Fix MD5 TCP signature usage with latest tcpmd5 kernel module

PR: 21890 Submitted by: ae Reported by: Joseph Mulloy <freebsd-bugs@joe.mulloy.me> Approved by: melifaro (maintainer) Fix build with option FIREWALL PR: 217150 Submitted by: olivier Reported by: O. Hartmann <ohartmann@walstatt.org> Approved by: melifaro (maintainer) Sponsored by: Orange
svn path=/head/; revision=442031
2024-12-15 03:14:23 +00:00 · 2017-05-29 19:30:30 +00:00 · 2017-05-29 19:30:30 +00:00 · d5290f8b86 · 2021-03-31 03:12:20 +00:00
commit d5290f8b86
parent 8937bfc991
5 changed files with 27 additions and 7 deletions
--- a/net/bird/Makefile
+++ b/net/bird/Makefile
@ -3,7 +3,7 @@

 PORTNAME?=	bird
 PORTVERSION=	1.6.3
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	net
 MASTER_SITES=	ftp://bird.network.cz/pub/bird/ \
 		http://bird.mpls.in/distfiles/bird/
--- a/net/bird/files/bird.in
+++ b/net/bird/files/bird.in
@ -29,6 +29,6 @@ extra_commands="reload"
 : ${bird_enable="NO"}
 : ${bird_config="%%PREFIX%%/etc/bird.conf"}

-command_args="-c $bird_config"
+command_args="-P /var/run/${name}.pid -c $bird_config"

 run_rc_command "$1"
--- a/net/bird/files/bird6.in
+++ b/net/bird/files/bird6.in
@ -29,6 +29,6 @@ extra_commands="reload"
 : ${bird6_enable="NO"}
 : ${bird6_config="%%PREFIX%%/etc/bird6.conf"}

-command_args="-c $bird6_config"
+command_args="-P /var/run/${name}.pid -c $bird6_config"

 run_rc_command "$1"
--- a/net/bird/files/firewall_support.patch
+++ b/net/bird/files/firewall_support.patch
@ -161,7 +161,7 @@ index 0000000..aefc606
 +CF_ADDTO(proto, firewall_proto '}')
 +
 +firewall_proto_start: proto_start FIREWALL {
-+     this_proto = proto_config_new(&proto_firewall, sizeof(struct firewall_config), $1);
+     this_proto = proto_config_new(&proto_firewall, $1);
 +     this_proto->preference = 0;
 +     FIREWALL_CFG->flush_start = 1;
 +     FIREWALL_CFG->flush_shutdown = 1;
@ -217,7 +217,7 @@ new file mode 100644
 index 0000000..e447470
 --- /dev/null
 +++ proto/firewall/firewall.c
-@@ -0,0 +1,198 @@
+@@ -0,0 +1,199 @@
 +/*
 + *	BIRD -- Firewall Protocol Configuration
 + *
@ -247,7 +247,7 @@ index 0000000..e447470
 +#include "firewall.h"
 +
 +static int init_done = 0;
-+struct rate_limit rl_fw_err;
+struct tbf rl_fw_err;
 +
 +static void
 +firewall_collect(void)
@ -408,6 +408,7 @@ index 0000000..e447470
 +  name:		"Firewall",
 +  template:	"fw%d",
 +  attr_class:	EAP_FIREWALL,
+  config_size:	sizeof(struct firewall_config),
 +  init:		firewall_init,
 +  start:	firewall_start,
 +  shutdown:	firewall_shutdown,
@ -472,7 +473,7 @@ index 0000000..c97ed38
 +extern struct protocol proto_firewall;
 +
 +extern struct firewall_control fw_ipfw, fw_pf, fw_ipset;
-+extern struct rate_limit rl_fw_err;
+extern struct tbf rl_fw_err;
 +#define FW_ERR(x, y...)	log_rl(&rl_fw_err, L_ERR x, ##y)
 +
 +#endif
--- a/net/bird/files/patch-sysdep-bsd-setkey.h
+++ b/net/bird/files/patch-sysdep-bsd-setkey.h
@ -0,0 +1,19 @@
+--- sysdep/bsd/setkey.h	2017-05-15 14:04:47.215628000 +0300
+++ sysdep/bsd/setkey.h	2017-05-15 14:05:36.850028000 +0300
+@@ -158,12 +158,14 @@ sk_set_md5_in_sasp_db(sock *s, ip_addr local, ip_addr 
+     if (len > TCP_KEYLEN_MAX)
+       ERR_MSG("The password for TCP MD5 Signature is too long");
+ 
+-    if (setkey_md5(&src, &dst, passwd, SADB_ADD) < 0)
+    if (setkey_md5(&src, &dst, passwd, SADB_ADD) < 0 ||
+	setkey_md5(&dst, &src, passwd, SADB_ADD) < 0)
+       ERR_MSG("Cannot add TCP-MD5 password into the IPsec SA/SP database");
+   }
+   else
+   {
+-    if (setkey_md5(&src, &dst, NULL, SADB_DELETE) < 0)
+    if (setkey_md5(&src, &dst, NULL, SADB_DELETE) < 0 ||
+	setkey_md5(&dst, &src, NULL, SADB_DELETE) < 0)
+       ERR_MSG("Cannot delete TCP-MD5 password from the IPsec SA/SP database");
+   }
+   return 0;