The racoon session code copies an fd_set from one variable into another
prior to calling select. That works well for simple structures.
In libbsd we have to allocate fd_sets instead of using fixed structures
to avoid a problem with file numbers bigger than FD_SETSIZE. The simple
assignment didn't work in that case.
This patch makes sure that a memcpy is used instead.
Update #4913
By default, pfkey allocates a 2MB buffer that is used for SPD entries.
This size is a good choice for a server system where a lot of clients
should be handled. But on our embedded systems, an application with that
much clients is unlikely and 2MB is a lot of space. So reduce that to
the default value of 128kB which should be enough for a small number of
ipsec connections.
See https://bugzilla.redhat.com/show_bug.cgi?id=607361 for more details
why the upstream project originally increased the size.
If someone really needs a bigger size, there is a option in the
configuration file of pfkey called `pfkey_buffer` that can overwrite
this value.
Closes#4621
setkey uses pfkey_open to open a socket. But setkey doesn't close the
socket.
The libipsec functions are used only by user space applications (setkey
and racoon). Adding the wrapper for socket makes sure that the opened
socket is registered and closes if the application exits.
Fixes#4405
Git mirror commit 59f44d20be3f99d181ca742e636d45fc39ec982b.
This commit updates OpenSSL to version 1.1.1. This required an update
of racoon which uses some internal stuff from OpenSSL and seems to be
mostly unmaintained, e.g. there is update in the FreeBSD ports to cope
with OpenSSL 1.1.1.
Update #3472.
Import unchanged ipsec-tools sources in the release version 0.8.2. The
homepage of ipsec-tools is http://ipsec-tools.sourceforge.net/. The
sources can be obtained from there.
