Sophie

Sophie

distrib > Fedora > 15 > i386 > by-pkgid > a5fb171f43b6ceb43dd802e69071f31e > files > 4

openswan-2.6.32-1.fc15.src.rpm

diff -urNp openswan-2.6.32-orig/programs/auto/auto.in openswan-2.6.32-cvs-patched/programs/auto/auto.in
--- openswan-2.6.32-orig/programs/auto/auto.in	2010-12-20 12:44:19.131079851 -0500
+++ openswan-2.6.32-cvs-patched/programs/auto/auto.in	2010-12-20 13:00:14.472322422 -0500
@@ -40,6 +40,112 @@ op=
 argc=
 utc=
 
+defaultinterface() {
+	local getphysdev getifaddr addr phys next multiaddr multidefault
+	addr=
+	phys=
+	next=
+	multiaddr=
+	multidefault=
+
+	getphysdev() {
+	    local phys next addr
+	    phys=
+	    next=
+	    addr=
+	    while test $# -gt 0
+	      do
+	      case $1 in
+		  dev)
+		      phys=$2
+		      shift; shift;
+		      ;;
+		  via)
+		      next=$2
+		      shift; shift;
+		      ;;
+		  src)
+		      addr=$2
+		      shift; shift
+		      ;;
+		  *)
+		      shift
+		      ;;
+	      esac
+	    done
+	    echo "phys=$phys"
+	    echo "next=$next"
+	    echo "addr=$addr"
+	}
+
+	getifaddr() {
+	    local addr peer
+	    addr=
+	    peer=
+	    while test $# -gt 0
+	      do
+	      case $1 in
+		  inet)
+		      addr=$2
+		      shift; shift
+		      ;;
+		  peer)
+		      peer=$2
+		      shift; shift
+		      ;;
+		  *)
+		      shift
+		      ;;
+	      esac
+	    done
+	    if test -n "$peer"
+	    then
+		echo "next=${peer%/*}"
+	    fi
+	    echo "addr=${addr%/*}"
+	}
+
+	iproutedefault=`ip route list 0.0.0.0/0`
+	if test -n "$iproutedefault"
+	then
+	  if test `echo "$iproutedefault" | wc -l` -gt 1
+	  then
+	    multidefault=1
+	    iproutedefault=`echo $iproutedefault | head -1`
+	  fi
+	  eval `getphysdev $iproutedefault`
+	  if test -z "$next" -o -z "$addr" -a -n "$phys"
+	  then
+	    ipaddrlist=`ip -o -f inet addr list dev $phys` 
+	    if test `echo "$ipaddrlist" | wc -l` -gt 1
+	    then
+	      multiaddr=1
+	      ipaddrlist=`echo "$ipaddrlist" | head -1`
+	    fi
+	    eval `getifaddr $ipaddrlist`
+	  fi
+	  if test -n "$multidefault"
+	  then
+	    echo "multiple default routes, using $next on $phys"
+	  fi
+	  if test -n "$multiaddr"
+	  then
+	    echo "multiple ip addresses, using  $addr on $phys"
+	  fi
+	else
+	  echo "no default routes detected"
+	fi
+	# simulate old silly output
+	echo "defaultroutephys=$phys" > $info
+	echo "defaultroutevirt=none" >> $info
+	echo "defaultrouteaddr=$addr" >> $info
+	echo  "defaultroutenexthop=$next" >> $info
+}
+
+
+# calling this routine here again to update default network information in /var/run/pluto/ipsec.info
+defaultinterface
+
 for dummy
 do
 	case "$1" in
diff -urNp openswan-2.6.32-orig/programs/pluto/connections.c openswan-2.6.32-cvs-patched/programs/pluto/connections.c
--- openswan-2.6.32-orig/programs/pluto/connections.c	2010-12-20 12:44:19.134079957 -0500
+++ openswan-2.6.32-cvs-patched/programs/pluto/connections.c	2010-12-20 13:01:25.851335389 -0500
@@ -462,7 +462,7 @@ check_orientations(void)
     }
 }
 
-static err_t
+err_t
 default_end(struct end *e, ip_address *dflt_nexthop)
 {
     err_t ugh = NULL;
@@ -1054,7 +1054,8 @@ check_connection_end(const struct whack_
     }
 
     /* MAKE this more sane in the face of unresolved IP addresses */
-    if (that->host_type != KH_IPHOSTNAME && isanyaddr(&that->host_addr))
+    /* that->host_type != KH_DEFAULTROUTE for cases when network is not up at the boot time*/
+    if (that->host_type != KH_IPHOSTNAME && that->host_type != KH_DEFAULTROUTE && isanyaddr(&that->host_addr))
     {
 	/* other side is wildcard: we must check if other conditions met */
 	if (that->host_type != KH_IPHOSTNAME && isanyaddr(&this->host_addr))
diff -urNp openswan-2.6.32-orig/programs/pluto/connections.h openswan-2.6.32-cvs-patched/programs/pluto/connections.h
--- openswan-2.6.32-orig/programs/pluto/connections.h	2010-12-20 12:44:19.142080260 -0500
+++ openswan-2.6.32-cvs-patched/programs/pluto/connections.h	2010-12-20 13:03:58.009321916 -0500
@@ -291,6 +291,8 @@ extern size_t format_end(char *buf, size
     , const struct end *this, const struct end *that
     , bool is_left, lset_t policy);
 
+extern err_t default_end(struct end *e, ip_address *dflt_nexthop);
+
 struct whack_message;	/* forward declaration of tag whack_msg */
 extern void add_connection(const struct whack_message *wm);
 extern void initiate_connection(const char *name
diff -urNp openswan-2.6.32-orig/programs/pluto/initiate.c openswan-2.6.32-cvs-patched/programs/pluto/initiate.c
--- openswan-2.6.32-orig/programs/pluto/initiate.c	2010-12-20 12:44:19.132080073 -0500
+++ openswan-2.6.32-cvs-patched/programs/pluto/initiate.c	2010-12-20 13:02:55.006321969 -0500
@@ -158,6 +158,121 @@ struct initiate_stuff {
     enum crypto_importance importance;
 };
 
