From 9f28c44f17c5b4ab6f59f2ff1f465743e6ca2787 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Sat, 14 Jun 2014 12:39:43 -0400 Subject: [PATCH] - Resolves rhbz#1109470 l2tpd/ipsec breaks when "ipsec saref" not set --- xl2tpd-1.3.6-saref.patch | 36 ++++++++++++++++++++++++++++++++++++ xl2tpd.spec | 7 ++++++- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 xl2tpd-1.3.6-saref.patch diff --git a/xl2tpd-1.3.6-saref.patch b/xl2tpd-1.3.6-saref.patch new file mode 100644 index 0000000..c0b2160 --- /dev/null +++ b/xl2tpd-1.3.6-saref.patch @@ -0,0 +1,36 @@ +diff -Naur xl2tpd-5619e1771048e74b729804e8602f409af0f3faea-orig/file.c xl2tpd-5619e1771048e74b729804e8602f409af0f3faea/file.c +--- xl2tpd-5619e1771048e74b729804e8602f409af0f3faea-orig/file.c 2014-01-15 15:58:37.000000000 -0500 ++++ xl2tpd-5619e1771048e74b729804e8602f409af0f3faea/file.c 2014-06-14 12:34:06.422355636 -0400 +@@ -42,6 +42,8 @@ + + gconfig.port = UDP_LISTEN_PORT; + gconfig.sarefnum = IP_IPSEC_REFINFO; /* default use the latest we know */ ++ gconfig.ipsecsaref = 0; /* default off - requires patched KLIPS kernel module */ ++ gconfig.forceuserspace = 0; /* default off - allow kernel decap of data packets */ + gconfig.listenaddr = htonl(INADDR_ANY); /* Default is to bind (listen) to all interfaces */ + gconfig.debug_avp = 0; + gconfig.debug_network = 0; +diff -Naur xl2tpd-5619e1771048e74b729804e8602f409af0f3faea-orig/network.c xl2tpd-5619e1771048e74b729804e8602f409af0f3faea/network.c +--- xl2tpd-5619e1771048e74b729804e8602f409af0f3faea-orig/network.c 2014-01-15 15:58:37.000000000 -0500 ++++ xl2tpd-5619e1771048e74b729804e8602f409af0f3faea/network.c 2014-06-14 12:37:06.953574143 -0400 +@@ -78,6 +78,12 @@ + * For L2TP/IPsec with KLIPSng, set the socket to receive IPsec REFINFO + * values. + */ ++ if (!gconfig.ipsecsaref) ++ { ++ l2tp_log (LOG_INFO, "Not looking for kernel SAref support.\n"); ++ } ++ else ++ { + arg=1; + if(setsockopt(server_socket, IPPROTO_IP, gconfig.sarefnum, + &arg, sizeof(arg)) != 0) { +@@ -85,6 +91,7 @@ + + gconfig.ipsecsaref=0; + } ++ } + + arg=1; + if(setsockopt(server_socket, IPPROTO_IP, IP_PKTINFO, (char*)&arg, sizeof(arg)) != 0) { diff --git a/xl2tpd.spec b/xl2tpd.spec index 8dd48ad..33f792c 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -3,7 +3,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.6 -Release: 3%{?dist} +Release: 4%{?dist} License: GPL+ Url: https://github.com/xelerance/%{name}/ Group: System Environment/Daemons @@ -12,6 +12,7 @@ Source1: xl2tpd.service Source2: tmpfiles-xl2tpd.conf Patch1: xl2tpd-1.3.6-conf.patch Patch2: xl2tpd-1.3.6-md5-fips.patch +Patch3: xl2tpd-1.3.6-saref.patch Requires: ppp >= 2.4.5-18, kmod(l2tp_ppp.ko) # If you want to authenticate against a Microsoft PDC/Active Directory @@ -52,6 +53,7 @@ It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %setup -qn %{name}-%{commit} %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build #make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH" @@ -109,6 +111,9 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Sat Jun 14 2014 Paul Wouters - 1.3.6-4 +- Resolves rhbz#1109470 l2tpd/ipsec breaks when "ipsec saref" not set + * Sun Jun 08 2014 Fedora Release Engineering - 1.3.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild