Imported Upstream version 5.3.5

17 files changed, 230 insertions, 49 deletions

diff --git a/src/charon-cmd/charon-cmd.c b/src/charon-cmd/charon-cmd.c
index b8f943f51..d3b31cc0d 100644
--- a/src/charon-cmd/charon-cmd.c
+++ b/src/charon-cmd/charon-cmd.c
@@ -115,6 +115,10 @@ static int run()
 		sig = sigwaitinfo(&set, NULL);
 		if (sig == -1)
 		{
+			if (errno == EINTR)
+			{	/* ignore signals we didn't wait for */
+				continue;
+			}
 			DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
 			return 1;
 		}
@@ -152,11 +156,6 @@ static int run()
 				charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
 				return 1;
 			}
-			default:
-			{
-				DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
-				break;
-			}
 		}
 	}
 }
diff --git a/src/charon-nm/charon-nm.c b/src/charon-nm/charon-nm.c
index 1773e7c39..fb090e5d3 100644
--- a/src/charon-nm/charon-nm.c
+++ b/src/charon-nm/charon-nm.c
@@ -85,6 +85,10 @@ static void run()
 		sig = sigwaitinfo(&set, NULL);
 		if (sig == -1)
 		{
+			if (errno == EINTR)
+			{	/* ignore signals we didn't wait for */
+				continue;
+			}
 			DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
 			return;
 		}
@@ -102,11 +106,6 @@ static void run()
 				charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
 				return;
 			}
-			default:
-			{
-				DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
-				break;
-			}
 		}
 	}
 }
diff --git a/src/charon-systemd/charon-systemd.c b/src/charon-systemd/charon-systemd.c
index f302d4527..4286cde82 100644
--- a/src/charon-systemd/charon-systemd.c
+++ b/src/charon-systemd/charon-systemd.c
@@ -254,6 +254,10 @@ static int run()
 		sig = sigwaitinfo(&set, NULL);
 		if (sig == -1)
 		{
+			if (errno == EINTR)
+			{	/* ignore signals we didn't wait for */
+				continue;
+			}
 			DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
 			return SS_RC_INITIALIZATION_FAILED;
 		}
@@ -265,11 +269,6 @@ static int run()
 				charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
 				return 0;
 			}
-			default:
-			{
-				DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
-				break;
-			}
 		}
 	}
 }
diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c
index 52d82f3ad..3923c8ae6 100644
--- a/src/charon-tkm/src/charon-tkm.c
+++ b/src/charon-tkm/src/charon-tkm.c
@@ -104,6 +104,10 @@ static void run()
 		sig = sigwaitinfo(&set, NULL);
 		if (sig == -1)
 		{
+			if (errno == EINTR)
+			{	/* ignore signals we didn't wait for */
+				continue;
+			}
 			DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
 			return;
 		}
@@ -121,11 +125,6 @@ static void run()
 				charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
 				return;
 			}
-			default:
-			{
-				DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
-				break;
-			}
 		}
 	}
 }
diff --git a/src/charon/charon.c b/src/charon/charon.c
index f03b6e1ba..4c2a9a477 100644
--- a/src/charon/charon.c
+++ b/src/charon/charon.c
@@ -98,7 +98,7 @@ static void run()
 {
 	sigset_t set;
 
-	/* handle SIGINT, SIGHUP ans SIGTERM in this handler */
+	/* handle SIGINT, SIGHUP and SIGTERM in this handler */
 	sigemptyset(&set);
 	sigaddset(&set, SIGINT);
 	sigaddset(&set, SIGHUP);
@@ -112,6 +112,10 @@ static void run()
 		sig = sigwaitinfo(&set, NULL);
 		if (sig == -1)
 		{
+			if (errno == EINTR)
+			{	/* ignore signals we didn't wait for */
+				continue;
+			}
 			DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
 			return;
 		}
@@ -144,11 +148,6 @@ static void run()
 				charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
 				return;
 			}
-			default:
-			{
-				DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
-				break;
-			}
 		}
 	}
 }
diff --git a/src/conftest/conftest.c b/src/conftest/conftest.c
index 9348b64e1..edfe0ca35 100644
--- a/src/conftest/conftest.c
+++ b/src/conftest/conftest.c
@@ -565,7 +565,7 @@ int main(int argc, char *argv[])
 	sigaddset(&set, SIGTERM);
 	sigprocmask(SIG_BLOCK, &set, NULL);
 
