diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-03-22 09:52:39 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-03-22 09:52:39 +0000 |
commit | 7a229aeb240cc750546f55ad089022f0ca7dc44f (patch) | |
tree | d1767cb9d72b52a79a5b74e570fd57d0a0e87c1c /src/pluto | |
parent | 19364e11c66714324bd3d5d0dc9212db397085cb (diff) | |
download | vyos-strongswan-7a229aeb240cc750546f55ad089022f0ca7dc44f.tar.gz vyos-strongswan-7a229aeb240cc750546f55ad089022f0ca7dc44f.zip |
[svn-upgrade] Integrating new upstream version, strongswan (4.2.13)
Diffstat (limited to 'src/pluto')
-rw-r--r-- | src/pluto/asn1.c | 16 | ||||
-rw-r--r-- | src/pluto/connections.c | 4 | ||||
-rw-r--r-- | src/pluto/ipsec_doi.c | 21 | ||||
-rw-r--r-- | src/pluto/state.c | 11 | ||||
-rw-r--r-- | src/pluto/vendor.c | 5 | ||||
-rw-r--r-- | src/pluto/vendor.h | 3 |
6 files changed, 37 insertions, 23 deletions
diff --git a/src/pluto/asn1.c b/src/pluto/asn1.c index 7436d4d1a..bd27f6a78 100644 --- a/src/pluto/asn1.c +++ b/src/pluto/asn1.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: asn1.c 3451 2008-02-05 19:27:05Z andreas $ + * RCSID $Id: asn1.c 4942 2009-03-13 20:22:24Z andreas $ */ #include <stdlib.h> @@ -75,17 +75,19 @@ const chunk_t ASN1_rsaEncryption_id = strchunk(ASN1_rsaEncryption_id_str); const chunk_t ASN1_md5WithRSA_id = strchunk(ASN1_md5WithRSA_id_str); const chunk_t ASN1_sha1WithRSA_id = strchunk(ASN1_sha1WithRSA_id_str); -/* ASN.1 definiton of an algorithmIdentifier */ +/* ASN.1 definition of an algorithmIdentifier */ static const asn1Object_t algorithmIdentifierObjects[] = { - { 0, "algorithmIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "algorithm", ASN1_OID, ASN1_BODY }, /* 1 */ - { 1, "parameters", ASN1_EOC, ASN1_RAW } /* 2 */ + { 0, "algorithmIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "algorithm", ASN1_OID, ASN1_BODY }, /* 1 */ + { 1, "parameters", ASN1_EOC, ASN1_OPT | + ASN1_RAW }, /* 2 */ + { 1, "end opt", ASN1_EOC, ASN1_END } /* 3 */ }; #define ALGORITHM_ID_ALG 1 #define ALGORITHM_ID_PARAMETERS 2 -#define ALGORITHM_ID_ROOF 3 +#define ALGORITHM_ID_ROOF 4 /* * return the ASN.1 encoded algorithm identifier @@ -723,7 +725,7 @@ parse_algorithmIdentifier(chunk_t blob, int level0, chunk_t *parameters) while (objectID < ALGORITHM_ID_ROOF) { if (!extract_object(algorithmIdentifierObjects, &objectID, &object, &level, &ctx)) - return OID_UNKNOWN; + return alg; switch (objectID) { diff --git a/src/pluto/connections.c b/src/pluto/connections.c index 13a004794..cd118cb34 100644 --- a/src/pluto/connections.c +++ b/src/pluto/connections.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: connections.c 3686 2008-03-28 11:48:14Z martin $ + * RCSID $Id: connections.c 4924 2009-03-10 21:13:18Z andreas $ */ #include <string.h> @@ -2995,6 +2995,8 @@ terminate_connection(const char *nm) c->policy &= ~POLICY_UP; flush_pending_by_connection(c); delete_states_by_connection(c, FALSE); + if (c->kind == CK_INSTANCE) + delete_connection(c, FALSE); reset_cur_connection(); } c = n; diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c index 88536e6d6..52b59be31 100644 --- a/src/pluto/ipsec_doi.c +++ b/src/pluto/ipsec_doi.