+
+static int 
+resolve_and_reorient(struct connection *c) {
+
+    /* Connection is not oriented, and this may be because the connection was loaded when network was not up due to unresolved ip (atleast this or that) addresses */
+    /* Now connection is being initiated, and assuming network is up, we are trying once more to resolve ip addresses, */
+    /* and to add new network interfaces, and to orient the connections. */
+
+    if (!oriented(*c) && &c->spd != NULL && ( isanyaddr(&c->spd.this.host_addr) || isanyaddr(&c->spd.that.host_addr) ) ) {
+		char filedata[200]; /*size is set randonly*/
+		FILE *fp;
+		size_t bytes;
+		char value[20]; /*size is set randomly*/
+		char *tmp;
+
+		/* Reading the file /var/run/pluto/ipsec.info to obtain default route address ("defaultrouteaddr") after network is up*/
+		fp=fopen("/var/run/pluto/ipsec.info","r");
+
+		if(fp == NULL) {
+		DBG(DBG_CONTROLMORE, DBG_log("Error in opening /var/run/pluto/ipsec.info"));
+		return 0;
+		}
+
+		bytes=fread(filedata, 1, sizeof(filedata)-1, fp);
+		filedata[bytes]='\0';
+                value[0]='\0';
+		fclose(fp);
+
+		if(bytes==0){
+		DBG(DBG_CONTROLMORE, DBG_log("Error reading /var/run/pluto/ipsec.info or file empty"));
+		return 0;
+		}
+
+		unsigned int i = 0;
+		do
+		{
+		int start = i;
+		unsigned int slen;
+
+		while (filedata[i] != '\r' && filedata[i] != '\n' && i < bytes) i++;
+		filedata[i++] = '\0';
+
+		while ( (i<bytes) && (filedata[i] == '\r' || filedata[i] == '\n')) {
+		filedata[i++] = '\0';
+		}
+
+		tmp = &filedata[start];
+
+		if (strncmp(tmp, "defaultrouteaddr", strlen("defaultrouteaddr"))) continue;
+		slen = strlen(tmp);
+
+		if (slen < strlen("defaultrouteaddr")+1) continue;
+		if (tmp[strlen("defaultrouteaddr")] != '=') continue;
+		strcpy(value, &tmp[strlen("defaultrouteaddr")+1]);
+		break;
+
+		} while (i<bytes);
+
+	/*Trying to resolve "this" end*/
+	if(c->spd.this.host_type == KH_DEFAULTROUTE && isanyaddr(&c->spd.this.host_addr)) {
+	err_t e;
+	
+        e = ttoaddr(value, 0, 0, &c->spd.this.host_addr);
+        	if(e) {
+            	DBG(DBG_CONTROLMORE, DBG_log("we can not yet resolve this defaultrouteaddr"));
+		return 0;
+        	}		
+	} 
+	else if (c->spd.this.host_type == KH_IPHOSTNAME && isanyaddr(&c->spd.this.host_addr)) {
+        err_t e;
+        e = ttoaddr(c->spd.this.host_addr_name, 0, 0, &c->spd.this.host_addr);
+                if(e) {
+                DBG(DBG_CONTROLMORE, DBG_log("we can not yet resolve this ip address string"));
+                return 0;
+                }
+	}
+
+	/*Trying to resolve "that", and also another reason for doing this is that as the connection is not yet oriented, so it is not known which end is which*/
+        if(c->spd.that.host_type == KH_DEFAULTROUTE &&  isanyaddr(&c->spd.that.host_addr) ) {
+        err_t e;
+
+        e = ttoaddr(value, 0, 0, &c->spd.that.host_addr);
+                if(e) {
+                DBG(DBG_CONTROLMORE, DBG_log("we can not yet resolve that defaultrouteaddr"));
+                return 0;
+                }
+        } 
+        else if (c->spd.that.host_type == KH_IPHOSTNAME && isanyaddr(&c->spd.that.host_addr)) {
+        err_t e;
+        e = ttoaddr(c->spd.that.host_addr_name, 0, 0, &c->spd.that.host_addr);
+                if(e) {
+                DBG(DBG_CONTROLMORE, DBG_log("we can not yet resolve that ip address string"));
+                return 0;
+                }
+        }
+
+	/* If both this and that are resolved, only then proceed*/
+	if ( !isanyaddr(&c->spd.this.host_addr) && !isanyaddr(&c->spd.that.host_addr)) { 
+
+	/*Once ip addresses are resolved, setting boths end again*/
+	default_end(&c->spd.this, &c->spd.that.host_addr);
+    default_end(&c->spd.that, &c->spd.this.host_addr);
+
+	/*Now when ip addresses are resolved, adding new network interfaces after network is up*/
+	find_ifaces();
+
+	/*Due to the unresolved ip addresses this connection may have been set to CK_TEMPLATE, setting it to CK_PERMANENT as ip addresses are resolved now.*/
+	c->kind = CK_PERMANENT;
+	}
+    }
+
+
+return 1;
+}
+
 static int
 initiate_a_connection(struct connection *c
 		      , void *arg)
@@ -172,9 +287,14 @@ initiate_a_connection(struct connection 
 
     /* turn on any extra debugging asked for */
     c->extra_debugging |= moredebug;
-    
-    if (!oriented(*c))
-    {
+
+    if (!oriented(*c)) {
+	/*Lets try to resolve and reorient the connection once more, assuming network connection is up now*/
+	resolve_and_reorient(c);
+    }
+
+    if (!oriented(*c)) {
+
 	loglog(RC_ORIENT, "We cannot identify ourselves with either end of this connection.");
     }
     else if (NEVER_NEGOTIATE(c->policy))

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional