diff options
author | cegger <cegger@pkgsrc.org> | 2011-03-05 17:54:17 +0000 |
---|---|---|
committer | cegger <cegger@pkgsrc.org> | 2011-03-05 17:54:17 +0000 |
commit | 5fc8c475816afe29b82c69569b4bb1c453fef883 (patch) | |
tree | f70ecf5bf339fe359a689b08d41408bf71bf8ff6 /net/vpnc | |
parent | 3f2342ca48e54dcbe2282fc41f296a288244ecc2 (diff) | |
download | pkgsrc-5fc8c475816afe29b82c69569b4bb1c453fef883.tar.gz |
Apply patches from debian:
- Bug fix: "Disconnect after an hour and loops trying to reconnect"
- Additional vpnc functionality (resolvconf, Target Networks,
DNSUpdate options)
Bump revision
Forgot to 'cvs add' the new files before. Sorry.
Diffstat (limited to 'net/vpnc')
-rw-r--r-- | net/vpnc/patches/patch-ba | 12 | ||||
-rw-r--r-- | net/vpnc/patches/patch-bb | 101 | ||||
-rw-r--r-- | net/vpnc/patches/patch-bc | 13 |
3 files changed, 126 insertions, 0 deletions
diff --git a/net/vpnc/patches/patch-ba b/net/vpnc/patches/patch-ba new file mode 100644 index 00000000000..97f2b24b2aa --- /dev/null +++ b/net/vpnc/patches/patch-ba @@ -0,0 +1,12 @@ +$NetBSD: patch-ba,v 1.1 2011/03/05 17:54:17 cegger Exp $ + +--- sysdep.h.orig 2011-03-01 13:49:38.000000000 +0000 ++++ sysdep.h +@@ -57,6 +57,7 @@ int tun_get_hwaddr(int fd, char *dev, ui + #define HAVE_FGETLN 1 + #define HAVE_UNSETENV 1 + #define HAVE_SETENV 1 ++#define HAVE_GETLINE 1 + #endif + + /***************************************************************************/ diff --git a/net/vpnc/patches/patch-bb b/net/vpnc/patches/patch-bb new file mode 100644 index 00000000000..eb5768334c8 --- /dev/null +++ b/net/vpnc/patches/patch-bb @@ -0,0 +1,101 @@ +$NetBSD: patch-bb,v 1.1 2011/03/05 17:54:17 cegger Exp $ + +--- vpnc.c.orig 2008-11-19 20:55:51.000000000 +0000 ++++ vpnc.c +@@ -360,6 +360,8 @@ static void config_tunnel(struct sa_bloc + { + setenv("VPNGATEWAY", inet_ntoa(s->dst), 1); + setenv("reason", "connect", 1); ++ setenv("DNS_UPDATE", config[CONFIG_DNS_UPDATE], 1); ++ setenv("TARGET_NETWORKS", config[CONFIG_TARGET_NETWORKS], 1); + system(config[CONFIG_SCRIPT]); + } + +@@ -1147,7 +1149,7 @@ static struct isakmp_payload *make_our_s + + static void lifetime_ike_process(struct sa_block *s, struct isakmp_attribute *a) + { +- uint32_t value; ++ uint32_t value = 0; + + assert(a != NULL); + assert(a->type == IKE_ATTRIB_LIFE_TYPE); +@@ -1174,7 +1176,7 @@ static void lifetime_ike_process(struct + + static void lifetime_ipsec_process(struct sa_block *s, struct isakmp_attribute *a) + { +- uint32_t value; ++ uint32_t value = 0; + + assert(a != NULL); + assert(a->type == ISAKMP_IPSEC_ATTRIB_SA_LIFE_TYPE); +@@ -2861,28 +2863,34 @@ static void do_phase2_qm(struct sa_block + free(dh_shared_secret); + free_isakmp_packet(r); + +- if ((opt_natt_mode == NATT_CISCO_UDP) && s->ipsec.peer_udpencap_port) { +- s->esp_fd = make_socket(s, opt_udpencapport, s->ipsec.peer_udpencap_port); +- s->ipsec.encap_mode = IPSEC_ENCAP_UDP_TUNNEL; +- s->ipsec.natt_active_mode = NATT_ACTIVE_CISCO_UDP; +- } else if (s->ipsec.encap_mode != IPSEC_ENCAP_TUNNEL) { +- s->esp_fd = s->ike_fd; +- } else { ++ if (s->esp_fd == 0) { ++ if ((opt_natt_mode == NATT_CISCO_UDP) && s->ipsec.peer_udpencap_port) { ++ s->esp_fd = make_socket(s, opt_udpencapport, s->ipsec.peer_udpencap_port); ++ s->ipsec.encap_mode = IPSEC_ENCAP_UDP_TUNNEL; ++ s->ipsec.natt_active_mode = NATT_ACTIVE_CISCO_UDP; ++ } else if (s->ipsec.encap_mode != IPSEC_ENCAP_TUNNEL) { ++ s->esp_fd = s->ike_fd; ++ } else { + #ifdef IP_HDRINCL +- int hincl = 1; ++ int hincl = 1; + #endif + +- s->esp_fd = socket(PF_INET, SOCK_RAW, IPPROTO_ESP); +- if (s->esp_fd == -1) { +- close_tunnel(s); +- error(1, errno, "Couldn't open socket of ESP. Maybe something registered ESP already.\nPlease try '--natt-mode force-natt' or disable whatever is using ESP.\nsocket(PF_INET, SOCK_RAW, IPPROTO_ESP)"); +- } ++ s->esp_fd = socket(PF_INET, SOCK_RAW, IPPROTO_ESP); ++ if (s->esp_fd == -1) { ++ close_tunnel(s); ++ error(1, errno, "Couldn't open socket of ESP. Maybe something registered ESP already.\nPlease try '--natt-mode force-natt' or disable whatever is using ESP.\nsocket(PF_INET, SOCK_RAW, IPPROTO_ESP)"); ++ } ++#ifdef FD_CLOEXEC ++ /* do not pass socket to vpnc-script, etc. */ ++ fcntl(s->esp_fd, F_SETFD, FD_CLOEXEC); ++#endif + #ifdef IP_HDRINCL +- if (setsockopt(s->esp_fd, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof(hincl)) == -1) { +- close_tunnel(s); +- error(1, errno, "setsockopt(esp_fd, IPPROTO_IP, IP_HDRINCL, 1)"); +- } ++ if (setsockopt(s->esp_fd, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof(hincl)) == -1) { ++ close_tunnel(s); ++ error(1, errno, "setsockopt(esp_fd, IPPROTO_IP, IP_HDRINCL, 1)"); ++ } + #endif ++ } + } + + s->ipsec.rx.seq_id = s->ipsec.tx.seq_id = 1; +@@ -3224,9 +3232,14 @@ void process_late_ike(struct sa_block *s + */ + /* FIXME: any cleanup needed??? */ + +- free_isakmp_packet(r); +- do_phase2_qm(s); +- return; ++ if (rp->u.d.num_spi >= 1 && memcmp(rp->u.d.spi[0], &s->ipsec.tx.spi, 4) == 0) { ++ free_isakmp_packet(r); ++ do_phase2_qm(s); ++ return; ++ } else { ++ DEBUG(2, printf("got isakmp delete with bogus spi, ignoring...\n")); ++ continue; ++ } + } + /* skip ipsec-esp delete */ + if (rp->u.d.protocol != ISAKMP_IPSEC_PROTO_ISAKMP) { diff --git a/net/vpnc/patches/patch-bc b/net/vpnc/patches/patch-bc new file mode 100644 index 00000000000..0afcbdc896a --- /dev/null +++ b/net/vpnc/patches/patch-bc @@ -0,0 +1,13 @@ +$NetBSD: patch-bc,v 1.1 2011/03/05 17:54:17 cegger Exp $ + +--- config.h.orig 2008-11-19 20:36:12.000000000 +0000 ++++ config.h +@@ -58,6 +58,8 @@ enum config_enum { + CONFIG_AUTH_MODE, + CONFIG_CA_FILE, + CONFIG_CA_DIR, ++ CONFIG_DNS_UPDATE, ++ CONFIG_TARGET_NETWORKS, + LAST_CONFIG + }; + |