summaryrefslogtreecommitdiff
path: root/src/pluto
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2009-03-22 09:52:39 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2009-03-22 09:52:39 +0000
commit7a229aeb240cc750546f55ad089022f0ca7dc44f (patch)
treed1767cb9d72b52a79a5b74e570fd57d0a0e87c1c /src/pluto
parent19364e11c66714324bd3d5d0dc9212db397085cb (diff)
downloadvyos-strongswan-7a229aeb240cc750546f55ad089022f0ca7dc44f.tar.gz
vyos-strongswan-7a229aeb240cc750546f55ad089022f0ca7dc44f.zip
[svn-upgrade] Integrating new upstream version, strongswan (4.2.13)
Diffstat (limited to 'src/pluto')
-rw-r--r--src/pluto/asn1.c16
-rw-r--r--src/pluto/connections.c4
-rw-r--r--src/pluto/ipsec_doi.c21
-rw-r--r--src/pluto/state.c11
-rw-r--r--src/pluto/vendor.c5
-rw-r--r--src/pluto/vendor.h3
6 files changed, 37 insertions, 23 deletions
diff --git a/src/pluto/asn1.c b/src/pluto/asn1.c
index 7436d4d1a..bd27f6a78 100644
--- a/src/pluto/asn1.c
+++ b/src/pluto/asn1.c
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: asn1.c 3451 2008-02-05 19:27:05Z andreas $
+ * RCSID $Id: asn1.c 4942 2009-03-13 20:22:24Z andreas $
*/
#include <stdlib.h>
@@ -75,17 +75,19 @@ const chunk_t ASN1_rsaEncryption_id = strchunk(ASN1_rsaEncryption_id_str);
const chunk_t ASN1_md5WithRSA_id = strchunk(ASN1_md5WithRSA_id_str);
const chunk_t ASN1_sha1WithRSA_id = strchunk(ASN1_sha1WithRSA_id_str);
-/* ASN.1 definiton of an algorithmIdentifier */
+/* ASN.1 definition of an algorithmIdentifier */
static const asn1Object_t algorithmIdentifierObjects[] = {
- { 0, "algorithmIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
- { 1, "algorithm", ASN1_OID, ASN1_BODY }, /* 1 */
- { 1, "parameters", ASN1_EOC, ASN1_RAW } /* 2 */
+ { 0, "algorithmIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "algorithm", ASN1_OID, ASN1_BODY }, /* 1 */
+ { 1, "parameters", ASN1_EOC, ASN1_OPT |
+ ASN1_RAW }, /* 2 */
+ { 1, "end opt", ASN1_EOC, ASN1_END } /* 3 */
};
#define ALGORITHM_ID_ALG 1
#define ALGORITHM_ID_PARAMETERS 2
-#define ALGORITHM_ID_ROOF 3
+#define ALGORITHM_ID_ROOF 4
/*
* return the ASN.1 encoded algorithm identifier
@@ -723,7 +725,7 @@ parse_algorithmIdentifier(chunk_t blob, int level0, chunk_t *parameters)
while (objectID < ALGORITHM_ID_ROOF)
{
if (!extract_object(algorithmIdentifierObjects, &objectID, &object, &level, &ctx))
- return OID_UNKNOWN;
+ return alg;
switch (objectID)
{
diff --git a/src/pluto/connections.c b/src/pluto/connections.c
index 13a004794..cd118cb34 100644
--- a/src/pluto/connections.c
+++ b/src/pluto/connections.c
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: connections.c 3686 2008-03-28 11:48:14Z martin $
+ * RCSID $Id: connections.c 4924 2009-03-10 21:13:18Z andreas $
*/
#include <string.h>
@@ -2995,6 +2995,8 @@ terminate_connection(const char *nm)
c->policy &= ~POLICY_UP;
flush_pending_by_connection(c);
delete_states_by_connection(c, FALSE);
+ if (c->kind == CK_INSTANCE)
+ delete_connection(c, FALSE);
reset_cur_connection();
}
c = n;
diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c
index 88536e6d6..52b59be31 100644
--- a/src/pluto/ipsec_doi.c
+++ b/src/pluto/ipsec_doi.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: ipsec_doi.c 3686 2008-03-28 11:48:14Z martin $
+ * RCSID $Id: ipsec_doi.c 4924 2009-03-10 21:13:18Z andreas $
*/
#include <stdio.h>
@@ -5592,6 +5592,7 @@ dpd_timeout(struct state *st)
struct state *newest_phase1_st;
struct connection *c = st->st_connection;
int action = st->st_connection->dpd_action;
+ char cname[BUF_LEN];
passert(action == DPD_ACTION_HOLD
|| action == DPD_ACTION_CLEAR
@@ -5622,20 +5623,30 @@ dpd_timeout(struct state *st)
* leak traffic. Also, being in %trap means new packets will
* force an initiation of the conn again.
