6 files changed, 37 insertions, 23 deletions

diff --git a/src/pluto/asn1.c b/src/pluto/asn1.c
index 7436d4d1a..bd27f6a78 100644
--- a/src/pluto/asn1.c
+++ b/src/pluto/asn1.c
@@ -11,7 +11,7 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  *
- * RCSID $Id: asn1.c 3451 2008-02-05 19:27:05Z andreas $
+ * RCSID $Id: asn1.c 4942 2009-03-13 20:22:24Z andreas $
  */
 
 #include <stdlib.h>
@@ -75,17 +75,19 @@ const chunk_t ASN1_rsaEncryption_id = strchunk(ASN1_rsaEncryption_id_str);
 const chunk_t ASN1_md5WithRSA_id = strchunk(ASN1_md5WithRSA_id_str);
 const chunk_t ASN1_sha1WithRSA_id = strchunk(ASN1_sha1WithRSA_id_str);
 
-/* ASN.1 definiton of an algorithmIdentifier */
+/* ASN.1 definition of an algorithmIdentifier */
 
 static const asn1Object_t algorithmIdentifierObjects[] = {
-  { 0, "algorithmIdentifier",	ASN1_SEQUENCE,	   ASN1_NONE }, /* 0 */
-  { 1,   "algorithm",		ASN1_OID,	   ASN1_BODY }, /* 1 */
-  { 1,   "parameters",		ASN1_EOC,	   ASN1_RAW  }  /* 2 */
+  { 0, "algorithmIdentifier",	ASN1_SEQUENCE,	ASN1_NONE }, /* 0 */
+  { 1,   "algorithm",		ASN1_OID,	ASN1_BODY }, /* 1 */
+  { 1,   "parameters",		ASN1_EOC,	ASN1_OPT |
+						ASN1_RAW  }, /* 2 */
+  { 1,   "end opt",		ASN1_EOC,	ASN1_END  }  /* 3 */
 };
 
 #define ALGORITHM_ID_ALG		1
 #define ALGORITHM_ID_PARAMETERS		2
-#define ALGORITHM_ID_ROOF		3
+#define ALGORITHM_ID_ROOF		4
 
 /*
  * return the ASN.1 encoded algorithm identifier
@@ -723,7 +725,7 @@ parse_algorithmIdentifier(chunk_t blob, int level0, chunk_t *parameters)
     while (objectID < ALGORITHM_ID_ROOF)
     {
 	if (!extract_object(algorithmIdentifierObjects, &objectID, &object, &level, &ctx))
-	     return OID_UNKNOWN;
+	     return alg;
 
 	switch (objectID)
 	{
diff --git a/src/pluto/connections.c b/src/pluto/connections.c
index 13a004794..cd118cb34 100644
--- a/src/pluto/connections.c
+++ b/src/pluto/connections.c
@@ -11,7 +11,7 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  *
- * RCSID $Id: connections.c 3686 2008-03-28 11:48:14Z martin $
+ * RCSID $Id: connections.c 4924 2009-03-10 21:13:18Z andreas $
  */
 
 #include <string.h>
@@ -2995,6 +2995,8 @@ terminate_connection(const char *nm)
 	    c->policy &= ~POLICY_UP;
 	    flush_pending_by_connection(c);
 	    delete_states_by_connection(c, FALSE);
+	    if (c->kind == CK_INSTANCE)
+		delete_connection(c, FALSE);
 	    reset_cur_connection();
 	}
 	c = n;
diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c
index 88536e6d6..52b59be31 100644
--- a/src/pluto/ipsec_doi.c
+++ b/src/pluto/ipsec_doi.c
@@ -12,7 +12,7 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  *
- * RCSID $Id: ipsec_doi.c 3686 2008-03-28 11:48:14Z martin $
+ * RCSID $Id: ipsec_doi.c 4924 2009-03-10 21:13:18Z andreas $
  */
 
 #include <stdio.h>
@@ -5592,6 +5592,7 @@ dpd_timeout(struct state *st)
     struct state *newest_phase1_st;
     struct connection *c = st->st_connection;
     int action = st->st_connection->dpd_action;
+    char cname[BUF_LEN];
 
