rpms/ipsec-tools/F-8 ipsec-tools-0.7-splitcidr.patch, NONE, 1.1 ipsec-tools.spec, 1.49, 1.50

Steve Conklin (sconklin) fedora-extras-commits at redhat.com
Mon Mar 24 14:09:16 UTC 2008


Author: sconklin

Update of /cvs/pkgs/rpms/ipsec-tools/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30312

Modified Files:
	ipsec-tools.spec 
Added Files:
	ipsec-tools-0.7-splitcidr.patch 
Log Message:
Added patch for bz273261


ipsec-tools-0.7-splitcidr.patch:

--- NEW FILE ipsec-tools-0.7-splitcidr.patch ---
diff -NarU5 ipsec-tools-0.7-cvs071018.orig/src/racoon/isakmp_cfg.c ipsec-tools-0.7-cvs071018/src/racoon/isakmp_cfg.c
--- ipsec-tools-0.7-cvs071018.orig/src/racoon/isakmp_cfg.c	2007-06-07 16:04:26.000000000 -0400
+++ ipsec-tools-0.7-cvs071018/src/racoon/isakmp_cfg.c	2007-10-18 16:33:07.000000000 -0400
@@ -1875,10 +1875,11 @@
 	int *envc;
 {
 	char addrstr[IP_MAX];
 	char addrlist[IP_MAX * MAXNS + MAXNS];
 	char *splitlist = addrlist;
+	char *splitlist_cidr;
 	char defdom[MAXPATHLEN + 1];
 	int cidr, tmp;
 	char cidrstr[4];
 	int i, p;
 	int test;
@@ -2015,37 +2016,61 @@
 		    "Cannot set DEFAULT_DOMAIN\n");
 		return -1;
 	}
 
 	/* Split networks */
-	if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_INCLUDE)
-		splitlist = splitnet_list_2str(iph1->mode_cfg->split_include);
-	else {
+	if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_INCLUDE) {
+		splitlist = 
+		    splitnet_list_2str(iph1->mode_cfg->split_include, 0);
+		splitlist_cidr = 
+		    splitnet_list_2str(iph1->mode_cfg->split_include, 1);
+	} else {
 		splitlist = addrlist;
+		splitlist_cidr = addrlist;
 		addrlist[0] = '\0';
 	}
 
 	if (script_env_append(envp, envc, "SPLIT_INCLUDE", splitlist) != 0) {
 		plog(LLV_ERROR, LOCATION, NULL, "Cannot set SPLIT_INCLUDE\n");
 		return -1;
 	}
+	if (script_env_append(envp, envc, 
+	    "SPLIT_INCLUDE_CIDR", splitlist_cidr) != 0) {
+		plog(LLV_ERROR, LOCATION, NULL,
+		     "Cannot set SPLIT_INCLUDE_CIDR\n");
+		return -1;
+	}
 	if (splitlist != addrlist)
 		racoon_free(splitlist);
+	if (splitlist_cidr != addrlist)
+		racoon_free(splitlist_cidr);
 
-	if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_LOCAL)
-		splitlist = splitnet_list_2str(iph1->mode_cfg->split_local);
-	else {
+	if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_LOCAL) {
+		splitlist =
+		    splitnet_list_2str(iph1->mode_cfg->split_local, 0);
+		splitlist_cidr =
+		    splitnet_list_2str(iph1->mode_cfg->split_local, 1);
+	} else {
 		splitlist = addrlist;
+		splitlist_cidr = addrlist;
 		addrlist[0] = '\0';
 	}
 
 	if (script_env_append(envp, envc, "SPLIT_LOCAL", splitlist) != 0) {
 		plog(LLV_ERROR, LOCATION, NULL, "Cannot set SPLIT_LOCAL\n");
 		return -1;
 	}
+	if (script_env_append(envp, envc,
+	    "SPLIT_LOCAL_CIDR", splitlist_cidr) != 0) {
+		plog(LLV_ERROR, LOCATION, NULL,
+		     "Cannot set SPLIT_LOCAL_CIDR\n");
+		return -1;
+	}
 	if (splitlist != addrlist)
 		racoon_free(splitlist);
+	if (splitlist_cidr != addrlist)
+		racoon_free(splitlist_cidr);
 	
 	return 0;
 }
 
 int
diff -NarU5 ipsec-tools-0.7-cvs071018.orig/src/racoon/isakmp_unity.c ipsec-tools-0.7-cvs071018/src/racoon/isakmp_unity.c
--- ipsec-tools-0.7-cvs071018.orig/src/racoon/isakmp_unity.c	2007-09-19 15:20:25.000000000 -0400
+++ ipsec-tools-0.7-cvs071018/src/racoon/isakmp_unity.c	2007-10-18 18:11:19.000000000 -0400
@@ -361,12 +361,13 @@
 		netentry = netentry->next;
 		racoon_free(delentry);
 	}
 }
 
-char * splitnet_list_2str(list)
+char * splitnet_list_2str(list, do_cidr)
 	struct unity_netentry * list;
+	int do_cidr;
 {
 	struct unity_netentry * netentry;
 	char tmp1[40];
 	char tmp2[40];
 	char * str;
@@ -396,12 +397,21 @@
 	netentry = list;
 	while (netentry != NULL) {
 
 		inet_ntop(AF_INET, &netentry->network.addr4, tmp1, 40);
 		inet_ntop(AF_INET, &netentry->network.mask4, tmp2, 40);
-
-		len += sprintf(str+len, "%s/%s ", tmp1, tmp2);
+		if (do_cidr) {
+			uint32_t tmp3;
+			int cidrmask;
+
+			tmp3 = ntohl(netentry->network.mask4.s_addr);
+			for (cidrmask = 0; tmp3 != 0; cidrmask++)
+				tmp3 <<= 1;
+			len += sprintf(str+len, "%s/%d ", tmp1, cidrmask);
+		} else {
+			len += sprintf(str+len, "%s/%s ", tmp1, tmp2);
+		}
 
 		netentry = netentry->next;
 	}
 
 	str[len-1]=0;
diff -NarU5 ipsec-tools-0.7-cvs071018.orig/src/racoon/isakmp_unity.h ipsec-tools-0.7-cvs071018/src/racoon/isakmp_unity.h
--- ipsec-tools-0.7-cvs071018.orig/src/racoon/isakmp_unity.h	2006-09-09 12:22:09.000000000 -0400
+++ ipsec-tools-0.7-cvs071018/src/racoon/isakmp_unity.h	2007-10-18 14:31:34.000000000 -0400
@@ -64,9 +64,9 @@
 	struct unity_netentry   *next;
 };
 
 int	splitnet_list_add(struct unity_netentry **, struct unity_network *, int *);
 void	splitnet_list_free(struct unity_netentry *, int *);
-char *	splitnet_list_2str(struct unity_netentry *);
+char *	splitnet_list_2str(struct unity_netentry *, int);
 
 vchar_t *isakmp_unity_req(struct ph1handle *, struct isakmp_data *);
 void isakmp_unity_reply(struct ph1handle *, struct isakmp_data *);


Index: ipsec-tools.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ipsec-tools/F-8/ipsec-tools.spec,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -r1.49 -r1.50
--- ipsec-tools.spec	25 Feb 2008 16:39:01 -0000	1.49
+++ ipsec-tools.spec	24 Mar 2008 14:08:38 -0000	1.50
@@ -1,6 +1,6 @@
 Name: ipsec-tools
 Version: 0.7
-Release: 7%{?dist}
+Release: 8%{?dist}
 Summary: Tools for configuring and using IPSEC
 License: BSD
 Group: System Environment/Base
@@ -20,6 +20,7 @@
 # and these
 Patch7: ipsec-tools-0.7-contextsize.patch
 Patch8: ipsec-tools-0.7-newcookie-alen.patch
+Patch9: ipsec-tools-0.7-splitcidr.patch
  
 BuildRequires: openssl-devel, krb5-devel, bison, flex, automake, libtool
 BuildRequires: libselinux-devel >= 1.30.28-2
@@ -45,6 +46,7 @@
 %patch6 -p1 -b .dupsplit
 %patch7 -p1 -b .ctxsize
 %patch8 -p1 -b .newcookie-alen
+%patch9 -p1 -b .splitcidr
 
 ./bootstrap
 
@@ -122,6 +124,10 @@
 %config(noreplace) /etc/racoon/racoon.conf
 
 %changelog
+* Mon Mar 24 2008 Steve Conklin <sconklin at redhat.com> - 0.7-8
+-  Resolves bz#273261 remote-access client connection to Cisco ASA
+- (was filed against rawhide)
+
 * Mon Feb 25 2008 Steve Conklin <sconklin at redhat.com> - 0.7-7
 - Bump for spec file error
 




More information about the fedora-extras-commits mailing list