svn commit: r442031 - in head/net/bird: . files

Olivier Cochard olivier at FreeBSD.org
Mon May 29 19:30:32 UTC 2017 

Author: olivier
Date: Mon May 29 19:30:30 2017
New Revision: 442031
URL: https://svnweb.freebsd.org/changeset/ports/442031

Log:
  Fix MD5 TCP signature usage with latest tcpmd5 kernel module
  
  PR:		21890
  Submitted by:	ae
  Reported by:	Joseph Mulloy <freebsd-bugs at joe.mulloy.me>
  Approved by:	melifaro (maintainer)
  
  Fix build with option FIREWALL
  
  PR:		217150
  Submitted by:	olivier
  Reported by:	O. Hartmann <ohartmann at walstatt.org>
  Approved by:	melifaro (maintainer)
  Sponsored by:	Orange

Added:
  head/net/bird/files/patch-sysdep-bsd-setkey.h   (contents, props changed)
Modified:
  head/net/bird/Makefile
  head/net/bird/files/bird.in
  head/net/bird/files/bird6.in
  head/net/bird/files/firewall_support.patch

Modified: head/net/bird/Makefile
==============================================================================
--- head/net/bird/Makefile	Mon May 29 19:14:13 2017	(r442030)
+++ head/net/bird/Makefile	Mon May 29 19:30:30 2017	(r442031)
@@ -3,7 +3,7 @@
 
 PORTNAME?=	bird
 PORTVERSION=	1.6.3
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	net
 MASTER_SITES=	ftp://bird.network.cz/pub/bird/ \
 		http://bird.mpls.in/distfiles/bird/

Modified: head/net/bird/files/bird.in
==============================================================================
--- head/net/bird/files/bird.in	Mon May 29 19:14:13 2017	(r442030)
+++ head/net/bird/files/bird.in	Mon May 29 19:30:30 2017	(r442031)
@@ -29,6 +29,6 @@ extra_commands="reload"
 : ${bird_enable="NO"}
 : ${bird_config="%%PREFIX%%/etc/bird.conf"}
 
-command_args="-c $bird_config"
+command_args="-P /var/run/${name}.pid -c $bird_config"
 
 run_rc_command "$1"

Modified: head/net/bird/files/bird6.in
==============================================================================
--- head/net/bird/files/bird6.in	Mon May 29 19:14:13 2017	(r442030)
+++ head/net/bird/files/bird6.in	Mon May 29 19:30:30 2017	(r442031)
@@ -29,6 +29,6 @@ extra_commands="reload"
 : ${bird6_enable="NO"}
 : ${bird6_config="%%PREFIX%%/etc/bird6.conf"}
 
-command_args="-c $bird6_config"
+command_args="-P /var/run/${name}.pid -c $bird6_config"
 
 run_rc_command "$1"

Modified: head/net/bird/files/firewall_support.patch
==============================================================================
--- head/net/bird/files/firewall_support.patch	Mon May 29 19:14:13 2017	(r442030)
+++ head/net/bird/files/firewall_support.patch	Mon May 29 19:30:30 2017	(r442031)
@@ -161,7 +161,7 @@ index 0000000..aefc606
 +CF_ADDTO(proto, firewall_proto '}')
 +
 +firewall_proto_start: proto_start FIREWALL {
-+     this_proto = proto_config_new(&proto_firewall, sizeof(struct firewall_config), $1);
++     this_proto = proto_config_new(&proto_firewall, $1);
 +     this_proto->preference = 0;
 +     FIREWALL_CFG->flush_start = 1;
 +     FIREWALL_CFG->flush_shutdown = 1;
@@ -217,7 +217,7 @@ new file mode 100644
 index 0000000..e447470
 --- /dev/null
 +++ proto/firewall/firewall.c
-@@ -0,0 +1,198 @@
+@@ -0,0 +1,199 @@
 +/*
 + *	BIRD -- Firewall Protocol Configuration
 + *
@@ -247,7 +247,7 @@ index 0000000..e447470
 +#include "firewall.h"
 +
 +static int init_done = 0;
-+struct rate_limit rl_fw_err;
++struct tbf rl_fw_err;
 +
 +static void
 +firewall_collect(void)
@@ -408,6 +408,7 @@ index 0000000..e447470
 +  name:		"Firewall",
 +  template:	"fw%d",
 +  attr_class:	EAP_FIREWALL,
++  config_size:	sizeof(struct firewall_config),
 +  init:		firewall_init,
 +  start:	firewall_start,
 +  shutdown:	firewall_shutdown,
@@ -472,7 +473,7 @@ index 0000000..c97ed38
 +extern struct protocol proto_firewall;
 +
 +extern struct firewall_control fw_ipfw, fw_pf, fw_ipset;
-+extern struct rate_limit rl_fw_err;
++extern struct tbf rl_fw_err;
 +#define FW_ERR(x, y...)	log_rl(&rl_fw_err, L_ERR x, ##y)
 +
 +#endif

Added: head/net/bird/files/patch-sysdep-bsd-setkey.h
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/bird/files/patch-sysdep-bsd-setkey.h	Mon May 29 19:30:30 2017	(r442031)
@@ -0,0 +1,19 @@
+--- sysdep/bsd/setkey.h	2017-05-15 14:04:47.215628000 +0300
++++ sysdep/bsd/setkey.h	2017-05-15 14:05:36.850028000 +0300
+@@ -158,12 +158,14 @@ sk_set_md5_in_sasp_db(sock *s, ip_addr local, ip_addr 
+     if (len > TCP_KEYLEN_MAX)
+       ERR_MSG("The password for TCP MD5 Signature is too long");
+ 
+-    if (setkey_md5(&src, &dst, passwd, SADB_ADD) < 0)
++    if (setkey_md5(&src, &dst, passwd, SADB_ADD) < 0 ||
++	setkey_md5(&dst, &src, passwd, SADB_ADD) < 0)
+       ERR_MSG("Cannot add TCP-MD5 password into the IPsec SA/SP database");
+   }
+   else
+   {
+-    if (setkey_md5(&src, &dst, NULL, SADB_DELETE) < 0)
++    if (setkey_md5(&src, &dst, NULL, SADB_DELETE) < 0 ||
++	setkey_md5(&dst, &src, NULL, SADB_DELETE) < 0)
+       ERR_MSG("Cannot delete TCP-MD5 password from the IPsec SA/SP database");
+   }
+   return 0;

More information about the svn-ports-all mailing list