-	while ((sig = sigwaitinfo(&set, NULL)) != -1)
+	while ((sig = sigwaitinfo(&set, NULL)) != -1 || errno == EINTR)
 	{
 		switch (sig)
 		{
diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8
index bc7b633b0..fa46e79f1 100644
--- a/src/ipsec/_ipsec.8
+++ b/src/ipsec/_ipsec.8
@@ -1,4 +1,4 @@
-.TH IPSEC 8 "2013-10-29" "5.3.4dr1" "strongSwan"
+.TH IPSEC 8 "2013-10-29" "5.4.0dr1" "strongSwan"
 .
 .SH NAME
 .
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
index 6a4a0384e..4fe982849 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
@@ -14,6 +14,28 @@
  * for more details.
  */
 
+/*
+ * Copyright (C) 2015 Thom Troy
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
 #include "eap_radius_plugin.h"
 
 #include "eap_radius.h"
@@ -98,6 +120,8 @@ static void load_configs(private_eap_radius_plugin_t *this)
 	radius_config_t *config;
 	char *nas_identifier, *secret, *address, *section;
 	int auth_port, acct_port, sockets, preference;
+	u_int retransmit_tries;
+	double retransmit_timeout, retransmit_base;
 
 	address = lib->settings->get_str(lib->settings,
 								"%s.plugins.eap-radius.server", NULL, lib->ns);
@@ -117,8 +141,18 @@ static void load_configs(private_eap_radius_plugin_t *this)
 						"%s.plugins.eap-radius.port", AUTH_PORT, lib->ns);
 		sockets = lib->settings->get_int(lib->settings,
 						"%s.plugins.eap-radius.sockets", 1, lib->ns);
+
+		retransmit_tries = lib->settings->get_int(lib->settings,
+						"%s.plugins.eap-radius.retransmit_tries", 4, lib->ns);
+		retransmit_timeout = lib->settings->get_double(lib->settings,
+						"%s.plugins.eap-radius.retransmit_timeout", 2, lib->ns);
+		retransmit_base = lib->settings->get_double(lib->settings,
+						"%s.plugins.eap-radius.retransmit_base", 1.4, lib->ns);
+
 		config = radius_config_create(address, address, auth_port, ACCT_PORT,
-									  nas_identifier, secret, sockets, 0);
+									  nas_identifier, secret, sockets, 0,
+									  retransmit_tries, retransmit_timeout,
+									  retransmit_base);
 		if (!config)
 		{
 			DBG1(DBG_CFG, "no RADUIS server defined");
@@ -170,11 +204,33 @@ static void load_configs(private_eap_radius_plugin_t *this)
 					lib->settings->get_int(lib->settings,
 						"%s.plugins.eap-radius.sockets", 1, lib->ns),
 				lib->ns, section);
+
+		retransmit_tries = lib->settings->get_int(lib->settings,
+				"%s.plugins.eap-radius.servers.%s.retransmit_tries",
+					lib->settings->get_int(lib->settings,
+						"%s.plugins.eap-radius.retransmit_tries", 4, lib->ns),
+				lib->ns, section);
+
+		retransmit_timeout = lib->settings->get_double(lib->settings,
+				"%s.plugins.eap-radius.servers.%s.retransmit_timeout",
+					lib->settings->get_double(lib->settings,
+						"%s.plugins.eap-radius.retransmit_timeout", 2, lib->ns),
+				lib->ns, section);
+
+		retransmit_base = lib->settings->get_double(lib->settings,
+				"%s.plugins.eap-radius.servers.%s.retransmit_base",
+					lib->settings->get_double(lib->settings,
+						"%s.plugins.eap-radius.retransmit_base", 1.4, lib->ns),
+				lib->ns, section);
+
 		preference = lib->settings->get_int(lib->settings,
 				"%s.plugins.eap-radius.servers.%s.preference", 0,
 				lib->ns, section);
+
 		config = radius_config_create(section, address, auth_port, acct_port,
-								nas_identifier, secret, sockets, preference);
+								nas_identifier, secret, sockets, preference,
+								retransmit_tries, retransmit_timeout,
+								retransmit_base);
 		if (!config)
 		{
 			DBG1(DBG_CFG, "loading RADIUS server '%s' failed, skipped", section);
diff --git a/src/libfast/fast_dispatcher.c b/src/libfast/fast_dispatcher.c
index b4c6ce3a6..66a2ee514 100644
--- a/src/libfast/fast_dispatcher.c
+++ b/src/libfast/fast_dispatcher.c
@@ -21,6 +21,7 @@
 #include <fcgiapp.h>
 #include <signal.h>
 #include <unistd.h>
+#include <errno.h>
 
