rpms
/
xl2tpd
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Tue May 13 2014 Paul Wouters <pwouters@redhat.com> - 1.3.6-1

Browse Source 
- Updated to 1.3.6 - using github-only monstrosity packaging
- Resolves: rhbz#1051785 (new upstream version available)
- Resolves: rhbz#868391 xl2tpd sends response packets from wrong IP address
- Revert: rhbz#929447 Incorrect "ipparam" manipulation
- Resolves: rhbz#1055196 Don't order service after syslog.target
- Resolves: rhbz#984332 xl2tpd tmpfiles configuration file in wrong directory
- Removed patches merged in upstream.
- FIPS patch updated with advertising clause for openssl in xl2tpd -V
  (although the GPL code was already basically taken from openssl)
epel9
Paul Wouters 11 years ago
parent 19afcbe0fc
commit 38e97b03ea
15 changed files with 105 additions and 1185 deletions
Show Stats Download Patch File Download Diff File

1
.gitignore vendored
Unescape View File

@ -11,3 +11,4 @@ xl2tpd-1.2.7.tar.gz
xl2tpd-1.2.8.tar.gz
xl2tpd-1.3.0.tar.gz
xl2tpd-1.3.1.tar.gz
/xl2tpd-5619e1771048e74b729804e8602f409af0f3faea.tar.gz

2
sources
Unescape View File

@ -1 +1 @@
cf61576fef5c2d6c68279a408ec1f0d5 xl2tpd-1.3.1.tar.gz
e08e34510a97e126b324f3407c71806c xl2tpd-5619e1771048e74b729804e8602f409af0f3faea.tar.gz

436
xl2tpd-1.3.0-kernelmode.patch
Unescape View File

@ -1,436 +0,0 @@
diff --git a/Makefile b/Makefile
index 6f6481f..778f38d 100644
--- a/Makefile
+++ b/Makefile
@@ -62,8 +62,8 @@
# are packages seperately (eg kernel-headers on Fedora)
# Note: 2.6.23+ support still needs some changes in the xl2tpd source
#
-#OSFLAGS+= -DUSE_KERNEL
-#
+# Kernel mode fixed by sigwall <fionov@gmail.com>
+OSFLAGS+= -DUSE_KERNEL
#
# Uncomment the next line for FreeBSD
#
diff --git a/call.c b/call.c
index d1b1858..b672f91 100644
--- a/call.c
+++ b/call.c
@@ -680,6 +680,8 @@ struct call *get_call (int tunnel, int call, struct in_addr addr, int port,
st->peer.sin_port = port;
st->refme = refme;
st->refhim = refhim;
+ st->udp_fd = -1;
+ st->pppox_fd = -1;
bcopy (&addr, &st->peer.sin_addr, sizeof (addr));
st->next = tunnels.head;
tunnels.head = st;
diff --git a/control.c b/control.c
index 0892df9..9362ffd 100644
--- a/control.c
+++ b/control.c
@@ -596,6 +596,9 @@ int control_finish (struct tunnel *t, struct call *c)
if (gconfig.debug_state)
l2tp_log (LOG_DEBUG, "%s: sending SCCCN\n", __FUNCTION__);
control_xmit (buf);
+
+ connect_pppol2tp(t);
+
/* Schedule a HELLO */
tv.tv_sec = HELLO_DELAY;
tv.tv_usec = 0;
@@ -608,6 +611,7 @@ int control_finish (struct tunnel *t, struct call *c)
"Connection established to %s, %d. Local: %d, Remote: %d (ref=%u/%u).\n",
IPADDY (t->peer.sin_addr),
ntohs (t->peer.sin_port), t->ourtid, t->tid, t->refme, t->refhim);
+
if (t->lac)
{
/* This is part of a LAC, so we want to go ahead
@@ -635,6 +639,9 @@ int control_finish (struct tunnel *t, struct call *c)
IPADDY (t->peer.sin_addr),
ntohs (t->peer.sin_port), t->ourtid, t->tid, t->refme, t->refhim,
t->lns->entname);
+
+ connect_pppol2tp(t);
+
/* Schedule a HELLO */
tv.tv_sec = HELLO_DELAY;
tv.tv_usec = 0;
diff --git a/l2tp.h b/l2tp.h
index 2724fff..856423f 100644
--- a/l2tp.h
+++ b/l2tp.h
@@ -167,6 +167,8 @@ struct tunnel
int ourrws; /* Receive Window Size */
int rxspeed; /* Receive bps */
int txspeed; /* Transmit bps */
+ int udp_fd; /* UDP fd */
+ int pppox_fd; /* PPPOX tunnel fd */
struct call *self;
struct lns *lns; /* LNS that owns us */
struct lac *lac; /* LAC that owns us */
@@ -220,6 +222,7 @@ extern void control_xmit (void *);
extern int ppd;
extern int switch_io; /* jz */
extern int control_fd;
+extern int connect_pppol2tp(struct tunnel *t);
extern int start_pppd (struct call *c, struct ppp_opts *);
extern void magic_lac_dial (void *);
extern int get_entropy (unsigned char *, int);
diff --git a/linux/include/linux/if_pppol2tp.h b/linux/include/linux/if_pppol2tp.h
index a7d6a22..0795e4a 100644
--- a/linux/include/linux/if_pppol2tp.h
+++ b/linux/include/linux/if_pppol2tp.h
@@ -36,6 +36,20 @@ struct pppol2tp_addr
__u16 d_tunnel, d_session; /* For sending outgoing packets */
};
+/* The L2TPv3 protocol changes tunnel and session ids from 16 to 32
+ * bits. So we need a different sockaddr structure.
+ */
+struct pppol2tpv3_addr {
+ pid_t pid; /* pid that owns the fd.
+ * 0 => current */
+ int fd; /* FD of UDP or IP socket to use */
+
+ struct sockaddr_in addr; /* IP address and port to send to */
+
+ __u32 s_tunnel, s_session; /* For matching incoming packets */
+ __u32 d_tunnel, d_session; /* For sending outgoing packets */
+};
+
/* Socket options:
* DEBUG - bitmask of debug message categories
* SENDSEQ - 0 => don't send packets with sequence numbers
diff --git a/network.c b/network.c
index 241bd82..fde250e 100644
--- a/network.c
+++ b/network.c
@@ -22,6 +22,7 @@
#include <unistd.h>
#include <stdlib.h>
#include <sys/ioctl.h>
+#include <sys/wait.h>
#ifndef LINUX
# include <sys/uio.h>
#endif
@@ -36,6 +37,51 @@ int server_socket; /* Server socket */
int kernel_support; /* Kernel Support there or not? */
#endif
+#ifdef USE_KERNEL
+void modprobe() {
+ char * modules[] = { "l2tp_ppp", "pppol2tp", NULL };
+ char ** module;
+ char buf[256], *tok;
+ int pid, exit_status, fd;
+
+ FILE * fmod = fopen("/proc/modules", "r");
+
+ if (fmod == NULL)
+ return;
+
+ while (fgets(buf, 255, fmod) != NULL) {
+ if ((tok = strtok(buf, " ")) != NULL) {
+ for (module = modules; *module != NULL; ++module) {
+ if (!strcmp(*module, tok)) {
+ fclose(fmod);
+ return;
+ }
+ }
+ }
+ }
+
+ fclose(fmod);
+
+ for (module = modules; *module != NULL; ++module) {
+ if ((pid = fork()) >= 0) {
+ if (pid == 0) {
+ setenv("PATH", "/sbin:/usr/sbin:/bin:/usr/bin", 1);
+ if ((fd = open("/dev/null", O_RDWR)) > -1) {
+ dup2(fd, 1);
+ dup2(fd, 2);
+ }
+ execlp("modprobe", "modprobe", "-q", *module, (char *)NULL);
+ exit(1);
+ } else {
+ if ((pid = waitpid(pid, &exit_status, 0)) != -1 && WIFEXITED(exit_status)) {
+ if (WEXITSTATUS(exit_status) == 0)
+ return;
+ }
+ }
+ }
+ }
+}
+#endif
int init_network (void)
{
@@ -45,6 +91,7 @@ int init_network (void)
server.sin_family = AF_INET;
server.sin_addr.s_addr = gconfig.listenaddr;
server.sin_port = htons (gconfig.port);
+ int flags;
if ((server_socket = socket (PF_INET, SOCK_DGRAM, 0)) < 0)
{
l2tp_log (LOG_CRIT, "%s: Unable to allocate socket. Terminating.\n",
@@ -52,6 +99,10 @@ int init_network (void)
return -EINVAL;
};
+ flags = 1;
+ setsockopt(server_socket, SOL_SOCKET, SO_REUSEADDR, &flags, sizeof(flags));
+ setsockopt(server_socket, SOL_SOCKET, SO_NO_CHECK, &flags, sizeof(flags));
+
if (bind (server_socket, (struct sockaddr *) &server, sizeof (server)))
{
close (server_socket);
@@ -91,6 +142,7 @@ int init_network (void)
}
else
{
+ modprobe();
int kernel_fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
if (kernel_fd < 0)
{
@@ -321,6 +373,11 @@ int build_fdset (fd_set *readfds)
while (tun)
{
+ if (tun->udp_fd > -1) {
+ if (tun->udp_fd > max)
+ max = tun->udp_fd;
+ FD_SET (tun->udp_fd, readfds);
+ }
call = tun->call_head;
while (call)
{
@@ -390,6 +447,8 @@ void network_thread ()
struct iovec iov;
char cbuf[256];
unsigned int refme, refhim;
+ int * currentfd;
+ int server_socket_processed;
/* This one buffer can be recycled for everything except control packets */
buf = new_buf (MAX_RECV_SIZE);
@@ -428,7 +487,21 @@ void network_thread ()
{
do_control ();
}
- if (FD_ISSET (server_socket, &readfds))
+ server_socket_processed = 0;
+ currentfd = NULL;
+ st = tunnels.head;
+ while (st || !server_socket_processed) {
+ if (st && (st->udp_fd == -1)) {
+ st=st->next;
+ continue;
+ }
+ if (st) {
+ currentfd = &st->udp_fd;
+ } else {
+ currentfd = &server_socket;
+ server_socket_processed = 1;
+ }
+ if (FD_ISSET (*currentfd, &readfds))
{
/*
* Okay, now we're ready for reading and processing new data.
@@ -457,12 +530,19 @@ void network_thread ()
msgh.msg_flags = 0;
/* Receive one packet. */
- recvsize = recvmsg(server_socket, &msgh, 0);
+ recvsize = recvmsg(*currentfd, &msgh, 0);
if (recvsize < MIN_PAYLOAD_HDR_LEN)
{
if (recvsize < 0)
{
+ if (errno == ECONNREFUSED) {
+ close(*currentfd);
+ }
+ if ((errno == ECONNREFUSED) ||
+ (errno == EBADF)) {
+ *currentfd = -1;
+ }
if (errno != EAGAIN)
l2tp_log (LOG_WARNING,
"%s: recvfrom returned error %d (%s)\n",
@@ -567,6 +647,8 @@ void network_thread ()
}
};
}
+ if (st) st=st->next;
+ }
/*
* finished obvious sources, look for data from PPP connections.
@@ -639,3 +721,82 @@ void network_thread ()
}
}
+
+int connect_pppol2tp(struct tunnel *t) {
+#ifdef USE_KERNEL
+ if (kernel_support) {
+ int ufd = -1, fd2 = -1;
+ int flags;
+ struct sockaddr_pppol2tp sax;
+
+ struct sockaddr_in server;
+ server.sin_family = AF_INET;
+ server.sin_addr.s_addr = gconfig.listenaddr;
+ server.sin_port = htons (gconfig.port);
+ if ((ufd = socket (PF_INET, SOCK_DGRAM, 0)) < 0)
+ {
+ l2tp_log (LOG_CRIT, "%s: Unable to allocate UDP socket. Terminating.\n",
+ __FUNCTION__);
+ return -EINVAL;
+ };
+
+ flags=1;
+ setsockopt(ufd, SOL_SOCKET, SO_REUSEADDR, &flags, sizeof(flags));
+ setsockopt(ufd, SOL_SOCKET, SO_NO_CHECK, &flags, sizeof(flags));
+
+ if (bind (ufd, (struct sockaddr *) &server, sizeof (server)))
+ {
+ close (ufd);
+ l2tp_log (LOG_CRIT, "%s: Unable to bind UDP socket: %s. Terminating.\n",
+ __FUNCTION__, strerror(errno), errno);
+ return -EINVAL;
+ };
+ server = t->peer;
+ flags = fcntl(ufd, F_GETFL);
+ if (flags == -1 || fcntl(ufd, F_SETFL, flags | O_NONBLOCK) == -1) {
+ l2tp_log (LOG_WARNING, "%s: Unable to set UDP socket nonblock.\n",
+ __FUNCTION__);
+ return -EINVAL;
+ }
+ if (connect (ufd, (struct sockaddr *) &server, sizeof(server)) < 0) {
+ l2tp_log (LOG_CRIT, "%s: Unable to connect UDP peer. Terminating.\n",
+ __FUNCTION__);
+ return -EINVAL;
+ }
+
+ t->udp_fd=ufd;
+
+ fd2 = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
+ if (fd2 < 0) {
+ l2tp_log (LOG_WARNING, "%s: Unable to allocate PPPoL2TP socket.\n",
+ __FUNCTION__);
+ return -EINVAL;
+ }
+ flags = fcntl(fd2, F_GETFL);
+ if (flags == -1 || fcntl(fd2, F_SETFL, flags | O_NONBLOCK) == -1) {
+ l2tp_log (LOG_WARNING, "%s: Unable to set PPPoL2TP socket nonblock.\n",
+ __FUNCTION__);
+ return -EINVAL;
+ }
+ sax.sa_family = AF_PPPOX;
+ sax.sa_protocol = PX_PROTO_OL2TP;
+ sax.pppol2tp.pid = 0;
+ sax.pppol2tp.fd = t->udp_fd;
+ sax.pppol2tp.addr.sin_addr.s_addr = t->peer.sin_addr.s_addr;
+ sax.pppol2tp.addr.sin_port = t->peer.sin_port;
+ sax.pppol2tp.addr.sin_family = AF_INET;
+ sax.pppol2tp.s_tunnel = t->ourtid;
+ sax.pppol2tp.s_session = 0;
+ sax.pppol2tp.d_tunnel = t->tid;
+ sax.pppol2tp.d_session = 0;
+ if ((connect(fd2, (struct sockaddr *)&sax, sizeof(sax))) < 0) {
+ l2tp_log (LOG_WARNING, "%s: Unable to connect PPPoL2TP socket. %d %s\n",
+ __FUNCTION__, errno, strerror(errno));
+ close(fd2);
+ return -EINVAL;
+ }
+ t->pppox_fd = fd2;
+ }
+#endif
+ return 0;
+}
diff --git a/xl2tpd.c b/xl2tpd.c
index 307ac2e..3fb6dd7 100644
--- a/xl2tpd.c
+++ b/xl2tpd.c
@@ -278,7 +278,11 @@ void death_handler (int signal)
struct tunnel *st, *st2;
int sec;
l2tp_log (LOG_CRIT, "%s: Fatal signal %d received\n", __FUNCTION__, signal);
+#ifdef USE_KERNEL
+ if (kernel_support || signal != SIGTERM) {
+#else
if (signal != SIGTERM) {
+#endif
st = tunnels.head;
while (st)
{
@@ -349,7 +353,7 @@ int start_pppd (struct call *c, struct ppp_opts *opts)
int flags;
#endif
int pos = 1;
- int fd2;
+ int fd2 = -1;
#ifdef DEBUG_PPPD
int x;
#endif
@@ -397,7 +401,7 @@ int start_pppd (struct call *c, struct ppp_opts *opts)
sax.sa_family = AF_PPPOX;
sax.sa_protocol = PX_PROTO_OL2TP;
sax.pppol2tp.pid = 0;
- sax.pppol2tp.fd = server_socket;
+ sax.pppol2tp.fd = c->container->udp_fd;
sax.pppol2tp.addr.sin_addr.s_addr = c->container->peer.sin_addr.s_addr;
sax.pppol2tp.addr.sin_port = c->container->peer.sin_port;
sax.pppol2tp.addr.sin_family = AF_INET;
@@ -408,6 +412,7 @@ int start_pppd (struct call *c, struct ppp_opts *opts)
if (connect(fd2, (struct sockaddr *)&sax, sizeof(sax)) < 0) {
l2tp_log (LOG_WARNING, "%s: Unable to connect PPPoL2TP socket.\n",
__FUNCTION__);
+ close(fd2);
return -EINVAL;
}
stropt[pos++] = strdup ("plugin");
@@ -484,7 +489,7 @@ int start_pppd (struct call *c, struct ppp_opts *opts)
dup2 (fd2, 0);
dup2 (fd2, 1);
close(fd2);
-
+ }
/* close all the calls pty fds */
st = tunnels.head;
while (st)
@@ -492,12 +497,17 @@ int start_pppd (struct call *c, struct ppp_opts *opts)
sc = st->call_head;
while (sc)
{
- close (sc->fd);
+#ifdef USE_KERNEL
+ if (kernel_support) {
+ close(st->udp_fd); /* tunnel UDP fd */
+ close(st->pppox_fd); /* tunnel PPPoX fd */
+ } else
+#endif
+ close (sc->fd); /* call pty fd */
sc = sc->next;
}
st = st->next;
}
- }
/* close the UDP socket fd */
close (server_socket);
@@ -615,6 +625,10 @@ void destroy_tunnel (struct tunnel *t)
the memory pointed to by t->chal_us.vector at some other place */
if (t->chal_them.vector)
free (t->chal_them.vector);
+ if (t->pppox_fd > -1 )
+ close (t->pppox_fd);
+ if (t->udp_fd > -1 )
+ close (t->udp_fd);
free (t);
free (me);
}

21
xl2tpd-1.3.1-Makefile
Unescape View File

@ -1,21 +0,0 @@
diff -Naur xl2tpd-1.3.1-orig/Makefile xl2tpd-1.3.1/Makefile
--- xl2tpd-1.3.1-orig/Makefile 2013-04-01 16:05:42.459122589 -0400
+++ xl2tpd-1.3.1/Makefile 2013-04-01 16:06:03.800359414 -0400
@@ -98,6 +98,7 @@
#LIBS= $(OSLIBS) # -lefence # efence for malloc checking
EXEC=xl2tpd
CONTROL_EXEC=xl2tpd-control
+CONTROL_OBJ=xl2tpd-control.o
PREFIX?=/usr/local
SBINDIR?=$(DESTDIR)${PREFIX}/sbin
@@ -114,7 +115,8 @@
$(CC) $(LDFLAGS) -o $@ $(OBJS) $(LDLIBS)
$(CONTROL_EXEC): $(CONTROL_SRCS)
- $(CC) $(CONTROL_SRCS) -o $@
+ $(CC) $(CFLAGS) -c $(CONTROL_SRCS)
+ $(CC) $(LDFLAGS) -o $@ $(CONTROL_OBJ)
pfc:
$(CC) $(CFLAGS) -c contrib/pfc.c

41
xl2tpd-1.3.1-Wunused.patch
Unescape View File

@ -1,41 +0,0 @@
diff --git a/control.c b/control.c
index 0892df9..a124d04 100644
--- a/control.c
+++ b/control.c
@@ -1685,7 +1685,6 @@ void handle_special (struct buffer *buf, struct call *c, _u16 call)
* call if it was a CDN, otherwise, send a CDN to notify them
* that this call has been terminated.
*/
- struct buffer *outgoing;
struct tunnel *t = c->container;
/* Don't do anything unless it's a control packet */
if (!CTBIT (*((_u16 *) buf->start)))
@@ -1705,7 +1704,6 @@ void handle_special (struct buffer *buf, struct call *c, _u16 call)
return;
}
/* Make a packet with the specified call number */
- outgoing = new_outgoing (t);
/* FIXME: If I'm not a CDN, I need to send a CDN */
control_zlb (buf, t, c);
c->cid = 0;
diff --git a/network.c b/network.c
index 783a181..82aedd7 100644
--- a/network.c
+++ b/network.c
@@ -377,7 +377,7 @@ void network_thread ()
* our network socket. Control handling is no longer done here.
*/
struct sockaddr_in from, to;
- unsigned int fromlen, tolen;
+ unsigned int fromlen;
int tunnel, call; /* Tunnel and call */
int recvsize; /* Length of data received */
struct buffer *buf; /* Payload buffer */
@@ -443,7 +443,6 @@ void network_thread ()
memset(&to, 0, sizeof(to));
fromlen = sizeof(from);
- tolen = sizeof(to);
memset(&msgh, 0, sizeof(struct msghdr));
iov.iov_base = buf->start;

94
xl2tpd-1.3.1-conf.patch
Unescape View File

@ -1,94 +0,0 @@
diff -Naur xl2tpd-1.3.1-orig/examples/chapsecrets.sample xl2tpd-1.3.1/examples/chapsecrets.sample
--- xl2tpd-1.3.1-orig/examples/chapsecrets.sample 2011-10-06 15:22:05.000000000 -0400
+++ xl2tpd-1.3.1/examples/chapsecrets.sample 2012-06-12 12:08:26.850851970 -0400
@@ -1,7 +1,10 @@
-# Secrets for authentication using CHAP
-# client server secret IP addresses
-jacco * "mysecret" 192.168.1.128/25
-* jacco "mysecret" 192.168.1.128/25
-sam * "rumpelstiltskin" 192.168.1.5
-* sam "rumpelstiltskin" 192.168.1.5
-
+# Secrets for authentication on server using CHAP
+# See /etc/ppp/options.xl2tpd on how to use Windows authentication
+# client server secret IP addresses
+jacco * "mysecret" 192.168.1.128/25 # Dynamic IP
+sam * "rumpelstiltskin" 192.168.1.5 # Static IP
+#
+# Secrets for authentication on client using CHAP
+# client server secret IP addresses
+* jacco "mysecret"
+* sam "rumpelstiltskin"
diff -Naur xl2tpd-1.3.1-orig/examples/README xl2tpd-1.3.1/examples/README
--- xl2tpd-1.3.1-orig/examples/README 2011-10-06 15:22:05.000000000 -0400
+++ xl2tpd-1.3.1/examples/README 2012-06-12 12:08:26.850851970 -0400
@@ -1,2 +1,4 @@
-These are example files for use with xl2tpd. The xl2tpd*conf files are
-examples to use xl2tpd with Openswan's IPsec. See www.openswan.org
+These are example files for use with xl2tpd.
+
+Openswan carries config examples for use with l2tp-over-ipsec.
+See http://www.openswan.org/
diff -Naur xl2tpd-1.3.1-orig/examples/xl2tpd.conf xl2tpd-1.3.1/examples/xl2tpd.conf
--- xl2tpd-1.3.1-orig/examples/xl2tpd.conf 2011-10-06 15:22:05.000000000 -0400
+++ xl2tpd-1.3.1/examples/xl2tpd.conf 2012-06-12 12:27:00.922911049 -0400
@@ -14,6 +14,11 @@
; in the example below). Yet another IP address (local ip, e.g. 192.168.1.99)
; will be used by xl2tpd as its address on pppX interfaces.
+
+; IMPORTANT: always set listen-addr to a specific address, to work around a
+; udpfromto bug!!!
+
+
[global]
; listen-addr = 192.168.1.98
;
@@ -24,14 +29,15 @@
; when using any of the SAref kernel patches for kernels up to 2.6.35.
; ipsec refinfo = 30
;
-; forceuserspace = yes
+; force userspace = yes
;
; debug tunnel = yes
[lns default]
ip range = 192.168.1.128-192.168.1.254
local ip = 192.168.1.99
-require chap = yes
+; leave chap unspecified for maximum compatibility with windows, iOS, etc
+; require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
diff -aur xl2tpd-1.3.1-orig/examples/ppp-options.xl2tpd xl2tpd-1.3.1/examples/ppp-options.xl2tpd
--- xl2tpd-1.3.1-orig/examples/ppp-options.xl2tpd 2011-10-06 15:22:05.000000000 -0400
+++ xl2tpd-1.3.1/examples/ppp-options.xl2tpd 2012-07-19 10:54:13.810503823 -0400
@@ -1,9 +1,10 @@
ipcp-accept-local
ipcp-accept-remote
-ms-dns 192.168.1.1
-ms-dns 192.168.1.3
-ms-wins 192.168.1.2
-ms-wins 192.168.1.4
+ms-dns 8.8.8.8
+# ms-dns 192.168.1.1
+# ms-dns 192.168.1.3
+# ms-wins 192.168.1.2
+# ms-wins 192.168.1.4
noccp
auth
crtscts
@@ -15,3 +16,11 @@
lock
proxyarp
connect-delay 5000
+# To allow authentication against a Windows domain EXAMPLE, and require the
+# user to be in a group "VPN Users". Requires the samba-winbind package
+# require-mschap-v2
+# plugin winbind.so
+# ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of="EXAMPLE\\VPN Users"'
+# You need to join the domain on the server, for example using samba:
+# http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients-lucid.html
+

29
xl2tpd-1.3.1-ipparam-to-remotenumber.patch
Unescape View File

@ -1,29 +0,0 @@
--- xl2tpd-1.3.1-orig/control.c 2011-10-06 21:22:05.000000000 +0200
+++ xl2tpd-1.3.1/control.c 2013-03-30 21:45:04.641605756 +0100
@@ -898,7 +898,7 @@
po = add_opt (po, c->lac->pppoptfile);
}
};
- po = add_opt (po, "ipparam");
+ po = add_opt (po, "remotenumber");
po = add_opt (po, IPADDY (t->peer.sin_addr));
start_pppd (c, po);
opt_destroy (po);
@@ -974,7 +974,7 @@
po = add_opt (po, "file");
po = add_opt (po, c->lns->pppoptfile);
}
- po = add_opt (po, "ipparam");
+ po = add_opt (po, "remotenumber");
po = add_opt (po, IPADDY (t->peer.sin_addr));
start_pppd (c, po);
opt_destroy (po);
@@ -1034,7 +1034,7 @@
po = add_opt (po, c->lac->pppoptfile);
}
};
- po = add_opt (po, "ipparam");
+ po = add_opt (po, "remotenumber");
po = add_opt (po, IPADDY (t->peer.sin_addr));
start_pppd (c, po);

362
xl2tpd-1.3.1-kernelmode.patch
Unescape View File

@ -1,362 +0,0 @@
diff -Naur xl2tpd-1.3.1-orig/call.c xl2tpd-1.3.1/call.c
--- xl2tpd-1.3.1-orig/call.c 2011-10-06 15:22:05.000000000 -0400
+++ xl2tpd-1.3.1/call.c 2012-06-15 15:57:17.250953288 -0400
@@ -680,6 +680,8 @@
st->peer.sin_port = port;
st->refme = refme;
st->refhim = refhim;
+ st->udp_fd = -1;
+ st->pppox_fd = -1;
bcopy (&addr, &st->peer.sin_addr, sizeof (addr));
st->next = tunnels.head;
tunnels.head = st;
diff -Naur xl2tpd-1.3.1-orig/control.c xl2tpd-1.3.1/control.c
--- xl2tpd-1.3.1-orig/control.c 2012-06-15 15:56:30.169585604 -0400
+++ xl2tpd-1.3.1/control.c 2012-06-15 15:57:17.251953296 -0400
@@ -596,6 +596,9 @@
if (gconfig.debug_state)
l2tp_log (LOG_DEBUG, "%s: sending SCCCN\n", __FUNCTION__);
control_xmit (buf);
+
+ connect_pppol2tp(t);
+
/* Schedule a HELLO */
tv.tv_sec = HELLO_DELAY;
tv.tv_usec = 0;
@@ -608,6 +611,7 @@
"Connection established to %s, %d. Local: %d, Remote: %d (ref=%u/%u).\n",
IPADDY (t->peer.sin_addr),
ntohs (t->peer.sin_port), t->ourtid, t->tid, t->refme, t->refhim);
+
if (t->lac)
{
/* This is part of a LAC, so we want to go ahead
@@ -635,6 +639,9 @@
IPADDY (t->peer.sin_addr),
ntohs (t->peer.sin_port), t->ourtid, t->tid, t->refme, t->refhim,
t->lns->entname);
+
+ connect_pppol2tp(t);
+
/* Schedule a HELLO */
tv.tv_sec = HELLO_DELAY;
tv.tv_usec = 0;
diff -Naur xl2tpd-1.3.1-orig/l2tp.h xl2tpd-1.3.1/l2tp.h
--- xl2tpd-1.3.1-orig/l2tp.h 2011-10-06 15:22:05.000000000 -0400
+++ xl2tpd-1.3.1/l2tp.h 2012-06-15 15:57:17.251953296 -0400
@@ -167,6 +167,8 @@
int ourrws; /* Receive Window Size */
int rxspeed; /* Receive bps */
int txspeed; /* Transmit bps */
+ int udp_fd; /* UDP fd */
+ int pppox_fd; /* PPPOX tunnel fd */
struct call *self;
struct lns *lns; /* LNS that owns us */
struct lac *lac; /* LAC that owns us */
@@ -220,6 +222,7 @@
extern int ppd;
extern int switch_io; /* jz */
extern int control_fd;
+extern int connect_pppol2tp(struct tunnel *t);
extern int start_pppd (struct call *c, struct ppp_opts *);
extern void magic_lac_dial (void *);
extern int get_entropy (unsigned char *, int);
diff -Naur xl2tpd-1.3.1-orig/Makefile xl2tpd-1.3.1/Makefile
--- xl2tpd-1.3.1-orig/Makefile 2011-10-06 15:22:05.000000000 -0400
+++ xl2tpd-1.3.1/Makefile 2012-06-15 15:57:17.250953288 -0400
@@ -62,8 +62,8 @@
# are packages seperately (eg kernel-headers on Fedora)
# Note: 2.6.23+ support still needs some changes in the xl2tpd source
#
-#OSFLAGS+= -DUSE_KERNEL
-#
+# Kernel mode fixed by sigwall <fionov@gmail.com>
+OSFLAGS+= -DUSE_KERNEL
#
# Uncomment the next line for FreeBSD
#
diff -Naur xl2tpd-1.3.1-orig/network.c xl2tpd-1.3.1/network.c
--- xl2tpd-1.3.1-orig/network.c 2012-06-15 15:56:30.169585604 -0400
+++ xl2tpd-1.3.1/network.c 2012-06-15 16:00:26.259429931 -0400
@@ -22,6 +22,7 @@
#include <unistd.h>
#include <stdlib.h>
#include <sys/ioctl.h>
+#include <sys/wait.h>
#ifndef LINUX
# include <sys/uio.h>
#endif
@@ -36,7 +37,6 @@
int kernel_support; /* Kernel Support there or not? */
#endif
-
int init_network (void)
{
long arg;
@@ -45,6 +45,7 @@
server.sin_family = AF_INET;
server.sin_addr.s_addr = gconfig.listenaddr;
server.sin_port = htons (gconfig.port);
+ int flags;
if ((server_socket = socket (PF_INET, SOCK_DGRAM, 0)) < 0)
{
l2tp_log (LOG_CRIT, "%s: Unable to allocate socket. Terminating.\n",
@@ -52,6 +53,10 @@
return -EINVAL;
};
+ flags = 1;
+ setsockopt(server_socket, SOL_SOCKET, SO_REUSEADDR, &flags, sizeof(flags));
+ setsockopt(server_socket, SOL_SOCKET, SO_NO_CHECK, &flags, sizeof(flags));
+
if (bind (server_socket, (struct sockaddr *) &server, sizeof (server)))
{
close (server_socket);
@@ -94,7 +99,7 @@
int kernel_fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
if (kernel_fd < 0)
{
- l2tp_log (LOG_INFO, "L2TP kernel support not detected.\n");
+ l2tp_log (LOG_INFO, "L2TP kernel support not detected (try modprobing l2tp_ppp and pppol2tp)\n");
kernel_support = 0;
}
else
@@ -321,6 +326,11 @@
while (tun)
{
+ if (tun->udp_fd > -1) {
+ if (tun->udp_fd > max)
+ max = tun->udp_fd;
+ FD_SET (tun->udp_fd, readfds);
+ }
call = tun->call_head;
while (call)
{
@@ -390,6 +400,8 @@
struct iovec iov;
char cbuf[256];
unsigned int refme, refhim;
+ int * currentfd;
+ int server_socket_processed;
/* This one buffer can be recycled for everything except control packets */
buf = new_buf (MAX_RECV_SIZE);
@@ -428,7 +440,21 @@
{
do_control ();
}
- if (FD_ISSET (server_socket, &readfds))
+ server_socket_processed = 0;
+ currentfd = NULL;
+ st = tunnels.head;
+ while (st || !server_socket_processed) {
+ if (st && (st->udp_fd == -1)) {
+ st=st->next;
+ continue;
+ }
+ if (st) {
+ currentfd = &st->udp_fd;
+ } else {
+ currentfd = &server_socket;
+ server_socket_processed = 1;
+ }
+ if (FD_ISSET (*currentfd, &readfds))
{
/*
* Okay, now we're ready for reading and processing new data.
@@ -456,12 +482,19 @@
msgh.msg_flags = 0;
/* Receive one packet. */
- recvsize = recvmsg(server_socket, &msgh, 0);
+ recvsize = recvmsg(*currentfd, &msgh, 0);
if (recvsize < MIN_PAYLOAD_HDR_LEN)
{
if (recvsize < 0)
{
+ if (errno == ECONNREFUSED) {
+ close(*currentfd);
+ }
+ if ((errno == ECONNREFUSED) ||
+ (errno == EBADF)) {
+ *currentfd = -1;
+ }
if (errno != EAGAIN)
l2tp_log (LOG_WARNING,
"%s: recvfrom returned error %d (%s)\n",
@@ -566,6 +599,8 @@
}
};
}
+ if (st) st=st->next;
+ }
/*
* finished obvious sources, look for data from PPP connections.
@@ -638,3 +673,82 @@
}
}
+
+int connect_pppol2tp(struct tunnel *t) {
+#ifdef USE_KERNEL
+ if (kernel_support) {
+ int ufd = -1, fd2 = -1;
+ int flags;
+ struct sockaddr_pppol2tp sax;
+
+ struct sockaddr_in server;
+ server.sin_family = AF_INET;
+ server.sin_addr.s_addr = gconfig.listenaddr;
+ server.sin_port = htons (gconfig.port);
+ if ((ufd = socket (PF_INET, SOCK_DGRAM, 0)) < 0)
+ {
+ l2tp_log (LOG_CRIT, "%s: Unable to allocate UDP socket. Terminating.\n",
+ __FUNCTION__);
+ return -EINVAL;
+ };
+
+ flags=1;
+ setsockopt(ufd, SOL_SOCKET, SO_REUSEADDR, &flags, sizeof(flags));
+ setsockopt(ufd, SOL_SOCKET, SO_NO_CHECK, &flags, sizeof(flags));
+
+ if (bind (ufd, (struct sockaddr *) &server, sizeof (server)))
+ {
+ close (ufd);
+ l2tp_log (LOG_CRIT, "%s: Unable to bind UDP socket: %s. Terminating.\n",
+ __FUNCTION__, strerror(errno), errno);
+ return -EINVAL;
+ };
+ server = t->peer;
+ flags = fcntl(ufd, F_GETFL);
+ if (flags == -1 || fcntl(ufd, F_SETFL, flags | O_NONBLOCK) == -1) {
+ l2tp_log (LOG_WARNING, "%s: Unable to set UDP socket nonblock.\n",
+ __FUNCTION__);
+ return -EINVAL;
+ }
+ if (connect (ufd, (struct sockaddr *) &server, sizeof(server)) < 0) {
+ l2tp_log (LOG_CRIT, "%s: Unable to connect UDP peer. Terminating.\n",
+ __FUNCTION__);
+ return -EINVAL;
+ }
+
+ t->udp_fd=ufd;
+
+ fd2 = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
+ if (fd2 < 0) {
+ l2tp_log (LOG_WARNING, "%s: Unable to allocate PPPoL2TP socket.\n",
+ __FUNCTION__);
+ return -EINVAL;
+ }
+ flags = fcntl(fd2, F_GETFL);
+ if (flags == -1 || fcntl(fd2, F_SETFL, flags | O_NONBLOCK) == -1) {
+ l2tp_log (LOG_WARNING, "%s: Unable to set PPPoL2TP socket nonblock.\n",
+ __FUNCTION__);
+ return -EINVAL;
+ }
+ sax.sa_family = AF_PPPOX;
+ sax.sa_protocol = PX_PROTO_OL2TP;
+ sax.pppol2tp.pid = 0;
+ sax.pppol2tp.fd = t->udp_fd;
+ sax.pppol2tp.addr.sin_addr.s_addr = t->peer.sin_addr.s_addr;
+ sax.pppol2tp.addr.sin_port = t->peer.sin_port;
+ sax.pppol2tp.addr.sin_family = AF_INET;
+ sax.pppol2tp.s_tunnel = t->ourtid;
+ sax.pppol2tp.s_session = 0;
+ sax.pppol2tp.d_tunnel = t->tid;
+ sax.pppol2tp.d_session = 0;
+ if ((connect(fd2, (struct sockaddr *)&sax, sizeof(sax))) < 0) {
+ l2tp_log (LOG_WARNING, "%s: Unable to connect PPPoL2TP socket. %d %s\n",
+ __FUNCTION__, errno, strerror(errno));
+ close(fd2);
+ return -EINVAL;
+ }
+ t->pppox_fd = fd2;
+ }
+#endif
+ return 0;
+}
diff -Naur xl2tpd-1.3.1-orig/xl2tpd.c xl2tpd-1.3.1/xl2tpd.c
--- xl2tpd-1.3.1-orig/xl2tpd.c 2011-10-06 15:22:05.000000000 -0400
+++ xl2tpd-1.3.1/xl2tpd.c 2012-06-15 15:57:25.189015286 -0400
@@ -278,7 +278,11 @@
struct tunnel *st, *st2;
int sec;
l2tp_log (LOG_CRIT, "%s: Fatal signal %d received\n", __FUNCTION__, signal);
+#ifdef USE_KERNEL
+ if (kernel_support || signal != SIGTERM) {
+#else
if (signal != SIGTERM) {
+#endif
st = tunnels.head;
while (st)
{
@@ -349,7 +353,7 @@
int flags;
#endif
int pos = 1;
- int fd2;
+ int fd2 = -1;
#ifdef DEBUG_PPPD
int x;
#endif
@@ -397,7 +401,7 @@
sax.sa_family = AF_PPPOX;
sax.sa_protocol = PX_PROTO_OL2TP;
sax.pppol2tp.pid = 0;
- sax.pppol2tp.fd = server_socket;
+ sax.pppol2tp.fd = c->container->udp_fd;
sax.pppol2tp.addr.sin_addr.s_addr = c->container->peer.sin_addr.s_addr;
sax.pppol2tp.addr.sin_port = c->container->peer.sin_port;
sax.pppol2tp.addr.sin_family = AF_INET;
@@ -408,6 +412,7 @@
if (connect(fd2, (struct sockaddr *)&sax, sizeof(sax)) < 0) {
l2tp_log (LOG_WARNING, "%s: Unable to connect PPPoL2TP socket.\n",
__FUNCTION__);
+ close(fd2);
return -EINVAL;
}
stropt[pos++] = strdup ("plugin");
@@ -484,7 +489,7 @@
dup2 (fd2, 0);
dup2 (fd2, 1);
close(fd2);
-
+ }
/* close all the calls pty fds */
st = tunnels.head;
while (st)
@@ -492,12 +497,17 @@
sc = st->call_head;
while (sc)
{
- close (sc->fd);
+#ifdef USE_KERNEL
+ if (kernel_support) {
+ close(st->udp_fd); /* tunnel UDP fd */
+ close(st->pppox_fd); /* tunnel PPPoX fd */
+ } else
+#endif
+ close (sc->fd); /* call pty fd */
sc = sc->next;
}
st = st->next;
}
- }
/* close the UDP socket fd */
close (server_socket);
@@ -615,6 +625,10 @@
the memory pointed to by t->chal_us.vector at some other place */
if (t->chal_them.vector)
free (t->chal_them.vector);
+ if (t->pppox_fd > -1 )
+ close (t->pppox_fd);
+ if (t->udp_fd > -1 )
+ close (t->udp_fd);
free (t);
free (me);
}

19
xl2tpd-1.3.1-pty.patch
Unescape View File

@ -1,19 +0,0 @@
diff -aur xl2tpd-1.3.1-orig/pty.c xl2tpd-1.3.1/pty.c
--- xl2tpd-1.3.1-orig/pty.c 2011-10-06 15:22:05.000000000 -0400
+++ xl2tpd-1.3.1/pty.c 2012-06-25 23:45:51.241543911 -0400
@@ -87,6 +87,7 @@
return -EINVAL;
}
+#if 0 /* not needed, triggers SElinux block */
/* change the onwership */
if (grantpt(fd))
{
@@ -95,6 +96,7 @@
close(fd);
return -EINVAL;
}
+#endif
if (unlockpt(fd))
{

40
xl2tpd-1.3.6-conf.patch
Unescape View File

@ -0,0 +1,40 @@
diff -Naur xl2tpd-1.3.6-orig/examples/ppp-options.xl2tpd xl2tpd-1.3.6/examples/ppp-options.xl2tpd
--- xl2tpd-1.3.6-orig/examples/ppp-options.xl2tpd 2014-01-15 15:58:37.000000000 -0500
+++ xl2tpd-1.3.6/examples/ppp-options.xl2tpd 2014-05-12 14:46:24.358653357 -0400
@@ -1,9 +1,10 @@
ipcp-accept-local
ipcp-accept-remote
-ms-dns 192.168.1.1
-ms-dns 192.168.1.3
-ms-wins 192.168.1.2
-ms-wins 192.168.1.4
+ms-dns 8.8.8.8
+# ms-dns 192.168.1.1
+# ms-dns 192.168.1.3
+# ms-wins 192.168.1.2
+# ms-wins 192.168.1.4
noccp
auth
crtscts
@@ -15,3 +16,11 @@
lock
proxyarp
connect-delay 5000
+# To allow authentication against a Windows domain EXAMPLE, and require the
+# user to be in a group "VPN Users". Requires the samba-winbind package
+# require-mschap-v2
+# plugin winbind.so
+# ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of="EXAMPLE\\VPN Users"'
+# You need to join the domain on the server, for example using samba:
+# http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients-lucid.html
+
diff -Naur xl2tpd-1.3.6-orig/examples/README xl2tpd-1.3.6/examples/README
--- xl2tpd-1.3.6-orig/examples/README 2014-01-15 15:58:37.000000000 -0500
+++ xl2tpd-1.3.6/examples/README 2014-05-12 14:46:59.168476547 -0400
@@ -1,4 +1,4 @@
These are example files for use with xl2tpd.
-Openswan carries config examples for use with l2tp-over-ipsec.
-See http://www.openswan.org/
+xl2tpd is often used in combination with libreswan to offer L2TP/IPsec
+See https://libreswan.org/

59
xl2tpd-1.3.1-md5-fips.patch → xl2tpd-1.3.6-md5-fips.patch
Unescape View File

@ -1,6 +1,6 @@
diff -Naur xl2tpd-1.3.1/aaa.c xl2tpd-1.3.1-fips/aaa.c
--- xl2tpd-1.3.1/aaa.c 2011-10-06 15:22:05.000000000 -0400
+++ xl2tpd-1.3.1-fips/aaa.c 2013-04-01 16:36:40.929098507 -0400
diff -Naur xl2tpd-1.3.6-orig/aaa.c xl2tpd-1.3.6/aaa.c
--- xl2tpd-1.3.6-orig/aaa.c 2014-01-15 15:58:37.000000000 -0500
+++ xl2tpd-1.3.6/aaa.c 2014-05-12 15:01:05.936492449 -0400
@@ -21,6 +21,8 @@
#include <errno.h>
#include "l2tp.h"
@ -95,9 +95,9 @@ diff -Naur xl2tpd-1.3.1/aaa.c xl2tpd-1.3.1-fips/aaa.c
cnt = 0;
}
/* at the beginning of each segment, we save the current segment (16 octets or less) of cipher
diff -Naur xl2tpd-1.3.1/aaa.h xl2tpd-1.3.1-fips/aaa.h
--- xl2tpd-1.3.1/aaa.h 2011-10-06 15:22:05.000000000 -0400
+++ xl2tpd-1.3.1-fips/aaa.h 2013-04-01 16:46:39.532823130 -0400
diff -Naur xl2tpd-1.3.6-orig/aaa.h xl2tpd-1.3.6/aaa.h
--- xl2tpd-1.3.6-orig/aaa.h 2014-01-15 15:58:37.000000000 -0500
+++ xl2tpd-1.3.6/aaa.h 2014-05-12 15:02:39.262697808 -0400
@@ -15,7 +15,7 @@
#ifndef _AAA_H
@ -107,27 +107,26 @@ diff -Naur xl2tpd-1.3.1/aaa.h xl2tpd-1.3.1-fips/aaa.h
#define ADDR_HASH_SIZE 256
#define MD_SIG_SIZE 16
@@ -34,7 +43,8 @@
@@ -34,7 +34,7 @@
struct challenge
{
- struct MD5Context md5;
+ /* struct MD5Context md5; */
+ MD5_CTX md5;
unsigned char ss; /* State we're sending in */
unsigned char secret[MAXSTRLEN]; /* The shared secret */
unsigned char *challenge; /* The original challenge */
diff -Naur xl2tpd-1.3.1/Makefile xl2tpd-1.3.1-fips/Makefile
--- xl2tpd-1.3.1/Makefile 2013-04-01 16:40:44.576870296 -0400
+++ xl2tpd-1.3.1-fips/Makefile 2013-04-01 16:48:30.405039381 -0400
@@ -91,8 +91,8 @@
diff -Naur xl2tpd-1.3.6-orig/Makefile xl2tpd-1.3.6/Makefile
--- xl2tpd-1.3.6-orig/Makefile 2014-01-15 15:58:37.000000000 -0500
+++ xl2tpd-1.3.6/Makefile 2014-05-12 15:03:43.832223559 -0400
@@ -92,8 +92,8 @@
IPFLAGS?= -DIP_ALLOCATION
CFLAGS+= $(DFLAGS) -O2 -fno-builtin -Wall -DSANITY $(OSFLAGS) $(IPFLAGS)
-HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h md5.h
-OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o md5.o
+HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h
+OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o
+OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o
SRCS=${OBJS:.o=.c} ${HDRS}
CONTROL_SRCS=xl2tpd-control.c
#LIBS= $(OSLIBS) # -lefence # efence for malloc checking
@ -139,11 +138,11 @@ diff -Naur xl2tpd-1.3.1/Makefile xl2tpd-1.3.1-fips/Makefile
+ $(CC) $(LDFLAGS) -o $@ $(OBJS) -lcrypto $(LDLIBS)
$(CONTROL_EXEC): $(CONTROL_SRCS)
$(CC) $(CFLAGS) -c $(CONTROL_SRCS)
diff -Naur xl2tpd-1.3.1/md5.c xl2tpd-1.3.1-fips/md5.c
--- xl2tpd-1.3.1/md5.c 2011-10-06 15:22:05.000000000 -0400
+++ xl2tpd-1.3.1-fips/md5.c 1969-12-31 19:00:00.000000000 -0500
@@ -1,275 +0,0 @@
$(CC) $(CFLAGS) $(LDFLAGS) $(CONTROL_SRCS) -o $@
diff -Naur xl2tpd-1.3.6-orig/md5.c xl2tpd-1.3.6/md5.c
--- xl2tpd-1.3.6-orig/md5.c 2014-01-15 15:58:37.000000000 -0500
+++ xl2tpd-1.3.6/md5.c 1969-12-31 19:00:00.000000000 -0500
@@ -1,274 +0,0 @@
-#ifdef FREEBSD
-# include <machine/endian.h>
-#elif defined(OPENBSD)
@ -307,8 +306,7 @@ diff -Naur xl2tpd-1.3.1/md5.c xl2tpd-1.3.1-fips/md5.c
- byteReverse (ctx->in, 14);
-
- /* Append length in bits and transform */
- ((uint32 *) ctx->in)[14] = ctx->bits[0];
- ((uint32 *) ctx->in)[15] = ctx->bits[1];
- memcpy(ctx->in + 14 * sizeof(uint32), ctx->bits, sizeof(ctx->bits));
-
- MD5Transform (ctx->buf, (uint32 *) ctx->in);
- byteReverse ((unsigned char *) ctx->buf, 4);
@ -419,9 +417,9 @@ diff -Naur xl2tpd-1.3.1/md5.c xl2tpd-1.3.1-fips/md5.c
-}
-
-#endif
diff -Naur xl2tpd-1.3.1/md5.h xl2tpd-1.3.1-fips/md5.h
--- xl2tpd-1.3.1/md5.h 2011-10-06 15:22:05.000000000 -0400
+++ xl2tpd-1.3.1-fips/md5.h 1969-12-31 19:00:00.000000000 -0500
diff -Naur xl2tpd-1.3.6-orig/md5.h xl2tpd-1.3.6/md5.h
--- xl2tpd-1.3.6-orig/md5.h 2014-01-15 15:58:37.000000000 -0500
+++ xl2tpd-1.3.6/md5.h 1969-12-31 19:00:00.000000000 -0500
@@ -1,28 +0,0 @@
-#ifndef MD5_H
-#define MD5_H
@ -451,3 +449,18 @@ diff -Naur xl2tpd-1.3.1/md5.h xl2tpd-1.3.1-fips/md5.h
-typedef struct MD5Context MD5_CTX;
-
-#endif /* !MD5_H */
diff -Naur xl2tpd-1.3.6-orig/xl2tpd.c xl2tpd-1.3.6/xl2tpd.c
--- xl2tpd-1.3.6-orig/xl2tpd.c 2014-01-15 15:58:37.000000000 -0500
+++ xl2tpd-1.3.6/xl2tpd.c 2014-05-12 14:58:58.903490392 -0400
@@ -1310,7 +1310,10 @@
void usage(void) {
- printf("\nxl2tpd version: %s\n", SERVER_VERSION);
+ printf("\nxl2tpd version: %s\n"
+"This product includes software developed by the OpenSSL Project for use\n"
+"in the OpenSSL Toolkit. (http://www.openssl.org/)\n"
+, SERVER_VERSION);
printf("Usage: xl2tpd [-c <config file>] [-s <secret file>] [-p <pid file>]\n"
" [-C <control file>] [-D]\n"
" [-v, --version]\n");

22
xl2tpd-bz80693.patch
Unescape View File

@ -1,22 +0,0 @@
diff --git a/file.c b/file.c
index 289aee6..d710e30 100644
--- a/file.c
+++ b/file.c
@@ -1229,7 +1229,7 @@ int parse_config (FILE * f)
/* Read in the configuration file handed to us */
/* FIXME: I should check for incompatible options */
int context = 0;
- char buf[STRLEN];
+ char buf[1024];
char *s, *d, *t;
int linenum = 0;
int def = 0;
@@ -1395,7 +1395,7 @@ int parse_config (FILE * f)
}
if (!(t = strchr (s, '=')))
{
- l2tp_log (LOG_WARNING, "parse_config: line %d: no '=' in data\n",
+ l2tp_log (LOG_WARNING, "parse_config: line %d: line too long or no '=' in data\n",
linenum);
return -1;
}

101
xl2tpd.init
Unescape View File

@ -1,101 +0,0 @@
#!/bin/sh
#
# xl2tpd This shell script takes care of starting and stopping l2tpd.
#
# chkconfig: - 80 30
# description: Layer 2 Tunnelling Protocol Daemon (RFC 2661)
#
# processname: /usr/sbin/xl2tpd
# config: /etc/xl2tpd/xl2tpd.conf
# pidfile: /var/run/xl2tpd.pid
### BEGIN INIT INFO
# Provides: xl2tpd
# Required-Start: $local_fs $network $syslog
# Required-Stop: $local_fs $network $syslog
# Default-Start:
# Default-Stop: 0 1 2 3 4 5 6
# Short-Description: start|stop|status|restart|try-restart|reload|force-reload xl2tpd server
# Description: control xl2tpd server
### END INIT INFO
#Servicename
SERVICE=xl2tpd
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
if [ ${NETWORKING} = "no" ]
then
exit 0
fi
[ -x /usr/sbin/$SERVICE ] || exit 0
RETVAL=0
start() {
echo -n "Starting $SERVICE: "
# Look for the L2TP kernel handler module, load when needed
if [ ! -d /sys/module/l2tp_ppp ]; then modprobe l2tp_ppp
# if still not found, try legacy one
if [ ! -d /sys/module/l2tp_ppp ]; then modprobe pppol2tp
if [ ! -d /var/run/xl2tpd ]
then
mkdir /var/run/xl2tpd
fi
daemon $SERVICE
RETVAL=$?
echo
if [ $RETVAL -eq 0 ];then
touch /var/lock/subsys/$SERVICE
else
exit 7;
fi
return 0;
}
stop() {
echo -n "Stopping $SERVICE: "
killproc $SERVICE
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
rm -f /var/run/xl2tpd/$SERVICE
rm -f /var/lock/subsys/$SERVICE
fi
echo
return $RETVAL
}
restart() {
stop
start
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status $SERVICE
RETVAL=$?
;;
restart|reload)
restart
;;
condrestart)
[ -f /var/lock/subsys/$SERVICE ] && restart || :
;;
*)
echo "Usage: $SERVICE {start|stop|status|restart|reload|condrestart}"
exit 1
esac

2
xl2tpd.service
Unescape View File

@ -1,6 +1,6 @@
[Unit]
Description=Level 2 Tunnel Protocol Daemon (L2TP)
After=syslog.target network.target
After=network.target
After=ipsec.service
# Some ISPs in Russia use l2tp without IPsec, so don't insist anymore
#Wants=ipsec.service

61
xl2tpd.spec
Unescape View File

@ -1,27 +1,17 @@
# upstream is switching to github, but has not released a new tar ball there yet
%global commit 3be48f8b7fc0e8de8cef7675a9861484b8b68c52
%global shortcommit %(c=%{commit}; echo ${c:0:7})
%global commit 5619e1771048e74b729804e8602f409af0f3faea
Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661)
Name: xl2tpd
Version: 1.3.1
Release: 14%{?dist}
Version: 1.3.6
Release: 1%{?dist}
License: GPL+
Url: https://github.com/xelerance/xl2tpd
Url: https://github.com/xelerance/%{name}/
Group: System Environment/Daemons
Source0: http://www.xelerance.com/software/xl2tpd/xl2tpd-%{version}.tar.gz
#Source0: https://github.com/xelerance/%{name}/archive/v%{version}.tar.gz
#Source0: https://github.com/xelerance/%{name}/archive/%{commit}/%{name}-%{version}-%{shortcommit}.tar.gz
Source0: https://github.com/xelerance/%{name}/archive/%{commit}/%{name}-%{commit}.tar.gz
Source1: xl2tpd.service
Source2: tmpfiles-xl2tpd.conf
Patch1: xl2tpd-1.3.1-Wunused.patch
Patch2: xl2tpd-bz80693.patch
Patch3: xl2tpd-1.3.1-kernelmode.patch
Patch4: xl2tpd-1.3.1-conf.patch
Patch5: xl2tpd-1.3.1-pty.patch
Patch6: xl2tpd-1.3.1-ipparam-to-remotenumber.patch
Patch7: xl2tpd-1.3.1-Makefile
Patch8: xl2tpd-1.3.1-md5-fips.patch
Patch1: xl2tpd-1.3.6-conf.patch
Patch2: xl2tpd-1.3.6-md5-fips.patch
Requires: ppp >= 2.4.5-18, kernel-modules-extra
# If you want to authenticate against a Microsoft PDC/Active Directory
@ -59,19 +49,9 @@ Xl2tpd is based on the 0.69 L2TP by Jeff McAdams <jeffm@iglou.com>
It was de-facto maintained by Jacco de Leeuw <jacco2@dds.nl> in 2002 and 2003.
%prep
# for git version
#% setup -qn %{name}-%{commit}
%setup -q
%setup -qn %{name}-%{commit}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
rm linux/include/linux/if_pppol2tp.h
%build
#make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH"
@ -86,9 +66,8 @@ rm -rf %{buildroot}
make DESTDIR=%{buildroot} PREFIX=%{_prefix} install
install -d 0755 %{buildroot}%{_unitdir}
install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/xl2tpd.service
mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/
install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/tmpfiles.d/%{name}.conf
mkdir -p %{buildroot}%{_prefix}/lib/tmpfiles.d/
install -m 0644 %{SOURCE2} %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf
install -p -D -m644 examples/xl2tpd.conf %{buildroot}%{_sysconfdir}/xl2tpd/xl2tpd.conf
install -p -D -m644 examples/ppp-options.xl2tpd %{buildroot}%{_sysconfdir}/ppp/options.xl2tpd
@ -98,6 +77,7 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd
%preun
%systemd_preun xl2tpd.service
%post
%systemd_post xl2tpd.service
@ -125,10 +105,21 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd
%config(noreplace) %{_sysconfdir}/ppp/*
%dir %{_localstatedir}/run/xl2tpd
%{_unitdir}/%{name}.service
%config(noreplace) %{_sysconfdir}/tmpfiles.d/%{name}.conf
%{_prefix}/lib/tmpfiles.d/%{name}.conf
%ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control
%changelog
* Tue May 13 2014 Paul Wouters <pwouters@redhat.com> - 1.3.6-1
- Updated to 1.3.6 - using github-only monstrosity packaging
- Resolves: rhbz#1051785 (new upstream version available)
- Resolves: rhbz#868391 xl2tpd sends response packets from wrong IP address
- Revert: rhbz#929447 Incorrect "ipparam" manipulation
- Resolves: rhbz#1055196 Don't order service after syslog.target
- Resolves: rhbz#984332 xl2tpd tmpfiles configuration file in wrong directory
- Removed patches merged in upstream.
- FIPS patch updated with advertising clause for openssl in xl2tpd -V
(although the GPL code was already basically taken from openssl)
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.1-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
@ -339,7 +330,7 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd
configuration files to /etc/ipsec.d and create symbolic links in
those directories.
* Tue Aug 18 2004 Jacco de Leeuw <jacco2@dds.nl>
* Wed Aug 18 2004 Jacco de Leeuw <jacco2@dds.nl>
- Removed 'leftnexthop=' lines. Not relevant for recent versions
of FreeS/WAN and derivates.
@ -363,7 +354,7 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd
('Specify your hostname', error 629: "You have been disconnected
from the computer you are dialing").
* Thu Jul 20 2003 Jacco de Leeuw <jacco2@dds.nl> 0.69-7jdl
* Sun Jul 20 2003 Jacco de Leeuw <jacco2@dds.nl> 0.69-7jdl
- Added the "listen-addr" global parameter for l2tpd.conf. By
default, the daemon listens on *all* interfaces. Use
"listen-addr" if you want it to bind to one specific
@ -380,7 +371,7 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd
IPsec client by Microsoft, it turns out that 17/0 must have
been a mistake: the updated client now also uses 17/1701.
* Mon Apr 10 2003 Jacco de Leeuw <jacco2@dds.nl> 0.69-6jdl
* Thu Apr 10 2003 Jacco de Leeuw <jacco2@dds.nl> 0.69-6jdl
- Changed sample chap-secrets to be valid only for specific
IP addresses.

Write Preview
Loading…
Cancel
Save