     passert(action == DPD_ACTION_HOLD
 	 || action == DPD_ACTION_CLEAR
@@ -5622,20 +5623,30 @@ dpd_timeout(struct state *st)
 	 * leak traffic.  Also, being in %trap means new packets will
 	 * force an initiation of the conn again.
 	 */
-	loglog(RC_LOG_SERIOUS, "DPD: Putting connection into %%trap");
+	loglog(RC_LOG_SERIOUS, "DPD: Putting connection \"%s\" into %%trap", c->name);
+	if (c->kind == CK_INSTANCE)
+	    delete_connection(c, TRUE);
 	break;
     case DPD_ACTION_CLEAR:
 	/* dpdaction=clear - Wipe the SA & eroute - everything */
-        loglog(RC_LOG_SERIOUS, "DPD: Clearing connection");
+        loglog(RC_LOG_SERIOUS, "DPD: Clearing connection \"%s\"", c->name);
         unroute_connection(c);
+	if (c->kind == CK_INSTANCE)
+	    delete_connection(c, TRUE);
 	break;
     case DPD_ACTION_RESTART:
 	/* dpdaction=restart - Restart connection,
 	 * except if roadwarrior connection
 	 */
-	loglog(RC_LOG_SERIOUS, "DPD: Restarting connection");
+	loglog(RC_LOG_SERIOUS, "DPD: Restarting connection \"%s\"", c->name);
 	unroute_connection(c);
-	initiate_connection(c->name, NULL_FD);
+
+	/* caching the connection name before deletion */
+	strncpy(cname, c->name, BUF_LEN);
+
+	if (c->kind == CK_INSTANCE)
+	    delete_connection(c, TRUE);
+	initiate_connection(cname, NULL_FD);
 	break;
     default:
 	loglog(RC_LOG_SERIOUS, "DPD: unknown action");
diff --git a/src/pluto/state.c b/src/pluto/state.c
index c62e28e99..5372e86f5 100644
--- a/src/pluto/state.c
+++ b/src/pluto/state.c
@@ -12,7 +12,7 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  *
- * RCSID $Id: state.c 3252 2007-10-06 21:24:50Z andreas $
+ * RCSID $Id: state.c 4924 2009-03-10 21:13:18Z andreas $
  */
 
 #include <stdio.h>
@@ -464,12 +464,7 @@ delete_states_by_connection(struct connection *c, bool relations)
 	passert(sr->routing != RT_ROUTED_TUNNEL);
 	sr = sr->next;
     }
-
-    if (ck == CK_INSTANCE)
-    {
-	c->kind = ck;
-	delete_connection(c, relations);
-    }
+    c->kind = ck;
 }
 
 /* Walk through the state table, and delete each state whose phase 1 (IKE)
@@ -506,6 +501,8 @@ delete_states_by_peer(ip_address *peer)
 			 , peerstr
 			 , c->name);
 		    delete_states_by_connection(c, TRUE);
+		    if (c->kind == CK_INSTANCE)
+	    		delete_connection(c, TRUE);
 		    break;	/* can only delete it once */
 		}
 	    }
diff --git a/src/pluto/vendor.c b/src/pluto/vendor.c
index d4d8fcb1a..cf2136b44 100644
--- a/src/pluto/vendor.c
+++ b/src/pluto/vendor.c
@@ -11,7 +11,7 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  *
- * RCSID $Id: vendor.c 4846 2009-01-21 03:14:52Z andreas $
+ * RCSID $Id: vendor.c 4893 2009-02-21 17:53:10Z andreas $
  */
 
 #include <stdlib.h>
@@ -206,7 +206,8 @@ static struct vid_struct _vid_tab[] = {
 	/*
 	 * strongSwan
 	 */
-	DEC_MD5_VID(STRONGSWAN,       "strongSwan 4.2.12")
+	DEC_MD5_VID(STRONGSWAN,       "strongSwan 4.2.13")
+	DEC_MD5_VID(STRONGSWAN_4_2_12,"strongSwan 4.2.12")
 	DEC_MD5_VID(STRONGSWAN_4_2_11,"strongSwan 4.2.11")
 	DEC_MD5_VID(STRONGSWAN_4_2_10,"strongSwan 4.2.10")
 	DEC_MD5_VID(STRONGSWAN_4_2_9, "strongSwan 4.2.9")
diff --git a/src/pluto/vendor.h b/src/pluto/vendor.h
index 20711fe4e..f049af1ef 100644
--- a/src/pluto/vendor.h
+++ b/src/pluto/vendor.h
@@ -11,7 +11,7 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  *
- * RCSID $Id: vendor.h 4846 2009-01-21 03:14:52Z andreas $
+ * RCSID $Id: vendor.h 4893 2009-02-21 17:53:10Z andreas $
  */
 
 #ifndef _VENDOR_H_
@@ -128,6 +128,7 @@ enum known_vendorid {
   VID_STRONGSWAN_4_2_9		=109,
   VID_STRONGSWAN_4_2_10		=110,
   VID_STRONGSWAN_4_2_11		=111,
+  VID_STRONGSWAN_4_2_12		=112,
 
   /* 101 - 200 : NAT-Traversal */
   VID_NATT_STENBERG_01		=151,