 #include <utils/debug.h>
 #include <threading/thread.h>
@@ -389,7 +390,10 @@ METHOD(fast_dispatcher_t, waitsignal, void,
 	sigaddset(&set, SIGTERM);
 	sigaddset(&set, SIGHUP);
 	sigprocmask(SIG_BLOCK, &set, NULL);
-	sigwaitinfo(&set, NULL);
+	while (sigwaitinfo(&set, NULL) == -1 && errno == EINTR)
+	{
+		/* wait for signal */
+	}
 }
 
 METHOD(fast_dispatcher_t, destroy, void,
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index c67366b86..a2fccd1d3 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -854,6 +854,9 @@ static kernel_algorithm_t encryption_algs[] = {
 	{ENCR_AES_GCM_ICV12,		SADB_X_EALG_AES_GCM_ICV12	},
 	{ENCR_AES_GCM_ICV16,		SADB_X_EALG_AES_GCM_ICV16	},
 #endif
+#ifdef SADB_X_EALG_CAMELLIACBC
+	{ENCR_CAMELLIA_CBC,			SADB_X_EALG_CAMELLIACBC		},
+#endif
 	{END_OF_LIST,				0							},
 };
 
diff --git a/src/libradius/Makefile.am b/src/libradius/Makefile.am
index 4706f270d..476153284 100644
--- a/src/libradius/Makefile.am
+++ b/src/libradius/Makefile.am
@@ -7,7 +7,7 @@ AM_LDFLAGS = \
 ipseclib_LTLIBRARIES = libradius.la
 
 libradius_la_LIBADD = \
-	$(top_builddir)/src/libstrongswan/libstrongswan.la
+	$(top_builddir)/src/libstrongswan/libstrongswan.la -lm
 
 libradius_la_SOURCES = \
 	radius_message.h radius_message.c \
diff --git a/src/libradius/Makefile.in b/src/libradius/Makefile.in
index 5dd8ac56b..9bca3bd29 100644
--- a/src/libradius/Makefile.in
+++ b/src/libradius/Makefile.in
@@ -430,7 +430,7 @@ AM_LDFLAGS = \
 
 ipseclib_LTLIBRARIES = libradius.la
 libradius_la_LIBADD = \
-	$(top_builddir)/src/libstrongswan/libstrongswan.la
+	$(top_builddir)/src/libstrongswan/libstrongswan.la -lm
 
 libradius_la_SOURCES = \
 	radius_message.h radius_message.c \
diff --git a/src/libradius/radius_config.c b/src/libradius/radius_config.c
index 5dbd1d7e0..663173411 100644
--- a/src/libradius/radius_config.c
+++ b/src/libradius/radius_config.c
@@ -13,6 +13,28 @@
  * for more details.
  */
 
+/*
+ * Copyright (C) 2015 Thom Troy
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
 #include "radius_config.h"
 