*/
- loglog(RC_LOG_SERIOUS, "DPD: Putting connection into %%trap");
+ loglog(RC_LOG_SERIOUS, "DPD: Putting connection \"%s\" into %%trap", c->name);
+ if (c->kind == CK_INSTANCE)
+ delete_connection(c, TRUE);
break;
case DPD_ACTION_CLEAR:
/* dpdaction=clear - Wipe the SA & eroute - everything */
- loglog(RC_LOG_SERIOUS, "DPD: Clearing connection");
+ loglog(RC_LOG_SERIOUS, "DPD: Clearing connection \"%s\"", c->name);
unroute_connection(c);
+ if (c->kind == CK_INSTANCE)
+ delete_connection(c, TRUE);
break;
case DPD_ACTION_RESTART:
/* dpdaction=restart - Restart connection,
* except if roadwarrior connection
*/
- loglog(RC_LOG_SERIOUS, "DPD: Restarting connection");
+ loglog(RC_LOG_SERIOUS, "DPD: Restarting connection \"%s\"", c->name);
unroute_connection(c);
- initiate_connection(c->name, NULL_FD);
+
+ /* caching the connection name before deletion */
+ strncpy(cname, c->name, BUF_LEN);
+
+ if (c->kind == CK_INSTANCE)
+ delete_connection(c, TRUE);
+ initiate_connection(cname, NULL_FD);
break;
default:
loglog(RC_LOG_SERIOUS, "DPD: unknown action");
diff --git a/src/pluto/state.c b/src/pluto/state.c
index c62e28e99..5372e86f5 100644
--- a/src/pluto/state.c
+++ b/src/pluto/state.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: state.c 3252 2007-10-06 21:24:50Z andreas $
+ * RCSID $Id: state.c 4924 2009-03-10 21:13:18Z andreas $
*/
#include <stdio.h>
@@ -464,12 +464,7 @@ delete_states_by_connection(struct connection *c, bool relations)
passert(sr->routing != RT_ROUTED_TUNNEL);
sr = sr->next;
}
-
- if (ck == CK_INSTANCE)
- {
- c->kind = ck;
- delete_connection(c, relations);
- }
+ c->kind = ck;
}
/* Walk through the state table, and delete each state whose phase 1 (IKE)
@@ -506,6 +501,8 @@ delete_states_by_peer(ip_address *peer)
, peerstr
, c->name);
delete_states_by_connection(c, TRUE);
+ if (c->kind == CK_INSTANCE)
+ delete_connection(c, TRUE);
break; /* can only delete it once */
}
}
diff --git a/src/pluto/vendor.c b/src/pluto/vendor.c
index d4d8fcb1a..cf2136b44 100644
--- a/src/pluto/vendor.c
+++ b/src/pluto/vendor.c
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: vendor.c 4846 2009-01-21 03:14:52Z andreas $
+ * RCSID $Id: vendor.c 4893 2009-02-21 17:53:10Z andreas $
*/
#include <stdlib.h>
@@ -206,7 +206,8 @@ static struct vid_struct _vid_tab[] = {
/*
* strongSwan
*/
- DEC_MD5_VID(STRONGSWAN, "strongSwan 4.2.12")
+ DEC_MD5_VID(STRONGSWAN, "strongSwan 4.2.13")
+ DEC_MD5_VID(STRONGSWAN_4_2_12,"strongSwan 4.2.12")
DEC_MD5_VID(STRONGSWAN_4_2_11,"strongSwan 4.2.11")
DEC_MD5_VID(STRONGSWAN_4_2_10,"strongSwan 4.2.10")
DEC_MD5_VID(STRONGSWAN_4_2_9, "strongSwan 4.2.9")
diff --git a/src/pluto/vendor.h b/src/pluto/vendor.h
index 20711fe4e..f049af1ef 100644
--- a/src/pluto/vendor.h
+++ b/src/pluto/vendor.h
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: vendor.h 4846 2009-01-21 03:14:52Z andreas $
+ * RCSID $Id: vendor.h 4893 2009-02-21 17:53:10Z andreas $
*/
#ifndef _VENDOR_H_
@@ -128,6 +128,7 @@ enum known_vendorid {
VID_STRONGSWAN_4_2_9 =109,
VID_STRONGSWAN_4_2_10 =110,
VID_STRONGSWAN_4_2_11 =111,
+ VID_STRONGSWAN_4_2_12 =112,
/* 101 - 200 : NAT-Traversal */
VID_NATT_STENBERG_01 =151,