2018-02-19 23:13:58 +00:00
|
|
|
diff -Naur libreswan-3.23-orig/programs/pluto/kernel_netlink.c libreswan-3.23/programs/pluto/kernel_netlink.c
|
|
|
|
--- libreswan-3.23-orig/programs/pluto/kernel_netlink.c 2018-01-25 15:19:46.000000000 -0500
|
2018-02-20 00:05:10 +00:00
|
|
|
+++ libreswan-3.23/programs/pluto/kernel_netlink.c 2018-02-19 18:56:24.433527475 -0500
|
2018-02-19 23:13:58 +00:00
|
|
|
@@ -51,8 +51,9 @@
|
|
|
|
#include <linux/if_addr.h>
|
|
|
|
#include <linux/if_link.h>
|
|
|
|
|
|
|
|
-#include "libreswan.h" /* before xfrm.h otherwise break on F22 */
|
|
|
|
+//#include <netinet/in.h>
|
|
|
|
#include "linux/xfrm.h" /* local (if configured) or system copy */
|
|
|
|
+#include "libreswan.h" /* before xfrm.h otherwise break on F22 */
|
|
|
|
|
|
|
|
#include "libreswan/pfkeyv2.h"
|
|
|
|
#include "libreswan/pfkey.h"
|
|
|
|
diff -Naur libreswan-3.23-orig/programs/pluto/linux_audit.c libreswan-3.23/programs/pluto/linux_audit.c
|
|
|
|
--- libreswan-3.23-orig/programs/pluto/linux_audit.c 2018-01-25 15:19:46.000000000 -0500
|
2018-02-20 00:05:10 +00:00
|
|
|
+++ libreswan-3.23/programs/pluto/linux_audit.c 2018-02-19 18:58:51.356837932 -0500
|
2018-02-19 23:13:58 +00:00
|
|
|
@@ -74,6 +74,15 @@
|
|
|
|
|
|
|
|
#include "pluto_stats.h"
|
|
|
|
|
|
|
|
+#if __GNUC__ >= 7
|
|
|
|
+ /*
|
|
|
|
+ * GCC 7+ warns about the following calls that truncate a string using
|
|
|
|
+ * snprintf(). We are truncating the log message for a reason.
|
|
|
|
+ */
|
|
|
|
+#pragma GCC diagnostic push
|
|
|
|
+#pragma GCC diagnostic ignored "-Wformat-truncation"
|
|
|
|
+#endif
|
|
|
|
+
|
|
|
|
static bool log_to_audit = FALSE; /* audit log messages for kernel */
|
|
|
|
|
|
|
|
void linux_audit_init(void)
|
2018-02-20 00:05:10 +00:00
|
|
|
@@ -159,13 +168,13 @@
|
|
|
|
char raddr[ADDRTOT_BUF];
|
|
|
|
char laddr[ADDRTOT_BUF];
|
|
|
|
char audit_str[AUDIT_LOG_SIZE];
|
|
|
|
- char cipher_str[AUDIT_LOG_SIZE];
|
|
|
|
- char spi_str[AUDIT_LOG_SIZE];
|
|
|
|
+ char cipher_str[20];
|
|
|
|
+ char spi_str[20];
|
|
|
|
struct connection *const c = st->st_connection;
|
|
|
|
bool initiator = FALSE;
|
|
|
|
char head[IDTOA_BUF];
|
|
|
|
- char integname[IDTOA_BUF];
|
|
|
|
- char prfname[IDTOA_BUF];
|
|
|
|
+ char integname[20];
|
|
|
|
+ char prfname[20];
|
|
|
|
struct esb_buf esb, esb2;
|
|
|
|
/* we need to free() this */
|
|
|
|
char *conn_encode = audit_encode_nv_string("conn-name",c->name,0);
|
2018-02-19 23:13:58 +00:00
|
|
|
@@ -300,3 +309,6 @@
|
|
|
|
AUDIT_CRYPTO_IPSEC_SA : AUDIT_CRYPTO_IKE_SA,
|
|
|
|
audit_str, raddr, AUDIT_RESULT_OK);
|
|
|
|
}
|
|
|
|
+#if __GNUC__ >= 7
|
|
|
|
+#pragma GCC diagnostic pop
|
|
|
|
+#endif
|
|
|
|
diff -Naur libreswan-3.23-orig/programs/pluto/log.h libreswan-3.23/programs/pluto/log.h
|
|
|
|
--- libreswan-3.23-orig/programs/pluto/log.h 2018-01-25 15:19:46.000000000 -0500
|
2018-02-20 00:05:10 +00:00
|
|
|
+++ libreswan-3.23/programs/pluto/log.h 2018-02-19 18:56:24.433527475 -0500
|
2018-02-19 23:13:58 +00:00
|
|
|
@@ -154,7 +154,7 @@
|
|
|
|
|
|
|
|
#ifdef USE_LINUX_AUDIT
|
|
|
|
#include <libaudit.h> /* from audit-libs devel */
|
|
|
|
-#define AUDIT_LOG_SIZE 256
|
|
|
|
+#define AUDIT_LOG_SIZE 512
|
|
|
|
/* should really be in libaudit.h */
|
|
|
|
#define AUDIT_RESULT_FAIL 0
|
|
|
|
#define AUDIT_RESULT_OK 1
|
|
|
|
diff -Naur libreswan-3.23-orig/programs/pluto/pluto_constants.c libreswan-3.23/programs/pluto/pluto_constants.c
|
|
|
|
--- libreswan-3.23-orig/programs/pluto/pluto_constants.c 2018-01-25 15:19:46.000000000 -0500
|
2018-02-20 00:05:10 +00:00
|
|
|
+++ libreswan-3.23/programs/pluto/pluto_constants.c 2018-02-19 18:56:24.434527471 -0500
|
2018-02-19 23:13:58 +00:00
|
|
|
@@ -478,7 +478,7 @@
|
|
|
|
policy &
|
|
|
|
~(POLICY_SHUNT_MASK | POLICY_FAIL_MASK),
|
|
|
|
pbitnamesbuf, sizeof(pbitnamesbuf));
|
|
|
|
- static char buf[200]; /* NOT RE-ENTRANT! I hope that it is big enough! */
|
|
|
|
+ static char buf[512]; /* NOT RE-ENTRANT! I hope that it is big enough! */
|
|
|
|
lset_t shunt = (policy & POLICY_SHUNT_MASK) >> POLICY_SHUNT_SHIFT;
|
|
|
|
lset_t fail = (policy & POLICY_FAIL_MASK) >> POLICY_FAIL_SHIFT;
|
|
|
|
|