */
ml = msg->sadb_msg_len << 3;
bl = buf ? buf->l : 0;
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/ipsec-tools/F-11/.cvsignore,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -p -r1.13 -r1.14
--- .cvsignore 29 Jul 2008 12:31:24 -0000 1.13
+++ .cvsignore 5 May 2009 12:32:28 -0000 1.14
@@ -1 +1 @@
-ipsec-tools-0.7.1.tar.bz2
+ipsec-tools-0.7.2.tar.bz2
Index: ipsec-tools.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ipsec-tools/F-11/ipsec-tools.spec,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -p -r1.63 -r1.64
--- ipsec-tools.spec 25 Feb 2009 07:46:48 -0000 1.63
+++ ipsec-tools.spec 5 May 2009 12:32:28 -0000 1.64
@@ -1,6 +1,6 @@
Name: ipsec-tools
-Version: 0.7.1
-Release: 8%{?dist}
+Version: 0.7.2
+Release: 1%{?dist}
Summary: Tools for configuring and using IPSEC
License: BSD
Group: System Environment/Base
@@ -16,9 +16,8 @@ Patch4: ipsec-tools-0.7.1-loopback.patch
Patch5: ipsec-tools-0.7-iface.patch
Patch6: ipsec-tools-0.7-dupsplit.patch
Patch9: ipsec-tools-0.7-splitcidr.patch
-Patch10: ipsec-tools-0.7.1-natt-linux.patch
+Patch10: ipsec-tools-0.7.2-natt-linux.patch
Patch11: ipsec-tools-0.7.1-pie.patch
-Patch12: ipsec-tools-0.7.1-leaks.patch
Patch13: ipsec-tools-0.7.1-dpd-fixes.patch
BuildRequires: openssl-devel, krb5-devel, bison, flex, automake, libtool
@@ -44,7 +43,6 @@ package builds:
%patch9 -p1 -b .splitcidr
%patch10 -p1 -b .natt-linux
%patch11 -p1 -b .pie
-%patch12 -p1 -b .leaks
%patch13 -p1 -b .dpd-fixes
./bootstrap
@@ -124,6 +122,9 @@ fi
%config(noreplace) /etc/racoon/racoon.conf
%changelog
+* Tue May 5 2009 Tomas Mraz <tmraz at redhat.com> - 0.7.2-1
+- Update to a new upstream version
+
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.7.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/ipsec-tools/F-11/sources,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -p -r1.13 -r1.14
--- sources 29 Jul 2008 12:31:24 -0000 1.13
+++ sources 5 May 2009 12:32:28 -0000 1.14
@@ -1 +1 @@
-30b196a2829556182c39aed9f83c0bbf ipsec-tools-0.7.1.tar.bz2
+72861f005746ee27984b2ee715ecc629 ipsec-tools-0.7.2.tar.bz2
--- ipsec-tools-0.7.1-natt-linux.patch DELETED ---
- Previous message: rpms/ecryptfs-utils/F-11 ecryptfs-utils-75-werror.patch,1.3,1.4
- Next message: rpms/ipsec-tools/F-10 ipsec-tools-0.7.2-natt-linux.patch, NONE, 1.1 .cvsignore, 1.13, 1.14 ipsec-tools.spec, 1.61, 1.62 sources, 1.13, 1.14 ipsec-tools-0.7.1-natt-linux.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list