Hello community, here is the log from the commit of package vpnc for openSUSE:Factory checked in at 2012-01-05 13:50:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/vpnc (Old) and /work/SRC/openSUSE:Factory/.vpnc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "vpnc", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/vpnc/vpnc.changes 2011-11-14 13:46:07.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.vpnc.new/vpnc.changes 2012-01-05 13:50:18.000000000 +0100 @@ -1,0 +2,23 @@ +Wed Jan 4 12:00:03 UTC 2012 - [email protected] + +- Add "vpnc: " prefix to stderr logmessages + +------------------------------------------------------------------- +Wed Jan 4 11:45:29 UTC 2012 - [email protected] + +- change License field to GPL-2.0+ (bnc#731966) + +------------------------------------------------------------------- +Mon Nov 28 15:41:32 UTC 2011 - [email protected] + +- update to rev 481 of nortel branch + - better version of vpnc-ipid.diff upstream + - various code cleanups + - log to stdout instead of syslog in debug mode + +------------------------------------------------------------------- +Fri Nov 18 09:32:17 UTC 2011 - [email protected] + +- fix pidfile writing (/var/run/vpnc does not necessarily exist) + +------------------------------------------------------------------- Old: ---- vpnc-0.5.3r472.tar.bz2 vpnc-ipid.diff New: ---- vpnc-0.5.3r481.tar.bz2 vpnc-add-name-to-stderr-log.diff vpnc-pidfile-path.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ vpnc.spec ++++++ --- /var/tmp/diff_new_pack.wO1M0B/_old 2012-01-05 13:50:19.000000000 +0100 +++ /var/tmp/diff_new_pack.wO1M0B/_new 2012-01-05 13:50:19.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package vpnc # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,17 +15,16 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - - Name: vpnc -Group: Productivity/Networking/Security +BuildRequires: gnutls BuildRequires: libgcrypt-devel -BuildRequires: gnutls libgnutls-devel pkg-config -Version: 0.5.3r472 -Release: 13 -License: BSD-3-Clause ; GPL-2.0+ -AutoReqProv: on +BuildRequires: libgnutls-devel +BuildRequires: pkg-config +Version: 0.5.3r481 +Release: 0 Summary: A Client for Cisco VPN concentrator +License: GPL-2.0+ +Group: Productivity/Networking/Security Url: http://svn.unix-ag.uni-kl.de/vpnc/branches/vpnc-nortel Requires: /usr/bin/sed /sbin/ip Source: %{name}-%{version}.tar.bz2 @@ -34,9 +33,10 @@ Patch0: bugfix.diff Patch1: vpnc-no-build-dates.patch Patch2: work-with-netconfig.patch -Patch3: vpnc-ipid.diff # most ugly hack ever Patch4: vpnc-restart-after-timeout.diff +Patch5: vpnc-pidfile-path.diff +Patch6: vpnc-add-name-to-stderr-log.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -65,8 +65,9 @@ %patch1 #Patch is not yet working :-( #patch2 -p0 -%patch -P 3 -p1 %patch4 -p1 +%patch5 -p1 +%patch6 -p1 %build export CFLAGS="%optflags" ++++++ vpnc-0.5.3r472.tar.bz2 -> vpnc-0.5.3r481.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vpnc/README new/vpnc/README --- old/vpnc/README 2008-12-14 22:56:45.000000000 +0100 +++ new/vpnc/README 2011-11-13 01:48:06.000000000 +0100 @@ -14,7 +14,7 @@ ========= Contents of this file ============================================ -- Gereral configuration of vpnc +- General configuration of vpnc - Using a modified script - Additional steps to configure hybrid authentication - Setting up vpnc on Vista 64bit @@ -82,24 +82,24 @@ This option is passed to system(), so you can use any shell-specials you like. This script gets called three times: -$reason == pre-init: this is befor vpnc opens the tun device - so you can do what is neccessary to ensure that it is available. +$reason == pre-init: this is before vpnc opens the tun device + so you can do what is necessary to ensure that it is available. Note that none of the variables mentioned below is available $reason == connect: this is what used to be "Config Script". The connection is established, but vpnc will not begin forwarding - packets until the script finishs. + packets until the script finishes. $reason == disconnect: This is called just after vpnc received a signal. Note that vpnc will not forward packets anymore while the script is - running or therafter. + running or thereafter. -Information is passed from vpnc via enviroment variables: +Information is passed from vpnc via environment variables: #* reason -- why this script was called, one of: pre-init connect disconnect #* VPNGATEWAY -- vpn gateway address (always present) #* TUNDEV -- tunnel device (always present) #* INTERNAL_IP4_ADDRESS -- address (always present) #* INTERNAL_IP4_NETMASK -- netmask (often unset) -#* INTERNAL_IP4_DNS -- list of dns serverss +#* INTERNAL_IP4_DNS -- list of dns servers #* INTERNAL_IP4_NBNS -- list of wins servers #* CISCO_DEF_DOMAIN -- default domain name #* CISCO_BANNER -- banner from server @@ -178,7 +178,7 @@ 1. Install cygwin onto vista. Details here: http://www.cygwin.com/ 2. Make sure you install the development options for cygwin to give you access to make and gcc etc -3. Make sure you install libcrypt for cygwin as it is needed in the make +3. Make sure you install libgcrypt for cygwin as it is needed in the make 4. Modify the bash.exe to run as administrator or you will have privilege issues later, this is done on the properties tab of the executable in c:/cygwin/bin @@ -186,7 +186,7 @@ http://www.unix-ag.uni-kl.de/~massar/vpnc/ 5. Unzip and explode the tarball 6. modify tap-win32.h to change #define TAP_COMPONENT_ID "tap0801" to - "tap0901" (No sure if this is necesary but I did it and it is working + "tap0901" (No sure if this is necessary but I did it and it is working for me) 7. make 8. You should have a shinny new vpnc.exe diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vpnc/config.c new/vpnc/config.c --- old/vpnc/config.c 2009-10-31 17:05:14.000000000 +0100 +++ new/vpnc/config.c 2011-11-20 07:02:04.000000000 +0100 @@ -15,7 +15,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - $Id: config.c 448 2009-10-31 16:05:14Z Antonio Borneo $ + $Id: config.c 474 2011-11-20 06:02:04Z Antonio Borneo $ */ #define _GNU_SOURCE @@ -23,6 +23,7 @@ #include <inttypes.h> #include <stdio.h> #include <stdlib.h> +#include <stdarg.h> #include <unistd.h> #include <string.h> #include <errno.h> @@ -47,6 +48,19 @@ uint16_t opt_udpencapport; uint16_t opt_nortel_client_id; +static void log_to_stderr(int priority __attribute__((unused)), const char *format, ...) +{ + va_list