 #include <threading/mutex.h>
@@ -180,7 +202,8 @@ METHOD(radius_config_t, destroy, void,
 radius_config_t *radius_config_create(char *name, char *address,
 									  u_int16_t auth_port, u_int16_t acct_port,
 									  char *nas_identifier, char *secret,
-									  int sockets, int preference)
+									  int sockets, int preference,
+									  u_int tries, double timeout, double base)
 {
 	private_radius_config_t *this;
 	radius_socket_t *socket;
@@ -209,7 +232,8 @@ radius_config_t *radius_config_create(char *name, char *address,
 	while (sockets--)
 	{
 		socket = radius_socket_create(address, auth_port, acct_port,
-									  chunk_create(secret, strlen(secret)));
+									  chunk_create(secret, strlen(secret)),
+									  tries, timeout, base);
 		if (!socket)
 		{
 			destroy(this);
diff --git a/src/libradius/radius_config.h b/src/libradius/radius_config.h
index 40ed6197a..c0ff057c8 100644
--- a/src/libradius/radius_config.h
+++ b/src/libradius/radius_config.h
@@ -13,6 +13,28 @@
  * for more details.
  */
 
+/*
+ * Copyright (C) 2015 Thom Troy
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
 /**
  * @defgroup radius_config radius_config
  * @{ @ingroup libradius
@@ -91,10 +113,14 @@ struct radius_config_t {
  * @param secret			secret to use with this server
  * @param sockets			number of sockets to create in pool
  * @param preference		preference boost for this server
+ * @param tries				number of times we retransmit messages
+ * @param timeout			retransmission timeout
+ * @param base				base to calculate retransmission timeout
  */
 radius_config_t *radius_config_create(char *name, char *address,
 									  u_int16_t auth_port, u_int16_t acct_port,
 									  char *nas_identifier, char *secret,
-									  int sockets, int preference);
+									  int sockets, int preference,
+									  u_int tries, double timeout, double base);
 
 #endif /** RADIUS_CONFIG_H_ @}*/
diff --git a/src/libradius/radius_socket.c b/src/libradius/radius_socket.c
index ad5daa54b..065f2644e 100644
--- a/src/libradius/radius_socket.c
+++ b/src/libradius/radius_socket.c
@@ -13,11 +13,34 @@
  * for more details.
  */
 
+/*
+ * Copyright (C) 2015 Thom Troy
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
 #include "radius_socket.h"
 #include "radius_mppe.h"
 
 #include <errno.h>
 #include <unistd.h>
+#include <math.h>
 
 #include <pen/pen.h>
 #include <utils/debug.h>
@@ -83,6 +106,21 @@ struct private_radius_socket_t {
 	 * RADIUS secret
 	 */
 	chunk_t secret;
+
+	/**
+	 * Number of times we retransmit messages before giving up
+	 */
+	u_int retransmit_tries;
+
+	/**
+	 * Retransmission timeout
+	 */
+	double retransmit_timeout;
+
+	/**
+	 * Base to calculate retransmission timeout
+	 */
+	double retransmit_base;
 };
 
 /**
@@ -185,7 +223,7 @@ METHOD(radius_socket_t, request, radius_message_t*,
 {
 	radius_message_t *response;
 	chunk_t data;
-	int i, *fd, retransmit = 0;
+	int *fd, retransmit = 0, timeout;
 	u_int16_t port;
 	rng_t *rng = NULL;
 
@@ -218,21 +256,22 @@ METHOD(radius_socket_t, request, radius_message_t*,
 	data = request->get_encoding(request);
 	DBG3(DBG_CFG, "%B", &data);
 