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: ipsec_doi.c 3686 2008-03-28 11:48:14Z martin $ + * RCSID $Id: ipsec_doi.c 4924 2009-03-10 21:13:18Z andreas $ */ #include <stdio.h> @@ -5592,6 +5592,7 @@ dpd_timeout(struct state *st) struct state *newest_phase1_st; struct connection *c = st->st_connection; int action = st->st_connection->dpd_action; + char cname[BUF_LEN]; passert(action == DPD_ACTION_HOLD || action == DPD_ACTION_CLEAR @@ -5622,20 +5623,30 @@ dpd_timeout(struct state *st) * leak traffic. Also, being in %trap means new packets will * force an initiation of the conn again. */ - loglog(RC_LOG_SERIOUS, "DPD: Putting connection into %%trap"); + loglog(RC_LOG_SERIOUS, "DPD: Putting connection \"%s\" into %%trap", c->name); + if (c->kind == CK_INSTANCE) + delete_connection(c, TRUE); break; case DPD_ACTION_CLEAR: /* dpdaction=clear - Wipe the SA & eroute - everything */ - loglog(RC_LOG_SERIOUS, "DPD: Clearing connection"); + loglog(RC_LOG_SERIOUS, "DPD: Clearing connection \"%s\"", c->name); unroute_connection(c); + if (c->kind == CK_INSTANCE) + delete_connection(c, TRUE); break; case DPD_ACTION_RESTART: /* dpdaction=restart - Restart connection, * except if roadwarrior connection */ - loglog(RC_LOG_SERIOUS, "DPD: Restarting connection"); + loglog(RC_LOG_SERIOUS, "DPD: Restarting connection \"%s\"", c->name); unroute_connection(c); - initiate_connection(c->name, NULL_FD); + + /* caching the connection name before deletion */ + strncpy(cname, c->name, BUF_LEN); + + if (c->kind == CK_INSTANCE) + delete_connection(c, TRUE); + initiate_connection(cname, NULL_FD); break; default: loglog(RC_LOG_SERIOUS, "DPD: unknown action"); diff --git a/src/pluto/state.c b/src/pluto/state.c index c62e28e99..5372e86f5 100644 --- a/src/pluto/state.c +++ b/src/pluto/state.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: state.c 3252 2007-10-06 21:24:50Z andreas $ + * RCSID $Id: state.c 4924 2009-03-10 21:13:18Z andreas $ */ #include <stdio.h> @@ -464,12 +464,7 @@ delete_states_by_connection(struct connection *c, bool relations) passert(sr->routing != RT_ROUTED_TUNNEL); sr = sr->next; } - - if (ck == CK_INSTANCE) - { - c->kind = ck; - delete_connection(c, relations); - } + c->kind = ck; } /* Walk through the state table, and delete each state whose phase 1 (IKE) @@ -506,6 +501,8 @@ delete_states_by_peer(ip_address *peer) , peerstr , c->name); delete_states_by_connection(c, TRUE); + if (c->kind == CK_INSTANCE) + delete_connection(c, TRUE); break; /* can only delete it once */ } } diff --git a/src/pluto/vendor.c b/src/pluto/vendor.c index d4d8fcb1a..cf2136b44 100644 --- a/src/pluto/vendor.c +++ b/src/pluto/vendor.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: vendor.c 4846 2009-01-21 03:14:52Z andreas $ + * RCSID $Id: vendor.c 4893 2009-02-21 17:53:10Z andreas $ */ #include <stdlib.h> @@ -206,7 +206,8 @@ static struct vid_struct _vid_tab[] = { /* * strongSwan */ - DEC_MD5_VID(STRONGSWAN, "strongSwan 4.2.12") + DEC_MD5_VID(STRONGSWAN, "strongSwan 4.2.13") + DEC_MD5_VID(STRONGSWAN_4_2_12,"strongSwan 4.2.12") DEC_MD5_VID(STRONGSWAN_4_2_11,"strongSwan 4.2.11") DEC_MD5_VID(STRONGSWAN_4_2_10,"strongSwan 4.2.10") DEC_MD5_VID(STRONGSWAN_4_2_9, "strongSwan 4.2.9") diff --git a/src/pluto/vendor.h b/src/pluto/vendor.h index 20711fe4e..f049af1ef 100644 --- a/src/pluto/vendor.h +++ b/src/pluto/vendor.h @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: vendor.h 4846 2009-01-21 03:14:52Z andreas $ + * RCSID $Id: vendor.h 4893 2009-02-21 17:53:10Z andreas $ */ #ifndef _VENDOR_H_ @@ -128,6 +128,7 @@ enum known_vendorid { VID_STRONGSWAN_4_2_9 =109, VID_STRONGSWAN_4_2_10 =110, VID_STRONGSWAN_4_2_11 =111, + VID_STRONGSWAN_4_2_12 =112, /* 101 - 200 : NAT-Traversal */ VID_NATT_STENBERG_01 =151, |