ap; + + va_start(ap, format); + vfprintf(stderr, format, ap); + fprintf(stderr, "\n"); + va_end(ap); +} + +void (*logmsg)(int priority, const char *format, ...) = log_to_stderr; + + void hex_dump(const char *str, const void *data, ssize_t len, const struct debug_strings *decode) { size_t i; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vpnc/config.h new/vpnc/config.h --- old/vpnc/config.h 2009-10-31 17:05:14.000000000 +0100 +++ new/vpnc/config.h 2011-11-20 07:02:04.000000000 +0100 @@ -15,7 +15,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - $Id: config.h 448 2009-10-31 16:05:14Z Antonio Borneo $ + $Id: config.h 474 2011-11-20 06:02:04Z Antonio Borneo $ */ #ifndef __CONFIG_H__ @@ -141,4 +141,7 @@ extern void hex_dump(const char *str, const void *data, ssize_t len, const struct debug_strings *decode); extern void do_config(int argc, char **argv); +extern void (*logmsg)(int priority, const char *format, ...) + __attribute__ ((__format__ (__printf__, 2, 3))); + #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vpnc/crypto-gnutls.c new/vpnc/crypto-gnutls.c --- old/vpnc/crypto-gnutls.c 2009-09-12 20:24:21.000000000 +0200 +++ new/vpnc/crypto-gnutls.c 2011-11-20 13:38:19.000000000 +0100 @@ -265,7 +265,7 @@ size_t *out_list_size, crypto_error **error) { - gnutls_x509_crt_t *list = NULL, *old; + gnutls_x509_crt_t *list; gnutls_datum dt = { NULL, 0 }; size_t fsize = 0; int err; @@ -276,7 +276,7 @@ return NULL; dt.size = (unsigned int) fsize; - old = list = gnutls_malloc(sizeof(gnutls_x509_crt_t) * num); + list = gnutls_malloc(sizeof(gnutls_x509_crt_t) * num); if (!list) { crypto_error_set(error, 1, ENOMEM, "not enough memory for CA list"); goto out; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vpnc/pcf2vpnc.1 new/vpnc/pcf2vpnc.1 --- old/vpnc/pcf2vpnc.1 2008-11-26 09:03:43.000000000 +0100 +++ new/vpnc/pcf2vpnc.1 2011-11-13 01:48:06.000000000 +0100 @@ -2,7 +2,7 @@ .SH "NAME" pcf2vpnc \- converts VPN\-config files from pcf to vpnc\-format .\" -.\" $Id: pcf2vpnc.1 377 2008-11-26 08:03:43Z Joerg Mayer $ +.\" $Id: pcf2vpnc.1 473 2011-11-13 00:48:06Z Antonio Borneo $ .\" .SH "SYNOPSIS" .B pcf2vpnc @@ -15,7 +15,7 @@ If [\fIvpnc file\fR] is not specified, the result will be printed to STDOUT. If specified, it will be written to that -file. Please make sure that it has apropriate permissions as +file. Please make sure that it has appropriate permissions as it may contain sensitive data! .SH "AUTHOR" pcf2vpnc was originally written by Stefan Tomanek. Updates and this man\-page were made by Wolfram Sang (ninja(at)the\-dreams.de). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vpnc/sysdep.c new/vpnc/sysdep.c --- old/vpnc/sysdep.c 2009-09-05 17:47:58.000000000 +0200 +++ new/vpnc/sysdep.c 2011-11-20 07:02:04.000000000 +0100 @@ -110,37 +110,37 @@ } if ((ip_fd = open("/dev/ip", O_RDWR, 0)) < 0) { - syslog(LOG_ERR, "Can't open /dev/ip"); + logmsg(LOG_ERR, "Can't open /dev/ip"); return -1; } if ((tun_fd = open(((mode == IF_MODE_TUN) ? "/dev/tun" : "/dev/tap"), O_RDWR, 0)) < 0) { - syslog(LOG_ERR, "Can't open /dev/tun"); + logmsg(LOG_ERR, "Can't open /dev/tun"); return -1; } /* Assign a new PPA and get its unit number. */ if ((ppa = ioctl(tun_fd, TUNNEWPPA, ppa)) < 0) { - syslog(LOG_ERR, "Can't assign new