-	/* timeout after 2, 3, 4, 5 seconds */
-	for (i = 2; i <= 5; i++)
+	while (retransmit < this->retransmit_tries)
 	{
+		timeout = (int)(this->retransmit_timeout * 1000.0 *
+						pow(this->retransmit_base, retransmit));
 		if (retransmit)
 		{
-			DBG1(DBG_CFG, "retransmitting RADIUS %N (attempt %d)",
-				 radius_message_code_names, request->get_code(request),
-				 retransmit);
+			DBG1(DBG_CFG, "retransmit %d of RADIUS %N (timeout: %.1fs)",
+				 retransmit, radius_message_code_names,
+				 request->get_code(request), timeout/1000.0);
 		}
 		if (send(*fd, data.ptr, data.len, 0) != data.len)
 		{
 			DBG1(DBG_CFG, "sending RADIUS message failed: %s", strerror(errno));
 			return NULL;
 		}
-		switch (receive_response(*fd, i*1000, request->get_identifier(request),
+		switch (receive_response(*fd, timeout, request->get_identifier(request),
 								 &response))
 		{
 			case SUCCESS:
@@ -251,8 +290,9 @@ METHOD(radius_socket_t, request, radius_message_t*,
 		response->destroy(response);
 		return NULL;
 	}
-	DBG1(DBG_CFG, "RADIUS %N timed out after %d retransmits",
-		 radius_message_code_names, request->get_code(request), retransmit - 1);
+
+	DBG1(DBG_CFG, "RADIUS %N timed out after %d attempts",
+		 radius_message_code_names, request->get_code(request), retransmit);
 	return NULL;
 }
 
@@ -336,7 +376,8 @@ METHOD(radius_socket_t, destroy, void,
  * See header
  */
 radius_socket_t *radius_socket_create(char *address, u_int16_t auth_port,
-									  u_int16_t acct_port, chunk_t secret)
+									  u_int16_t acct_port, chunk_t secret,
+									  u_int tries, double timeout, double base)
 {
 	private_radius_socket_t *this;
 
@@ -354,6 +395,9 @@ radius_socket_t *radius_socket_create(char *address, u_int16_t auth_port,
 		.hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5),
 		.signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_MD5_128),
 		.rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
+		.retransmit_tries = tries,
+		.retransmit_timeout = timeout,
+		.retransmit_base = base,
 	);
 
 	if (!this->hasher || !this->signer || !this->rng ||
diff --git a/src/libradius/radius_socket.h b/src/libradius/radius_socket.h
index eb510ea89..84b146a7d 100644
--- a/src/libradius/radius_socket.h
+++ b/src/libradius/radius_socket.h
@@ -13,6 +13,28 @@
  * for more details.
  */
 
+/*
+ * Copyright (C) 2015 Thom Troy
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
 /**
  * @defgroup radius_socket radius_socket
  * @{ @ingroup libradius
@@ -70,8 +92,12 @@ struct radius_socket_t {
  * @param auth_port	server port for authentication
  * @param acct_port	server port for accounting
  * @param secret	RADIUS secret
+ * @param tries		number of times we retransmit messages
+ * @param timeout	retransmission timeout
+ * @param base		base to calculate retransmission timeout
  */
 radius_socket_t *radius_socket_create(char *address, u_int16_t auth_port,
-									  u_int16_t acct_port, chunk_t secret);
+									  u_int16_t acct_port, chunk_t secret,
+									  u_int tries, double timeout, double base);
 
 #endif /** RADIUS_SOCKET_H_ @}*/
diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c
index 47d72ee98..40cb43d90 100644
--- a/src/libstrongswan/utils/utils.c
+++ b/src/libstrongswan/utils/utils.c
@@ -124,7 +124,10 @@ void wait_sigint()
 	sigaddset(&set, SIGTERM);
 
 	sigprocmask(SIG_BLOCK, &set, NULL);
-	sigwaitinfo(&set, NULL);
+	while (sigwaitinfo(&set, NULL) == -1 && errno == EINTR)
+	{
+		/* wait for signal */
+	}
 }
 
 #ifndef HAVE_SIGWAITINFO
@@ -167,7 +170,7 @@ void closefrom(int low_fd)
 	dir_fd = open("/proc/self/fd", O_RDONLY);
 	if (dir_fd != -1)
 	{
-		while ((len = syscall(SYS_getdents64, dir_fd, buffer,
+		while ((len = syscall(__NR_getdents64, dir_fd, buffer,
 							  sizeof(buffer))) > 0)
 		{
 			for (offset = 0; offset < len; offset += entry->d_reclen)