svn commit: r442031 - in head/net/bird: . files
Olivier Cochard
olivier at FreeBSD.org
Mon May 29 19:30:32 UTC 2017
Author: olivier
Date: Mon May 29 19:30:30 2017
New Revision: 442031
URL: https://svnweb.freebsd.org/changeset/ports/442031
Log:
Fix MD5 TCP signature usage with latest tcpmd5 kernel module
PR: 21890
Submitted by: ae
Reported by: Joseph Mulloy <freebsd-bugs at joe.mulloy.me>
Approved by: melifaro (maintainer)
Fix build with option FIREWALL
PR: 217150
Submitted by: olivier
Reported by: O. Hartmann <ohartmann at walstatt.org>
Approved by: melifaro (maintainer)
Sponsored by: Orange
Added:
head/net/bird/files/patch-sysdep-bsd-setkey.h (contents, props changed)
Modified:
head/net/bird/Makefile
head/net/bird/files/bird.in
head/net/bird/files/bird6.in
head/net/bird/files/firewall_support.patch
Modified: head/net/bird/Makefile
==============================================================================
--- head/net/bird/Makefile Mon May 29 19:14:13 2017 (r442030)
+++ head/net/bird/Makefile Mon May 29 19:30:30 2017 (r442031)
@@ -3,7 +3,7 @@
PORTNAME?= bird
PORTVERSION= 1.6.3
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= net
MASTER_SITES= ftp://bird.network.cz/pub/bird/ \
http://bird.mpls.in/distfiles/bird/
Modified: head/net/bird/files/bird.in
==============================================================================
--- head/net/bird/files/bird.in Mon May 29 19:14:13 2017 (r442030)
+++ head/net/bird/files/bird.in Mon May 29 19:30:30 2017 (r442031)
@@ -29,6 +29,6 @@ extra_commands="reload"
: ${bird_enable="NO"}
: ${bird_config="%%PREFIX%%/etc/bird.conf"}
-command_args="-c $bird_config"
+command_args="-P /var/run/${name}.pid -c $bird_config"
run_rc_command "$1"
Modified: head/net/bird/files/bird6.in
==============================================================================
--- head/net/bird/files/bird6.in Mon May 29 19:14:13 2017 (r442030)
+++ head/net/bird/files/bird6.in Mon May 29 19:30:30 2017 (r442031)
@@ -29,6 +29,6 @@ extra_commands="reload"
: ${bird6_enable="NO"}
: ${bird6_config="%%PREFIX%%/etc/bird6.conf"}
-command_args="-c $bird6_config"
+command_args="-P /var/run/${name}.pid -c $bird6_config"
run_rc_command "$1"
Modified: head/net/bird/files/firewall_support.patch
==============================================================================
--- head/net/bird/files/firewall_support.patch Mon May 29 19:14:13 2017 (r442030)
+++ head/net/bird/files/firewall_support.patch Mon May 29 19:30:30 2017 (r442031)
@@ -161,7 +161,7 @@ index 0000000..aefc606
+CF_ADDTO(proto, firewall_proto '}')
+
+firewall_proto_start: proto_start FIREWALL {
-+ this_proto = proto_config_new(&proto_firewall, sizeof(struct firewall_config), $1);
++ this_proto = proto_config_new(&proto_firewall, $1);
+ this_proto->preference = 0;
+ FIREWALL_CFG->flush_start = 1;
+ FIREWALL_CFG->flush_shutdown = 1;
@@ -217,7 +217,7 @@ new file mode 100644
index 0000000..e447470
--- /dev/null
+++ proto/firewall/firewall.c
-@@ -0,0 +1,198 @@
+@@ -0,0 +1,199 @@
+/*
+ * BIRD -- Firewall Protocol Configuration
+ *
@@ -247,7 +247,7 @@ index 0000000..e447470
+#include "firewall.h"
+
+static int init_done = 0;
-+struct rate_limit rl_fw_err;
++struct tbf rl_fw_err;
+
+static void
+firewall_collect(void)
@@ -408,6 +408,7 @@ index 0000000..e447470
+ name: "Firewall",
+ template: "fw%d",
+ attr_class: EAP_FIREWALL,
++ config_size: sizeof(struct firewall_config),
+ init: firewall_init,
+ start: firewall_start,
+ shutdown: firewall_shutdown,
@@ -472,7 +473,7 @@ index 0000000..c97ed38
+extern struct protocol proto_firewall;
+
+extern struct firewall_control fw_ipfw, fw_pf, fw_ipset;
-+extern struct rate_limit rl_fw_err;
++extern struct tbf rl_fw_err;
+#define FW_ERR(x, y...) log_rl(&rl_fw_err, L_ERR x, ##y)
+
+#endif
Added: head/net/bird/files/patch-sysdep-bsd-setkey.h
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/bird/files/patch-sysdep-bsd-setkey.h Mon May 29 19:30:30 2017 (r442031)
@@ -0,0 +1,19 @@
+--- sysdep/bsd/setkey.h 2017-05-15 14:04:47.215628000 +0300
++++ sysdep/bsd/setkey.h 2017-05-15 14:05:36.850028000 +0300
+@@ -158,12 +158,14 @@ sk_set_md5_in_sasp_db(sock *s, ip_addr local, ip_addr
+ if (len > TCP_KEYLEN_MAX)
+ ERR_MSG("The password for TCP MD5 Signature is too long");
+
+- if (setkey_md5(&src, &dst, passwd, SADB_ADD) < 0)
++ if (setkey_md5(&src, &dst, passwd, SADB_ADD) < 0 ||
++ setkey_md5(&dst, &src, passwd, SADB_ADD) < 0)
+ ERR_MSG("Cannot add TCP-MD5 password into the IPsec SA/SP database");
+ }
+ else
+ {
+- if (setkey_md5(&src, &dst, NULL, SADB_DELETE) < 0)
++ if (setkey_md5(&src, &dst, NULL, SADB_DELETE) < 0 ||
++ setkey_md5(&dst, &src, NULL, SADB_DELETE) < 0)
+ ERR_MSG("Cannot delete TCP-MD5 password from the IPsec SA/SP database");
+ }
+ return 0;
More information about the svn-ports-all
mailing list