8 files changed, 130 insertions, 62 deletions
diff --git a/src/libfreeswan/Makefile.in b/src/libfreeswan/Makefile.in
index 37c32b9fa..31ea3a634 100644
--- a/src/libfreeswan/Makefile.in
+++ b/src/libfreeswan/Makefile.in
@@ -83,12 +83,14 @@ ETAGS = etags
 CTAGS = ctags
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
 AMTAR = @AMTAR@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
 AUTOHEADER = @AUTOHEADER@
 AUTOMAKE = @AUTOMAKE@
 AWK = @AWK@
+BTLIB = @BTLIB@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
@@ -153,6 +155,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
 STRIP = @STRIP@
 VERSION = @VERSION@
 YACC = @YACC@
@@ -193,7 +196,9 @@ includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
 ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
diff --git a/src/libfreeswan/anyaddr.c b/src/libfreeswan/anyaddr.c
index 2e9fa2787..f2eb8d07a 100644
--- a/src/libfreeswan/anyaddr.c
+++ b/src/libfreeswan/anyaddr.c
@@ -17,12 +17,13 @@
 #include "internal.h"
 #include "freeswan.h"
 
-/* these are mostly fallbacks for the no-IPv6-support-in-library case */
-#ifndef IN6ADDR_ANY_INIT
-#define	IN6ADDR_ANY_INIT	{{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }}
-#endif
-#ifndef IN6ADDR_LOOPBACK_INIT
-#define	IN6ADDR_LOOPBACK_INIT	{{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 }}
+/* OpenSolaris defines strange versions of these macros */
+#ifdef __sun
+#undef	IN6ADDR_ANY_INIT
+#define	IN6ADDR_ANY_INIT		{{{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }}}
+
+#undef	IN6ADDR_LOOPBACK_INIT
+#define	IN6ADDR_LOOPBACK_INIT	{{{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 }}}
 #endif
 
 static struct in6_addr v6any = IN6ADDR_ANY_INIT;
diff --git a/src/libfreeswan/atoaddr.3 b/src/libfreeswan/atoaddr.3
index fce8884e4..10da2691c 100644
--- a/src/libfreeswan/atoaddr.3
+++ b/src/libfreeswan/atoaddr.3
@@ -54,7 +54,7 @@ on a big-endian host and
 .B 4.3.2.1
 on a little-endian host),
 a DNS name to be looked up via
-.IR gethostbyname (3),
+.IR getaddrinfo (3),
 or an old-style network name to be looked up via
 .IR getnetbyname (3).
 .PP
@@ -91,10 +91,8 @@ DNS names may be complete (optionally terminated with a ``.'')
 or incomplete, and are looked up as specified by local system configuration
 (see
 .IR resolver (5)).
-The
-.I h_addr
-value returned by
-.IR gethostbyname (3)
+The first value returned by
+.IR getaddrinfo (3)
 is used,
 so with current DNS implementations,
 the result when the name corresponds to more than one address is
@@ -102,7 +100,7 @@ difficult to predict.
 Name lookup resorts to
 .IR getnetbyname (3)
 only if
-.IR gethostbyname (3)
+.IR getaddrinfo (3)
 fails.
 .PP
 A subnet specification is of the form \fInetwork\fB/\fImask\fR.
diff --git a/src/libfreeswan/atoaddr.c b/src/libfreeswan/atoaddr.c
index dd73be7f3..cbda541d3 100644
--- a/src/libfreeswan/atoaddr.c
+++ b/src/libfreeswan/atoaddr.c
@@ -12,6 +12,8 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
  * License for more details.
  */
+#include <sys/socket.h>
+
 #include "internal.h"
 #include "freeswan.h"
 
@@ -41,7 +43,7 @@ const char *src;
 size_t srclen;			/* 0 means "apply strlen" */
 struct in_addr *addrp;
 {
-	struct hostent *h;
+	struct addrinfo hints, *res;
 	struct netent *ne = NULL;
 	const char *oops;
 #	define	HEXLEN	10	/* strlen("0x11223344") */
@@ -51,6 +53,7 @@ struct in_addr *addrp;
 	char namebuf[ATOADDRBUF];
 	char *p = namebuf;
 	char *q;
+	int error;
 
 	if (srclen == 0)
 		srclen = strlen(src);
@@ -87,18 +90,34 @@ struct in_addr *addrp;
 		return "illegal (non-DNS-name) character in name";
 
 	/* try as host name, failing that as /etc/networks network name */
-	h = gethostbyname(p);
-	if (h == NULL)
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_family = AF_INET;
+	error = getaddrinfo(p, NULL, &hints, &res);
+	if (error != 0)
+	{
 		ne = getnetbyname(p);
+		if (ne == NULL)
+		{
+			if (p != namebuf)
+			{
+				FREE(p);
+			}
+			return "name lookup failed";
+		}
+		addrp->s_addr = htonl(ne->n_net);
+	}
+	else
+	{
+		struct sockaddr_in *in = (struct sockaddr_in*)res->ai_addr;
+		memcpy(&addrp->s_addr, &in->sin_addr.s_addr, sizeof(addrp->s_addr));
+		freeaddrinfo(res);
+	}
+
 	if (p != namebuf)
+	{
 		FREE(p);
-	if (h == NULL && ne == NULL)
-		return "name lookup failed";
+	}
 
-	if (h != NULL)
-		memcpy(&addrp->s_addr, h->h_addr, sizeof(addrp->s_addr));
-	else
-		addrp->s_addr = htonl(ne->n_net);
 	return NULL;
 }
 
diff --git a/src/libfreeswan/freeswan.h b/src/libfreeswan/freeswan.h
index cb14cd678..77ce8f2be 100644
--- a/src/libfreeswan/freeswan.h
+++ b/src/libfreeswan/freeswan.h
@@ -20,11 +20,6 @@
 #  include <stdio.h>
 #  include <netinet/in.h>
 
-#  define uint8_t u_int8_t
-#  define uint16_t u_int16_t 
-#  define uint32_t u_int32_t 
-#  define uint64_t u_int64_t 
-
 #  define DEBUG_NO_STATIC static
 
 #include <ipsec_param.h>
diff --git a/src/libfreeswan/pfkeyv2.h b/src/libfreeswan/pfkeyv2.h
index 5ef5e747c..461299c78 100644
--- a/src/libfreeswan/pfkeyv2.h
+++ b/src/libfreeswan/pfkeyv2.h
@@ -303,33 +303,40 @@ struct sadb_protocol {
 #define SADB_SASTATE_DEAD     3
 #define SADB_SASTATE_MAX      3
 
-#define SADB_SAFLAGS_PFS		1
+#define SADB_SAFLAGS_PFS			1
 #define SADB_X_SAFLAGS_REPLACEFLOW	2
 #define SADB_X_SAFLAGS_CLEARFLOW	4
 #define SADB_X_SAFLAGS_INFLOW		8
 
 /* Authentication algorithms */
-#define SADB_AALG_NONE			0
-#define SADB_AALG_MD5HMAC		2
-#define SADB_AALG_SHA1HMAC		3
+#define SADB_AALG_NONE				0
+#define SADB_AALG_MD5HMAC			2
+#define SADB_AALG_SHA1HMAC			3
 #define SADB_X_AALG_SHA2_256HMAC	5
 #define SADB_X_AALG_SHA2_384HMAC	6
 #define SADB_X_AALG_SHA2_512HMAC	7
 #define SADB_X_AALG_RIPEMD160HMAC	8
 #define SADB_X_AALG_AES_XCBC_MAC	9
-#define SADB_X_AALG_NULL		251	/* kame */
-#define SADB_AALG_MAX			251
+#define SADB_X_AALG_NULL			251	/* kame */
+#define SADB_AALG_MAX				251
 
 /* Encryption algorithms */
-#define SADB_EALG_NONE			0
-#define SADB_EALG_DESCBC		2
-#define SADB_EALG_3DESCBC		3
-#define SADB_X_EALG_CASTCBC		6
+#define SADB_EALG_NONE				0
+#define SADB_EALG_DESCBC			2
+#define SADB_EALG_3DESCBC			3
+#define SADB_X_EALG_CASTCBC			6
 #define SADB_X_EALG_BLOWFISHCBC		7
-#define SADB_EALG_NULL			11
-#define SADB_X_EALG_AESCBC		12
+#define SADB_EALG_NULL				11
+#define SADB_X_EALG_AESCBC			12
+#define SADB_X_EALG_AESCTR			13
+#define SADB_X_EALG_AES_CCM_ICV8	14
+#define SADB_X_EALG_AES_CCM_ICV12	15
+#define SADB_X_EALG_AES_CCM_ICV16	16
+#define SADB_X_EALG_AES_GCM_ICV8	18
+#define SADB_X_EALG_AES_GCM_ICV12	19
+#define SADB_X_EALG_AES_GCM_ICV16	20
 #define SADB_X_EALG_CAMELLIACBC		22
-#define SADB_EALG_MAX                   253 /* last EALG */
+#define SADB_EALG_MAX			253 /* last EALG */
 /* private allocations should use 249-255 (RFC2407) */
 #define SADB_X_EALG_SERPENTCBC  252     /* draft-ietf-ipsec-ciph-aes-cbc-00 */
 #define SADB_X_EALG_TWOFISHCBC  253     /* draft-ietf-ipsec-ciph-aes-cbc-00 */
diff --git a/src/libfreeswan/ttoaddr.3 b/src/libfreeswan/ttoaddr.3
index 70671145e..d43d2b16f 100644
--- a/src/libfreeswan/ttoaddr.3
+++ b/src/libfreeswan/ttoaddr.3
@@ -59,7 +59,7 @@ on a big-endian host and
 .B 4.3.2.1
 on a little-endian host),
 a DNS name to be looked up via
-.IR gethostbyname (3),
+.IR getaddrinfo (3),
 or an old-style network name to be looked up via
 .IR getnetbyname (3).
 .PP
@@ -100,7 +100,7 @@ abbreviating at most one subsequence of multiple zeros (e.g.
 which is synonymous with
 .BR 99:ab:0:0:0:0:54:68 ),
 or a DNS name to be looked up via
-.IR gethostbyname (3).
+.IR getaddrinfo (3).
 The result of applying
 .I addrtot
 to an IPv6 address will use
@@ -115,10 +115,8 @@ DNS names may be complete (optionally terminated with a ``.'')
 or incomplete, and are looked up as specified by local system configuration
 (see
 .IR resolver (5)).
-The
-.I h_addr
-value returned by
-.IR gethostbyname2 (3)
+The first value returned by
+.IR getaddrinfo (3)
 is used,
 so with current DNS implementations,
 the result when the name corresponds to more than one address is
@@ -126,7 +124,7 @@ difficult to predict.
 IPv4 name lookup resorts to
 .IR getnetbyname (3)
 only if
-.IR gethostbyname2 (3)
+.IR getaddrinfo (3)
 fails.
 .PP
 A subnet specification is of the form \fInetwork\fB/\fImask\fR.
diff --git a/src/libfreeswan/ttoaddr.c b/src/libfreeswan/ttoaddr.c
index e4ceec863..bda2be5ed 100644
--- a/src/libfreeswan/ttoaddr.c
+++ b/src/libfreeswan/ttoaddr.c
@@ -157,12 +157,15 @@ int nultermd;			/* is it known to be NUL-terminated? */
 int af;
 ip_address *dst;
 {
-	struct hostent *h;
+	struct addrinfo hints, *res;
 	struct netent *ne = NULL;
 	char namebuf[100];	/* enough for most DNS names */
 	const char *cp;
 	char *p = namebuf;
+	unsigned char *addr = NULL;
 	size_t n;
+	int error;
+	err_t err = NULL;
 
 	for (cp = src, n = srclen; n > 0; cp++, n--)
 		if (ISASCII(*cp) && strchr(namechars, *cp) == NULL)
@@ -181,25 +184,67 @@ ip_address *dst;
 		cp = (const char *)p;
 	}
 
-	h = gethostbyname2(cp, af);
-	if (h == NULL && af == AF_INET)
-		ne = getnetbyname(cp);
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_family = af;
+	error = getaddrinfo(cp, NULL, &hints, &res);
+	if (error != 0)
+	{	/* getaddrinfo failed, try getnetbyname */
+		if (af == AF_INET)
+		{
+			ne = getnetbyname(cp);
+			if (ne != NULL)
+			{
+				ne->n_net = htonl(ne->n_net);
+				addr = (unsigned char*)&ne->n_net;
+				err = initaddr(addr, sizeof(ne->n_net), af, dst);
+			}
+		}
+	}
+	else
+	{
+		struct addrinfo *r = res;
+		while (r)
+		{
+			size_t addr_len;
+			switch (r->ai_family)
+			{
+				case AF_INET:
+				{
+					struct sockaddr_in *in = (struct sockaddr_in*)r->ai_addr;
+					addr_len = 4;
+					addr = (unsigned char*)&in->sin_addr.s_addr;
+					break;
+				}
+				case AF_INET6:
+				{
+					struct sockaddr_in6 *in6 = (struct sockaddr_in6*)r->ai_addr;
+					addr_len = 16;
+					addr = (unsigned char*)&in6->sin6_addr.s6_addr;
+					break;
+				}
+				default:
+				{	/* unknown family, try next result */
+					r = r->ai_next;
+					continue;
+				}
+			}
+			err = initaddr(addr, addr_len, r->ai_family, dst);
+			break;
+		}
+		freeaddrinfo(res);
+	}
+
 	if (p != namebuf)
+	{
 		FREE(p);
-	if (h == NULL && ne == NULL)
-		return "does not look numeric and name lookup failed";
+	}
 
-	if (h != NULL) {
-		if (h->h_addrtype != af)
-			return "address-type mismatch from gethostbyname2!!!";
-		return initaddr((unsigned char *)h->h_addr, h->h_length, af, dst);
-	} else {
-		if (ne->n_addrtype != af)
-			return "address-type mismatch from getnetbyname!!!";
-		ne->n_net = htonl(ne->n_net);
-		return initaddr((unsigned char *)&ne->n_net, sizeof(ne->n_net),
-								af, dst);
+	if (addr == NULL)
+	{
+		return "does not look numeric and name lookup failed";
 	}
+
+	return err;
 }
 
 /*