- Updated to 1.3.6 - using github-only monstrosity packaging - Resolves: rhbz#1051785 (new upstream version available) - Resolves: rhbz#868391 xl2tpd sends response packets from wrong IP address - Revert: rhbz#929447 Incorrect "ipparam" manipulation - Resolves: rhbz#1055196 Don't order service after syslog.target - Resolves: rhbz#984332 xl2tpd tmpfiles configuration file in wrong directory - Removed patches merged in upstream. - FIPS patch updated with advertising clause for openssl in xl2tpd -V (although the GPL code was already basically taken from openssl)epel9
parent
19afcbe0fc
commit
38e97b03ea
@ -1 +1 @@
|
|||||||
cf61576fef5c2d6c68279a408ec1f0d5 xl2tpd-1.3.1.tar.gz
|
e08e34510a97e126b324f3407c71806c xl2tpd-5619e1771048e74b729804e8602f409af0f3faea.tar.gz
|
||||||
|
@ -1,436 +0,0 @@
|
|||||||
diff --git a/Makefile b/Makefile
|
|
||||||
index 6f6481f..778f38d 100644
|
|
||||||
--- a/Makefile
|
|
||||||
+++ b/Makefile
|
|
||||||
@@ -62,8 +62,8 @@
|
|
||||||
# are packages seperately (eg kernel-headers on Fedora)
|
|
||||||
# Note: 2.6.23+ support still needs some changes in the xl2tpd source
|
|
||||||
#
|
|
||||||
-#OSFLAGS+= -DUSE_KERNEL
|
|
||||||
-#
|
|
||||||
+# Kernel mode fixed by sigwall <fionov@gmail.com>
|
|
||||||
+OSFLAGS+= -DUSE_KERNEL
|
|
||||||
#
|
|
||||||
# Uncomment the next line for FreeBSD
|
|
||||||
#
|
|
||||||
diff --git a/call.c b/call.c
|
|
||||||
index d1b1858..b672f91 100644
|
|
||||||
--- a/call.c
|
|
||||||
+++ b/call.c
|
|
||||||
@@ -680,6 +680,8 @@ struct call *get_call (int tunnel, int call, struct in_addr addr, int port,
|
|
||||||
st->peer.sin_port = port;
|
|
||||||
st->refme = refme;
|
|
||||||
st->refhim = refhim;
|
|
||||||
+ st->udp_fd = -1;
|
|
||||||
+ st->pppox_fd = -1;
|
|
||||||
bcopy (&addr, &st->peer.sin_addr, sizeof (addr));
|
|
||||||
st->next = tunnels.head;
|
|
||||||
tunnels.head = st;
|
|
||||||
diff --git a/control.c b/control.c
|
|
||||||
index 0892df9..9362ffd 100644
|
|
||||||
--- a/control.c
|
|
||||||
+++ b/control.c
|
|
||||||
@@ -596,6 +596,9 @@ int control_finish (struct tunnel *t, struct call *c)
|
|
||||||
if (gconfig.debug_state)
|
|
||||||
l2tp_log (LOG_DEBUG, "%s: sending SCCCN\n", __FUNCTION__);
|
|
||||||
control_xmit (buf);
|
|
||||||
+
|
|
||||||
+ connect_pppol2tp(t);
|
|
||||||
+
|
|
||||||
/* Schedule a HELLO */
|
|
||||||
tv.tv_sec = HELLO_DELAY;
|
|
||||||
tv.tv_usec = 0;
|
|
||||||
@@ -608,6 +611,7 @@ int control_finish (struct tunnel *t, struct call *c)
|
|
||||||
"Connection established to %s, %d. Local: %d, Remote: %d (ref=%u/%u).\n",
|
|
||||||
IPADDY (t->peer.sin_addr),
|
|
||||||
ntohs (t->peer.sin_port), t->ourtid, t->tid, t->refme, t->refhim);
|
|
||||||
+
|
|
||||||
if (t->lac)
|
|
||||||
{
|
|
||||||
/* This is part of a LAC, so we want to go ahead
|
|
||||||
@@ -635,6 +639,9 @@ int control_finish (struct tunnel *t, struct call *c)
|
|
||||||
IPADDY (t->peer.sin_addr),
|
|
||||||
ntohs (t->peer.sin_port), t->ourtid, t->tid, t->refme, t->refhim,
|
|
||||||
t->lns->entname);
|
|
||||||
+
|
|
||||||
+ connect_pppol2tp(t);
|
|
||||||
+
|
|
||||||
/* Schedule a HELLO */
|
|
||||||
tv.tv_sec = HELLO_DELAY;
|
|
||||||
tv.tv_usec = 0;
|
|
||||||
diff --git a/l2tp.h b/l2tp.h
|
|
||||||
index 2724fff..856423f 100644
|
|
||||||
--- a/l2tp.h
|
|
||||||
+++ b/l2tp.h
|
|
||||||
@@ -167,6 +167,8 @@ struct tunnel
|
|
||||||
int ourrws; /* Receive Window Size */
|
|
||||||
int rxspeed; /* Receive bps */
|
|
||||||
int txspeed; /* Transmit bps */
|
|
||||||
+ int udp_fd; /* UDP fd */
|
|
||||||
+ int pppox_fd; /* PPPOX tunnel fd */
|
|
||||||
struct call *self;
|
|
||||||
struct lns *lns; /* LNS that owns us */
|
|
||||||
struct lac *lac; /* LAC that owns us */
|
|
||||||
@@ -220,6 +222,7 @@ extern void control_xmit (void *);
|
|
||||||
extern int ppd;
|
|
||||||
extern int switch_io; /* jz */
|
|
||||||
extern int control_fd;
|
|
||||||
+extern int connect_pppol2tp(struct tunnel *t);
|
|
||||||
extern int start_pppd (struct call *c, struct ppp_opts *);
|
|
||||||
extern void magic_lac_dial (void *);
|
|
||||||
extern int get_entropy (unsigned char *, int);
|
|
||||||
diff --git a/linux/include/linux/if_pppol2tp.h b/linux/include/linux/if_pppol2tp.h
|
|
||||||
index a7d6a22..0795e4a 100644
|
|
||||||
--- a/linux/include/linux/if_pppol2tp.h
|
|
||||||
+++ b/linux/include/linux/if_pppol2tp.h
|
|
||||||
@@ -36,6 +36,20 @@ struct pppol2tp_addr
|
|
||||||
__u16 d_tunnel, d_session; /* For sending outgoing packets */
|
|
||||||
};
|
|
||||||
|
|
||||||
+/* The L2TPv3 protocol changes tunnel and session ids from 16 to 32
|
|
||||||
+ * bits. So we need a different sockaddr structure.
|
|
||||||
+ */
|
|
||||||
+struct pppol2tpv3_addr {
|
|
||||||
+ pid_t pid; /* pid that owns the fd.
|
|
||||||
+ * 0 => current */
|
|
||||||
+ int fd; /* FD of UDP or IP socket to use */
|
|
||||||
+
|
|
||||||
+ struct sockaddr_in addr; /* IP address and port to send to */
|
|
||||||
+
|
|
||||||
+ __u32 s_tunnel, s_session; /* For matching incoming packets */
|
|
||||||
+ __u32 d_tunnel, d_session; /* For sending outgoing packets */
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
/* Socket options:
|
|
||||||
* DEBUG - bitmask of debug message categories
|
|
||||||
* SENDSEQ - 0 => don't send packets with sequence numbers
|
|
||||||
diff --git a/network.c b/network.c
|
|
||||||
index 241bd82..fde250e 100644
|
|
||||||
--- a/network.c
|
|
||||||
+++ b/network.c
|
|
||||||
@@ -22,6 +22,7 @@
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <sys/ioctl.h>
|
|
||||||
+#include <sys/wait.h>
|
|
||||||
#ifndef LINUX
|
|
||||||
# include <sys/uio.h>
|
|
||||||
#endif
|
|
||||||
@@ -36,6 +37,51 @@ int server_socket; /* Server socket */
|
|
||||||
int kernel_support; /* Kernel Support there or not? */
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+#ifdef USE_KERNEL
|
|
||||||
+void modprobe() {
|
|
||||||
+ char * modules[] = { "l2tp_ppp", "pppol2tp", NULL };
|
|
||||||
+ char ** module;
|
|
||||||
+ char buf[256], *tok;
|
|
||||||
+ int pid, exit_status, fd;
|
|
||||||
+
|
|
||||||
+ FILE * fmod = fopen("/proc/modules", "r");
|
|
||||||
+
|
|
||||||
+ if (fmod == NULL)
|
|
||||||
+ return;
|
|
||||||
+
|
|
||||||
+ while (fgets(buf, 255, fmod) != NULL) {
|
|
||||||
+ if ((tok = strtok(buf, " ")) != NULL) {
|
|
||||||
+ for (module = modules; *module != NULL; ++module) {
|
|
||||||
+ if (!strcmp(*module, tok)) {
|
|
||||||
+ fclose(fmod);
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ fclose(fmod);
|
|
||||||
+
|
|
||||||
+ for (module = modules; *module != NULL; ++module) {
|
|
||||||
+ if ((pid = fork()) >= 0) {
|
|
||||||
+ if (pid == 0) {
|
|
||||||
+ setenv("PATH", "/sbin:/usr/sbin:/bin:/usr/bin", 1);
|
|
||||||
+ if ((fd = open("/dev/null", O_RDWR)) > -1) {
|
|
||||||
+ dup2(fd, 1);
|
|
||||||
+ dup2(fd, 2);
|
|
||||||
+ }
|
|
||||||
+ execlp("modprobe", "modprobe", "-q", *module, (char *)NULL);
|
|
||||||
+ exit(1);
|
|
||||||
+ } else {
|
|
||||||
+ if ((pid = waitpid(pid, &exit_status, 0)) != -1 && WIFEXITED(exit_status)) {
|
|
||||||
+ if (WEXITSTATUS(exit_status) == 0)
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
int init_network (void)
|
|
||||||
{
|
|
||||||
@@ -45,6 +91,7 @@ int init_network (void)
|
|
||||||
server.sin_family = AF_INET;
|
|
||||||
server.sin_addr.s_addr = gconfig.listenaddr;
|
|
||||||
server.sin_port = htons (gconfig.port);
|
|
||||||
+ int flags;
|
|
||||||
if ((server_socket = socket (PF_INET, SOCK_DGRAM, 0)) < 0)
|
|
||||||
{
|
|
||||||
l2tp_log (LOG_CRIT, "%s: Unable to allocate socket. Terminating.\n",
|
|
||||||
@@ -52,6 +99,10 @@ int init_network (void)
|
|
||||||
return -EINVAL;
|
|
||||||
};
|
|
||||||
|
|
||||||
+ flags = 1;
|
|
||||||
+ setsockopt(server_socket, SOL_SOCKET, SO_REUSEADDR, &flags, sizeof(flags));
|
|
||||||
+ setsockopt(server_socket, SOL_SOCKET, SO_NO_CHECK, &flags, sizeof(flags));
|
|
||||||
+
|
|
||||||
if (bind (server_socket, (struct sockaddr *) &server, sizeof (server)))
|
|
||||||
{
|
|
||||||
close (server_socket);
|
|
||||||
@@ -91,6 +142,7 @@ int init_network (void)
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
+ modprobe();
|
|
||||||
int kernel_fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
|
|
||||||
if (kernel_fd < 0)
|
|
||||||
{
|
|
||||||
@@ -321,6 +373,11 @@ int build_fdset (fd_set *readfds)
|
|
||||||
|
|
||||||
while (tun)
|
|
||||||
{
|
|
||||||
+ if (tun->udp_fd > -1) {
|
|
||||||
+ if (tun->udp_fd > max)
|
|
||||||
+ max = tun->udp_fd;
|
|
||||||
+ FD_SET (tun->udp_fd, readfds);
|
|
||||||
+ }
|
|
||||||
call = tun->call_head;
|
|
||||||
while (call)
|
|
||||||
{
|
|
||||||
@@ -390,6 +447,8 @@ void network_thread ()
|
|
||||||
struct iovec iov;
|
|
||||||
char cbuf[256];
|
|
||||||
unsigned int refme, refhim;
|
|
||||||
+ int * currentfd;
|
|
||||||
+ int server_socket_processed;
|
|
||||||
|
|
||||||
/* This one buffer can be recycled for everything except control packets */
|
|
||||||
buf = new_buf (MAX_RECV_SIZE);
|
|
||||||
@@ -428,7 +487,21 @@ void network_thread ()
|
|
||||||
{
|
|
||||||
do_control ();
|
|
||||||
}
|
|
||||||
- if (FD_ISSET (server_socket, &readfds))
|
|
||||||
+ server_socket_processed = 0;
|
|
||||||
+ currentfd = NULL;
|
|
||||||
+ st = tunnels.head;
|
|
||||||
+ while (st || !server_socket_processed) {
|
|
||||||
+ if (st && (st->udp_fd == -1)) {
|
|
||||||
+ st=st->next;
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
+ if (st) {
|
|
||||||
+ currentfd = &st->udp_fd;
|
|
||||||
+ } else {
|
|
||||||
+ currentfd = &server_socket;
|
|
||||||
+ server_socket_processed = 1;
|
|
||||||
+ }
|
|
||||||
+ if (FD_ISSET (*currentfd, &readfds))
|
|
||||||
{
|
|
||||||
/*
|
|
||||||
* Okay, now we're ready for reading and processing new data.
|
|
||||||
@@ -457,12 +530,19 @@ void network_thread ()
|
|
||||||
msgh.msg_flags = 0;
|
|
||||||
|
|
||||||
/* Receive one packet. */
|
|
||||||
- recvsize = recvmsg(server_socket, &msgh, 0);
|
|
||||||
+ recvsize = recvmsg(*currentfd, &msgh, 0);
|
|
||||||
|
|
||||||
if (recvsize < MIN_PAYLOAD_HDR_LEN)
|
|
||||||
{
|
|
||||||
if (recvsize < 0)
|
|
||||||
{
|
|
||||||
+ if (errno == ECONNREFUSED) {
|
|
||||||
+ close(*currentfd);
|
|
||||||
+ }
|
|
||||||
+ if ((errno == ECONNREFUSED) ||
|
|
||||||
+ (errno == EBADF)) {
|
|
||||||
+ *currentfd = -1;
|
|
||||||
+ }
|
|
||||||
if (errno != EAGAIN)
|
|
||||||
l2tp_log (LOG_WARNING,
|
|
||||||
"%s: recvfrom returned error %d (%s)\n",
|
|
||||||
@@ -567,6 +647,8 @@ void network_thread ()
|
|
||||||
}
|
|
||||||
};
|
|
||||||
}
|
|
||||||
+ if (st) st=st->next;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
/*
|
|
||||||
* finished obvious sources, look for data from PPP connections.
|
|
||||||
@@ -639,3 +721,82 @@ void network_thread ()
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+int connect_pppol2tp(struct tunnel *t) {
|
|
||||||
+#ifdef USE_KERNEL
|
|
||||||
+ if (kernel_support) {
|
|
||||||
+ int ufd = -1, fd2 = -1;
|
|
||||||
+ int flags;
|
|
||||||
+ struct sockaddr_pppol2tp sax;
|
|
||||||
+
|
|
||||||
+ struct sockaddr_in server;
|
|
||||||
+ server.sin_family = AF_INET;
|
|
||||||
+ server.sin_addr.s_addr = gconfig.listenaddr;
|
|
||||||
+ server.sin_port = htons (gconfig.port);
|
|
||||||
+ if ((ufd = socket (PF_INET, SOCK_DGRAM, 0)) < 0)
|
|
||||||
+ {
|
|
||||||
+ l2tp_log (LOG_CRIT, "%s: Unable to allocate UDP socket. Terminating.\n",
|
|
||||||
+ __FUNCTION__);
|
|
||||||
+ return -EINVAL;
|
|
||||||
+ };
|
|
||||||
+
|
|
||||||
+ flags=1;
|
|
||||||
+ setsockopt(ufd, SOL_SOCKET, SO_REUSEADDR, &flags, sizeof(flags));
|
|
||||||
+ setsockopt(ufd, SOL_SOCKET, SO_NO_CHECK, &flags, sizeof(flags));
|
|
||||||
+
|
|
||||||
+ if (bind (ufd, (struct sockaddr *) &server, sizeof (server)))
|
|
||||||
+ {
|
|
||||||
+ close (ufd);
|
|
||||||
+ l2tp_log (LOG_CRIT, "%s: Unable to bind UDP socket: %s. Terminating.\n",
|
|
||||||
+ __FUNCTION__, strerror(errno), errno);
|
|
||||||
+ return -EINVAL;
|
|
||||||
+ };
|
|
||||||
+ server = t->peer;
|
|
||||||
+ flags = fcntl(ufd, F_GETFL);
|
|
||||||
+ if (flags == -1 || fcntl(ufd, F_SETFL, flags | O_NONBLOCK) == -1) {
|
|
||||||
+ l2tp_log (LOG_WARNING, "%s: Unable to set UDP socket nonblock.\n",
|
|
||||||
+ __FUNCTION__);
|
|
||||||
+ return -EINVAL;
|
|
||||||
+ }
|
|
||||||
+ if (connect (ufd, (struct sockaddr *) &server, sizeof(server)) < 0) {
|
|
||||||
+ l2tp_log (LOG_CRIT, "%s: Unable to connect UDP peer. Terminating.\n",
|
|
||||||
+ __FUNCTION__);
|
|
||||||
+ return -EINVAL;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ t->udp_fd=ufd;
|
|
||||||
+
|
|
||||||
+ fd2 = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
|
|
||||||
+ if (fd2 < 0) {
|
|
||||||
+ l2tp_log (LOG_WARNING, "%s: Unable to allocate PPPoL2TP socket.\n",
|
|
||||||
+ __FUNCTION__);
|
|
||||||
+ return -EINVAL;
|
|
||||||
+ }
|
|
||||||
+ flags = fcntl(fd2, F_GETFL);
|
|
||||||
+ if (flags == -1 || fcntl(fd2, F_SETFL, flags | O_NONBLOCK) == -1) {
|
|
||||||
+ l2tp_log (LOG_WARNING, "%s: Unable to set PPPoL2TP socket nonblock.\n",
|
|
||||||
+ __FUNCTION__);
|
|
||||||
+ return -EINVAL;
|
|
||||||
+ }
|
|
||||||
+ sax.sa_family = AF_PPPOX;
|
|
||||||
+ sax.sa_protocol = PX_PROTO_OL2TP;
|
|
||||||
+ sax.pppol2tp.pid = 0;
|
|
||||||
+ sax.pppol2tp.fd = t->udp_fd;
|
|
||||||
+ sax.pppol2tp.addr.sin_addr.s_addr = t->peer.sin_addr.s_addr;
|
|
||||||
+ sax.pppol2tp.addr.sin_port = t->peer.sin_port;
|
|
||||||
+ sax.pppol2tp.addr.sin_family = AF_INET;
|
|
||||||
+ sax.pppol2tp.s_tunnel = t->ourtid;
|
|
||||||
+ sax.pppol2tp.s_session = 0;
|
|
||||||
+ sax.pppol2tp.d_tunnel = t->tid;
|
|
||||||
+ sax.pppol2tp.d_session = 0;
|
|
||||||
+ if ((connect(fd2, (struct sockaddr *)&sax, sizeof(sax))) < 0) {
|
|
||||||
+ l2tp_log (LOG_WARNING, "%s: Unable to connect PPPoL2TP socket. %d %s\n",
|
|
||||||
+ __FUNCTION__, errno, strerror(errno));
|
|
||||||
+ close(fd2);
|
|
||||||
+ return -EINVAL;
|
|
||||||
+ }
|
|
||||||
+ t->pppox_fd = fd2;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
diff --git a/xl2tpd.c b/xl2tpd.c
|
|
||||||
index 307ac2e..3fb6dd7 100644
|
|
||||||
--- a/xl2tpd.c
|
|
||||||
+++ b/xl2tpd.c
|
|
||||||
@@ -278,7 +278,11 @@ void death_handler (int signal)
|
|
||||||
struct tunnel *st, *st2;
|
|
||||||
int sec;
|
|
||||||
l2tp_log (LOG_CRIT, "%s: Fatal signal %d received\n", __FUNCTION__, signal);
|
|
||||||
+#ifdef USE_KERNEL
|
|
||||||
+ if (kernel_support || signal != SIGTERM) {
|
|
||||||
+#else
|
|
||||||
if (signal != SIGTERM) {
|
|
||||||
+#endif
|
|
||||||
st = tunnels.head;
|
|
||||||
while (st)
|
|
||||||
{
|
|
||||||
@@ -349,7 +353,7 @@ int start_pppd (struct call *c, struct ppp_opts *opts)
|
|
||||||
int flags;
|
|
||||||
#endif
|
|
||||||
int pos = 1;
|
|
||||||
- int fd2;
|
|
||||||
+ int fd2 = -1;
|
|
||||||
#ifdef DEBUG_PPPD
|
|
||||||
int x;
|
|
||||||
#endif
|
|
||||||
@@ -397,7 +401,7 @@ int start_pppd (struct call *c, struct ppp_opts *opts)
|
|
||||||
sax.sa_family = AF_PPPOX;
|
|
||||||
sax.sa_protocol = PX_PROTO_OL2TP;
|
|
||||||
sax.pppol2tp.pid = 0;
|
|
||||||
- sax.pppol2tp.fd = server_socket;
|
|
||||||
+ sax.pppol2tp.fd = c->container->udp_fd;
|
|
||||||
sax.pppol2tp.addr.sin_addr.s_addr = c->container->peer.sin_addr.s_addr;
|
|
||||||
sax.pppol2tp.addr.sin_port = c->container->peer.sin_port;
|
|
||||||
sax.pppol2tp.addr.sin_family = AF_INET;
|
|
||||||
@@ -408,6 +412,7 @@ int start_pppd (struct call *c, struct ppp_opts *opts)
|
|
||||||
if (connect(fd2, (struct sockaddr *)&sax, sizeof(sax)) < 0) {
|
|
||||||
l2tp_log (LOG_WARNING, "%s: Unable to connect PPPoL2TP socket.\n",
|
|
||||||
__FUNCTION__);
|
|
||||||
+ close(fd2);
|
|
||||||
return -EINVAL;
|
|
||||||
}
|
|
||||||
stropt[pos++] = strdup ("plugin");
|
|
||||||
@@ -484,7 +489,7 @@ int start_pppd (struct call *c, struct ppp_opts *opts)
|
|
||||||
dup2 (fd2, 0);
|
|
||||||
dup2 (fd2, 1);
|
|
||||||
close(fd2);
|
|
||||||
-
|
|
||||||
+ }
|
|
||||||
/* close all the calls pty fds */
|
|
||||||
st = tunnels.head;
|
|
||||||
while (st)
|
|
||||||
@@ -492,12 +497,17 @@ int start_pppd (struct call *c, struct ppp_opts *opts)
|
|
||||||
sc = st->call_head;
|
|
||||||
while (sc)
|
|
||||||
{
|
|
||||||
- close (sc->fd);
|
|
||||||
+#ifdef USE_KERNEL
|
|
||||||
+ if (kernel_support) {
|
|
||||||
+ close(st->udp_fd); /* tunnel UDP fd */
|
|
||||||
+ close(st->pppox_fd); /* tunnel PPPoX fd */
|
|
||||||
+ } else
|
|
||||||
+#endif
|
|
||||||
+ close (sc->fd); /* call pty fd */
|
|
||||||
sc = sc->next;
|
|
||||||
}
|
|
||||||
st = st->next;
|
|
||||||
}
|
|
||||||
- }
|
|
||||||
|
|
||||||
/* close the UDP socket fd */
|
|
||||||
close (server_socket);
|
|
||||||
@@ -615,6 +625,10 @@ void destroy_tunnel (struct tunnel *t)
|
|
||||||
the memory pointed to by t->chal_us.vector at some other place */
|
|
||||||
if (t->chal_them.vector)
|
|
||||||
free (t->chal_them.vector);
|
|
||||||
+ if (t->pppox_fd > -1 )
|
|
||||||
+ close (t->pppox_fd);
|
|
||||||
+ if (t->udp_fd > -1 )
|
|
||||||
+ close (t->udp_fd);
|
|
||||||
free (t);
|
|
||||||
free (me);
|
|
||||||
}
|
|
@ -1,21 +0,0 @@
|
|||||||
diff -Naur xl2tpd-1.3.1-orig/Makefile xl2tpd-1.3.1/Makefile
|
|
||||||
--- xl2tpd-1.3.1-orig/Makefile 2013-04-01 16:05:42.459122589 -0400
|
|
||||||
+++ xl2tpd-1.3.1/Makefile 2013-04-01 16:06:03.800359414 -0400
|
|
||||||
@@ -98,6 +98,7 @@
|
|
||||||
#LIBS= $(OSLIBS) # -lefence # efence for malloc checking
|
|
||||||
EXEC=xl2tpd
|
|
||||||
CONTROL_EXEC=xl2tpd-control
|
|
||||||
+CONTROL_OBJ=xl2tpd-control.o
|
|
||||||
|
|
||||||
PREFIX?=/usr/local
|
|
||||||
SBINDIR?=$(DESTDIR)${PREFIX}/sbin
|
|
||||||
@@ -114,7 +115,8 @@
|
|
||||||
$(CC) $(LDFLAGS) -o $@ $(OBJS) $(LDLIBS)
|
|
||||||
|
|
||||||
$(CONTROL_EXEC): $(CONTROL_SRCS)
|
|
||||||
- $(CC) $(CONTROL_SRCS) -o $@
|
|
||||||
+ $(CC) $(CFLAGS) -c $(CONTROL_SRCS)
|
|
||||||
+ $(CC) $(LDFLAGS) -o $@ $(CONTROL_OBJ)
|
|
||||||
|
|
||||||
pfc:
|
|
||||||
$(CC) $(CFLAGS) -c contrib/pfc.c
|
|
@ -1,41 +0,0 @@
|
|||||||
diff --git a/control.c b/control.c
|
|
||||||
index 0892df9..a124d04 100644
|
|
||||||
--- a/control.c
|
|
||||||
+++ b/control.c
|
|
||||||
@@ -1685,7 +1685,6 @@ void handle_special (struct buffer *buf, struct call *c, _u16 call)
|
|
||||||
* call if it was a CDN, otherwise, send a CDN to notify them
|
|
||||||
* that this call has been terminated.
|
|
||||||
*/
|
|
||||||
- struct buffer *outgoing;
|
|
||||||
struct tunnel *t = c->container;
|
|
||||||
/* Don't do anything unless it's a control packet */
|
|
||||||
if (!CTBIT (*((_u16 *) buf->start)))
|
|
||||||
@@ -1705,7 +1704,6 @@ void handle_special (struct buffer *buf, struct call *c, _u16 call)
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
/* Make a packet with the specified call number */
|
|
||||||
- outgoing = new_outgoing (t);
|
|
||||||
/* FIXME: If I'm not a CDN, I need to send a CDN */
|
|
||||||
control_zlb (buf, t, c);
|
|
||||||
c->cid = 0;
|
|
||||||
diff --git a/network.c b/network.c
|
|
||||||
index 783a181..82aedd7 100644
|
|
||||||
--- a/network.c
|
|
||||||
+++ b/network.c
|
|
||||||
@@ -377,7 +377,7 @@ void network_thread ()
|
|
||||||
* our network socket. Control handling is no longer done here.
|
|
||||||
*/
|
|
||||||
struct sockaddr_in from, to;
|
|
||||||
- unsigned int fromlen, tolen;
|
|
||||||
+ unsigned int fromlen;
|
|
||||||
int tunnel, call; /* Tunnel and call */
|
|
||||||
int recvsize; /* Length of data received */
|
|
||||||
struct buffer *buf; /* Payload buffer */
|
|
||||||
@@ -443,7 +443,6 @@ void network_thread ()
|
|
||||||
memset(&to, 0, sizeof(to));
|
|
||||||
|
|
||||||
fromlen = sizeof(from);
|
|
||||||
- tolen = sizeof(to);
|
|
||||||
|
|
||||||
memset(&msgh, 0, sizeof(struct msghdr));
|
|
||||||
iov.iov_base = buf->start;
|
|
@ -1,94 +0,0 @@
|
|||||||
diff -Naur xl2tpd-1.3.1-orig/examples/chapsecrets.sample xl2tpd-1.3.1/examples/chapsecrets.sample
|
|
||||||
--- xl2tpd-1.3.1-orig/examples/chapsecrets.sample 2011-10-06 15:22:05.000000000 -0400
|
|
||||||
+++ xl2tpd-1.3.1/examples/chapsecrets.sample 2012-06-12 12:08:26.850851970 -0400
|
|
||||||
@@ -1,7 +1,10 @@
|
|
||||||
-# Secrets for authentication using CHAP
|
|
||||||
-# client server secret IP addresses
|
|
||||||
-jacco * "mysecret" 192.168.1.128/25
|
|
||||||
-* jacco "mysecret" 192.168.1.128/25
|
|
||||||
-sam * "rumpelstiltskin" 192.168.1.5
|
|
||||||
-* sam "rumpelstiltskin" 192.168.1.5
|
|
||||||
-
|
|
||||||
+# Secrets for authentication on server using CHAP
|
|
||||||
+# See /etc/ppp/options.xl2tpd on how to use Windows authentication
|
|
||||||
+# client server secret IP addresses
|
|
||||||
+jacco * "mysecret" 192.168.1.128/25 # Dynamic IP
|
|
||||||
+sam * "rumpelstiltskin" 192.168.1.5 # Static IP
|
|
||||||
+#
|
|
||||||
+# Secrets for authentication on client using CHAP
|
|
||||||
+# client server secret IP addresses
|
|
||||||
+* jacco "mysecret"
|
|
||||||
+* sam "rumpelstiltskin"
|
|
||||||
diff -Naur xl2tpd-1.3.1-orig/examples/README xl2tpd-1.3.1/examples/README
|
|
||||||
--- xl2tpd-1.3.1-orig/examples/README 2011-10-06 15:22:05.000000000 -0400
|
|
||||||
+++ xl2tpd-1.3.1/examples/README 2012-06-12 12:08:26.850851970 -0400
|
|
||||||
@@ -1,2 +1,4 @@
|
|
||||||
-These are example files for use with xl2tpd. The xl2tpd*conf files are
|
|
||||||
-examples to use xl2tpd with Openswan's IPsec. See www.openswan.org
|
|
||||||
+These are example files for use with xl2tpd.
|
|
||||||
+
|
|
||||||
+Openswan carries config examples for use with l2tp-over-ipsec.
|
|
||||||
+See http://www.openswan.org/
|
|
||||||
diff -Naur xl2tpd-1.3.1-orig/examples/xl2tpd.conf xl2tpd-1.3.1/examples/xl2tpd.conf
|
|
||||||
--- xl2tpd-1.3.1-orig/examples/xl2tpd.conf 2011-10-06 15:22:05.000000000 -0400
|
|
||||||
+++ xl2tpd-1.3.1/examples/xl2tpd.conf 2012-06-12 12:27:00.922911049 -0400
|
|
||||||
@@ -14,6 +14,11 @@
|
|
||||||
; in the example below). Yet another IP address (local ip, e.g. 192.168.1.99)
|
|
||||||
; will be used by xl2tpd as its address on pppX interfaces.
|
|
||||||
|
|
||||||
+
|
|
||||||
+; IMPORTANT: always set listen-addr to a specific address, to work around a
|
|
||||||
+; udpfromto bug!!!
|
|
||||||
+
|
|
||||||
+
|
|
||||||
[global]
|
|
||||||
; listen-addr = 192.168.1.98
|
|
||||||
;
|
|
||||||
@@ -24,14 +29,15 @@
|
|
||||||
; when using any of the SAref kernel patches for kernels up to 2.6.35.
|
|
||||||
; ipsec refinfo = 30
|
|
||||||
;
|
|
||||||
-; forceuserspace = yes
|
|
||||||
+; force userspace = yes
|
|
||||||
;
|
|
||||||
; debug tunnel = yes
|
|
||||||
|
|
||||||
[lns default]
|
|
||||||
ip range = 192.168.1.128-192.168.1.254
|
|
||||||
local ip = 192.168.1.99
|
|
||||||
-require chap = yes
|
|
||||||
+; leave chap unspecified for maximum compatibility with windows, iOS, etc
|
|
||||||
+; require chap = yes
|
|
||||||
refuse pap = yes
|
|
||||||
require authentication = yes
|
|
||||||
name = LinuxVPNserver
|
|
||||||
diff -aur xl2tpd-1.3.1-orig/examples/ppp-options.xl2tpd xl2tpd-1.3.1/examples/ppp-options.xl2tpd
|
|
||||||
--- xl2tpd-1.3.1-orig/examples/ppp-options.xl2tpd 2011-10-06 15:22:05.000000000 -0400
|
|
||||||
+++ xl2tpd-1.3.1/examples/ppp-options.xl2tpd 2012-07-19 10:54:13.810503823 -0400
|
|
||||||
@@ -1,9 +1,10 @@
|
|
||||||
ipcp-accept-local
|
|
||||||
ipcp-accept-remote
|
|
||||||
-ms-dns 192.168.1.1
|
|
||||||
-ms-dns 192.168.1.3
|
|
||||||
-ms-wins 192.168.1.2
|
|
||||||
-ms-wins 192.168.1.4
|
|
||||||
+ms-dns 8.8.8.8
|
|
||||||
+# ms-dns 192.168.1.1
|
|
||||||
+# ms-dns 192.168.1.3
|
|
||||||
+# ms-wins 192.168.1.2
|
|
||||||
+# ms-wins 192.168.1.4
|
|
||||||
noccp
|
|
||||||
auth
|
|
||||||
crtscts
|
|
||||||
@@ -15,3 +16,11 @@
|
|
||||||
lock
|
|
||||||
proxyarp
|
|
||||||
connect-delay 5000
|
|
||||||
+# To allow authentication against a Windows domain EXAMPLE, and require the
|
|
||||||
+# user to be in a group "VPN Users". Requires the samba-winbind package
|
|
||||||
+# require-mschap-v2
|
|
||||||
+# plugin winbind.so
|
|
||||||
+# ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of="EXAMPLE\\VPN Users"'
|
|
||||||
+# You need to join the domain on the server, for example using samba:
|
|
||||||
+# http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients-lucid.html
|
|
||||||
+
|
|
@ -1,29 +0,0 @@
|
|||||||
--- xl2tpd-1.3.1-orig/control.c 2011-10-06 21:22:05.000000000 +0200
|
|
||||||
+++ xl2tpd-1.3.1/control.c 2013-03-30 21:45:04.641605756 +0100
|
|
||||||
@@ -898,7 +898,7 @@
|
|
||||||
po = add_opt (po, c->lac->pppoptfile);
|
|
||||||
}
|
|
||||||
};
|
|
||||||
- po = add_opt (po, "ipparam");
|
|
||||||
+ po = add_opt (po, "remotenumber");
|
|
||||||
po = add_opt (po, IPADDY (t->peer.sin_addr));
|
|
||||||
start_pppd (c, po);
|
|
||||||
opt_destroy (po);
|
|
||||||
@@ -974,7 +974,7 @@
|
|
||||||
po = add_opt (po, "file");
|
|
||||||
po = add_opt (po, c->lns->pppoptfile);
|
|
||||||
}
|
|
||||||
- po = add_opt (po, "ipparam");
|
|
||||||
+ po = add_opt (po, "remotenumber");
|
|
||||||
po = add_opt (po, IPADDY (t->peer.sin_addr));
|
|
||||||
start_pppd (c, po);
|
|
||||||
opt_destroy (po);
|
|
||||||
@@ -1034,7 +1034,7 @@
|
|
||||||
po = add_opt (po, c->lac->pppoptfile);
|
|
||||||
}
|
|
||||||
};
|
|
||||||
- po = add_opt (po, "ipparam");
|
|
||||||
+ po = add_opt (po, "remotenumber");
|
|
||||||
po = add_opt (po, IPADDY (t->peer.sin_addr));
|
|
||||||
start_pppd (c, po);
|
|
||||||
|
|
@ -1,362 +0,0 @@
|
|||||||
diff -Naur xl2tpd-1.3.1-orig/call.c xl2tpd-1.3.1/call.c
|
|
||||||
--- xl2tpd-1.3.1-orig/call.c 2011-10-06 15:22:05.000000000 -0400
|
|
||||||
+++ xl2tpd-1.3.1/call.c 2012-06-15 15:57:17.250953288 -0400
|
|
||||||
@@ -680,6 +680,8 @@
|
|
||||||
st->peer.sin_port = port;
|
|
||||||
st->refme = refme;
|
|
||||||
st->refhim = refhim;
|
|
||||||
+ st->udp_fd = -1;
|
|
||||||
+ st->pppox_fd = -1;
|
|
||||||
bcopy (&addr, &st->peer.sin_addr, sizeof (addr));
|
|
||||||
st->next = tunnels.head;
|
|
||||||
tunnels.head = st;
|
|
||||||
diff -Naur xl2tpd-1.3.1-orig/control.c xl2tpd-1.3.1/control.c
|
|
||||||
--- xl2tpd-1.3.1-orig/control.c 2012-06-15 15:56:30.169585604 -0400
|
|
||||||
+++ xl2tpd-1.3.1/control.c 2012-06-15 15:57:17.251953296 -0400
|
|
||||||
@@ -596,6 +596,9 @@
|
|
||||||
if (gconfig.debug_state)
|
|
||||||
l2tp_log (LOG_DEBUG, "%s: sending SCCCN\n", __FUNCTION__);
|
|
||||||
control_xmit (buf);
|
|
||||||
+
|
|
||||||
+ connect_pppol2tp(t);
|
|
||||||
+
|
|
||||||
/* Schedule a HELLO */
|
|
||||||
tv.tv_sec = HELLO_DELAY;
|
|
||||||
tv.tv_usec = 0;
|
|
||||||
@@ -608,6 +611,7 @@
|
|
||||||
"Connection established to %s, %d. Local: %d, Remote: %d (ref=%u/%u).\n",
|
|
||||||
IPADDY (t->peer.sin_addr),
|
|
||||||
ntohs (t->peer.sin_port), t->ourtid, t->tid, t->refme, t->refhim);
|
|
||||||
+
|
|
||||||
if (t->lac)
|
|
||||||
{
|
|
||||||
/* This is part of a LAC, so we want to go ahead
|
|
||||||
@@ -635,6 +639,9 @@
|
|
||||||
IPADDY (t->peer.sin_addr),
|
|
||||||
ntohs (t->peer.sin_port), t->ourtid, t->tid, t->refme, t->refhim,
|
|
||||||
t->lns->entname);
|
|
||||||
+
|
|
||||||
+ connect_pppol2tp(t);
|
|
||||||
+
|
|
||||||
/* Schedule a HELLO */
|
|
||||||
tv.tv_sec = HELLO_DELAY;
|
|
||||||
tv.tv_usec = 0;
|
|
||||||
diff -Naur xl2tpd-1.3.1-orig/l2tp.h xl2tpd-1.3.1/l2tp.h
|
|
||||||
--- xl2tpd-1.3.1-orig/l2tp.h 2011-10-06 15:22:05.000000000 -0400
|
|
||||||
+++ xl2tpd-1.3.1/l2tp.h 2012-06-15 15:57:17.251953296 -0400
|
|
||||||
@@ -167,6 +167,8 @@
|
|
||||||
int ourrws; /* Receive Window Size */
|
|
||||||
int rxspeed; /* Receive bps */
|
|
||||||
int txspeed; /* Transmit bps */
|
|
||||||
+ int udp_fd; /* UDP fd */
|
|
||||||
+ int pppox_fd; /* PPPOX tunnel fd */
|
|
||||||
struct call *self;
|
|
||||||
struct lns *lns; /* LNS that owns us */
|
|
||||||
struct lac *lac; /* LAC that owns us */
|
|
||||||
@@ -220,6 +222,7 @@
|
|
||||||
extern int ppd;
|
|
||||||
extern int switch_io; /* jz */
|
|
||||||
extern int control_fd;
|
|
||||||
+extern int connect_pppol2tp(struct tunnel *t);
|
|
||||||
extern int start_pppd (struct call *c, struct ppp_opts *);
|
|
||||||
extern void magic_lac_dial (void *);
|
|
||||||
extern int get_entropy (unsigned char *, int);
|
|
||||||
diff -Naur xl2tpd-1.3.1-orig/Makefile xl2tpd-1.3.1/Makefile
|
|
||||||
--- xl2tpd-1.3.1-orig/Makefile 2011-10-06 15:22:05.000000000 -0400
|
|
||||||
+++ xl2tpd-1.3.1/Makefile 2012-06-15 15:57:17.250953288 -0400
|
|
||||||
@@ -62,8 +62,8 @@
|
|
||||||
# are packages seperately (eg kernel-headers on Fedora)
|
|
||||||
# Note: 2.6.23+ support still needs some changes in the xl2tpd source
|
|
||||||
#
|
|
||||||
-#OSFLAGS+= -DUSE_KERNEL
|
|
||||||
-#
|
|
||||||
+# Kernel mode fixed by sigwall <fionov@gmail.com>
|
|
||||||
+OSFLAGS+= -DUSE_KERNEL
|
|
||||||
#
|
|
||||||
# Uncomment the next line for FreeBSD
|
|
||||||
#
|
|
||||||
diff -Naur xl2tpd-1.3.1-orig/network.c xl2tpd-1.3.1/network.c
|
|
||||||
--- xl2tpd-1.3.1-orig/network.c 2012-06-15 15:56:30.169585604 -0400
|
|
||||||
+++ xl2tpd-1.3.1/network.c 2012-06-15 16:00:26.259429931 -0400
|
|
||||||
@@ -22,6 +22,7 @@
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <sys/ioctl.h>
|
|
||||||
+#include <sys/wait.h>
|
|
||||||
#ifndef LINUX
|
|
||||||
# include <sys/uio.h>
|
|
||||||
#endif
|
|
||||||
@@ -36,7 +37,6 @@
|
|
||||||
int kernel_support; /* Kernel Support there or not? */
|
|
||||||
#endif
|
|
||||||
|
|
||||||
-
|
|
||||||
int init_network (void)
|
|
||||||
{
|
|
||||||
long arg;
|
|
||||||
@@ -45,6 +45,7 @@
|
|
||||||
server.sin_family = AF_INET;
|
|
||||||
server.sin_addr.s_addr = gconfig.listenaddr;
|
|
||||||
server.sin_port = htons (gconfig.port);
|
|
||||||
+ int flags;
|
|
||||||
if ((server_socket = socket (PF_INET, SOCK_DGRAM, 0)) < 0)
|
|
||||||
{
|
|
||||||
l2tp_log (LOG_CRIT, "%s: Unable to allocate socket. Terminating.\n",
|
|
||||||
@@ -52,6 +53,10 @@
|
|
||||||
return -EINVAL;
|
|
||||||
};
|
|
||||||
|
|
||||||
+ flags = 1;
|
|
||||||
+ setsockopt(server_socket, SOL_SOCKET, SO_REUSEADDR, &flags, sizeof(flags));
|
|
||||||
+ setsockopt(server_socket, SOL_SOCKET, SO_NO_CHECK, &flags, sizeof(flags));
|
|
||||||
+
|
|
||||||
if (bind (server_socket, (struct sockaddr *) &server, sizeof (server)))
|
|
||||||
{
|
|
||||||
close (server_socket);
|
|
||||||
@@ -94,7 +99,7 @@
|
|
||||||
int kernel_fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
|
|
||||||
if (kernel_fd < 0)
|
|
||||||
{
|
|
||||||
- l2tp_log (LOG_INFO, "L2TP kernel support not detected.\n");
|
|
||||||
+ l2tp_log (LOG_INFO, "L2TP kernel support not detected (try modprobing l2tp_ppp and pppol2tp)\n");
|
|
||||||
kernel_support = 0;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
@@ -321,6 +326,11 @@
|
|
||||||
|
|
||||||
while (tun)
|
|
||||||
{
|
|
||||||
+ if (tun->udp_fd > -1) {
|
|
||||||
+ if (tun->udp_fd > max)
|
|
||||||
+ max = tun->udp_fd;
|
|
||||||
+ FD_SET (tun->udp_fd, readfds);
|
|
||||||
+ }
|
|
||||||
call = tun->call_head;
|
|
||||||
while (call)
|
|
||||||
{
|
|
||||||
@@ -390,6 +400,8 @@
|
|
||||||
struct iovec iov;
|
|
||||||
char cbuf[256];
|
|
||||||
unsigned int refme, refhim;
|
|
||||||
+ int * currentfd;
|
|
||||||
+ int server_socket_processed;
|
|
||||||
|
|
||||||
/* This one buffer can be recycled for everything except control packets */
|
|
||||||
buf = new_buf (MAX_RECV_SIZE);
|
|
||||||
@@ -428,7 +440,21 @@
|
|
||||||
{
|
|
||||||
do_control ();
|
|
||||||
}
|
|
||||||
- if (FD_ISSET (server_socket, &readfds))
|
|
||||||
+ server_socket_processed = 0;
|
|
||||||
+ currentfd = NULL;
|
|
||||||
+ st = tunnels.head;
|
|
||||||
+ while (st || !server_socket_processed) {
|
|
||||||
+ if (st && (st->udp_fd == -1)) {
|
|
||||||
+ st=st->next;
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
+ if (st) {
|
|
||||||
+ currentfd = &st->udp_fd;
|
|
||||||
+ } else {
|
|
||||||
+ currentfd = &server_socket;
|
|
||||||
+ server_socket_processed = 1;
|
|
||||||
+ }
|
|
||||||
+ if (FD_ISSET (*currentfd, &readfds))
|
|
||||||
{
|
|
||||||
/*
|
|
||||||
* Okay, now we're ready for reading and processing new data.
|
|
||||||
@@ -456,12 +482,19 @@
|
|
||||||
msgh.msg_flags = 0;
|
|
||||||
|
|
||||||
/* Receive one packet. */
|
|
||||||
- recvsize = recvmsg(server_socket, &msgh, 0);
|
|
||||||
+ recvsize = recvmsg(*currentfd, &msgh, 0);
|
|
||||||
|
|
||||||
if (recvsize < MIN_PAYLOAD_HDR_LEN)
|
|
||||||
{
|
|
||||||
if (recvsize < 0)
|
|
||||||
{
|
|
||||||
+ if (errno == ECONNREFUSED) {
|
|
||||||
+ close(*currentfd);
|
|
||||||
+ }
|
|
||||||
+ if ((errno == ECONNREFUSED) ||
|
|
||||||
+ (errno == EBADF)) {
|
|
||||||
+ *currentfd = -1;
|
|
||||||
+ }
|
|
||||||
if (errno != EAGAIN)
|
|
||||||
l2tp_log (LOG_WARNING,
|
|
||||||
"%s: recvfrom returned error %d (%s)\n",
|
|
||||||
@@ -566,6 +599,8 @@
|
|
||||||
}
|
|
||||||
};
|
|
||||||
}
|
|
||||||
+ if (st) st=st->next;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
/*
|
|
||||||
* finished obvious sources, look for data from PPP connections.
|
|
||||||
@@ -638,3 +673,82 @@
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+int connect_pppol2tp(struct tunnel *t) {
|
|
||||||
+#ifdef USE_KERNEL
|
|
||||||
+ if (kernel_support) {
|
|
||||||
+ int ufd = -1, fd2 = -1;
|
|
||||||
+ int flags;
|
|
||||||
+ struct sockaddr_pppol2tp sax;
|
|
||||||
+
|
|
||||||
+ struct sockaddr_in server;
|
|
||||||
+ server.sin_family = AF_INET;
|
|
||||||
+ server.sin_addr.s_addr = gconfig.listenaddr;
|
|
||||||
+ server.sin_port = htons (gconfig.port);
|
|
||||||
+ if ((ufd = socket (PF_INET, SOCK_DGRAM, 0)) < 0)
|
|
||||||
+ {
|
|
||||||
+ l2tp_log (LOG_CRIT, "%s: Unable to allocate UDP socket. Terminating.\n",
|
|
||||||
+ __FUNCTION__);
|
|
||||||
+ return -EINVAL;
|
|
||||||
+ };
|
|
||||||
+
|
|
||||||
+ flags=1;
|
|
||||||
+ setsockopt(ufd, SOL_SOCKET, SO_REUSEADDR, &flags, sizeof(flags));
|
|
||||||
+ setsockopt(ufd, SOL_SOCKET, SO_NO_CHECK, &flags, sizeof(flags));
|
|
||||||
+
|
|
||||||
+ if (bind (ufd, (struct sockaddr *) &server, sizeof (server)))
|
|
||||||
+ {
|
|
||||||
+ close (ufd);
|
|
||||||
+ l2tp_log (LOG_CRIT, "%s: Unable to bind UDP socket: %s. Terminating.\n",
|
|
||||||
+ __FUNCTION__, strerror(errno), errno);
|
|
||||||
+ return -EINVAL;
|
|
||||||
+ };
|
|
||||||
+ server = t->peer;
|
|
||||||
+ flags = fcntl(ufd, F_GETFL);
|
|
||||||
+ if (flags == -1 || fcntl(ufd, F_SETFL, flags | O_NONBLOCK) == -1) {
|
|
||||||
+ l2tp_log (LOG_WARNING, "%s: Unable to set UDP socket nonblock.\n",
|
|
||||||
+ __FUNCTION__);
|
|
||||||
+ return -EINVAL;
|
|
||||||
+ }
|
|
||||||
+ if (connect (ufd, (struct sockaddr *) &server, sizeof(server)) < 0) {
|
|
||||||
+ l2tp_log (LOG_CRIT, "%s: Unable to connect UDP peer. Terminating.\n",
|
|
||||||
+ __FUNCTION__);
|
|
||||||
+ return -EINVAL;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ t->udp_fd=ufd;
|
|
||||||
+
|
|
||||||
+ fd2 = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
|
|
||||||
+ if (fd2 < 0) {
|
|
||||||
+ l2tp_log (LOG_WARNING, "%s: Unable to allocate PPPoL2TP socket.\n",
|
|
||||||
+ __FUNCTION__);
|
|
||||||
+ return -EINVAL;
|
|
||||||
+ }
|
|
||||||
+ flags = fcntl(fd2, F_GETFL);
|
|
||||||
+ if (flags == -1 || fcntl(fd2, F_SETFL, flags | O_NONBLOCK) == -1) {
|
|
||||||
+ l2tp_log (LOG_WARNING, "%s: Unable to set PPPoL2TP socket nonblock.\n",
|
|
||||||
+ __FUNCTION__);
|
|
||||||
+ return -EINVAL;
|
|
||||||
+ }
|
|
||||||
+ sax.sa_family = AF_PPPOX;
|
|
||||||
+ sax.sa_protocol = PX_PROTO_OL2TP;
|
|
||||||
+ sax.pppol2tp.pid = 0;
|
|
||||||
+ sax.pppol2tp.fd = t->udp_fd;
|
|
||||||
+ sax.pppol2tp.addr.sin_addr.s_addr = t->peer.sin_addr.s_addr;
|
|
||||||
+ sax.pppol2tp.addr.sin_port = t->peer.sin_port;
|
|
||||||
+ sax.pppol2tp.addr.sin_family = AF_INET;
|
|
||||||
+ sax.pppol2tp.s_tunnel = t->ourtid;
|
|
||||||
+ sax.pppol2tp.s_session = 0;
|
|
||||||
+ sax.pppol2tp.d_tunnel = t->tid;
|
|
||||||
+ sax.pppol2tp.d_session = 0;
|
|
||||||
+ if ((connect(fd2, (struct sockaddr *)&sax, sizeof(sax))) < 0) {
|
|
||||||
+ l2tp_log (LOG_WARNING, "%s: Unable to connect PPPoL2TP socket. %d %s\n",
|
|
||||||
+ __FUNCTION__, errno, strerror(errno));
|
|
||||||
+ close(fd2);
|
|
||||||
+ return -EINVAL;
|
|
||||||
+ }
|
|
||||||
+ t->pppox_fd = fd2;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
diff -Naur xl2tpd-1.3.1-orig/xl2tpd.c xl2tpd-1.3.1/xl2tpd.c
|
|
||||||
--- xl2tpd-1.3.1-orig/xl2tpd.c 2011-10-06 15:22:05.000000000 -0400
|
|
||||||
+++ xl2tpd-1.3.1/xl2tpd.c 2012-06-15 15:57:25.189015286 -0400
|
|
||||||
@@ -278,7 +278,11 @@
|
|
||||||
struct tunnel *st, *st2;
|
|
||||||
int sec;
|
|
||||||
l2tp_log (LOG_CRIT, "%s: Fatal signal %d received\n", __FUNCTION__, signal);
|
|
||||||
+#ifdef USE_KERNEL
|
|
||||||
+ if (kernel_support || signal != SIGTERM) {
|
|
||||||
+#else
|
|
||||||
if (signal != SIGTERM) {
|
|
||||||
+#endif
|
|
||||||
st = tunnels.head;
|
|
||||||
while (st)
|
|
||||||
{
|
|
||||||
@@ -349,7 +353,7 @@
|
|
||||||
int flags;
|
|
||||||
#endif
|
|
||||||
int pos = 1;
|
|
||||||
- int fd2;
|
|
||||||
+ int fd2 = -1;
|
|
||||||
#ifdef DEBUG_PPPD
|
|
||||||
int x;
|
|
||||||
#endif
|
|
||||||
@@ -397,7 +401,7 @@
|
|
||||||
sax.sa_family = AF_PPPOX;
|
|
||||||
sax.sa_protocol = PX_PROTO_OL2TP;
|
|
||||||
sax.pppol2tp.pid = 0;
|
|
||||||
- sax.pppol2tp.fd = server_socket;
|
|
||||||
+ sax.pppol2tp.fd = c->container->udp_fd;
|
|
||||||
sax.pppol2tp.addr.sin_addr.s_addr = c->container->peer.sin_addr.s_addr;
|
|
||||||
sax.pppol2tp.addr.sin_port = c->container->peer.sin_port;
|
|
||||||
sax.pppol2tp.addr.sin_family = AF_INET;
|
|
||||||
@@ -408,6 +412,7 @@
|
|
||||||
if (connect(fd2, (struct sockaddr *)&sax, sizeof(sax)) < 0) {
|
|
||||||
l2tp_log (LOG_WARNING, "%s: Unable to connect PPPoL2TP socket.\n",
|
|
||||||
__FUNCTION__);
|
|
||||||
+ close(fd2);
|
|
||||||
return -EINVAL;
|
|
||||||
}
|
|
||||||
stropt[pos++] = strdup ("plugin");
|
|
||||||
@@ -484,7 +489,7 @@
|
|
||||||
dup2 (fd2, 0);
|
|
||||||
dup2 (fd2, 1);
|
|
||||||
close(fd2);
|
|
||||||
-
|
|
||||||
+ }
|
|
||||||
/* close all the calls pty fds */
|
|
||||||
st = tunnels.head;
|
|
||||||
while (st)
|
|
||||||
@@ -492,12 +497,17 @@
|
|
||||||
sc = st->call_head;
|
|
||||||
while (sc)
|
|
||||||
{
|
|
||||||
- close (sc->fd);
|
|
||||||
+#ifdef USE_KERNEL
|
|
||||||
+ if (kernel_support) {
|
|
||||||
+ close(st->udp_fd); /* tunnel UDP fd */
|
|
||||||
+ close(st->pppox_fd); /* tunnel PPPoX fd */
|
|
||||||
+ } else
|
|
||||||
+#endif
|
|
||||||
+ close (sc->fd); /* call pty fd */
|
|
||||||
sc = sc->next;
|
|
||||||
}
|
|
||||||
st = st->next;
|
|
||||||
}
|
|
||||||
- }
|
|
||||||
|
|
||||||
/* close the UDP socket fd */
|
|
||||||
close (server_socket);
|
|
||||||
@@ -615,6 +625,10 @@
|
|
||||||
the memory pointed to by t->chal_us.vector at some other place */
|
|
||||||
if (t->chal_them.vector)
|
|
||||||
free (t->chal_them.vector);
|
|
||||||
+ if (t->pppox_fd > -1 )
|
|
||||||
+ close (t->pppox_fd);
|
|
||||||
+ if (t->udp_fd > -1 )
|
|
||||||
+ close (t->udp_fd);
|
|
||||||
free (t);
|
|
||||||
free (me);
|
|
||||||
}
|
|
@ -1,19 +0,0 @@
|
|||||||
diff -aur xl2tpd-1.3.1-orig/pty.c xl2tpd-1.3.1/pty.c
|
|
||||||
--- xl2tpd-1.3.1-orig/pty.c 2011-10-06 15:22:05.000000000 -0400
|
|
||||||
+++ xl2tpd-1.3.1/pty.c 2012-06-25 23:45:51.241543911 -0400
|
|
||||||
@@ -87,6 +87,7 @@
|
|
||||||
return -EINVAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
+#if 0 /* not needed, triggers SElinux block */
|
|
||||||
/* change the onwership */
|
|
||||||
if (grantpt(fd))
|
|
||||||
{
|
|
||||||
@@ -95,6 +96,7 @@
|
|
||||||
close(fd);
|
|
||||||
return -EINVAL;
|
|
||||||
}
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
if (unlockpt(fd))
|
|
||||||
{
|
|
@ -0,0 +1,40 @@
|
|||||||
|
diff -Naur xl2tpd-1.3.6-orig/examples/ppp-options.xl2tpd xl2tpd-1.3.6/examples/ppp-options.xl2tpd
|
||||||
|
--- xl2tpd-1.3.6-orig/examples/ppp-options.xl2tpd 2014-01-15 15:58:37.000000000 -0500
|
||||||
|
+++ xl2tpd-1.3.6/examples/ppp-options.xl2tpd 2014-05-12 14:46:24.358653357 -0400
|
||||||
|
@@ -1,9 +1,10 @@
|
||||||
|
ipcp-accept-local
|
||||||
|
ipcp-accept-remote
|
||||||
|
-ms-dns 192.168.1.1
|
||||||
|
-ms-dns 192.168.1.3
|
||||||
|
-ms-wins 192.168.1.2
|
||||||
|
-ms-wins 192.168.1.4
|
||||||
|
+ms-dns 8.8.8.8
|
||||||
|
+# ms-dns 192.168.1.1
|
||||||
|
+# ms-dns 192.168.1.3
|
||||||
|
+# ms-wins 192.168.1.2
|
||||||
|
+# ms-wins 192.168.1.4
|
||||||
|
noccp
|
||||||
|
auth
|
||||||
|
crtscts
|
||||||
|
@@ -15,3 +16,11 @@
|
||||||
|
lock
|
||||||
|
proxyarp
|
||||||
|
connect-delay 5000
|
||||||
|
+# To allow authentication against a Windows domain EXAMPLE, and require the
|
||||||
|
+# user to be in a group "VPN Users". Requires the samba-winbind package
|
||||||
|
+# require-mschap-v2
|
||||||
|
+# plugin winbind.so
|
||||||
|
+# ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of="EXAMPLE\\VPN Users"'
|
||||||
|
+# You need to join the domain on the server, for example using samba:
|
||||||
|
+# http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients-lucid.html
|
||||||
|
+
|
||||||
|
diff -Naur xl2tpd-1.3.6-orig/examples/README xl2tpd-1.3.6/examples/README
|
||||||
|
--- xl2tpd-1.3.6-orig/examples/README 2014-01-15 15:58:37.000000000 -0500
|
||||||
|
+++ xl2tpd-1.3.6/examples/README 2014-05-12 14:46:59.168476547 -0400
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
These are example files for use with xl2tpd.
|
||||||
|
|
||||||
|
-Openswan carries config examples for use with l2tp-over-ipsec.
|
||||||
|
-See http://www.openswan.org/
|
||||||
|
+xl2tpd is often used in combination with libreswan to offer L2TP/IPsec
|
||||||
|
+See https://libreswan.org/
|
@ -1,22 +0,0 @@
|
|||||||
diff --git a/file.c b/file.c
|
|
||||||
index 289aee6..d710e30 100644
|
|
||||||
--- a/file.c
|
|
||||||
+++ b/file.c
|
|
||||||
@@ -1229,7 +1229,7 @@ int parse_config (FILE * f)
|
|
||||||
/* Read in the configuration file handed to us */
|
|
||||||
/* FIXME: I should check for incompatible options */
|
|
||||||
int context = 0;
|
|
||||||
- char buf[STRLEN];
|
|
||||||
+ char buf[1024];
|
|
||||||
char *s, *d, *t;
|
|
||||||
int linenum = 0;
|
|
||||||
int def = 0;
|
|
||||||
@@ -1395,7 +1395,7 @@ int parse_config (FILE * f)
|
|
||||||
}
|
|
||||||
if (!(t = strchr (s, '=')))
|
|
||||||
{
|
|
||||||
- l2tp_log (LOG_WARNING, "parse_config: line %d: no '=' in data\n",
|
|
||||||
+ l2tp_log (LOG_WARNING, "parse_config: line %d: line too long or no '=' in data\n",
|
|
||||||
linenum);
|
|
||||||
return -1;
|
|
||||||
}
|
|
@ -1,101 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
#
|
|
||||||
# xl2tpd This shell script takes care of starting and stopping l2tpd.
|
|
||||||
#
|
|
||||||
# chkconfig: - 80 30
|
|
||||||
# description: Layer 2 Tunnelling Protocol Daemon (RFC 2661)
|
|
||||||
#
|
|
||||||
# processname: /usr/sbin/xl2tpd
|
|
||||||
# config: /etc/xl2tpd/xl2tpd.conf
|
|
||||||
# pidfile: /var/run/xl2tpd.pid
|
|
||||||
|
|
||||||
### BEGIN INIT INFO
|
|
||||||
# Provides: xl2tpd
|
|
||||||
# Required-Start: $local_fs $network $syslog
|
|
||||||
# Required-Stop: $local_fs $network $syslog
|
|
||||||
# Default-Start:
|
|
||||||
# Default-Stop: 0 1 2 3 4 5 6
|
|
||||||
# Short-Description: start|stop|status|restart|try-restart|reload|force-reload xl2tpd server
|
|
||||||
# Description: control xl2tpd server
|
|
||||||
### END INIT INFO
|
|
||||||
|
|
||||||
#Servicename
|
|
||||||
SERVICE=xl2tpd
|
|
||||||
|
|
||||||
# Source function library.
|
|
||||||
. /etc/rc.d/init.d/functions
|
|
||||||
|
|
||||||
# Source networking configuration.
|
|
||||||
. /etc/sysconfig/network
|
|
||||||
|
|
||||||
if [ ${NETWORKING} = "no" ]
|
|
||||||
then
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
[ -x /usr/sbin/$SERVICE ] || exit 0
|
|
||||||
|
|
||||||
RETVAL=0
|
|
||||||
|
|
||||||
start() {
|
|
||||||
echo -n "Starting $SERVICE: "
|
|
||||||
|
|
||||||
# Look for the L2TP kernel handler module, load when needed
|
|
||||||
if [ ! -d /sys/module/l2tp_ppp ]; then modprobe l2tp_ppp
|
|
||||||
# if still not found, try legacy one
|
|
||||||
if [ ! -d /sys/module/l2tp_ppp ]; then modprobe pppol2tp
|
|
||||||
|
|
||||||
if [ ! -d /var/run/xl2tpd ]
|
|
||||||
then
|
|
||||||
mkdir /var/run/xl2tpd
|
|
||||||
fi
|
|
||||||
daemon $SERVICE
|
|
||||||
RETVAL=$?
|
|
||||||
echo
|
|
||||||
if [ $RETVAL -eq 0 ];then
|
|
||||||
touch /var/lock/subsys/$SERVICE
|
|
||||||
else
|
|
||||||
exit 7;
|
|
||||||
fi
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
stop() {
|
|
||||||
echo -n "Stopping $SERVICE: "
|
|
||||||
killproc $SERVICE
|
|
||||||
RETVAL=$?
|
|
||||||
if [ $RETVAL -eq 0 ]; then
|
|
||||||
rm -f /var/run/xl2tpd/$SERVICE
|
|
||||||
rm -f /var/lock/subsys/$SERVICE
|
|
||||||
fi
|
|
||||||
echo
|
|
||||||
return $RETVAL
|
|
||||||
}
|
|
||||||
|
|
||||||
restart() {
|
|
||||||
stop
|
|
||||||
start
|
|
||||||
}
|
|
||||||
|
|
||||||
# See how we were called.
|
|
||||||
case "$1" in
|
|
||||||
start)
|
|
||||||
start
|
|
||||||
;;
|
|
||||||
stop)
|
|
||||||
stop
|
|
||||||
;;
|
|
||||||
status)
|
|
||||||
status $SERVICE
|
|
||||||
RETVAL=$?
|
|
||||||
;;
|
|
||||||
restart|reload)
|
|
||||||
restart
|
|
||||||
;;
|
|
||||||
condrestart)
|
|
||||||
[ -f /var/lock/subsys/$SERVICE ] && restart || :
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "Usage: $SERVICE {start|stop|status|restart|reload|condrestart}"
|
|
||||||
exit 1
|
|
||||||
esac
|
|
Loading…
Reference in new issue