webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

strongswan: Update to 5.1.2dr3.

Browse Source
This commit is contained in:
Michael Tremer
2014-02-07 14:49:03 +01:00
parent 2cce1559f2
commit e360e50ac4
2 changed files with 2 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lfs/strongswan
View File

@@ -24,7 +24,7 @@
include Config
VER = 5.1.1
VER = 5.1.2dr3
THISAPP = strongswan-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = e3af3d493d22286be3cd794533a8966a
$(DL_FILE)_MD5 = 0a2aba6b0682cc01eb4f9bbeb94bc481
install : $(TARGET)
@@ -79,7 +79,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.0.2_ipfire.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.1.1-delay-dpd.patch
cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh
cd $(DIR_APP) && ./configure \

35
src/patches/strongswan-5.1.1-delay-dpd.patch
View File

@@ -1,35 +0,0 @@
From b76e96e2ef4d56c863b36c8d3c39e3c2efcf4a7c Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Fri, 1 Nov 2013 11:28:53 +0100
Subject: [PATCH] ike: Don't immediately DPD after deferred DELETEs following IKE_SA rekeying
Some peers seem to defer DELETEs a few seconds after rekeying the IKE_SA, which
is perfectly valid. For short(er) DPD delays, this leads to the situation where
we send a DPD request during set_state(), but the IKE_SA has no hosts set yet.
Avoid that DPD by resetting the INBOUND timestamp during set_state().
---
src/libcharon/sa/ike_sa.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 0282087..d482f8b 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -687,6 +687,14 @@ METHOD(ike_sa_t, set_state, void,
DBG1(DBG_IKE, "maximum IKE_SA lifetime %ds", t);
}
trigger_dpd = this->peer_cfg->get_dpd(this->peer_cfg);
+ if (trigger_dpd)
+ {
+ /* Some peers delay the DELETE after rekeying an IKE_SA.
+ * If this delay is longer than our DPD delay, we would
+ * send a DPD request here. The IKE_SA is not ready to do
+ * so yet, so prevent that. */
+ this->stats[STAT_INBOUND] = this->stats[STAT_ESTABLISHED];
+ }
}
break;
}
--
1.7.4.1