webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 11:43:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/next' into fifteen

Browse Source 
Conflicts:
	lfs/samba
	lfs/strongswan
This commit is contained in:
Arne Fitzenreiter
2013-11-13 14:05:15 +01:00
parent 7d3b1f7eaf 1a386bb9d8
commit d0d3fe9d26
5 changed files with 52 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/rootfiles/common/i586/strongswan-padlock
View File

@@ -1 +1,2 @@
usr/lib/ipsec/plugins/libstrongswan-padlock.so usr/lib/ipsec/plugins/libstrongswan-padlock.so
usr/lib/ipsec/plugins/libstrongswan-rdrand.so

1
config/rootfiles/common/strongswan
View File

@@ -75,6 +75,7 @@ usr/lib/ipsec/plugins/libstrongswan-sha2.so
usr/lib/ipsec/plugins/libstrongswan-socket-default.so usr/lib/ipsec/plugins/libstrongswan-socket-default.so
usr/lib/ipsec/plugins/libstrongswan-sshkey.so usr/lib/ipsec/plugins/libstrongswan-sshkey.so
usr/lib/ipsec/plugins/libstrongswan-stroke.so usr/lib/ipsec/plugins/libstrongswan-stroke.so
usr/lib/ipsec/plugins/libstrongswan-unity.so
usr/lib/ipsec/plugins/libstrongswan-updown.so usr/lib/ipsec/plugins/libstrongswan-updown.so
usr/lib/ipsec/plugins/libstrongswan-x509.so usr/lib/ipsec/plugins/libstrongswan-x509.so
usr/lib/ipsec/plugins/libstrongswan-xauth-eap.so usr/lib/ipsec/plugins/libstrongswan-xauth-eap.so

6
lfs/samba
View File

@@ -24,7 +24,7 @@
include Config include Config
VER = 3.6.19 VER = 3.6.20
THISAPP = samba-$(VER) THISAPP = samba-$(VER)
DL_FILE = $(THISAPP).tar.gz DL_FILE = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP) DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP)
PROG = samba PROG = samba
PAK_VER = 53 PAK_VER = 54
DEPS = "cups" DEPS = "cups"
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = afe9c7c590f3093555cd6e870d2532e1 $(DL_FILE)_MD5 = 3f1b60c681845ce6828a1abe5aacf671
install : $(TARGET) install : $(TARGET)

18
lfs/strongswan
View File

@@ -24,7 +24,7 @@
include Config include Config
VER = 5.1.1dr4 VER = 5.1.1
THISAPP = strongswan-$(VER) THISAPP = strongswan-$(VER)
DL_FILE = $(THISAPP).tar.bz2 DL_FILE = $(THISAPP).tar.bz2
@@ -33,9 +33,13 @@ DIR_APP = $(DIR_SRC)/strongswan-$(VER)
TARGET = $(DIR_INFO)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP)
ifeq "$(MACHINE)" "i586" ifeq "$(MACHINE)" "i586"
PADLOCK = --enable-padlock CONFIGURE_OPTIONS = \
--enable-padlock \
--enable-rdrand
else else
PADLOCK = --disable-padlock CONFIGURE_OPTIONS = \
--disable-padlock \
--disable-rdrand
endif endif
############################################################################### ###############################################################################
@@ -46,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 05899faa9b8a8f253474af809b283ef9 $(DL_FILE)_MD5 = e3af3d493d22286be3cd794533a8966a
install : $(TARGET) install : $(TARGET)
@@ -77,6 +81,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD) @$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.0.2_ipfire.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.0.2_ipfire.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.1.1-delay-dpd.patch
cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh
cd $(DIR_APP) && ./configure \ cd $(DIR_APP) && ./configure \
@@ -91,9 +96,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
--enable-eap-peap \ --enable-eap-peap \
--enable-eap-mschapv2 \ --enable-eap-mschapv2 \
--enable-eap-identity \ --enable-eap-identity \
$(PADLOCK) --enable-unity \
$(CONFIGURE_OPTIONS)
cd $(DIR_APP) && make $(MAKETUNING) LDFLAGS="-lrt" cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install cd $(DIR_APP) && make install
# Remove all library files we don't want or need. # Remove all library files we don't want or need.

35
src/patches/strongswan-5.1.1-delay-dpd.patch Normal file
View File

@@ -0,0 +1,35 @@
From b76e96e2ef4d56c863b36c8d3c39e3c2efcf4a7c Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Fri, 1 Nov 2013 11:28:53 +0100
Subject: [PATCH] ike: Don't immediately DPD after deferred DELETEs following IKE_SA rekeying
Some peers seem to defer DELETEs a few seconds after rekeying the IKE_SA, which
is perfectly valid. For short(er) DPD delays, this leads to the situation where
we send a DPD request during set_state(), but the IKE_SA has no hosts set yet.
Avoid that DPD by resetting the INBOUND timestamp during set_state().
---
src/libcharon/sa/ike_sa.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 0282087..d482f8b 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -687,6 +687,14 @@ METHOD(ike_sa_t, set_state, void,
DBG1(DBG_IKE, "maximum IKE_SA lifetime %ds", t);
}
trigger_dpd = this->peer_cfg->get_dpd(this->peer_cfg);
+ if (trigger_dpd)
+ {
+ /* Some peers delay the DELETE after rekeying an IKE_SA.
+ * If this delay is longer than our DPD delay, we would
+ * send a DPD request here. The IKE_SA is not ready to do
+ * so yet, so prevent that. */
+ this->stats[STAT_INBOUND] = this->stats[STAT_ESTABLISHED];
+ }
}
break;
}
--
1.7.4.1