interface"); + logmsg(LOG_ERR, "Can't assign new interface"); return -1; } if ((if_fd = open(((mode == IF_MODE_TUN) ? "/dev/tun" : "/dev/tap"), O_RDWR, 0)) < 0) { - syslog(LOG_ERR, "Can't open /dev/tun (2)"); + logmsg(LOG_ERR, "Can't open /dev/tun (2)"); return -1; } if (ioctl(if_fd, I_PUSH, "ip") < 0) { - syslog(LOG_ERR, "Can't push IP module"); + logmsg(LOG_ERR, "Can't push IP module"); return -1; } /* Assign ppa according to the unit number returned by tun device */ if (ioctl(if_fd, IF_UNITSEL, (char *)&ppa) < 0 && errno != EEXIST) { - syslog(LOG_ERR, "Can't set PPA %d", ppa); + logmsg(LOG_ERR, "Can't set PPA %d", ppa); return -1; } if ((muxid = ioctl(ip_fd, I_PLINK, if_fd)) < 0) { - syslog(LOG_ERR, "Can't link TUN device to IP"); + logmsg(LOG_ERR, "Can't link TUN device to IP"); return -1; } close(if_fd); @@ -153,7 +153,7 @@ if (ioctl(ip_fd, SIOCSIFMUXID, &ifr) < 0) { ioctl(ip_fd, I_PUNLINK, muxid); - syslog(LOG_ERR, "Can't set multiplexor id"); + logmsg(LOG_ERR, "Can't set multiplexor id"); return -1; } @@ -493,12 +493,12 @@ memset(&ifr, 0, sizeof(ifr)); strcpy(ifr.ifr_name, dev); if (ioctl(ip_fd, SIOCGIFFLAGS, &ifr) < 0) { - syslog(LOG_ERR, "Can't get iface flags"); + logmsg(LOG_ERR, "Can't get iface flags"); return 0; } if (ioctl(ip_fd, I_PUNLINK, muxid) < 0) { - syslog(LOG_ERR, "Can't unlink interface"); + logmsg(LOG_ERR, "Can't unlink interface"); return 0; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vpnc/tunip.c new/vpnc/tunip.c --- old/vpnc/tunip.c 2011-11-08 16:52:17.000000000 +0100 +++ new/vpnc/tunip.c 2011-11-20 13:38:12.000000000 +0100 @@ -21,7 +21,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - $Id: tunip.c 465 2011-11-08 15:52:17Z Antonio Borneo $ + $Id: tunip.c 479 2011-11-20 12:38:12Z Antonio Borneo $ */ /* borrowed from pipsecd (-; */ @@ -169,15 +169,15 @@ r = recvfrom(s->esp_fd, buf, bufsize, 0, (struct sockaddr *)&from, &fromlen); if (r == -1) { - syslog(LOG_ERR, "recvfrom: %m"); + logmsg(LOG_ERR, "recvfrom: %m"); return -1; } if (from.sin_addr.s_addr != s->dst.s_addr) { - syslog(LOG_ALERT, "packet from unknown host %s", inet_ntoa(from.sin_addr)); + logmsg(LOG_ALERT, "packet from unknown host %s", inet_ntoa(from.sin_addr)); return -1; } if (r < (p->ip_hl << 2) + s->ipsec.em->fixed_header_size) { - syslog(LOG_ALERT, "packet too short. got %zd, expected %d", r, (p->ip_hl << 2) + s->ipsec.em->fixed_header_size); + logmsg(LOG_ALERT, "packet too short. got %zd, expected %d", r, (p->ip_hl << 2) + s->ipsec.em->fixed_header_size); return -1; } @@ -203,7 +203,7 @@ r = recv(s->esp_fd, buf, bufsize, 0); if (r == -1) { - syslog(LOG_ERR, "recvfrom: %m"); + logmsg(LOG_ERR, "recvfrom: %m"); return -1; } if (s->ipsec.natt_active_mode == NATT_ACTIVE_DRAFT_OLD && r > 8) { @@ -216,7 +216,7 @@ return -1; } if (r < s->ipsec.em->fixed_header_size) { - syslog(LOG_ALERT, "packet too short from %s. got %zd, expected %d", + logmsg(LOG_ALERT, "packet too short from %s. got %zd, expected %d", inet_ntoa(s->dst), r, s->ipsec.em->fixed_header_size); return -1; } @@ -273,7 +273,7 @@ sent = tun_write(s->tun_fd, start, len); if (sent != len) - syslog(LOG_ERR, "truncated in: %d -> %d\n", len, sent); + logmsg(LOG_ERR, "truncated in: %d -> %d\n", len, sent); hex_dump("Tx pkt", start, len, NULL); return 1; } @@ -436,11 +436,11 @@ dstaddr.sin_port = 0; sent = sendto(s->esp_fd, s->ipsec.tx.buf, s->ipsec.tx.buflen, 0, (struct sockaddr *)&dstaddr, sizeof(struct sockaddr_in)); if (sent == -1) { - syslog(LOG_ERR, "esp sendto: %m"); + logmsg(LOG_ERR, "esp sendto: %m"); return; } if (sent != s->ipsec.tx.buflen) - syslog(LOG_ALERT, "esp truncated out (%lld out of %d)", (long long)sent, s->ipsec.tx.buflen); + logmsg(LOG_ALERT, "esp truncated out (%lld out of %d)", (long long)sent, s->ipsec.tx.buflen); } /* @@ -475,11 +475,11 @@ sent = send(s->esp_fd, s->ipsec.tx.buf, s->ipsec.tx.buflen, 0); if (sent == -1) { - syslog(LOG_ERR, "udp sendto: %m"); + logmsg(LOG_ERR, "udp sendto: %m"); return; } if (sent != s->ipsec.tx.buflen) - syslog(LOG_ALERT, "udp truncated out (%lld out of %d)", + logmsg(LOG_ALERT, "udp truncated out (%lld out of %d)", (long long)sent, s->ipsec.tx.buflen); } @@ -490,16 +490,14 @@ unsigned char padlen, next_header; unsigned char *pad; unsigned char *iv; - struct esp_encap_header *eh; - eh = (struct esp_encap_header *)(s->ipsec.rx.buf + s->ipsec.rx.bufpayload); s->ipsec.rx.var_header_size = s->ipsec.iv_len; iv = s->ipsec.rx.buf + s->ipsec.rx.bufpayload + s->ipsec.em->fixed_header_size; len = s->ipsec.rx.buflen - s->ipsec.rx.bufpayload - s->ipsec.em->fixed_header_size - s->ipsec.rx.var_header_size; if (len < 0) { - syslog(LOG_ALERT, "Packet too short"); + logmsg(LOG_ALERT, "Packet too short"); return -1; } @@ -515,14 +513,14 @@ 0, s->ipsec.rx.key_md, s->ipsec.md_len) != 0) { - syslog(LOG_ALERT, "HMAC mismatch in ESP mode"); + logmsg(LOG_ALERT, "HMAC mismatch in ESP mode"); return -1; } } blksz = s->ipsec.blk_len; if (s->ipsec.cry_algo && ((len % blksz) != 0)) { - syslog(LOG_ALERT, + logmsg(LOG_ALERT, "payload len %d not a multiple of algorithm block size %lu", len, (unsigned long)blksz); return -1; @@ -551,11 +549,11 @@ + s->ipsec.em->fixed_header_size + s->ipsec.rx.var_header_size + len - 1]; if (padlen + 2 > len) { - syslog(LOG_ALERT, "Inconsistent padlen"); + logmsg(LOG_ALERT, "Inconsistent padlen"); return -1; } if (next_header != IPPROTO_IPIP) { - syslog(LOG_ALERT, "Inconsistent next_header %d", next_header); + logmsg(LOG_ALERT, "Inconsistent next_header %d", next_header); return -1; } DEBUG(3, printf("pad len: %d, next_header: %d\n", padlen, next_header)); @@ -568,7 +566,7 @@ + s->ipsec.em->fixed_header_size + s->ipsec.rx.var_header_size + len; for (i = 1; i <= padlen; i++) { if (*pad != i) { - syslog(LOG_ALERT, "Bad padding"); + logmsg(LOG_ALERT, "Bad padding"); return -1; } pad++; @@ -693,7 +691,7 @@ } if (pack == -1) { - syslog(LOG_ERR, "read: %m"); + logmsg(LOG_ERR, "read: %m"); return; } @@ -701,7 +699,7 @@ * 12: Offset of ip source address in ip header, * 4: Length of IP address */ if (!memcmp(global_buffer_rx + MAX_HEADER + 12, &s->dst.s_addr, 4)) { - syslog(LOG_ALERT, "routing loop to %s", + logmsg(LOG_ALERT, "routing loop to %s", inet_ntoa(s->dst)); return; } @@ -732,7 +730,7 @@ s->ipsec.rx.buflen - s->ipsec.rx.bufpayload - 4); return; } else if (eh->spi != s->ipsec.rx.spi) { - syslog(LOG_NOTICE, "unknown spi %#08x from peer", ntohl(eh->spi)); + logmsg(LOG_NOTICE, "unknown spi %#08x from peer", ntohl(eh->spi)); return; } @@ -741,7 +739,7 @@ return; if (encap_any_decap(s) == 0) { - syslog(LOG_DEBUG, "received update probe from peer"); + logmsg(LOG_DEBUG, "received update probe from peer"); } else { /* Send the decapsulated packet to the tunnel interface */ s->ipsec.life.rx += s->ipsec.rx.buflen; @@ -813,7 +811,7 @@ #if defined(__CYGWIN__) if (pthread_create(&tid, NULL, tun_thread, s)) { - syslog(LOG_ERR, "Cannot create tun thread!\n"); + logmsg(LOG_ERR, "Cannot create tun thread!\n"); return; } #endif @@ -862,7 +860,7 @@ } /* send nat keepalive packet */ if (send(s->esp_fd, keepalive, keepalive_size, 0) == -1) { - syslog(LOG_ERR, "keepalive sendto: %m"); + logmsg(LOG_ERR, "keepalive sendto: %m"); } } if (s->ike.do_dpd) { @@ -888,7 +886,7 @@ s->ipsec.life.kbytes)); } while ((presult == 0 || (presult == -1 && errno == EINTR)) && !do_kill); if (presult == -1) { - syslog(LOG_ERR, "select: %m"); + logmsg(LOG_ERR, "select: %m"); continue; } @@ -948,13 +946,13 @@ switch (do_kill) { case -2: - syslog(LOG_NOTICE, "connection terminated by dead peer detection"); + logmsg(LOG_NOTICE, "connection terminated by dead peer detection"); break; case -1: - syslog(LOG_NOTICE, "connection terminated by peer"); + logmsg(LOG_NOTICE, "connection terminated by peer"); break; default: - syslog(LOG_NOTICE, "terminated by signal: %d", do_kill); + logmsg(LOG_NOTICE, "terminated by signal: %d", do_kill); break; } } @@ -973,7 +971,7 @@ pf = fopen(pidfile, "w"); if (pf == NULL) { - syslog(LOG_WARNING, "can't open pidfile %s for writing", pidfile); + logmsg(LOG_WARNING, "can't open pidfile %s for writing", pidfile); return; } @@ -1055,10 +1053,11 @@ printf("VPNC started in background (pid: %d)...\n", (int)pid); exit(0); } + openlog("vpnc", LOG_PID | LOG_PERROR, LOG_DAEMON); + logmsg = syslog; } else { printf("VPNC started in foreground...\n"); } - openlog("vpnc", LOG_PID | LOG_PERROR, LOG_DAEMON); write_pidfile(pidfile); vpnc_main_loop(s); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vpnc/vpnc-script.in new/vpnc/vpnc-script.in --- old/vpnc/vpnc-script.in 2009-09-05 19:10:59.000000000 +0200 +++ new/vpnc/vpnc-script.in 2011-11-26 07:43:24.000000000 +0100 @@ -116,7 +116,8 @@ if [ -n "$IPROUTE" ]; then fix_ip_get_output () { - sed 's/cache//;s/metric \?[0-9]\+ [0-9]\+//g;s/hoplimit [0-9]\+//g' + sed -e 's/ /\n/g' | \ + sed -ne '1p;/via/{N;p};/dev/{N;p};/src/{N;p};/mtu/{N;p}' } set_vpngateway_route() { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vpnc/vpnc.8.template new/vpnc/vpnc.8.template --- old/vpnc/vpnc.8.template 2008-11-26 09:03:43.000000000 +0100 +++ new/vpnc/vpnc.8.template 2011-11-13 01:48:06.000000000 +0100 @@ -1,5 +1,5 @@ .\" Template to generate the vpnc-manpage -.\" $Id: vpnc.8.template 377 2008-11-26 08:03:43Z Joerg Mayer $ +.\" $Id: vpnc.8.template 473 2011-11-13 00:48:06Z Antonio Borneo $ .\" .TH VPNC "8" "Warning: Just a template!" "vpnc man-template" "Warning: Just a template!" .\" Fake header just to make this file viewable with man. @@ -95,7 +95,7 @@ .I /etc/vpnc/default.conf .RS The default configuration file. You can specify the same config -directives as with command line options and additionaly +directives as with command line options and additionally .B IPSec secret and .B Xauth password diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vpnc/vpnc.c new/vpnc/vpnc.c --- old/vpnc/vpnc.c 2011-11-09 03:01:50.000000000 +0100 +++ new/vpnc/vpnc.c 2011-11-20 13:38:07.000000000 +0100 @@ -18,7 +18,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - $Id: vpnc.c 470 2011-11-09 02:01:50Z Antonio Borneo $ + $Id: vpnc.c 478 2011-11-20 12:38:07Z Antonio Borneo $ */ #define _GNU_SOURCE @@ -132,7 +132,10 @@ 0x74, 0x5f, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x38, 0x6b, 0x01, 0x00 }; -const unsigned char VID_NORTEL_CONT[] = { /* BNES: Bay Networks Enterprise Switch + version/id of some kind */ +const unsigned char VID_NORTEL_CONT_09[] = { /* BNES: Bay Networks Enterprise Switch + version/id of some kind */ + 0x42, 0x4e, 0x45, 0x53, 0x00, 0x00, 0x00, 0x09 +}; +const unsigned char VID_NORTEL_CONT_0A[] = { 0x42, 0x4e, 0x45, 0x53, 0x00, 0x00, 0x00, 0x0a }; @@ -160,7 +163,8 @@ { VID_DWR, sizeof(VID_DWR), "Delete With Reason" }, { VID_CISCO_FRAG, sizeof(VID_CISCO_FRAG), "Cisco Fragmentation" }, { VID_NETSCREEN_15, sizeof(VID_NETSCREEN_15), "Netscreen 15" }, - { VID_NORTEL_CONT, sizeof(VID_NORTEL_CONT), "Nortel Contivity" }, + { VID_NORTEL_CONT_09, sizeof(VID_NORTEL_CONT_09), "Nortel Contivity v9" }, + { VID_NORTEL_CONT_0A, sizeof(VID_NORTEL_CONT_0A), "Nortel Contivity v10" }, { VID_HEARTBEAT_NOTIFY, sizeof(VID_HEARTBEAT_NOTIFY), "Heartbeat Notify" }, { VID_NATSI_LONG, sizeof(VID_NATSI_LONG), "Netlock NaT-SI" }, { VID_NATSI, sizeof(VID_NATSI), "Netlock NaT-SI" }, @@ -1331,7 +1335,7 @@ if (opt_vendor == VENDOR_NORTEL) { if (opt_natt_mode == NATT_NORTEL_UDP) - l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID, + l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID, VID_NATSI_LONG, sizeof(VID_NATSI_LONG)); } else { /* (opt_vendor != VENDOR_NORTEL) */ l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID, @@ -1358,7 +1362,7 @@ s->ike.dpd_idle = 10; if (s->ike.dpd_idle > 86400) s->ike.dpd_idle = 86400; - l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID, + l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID, VID_DPD, sizeof(VID_DPD)); } } @@ -1384,12 +1388,12 @@ struct isakmp_payload *hash = NULL; struct isakmp_payload *sig = NULL; struct isakmp_payload *idp = NULL; - int seen_sa = 0, seen_xauth_vid = 0; + int seen_sa = 0; uint8_t *psk_skeyid; uint8_t *skeyid; gcry_md_hd_t skeyid_ctx; uint8_t *dh_shared_secret; - int seen_natt_vid = 0, seen_natd = 0, seen_natd_them = 0, seen_natd_us = 0; + int seen_natd = 0, seen_natd_them = 0, seen_natd_us = 0; int seen_natsi = 0; int natt_draft = -1; crypto_ctx *cctx; @@ -1574,41 +1578,35 @@ if (rp->u.vid.length == sizeof(VID_XAUTH) && memcmp(rp->u.vid.data, VID_XAUTH, sizeof(VID_XAUTH)) == 0) { - seen_xauth_vid = 1; + DEBUG(2, printf("peer is XAUTH capable (draft-ietf-ipsec-isakmp-xauth-06)\n")); } else if (rp->u.vid.length == sizeof(VID_NATT_RFC) && memcmp(rp->u.vid.data, VID_NATT_RFC, sizeof(VID_NATT_RFC)) == 0) { - seen_natt_vid = 1; if (natt_draft < 1) natt_draft = 2; DEBUG(2, printf("peer is NAT-T capable (RFC 3947)\n")); } else if (rp->u.vid.length == sizeof(VID_NATT_03) && memcmp(rp->u.vid.data, VID_NATT_03, sizeof(VID_NATT_03)) == 0) { - seen_natt_vid = 1; if (natt_draft < 1) natt_draft = 2; DEBUG(2, printf("peer is NAT-T capable (draft-03)\n")); } else if (rp->u.vid.length == sizeof(VID_NATT_02N) && memcmp(rp->u.vid.data, VID_NATT_02N, sizeof(VID_NATT_02N)) == 0) { - seen_natt_vid = 1; if (natt_draft < 1) natt_draft = 2; DEBUG(2, printf("peer is NAT-T capable (draft-02)\\n\n")); /* sic! */ } else if (rp->u.vid.length == sizeof(VID_NATT_02) && memcmp(rp->u.vid.data, VID_NATT_02, sizeof(VID_NATT_02)) == 0) { - seen_natt_vid = 1; if (natt_draft < 1) natt_draft = 2; DEBUG(2, printf("peer is NAT-T capable (draft-02)\n")); } else if (rp->u.vid.length == sizeof(VID_NATT_01) && memcmp(rp->u.vid.data, VID_NATT_01, sizeof(VID_NATT_01)) == 0) { - seen_natt_vid = 1; if (natt_draft < 1) natt_draft = 1; DEBUG(2, printf("peer is NAT-T capable (draft-01)\n")); } else if (rp->u.vid.length == sizeof(VID_NATT_00) && memcmp(rp->u.vid.data, VID_NATT_00, sizeof(VID_NATT_00)) == 0) { - seen_natt_vid = 1; if (natt_draft < 0) natt_draft = 0; DEBUG(2, printf("peer is NAT-T capable (draft-00)\n")); } else if (rp->u.vid.length == sizeof(VID_DPD) @@ -1646,7 +1644,7 @@ s->ike.natd_type = rp->type; DEBUG(2, printf("peer is using type %d%s for NAT-Discovery payloads\n", s->ike.natd_type, val_to_string(s->ike.natd_type, isakmp_payload_enum_array))); - if (!seen_sa /*|| !seen_natt_vid*/) { + if (!seen_sa) { reject = ISAKMP_N_INVALID_PAYLOAD_TYPE; } else if (opt_natt_mode == NATT_NONE) { ; @@ -2144,7 +2142,7 @@ if (s->ike.natd_type != 0) { pl = pl->next = new_isakmp_data_payload(s->ike.natd_type, s->ike.natd_them, s->ike.md_len); - pl = pl->next = new_isakmp_data_payload(s->ike.natd_type, + pl->next = new_isakmp_data_payload(s->ike.natd_type, s->ike.natd_us, s->ike.md_len); free(s->ike.natd_us); free(s->ike.natd_them); ++++++ vpnc-add-name-to-stderr-log.diff ++++++ Author: Stefan Seyfried <[email protected]> When called from e.g. NetworkManager, vpnc's stderr log messages are redirected to logfiles where they are sometimes hard to spot, e.g. they appear to be coming from NetworkManager itself. Fix this by prepending "vpnc: " to them. Index: b/config.c =================================================================== --- a/config.c +++ b/config.c @@ -50,10 +50,11 @@ uint16_t opt_nortel_client_id; static void log_to_stderr(int priority __attribute__((unused)), const char *format, ...) { va_list ap; + fprintf(stderr, "vpnc: "); va_start(ap, format); vfprintf(stderr, format, ap); fprintf(stderr, "\n"); va_end(ap); } ++++++ vpnc-pidfile-path.diff ++++++ Author: Stefan Seyfried <[email protected]> Upstream: not yet Subject: make pidfile writing work again /var/run is cleared on every boot (tmpfs) and thus /var/run/vpnc does not exist. Just use /var/run/vpnc.pid instead, vpnc needs to run as root anyway, so this should be fine. vpnc-script is still using /var/run/vpnc for other stuff (resolv.conf backup etc) but creates the directory on demand, so no harm is done there. Index: b/config.c =================================================================== --- a/config.c +++ b/config.c @@ -182,11 +182,11 @@ static const char *config_def_script(voi return "/etc/vpnc/vpnc-script"; } static const char *config_def_pid_file(void) { - return "/var/run/vpnc/pid"; + return "/var/run/vpnc.pid"; } static const char *config_def_vendor(void) { return "cisco"; Index: b/vpnc-disconnect =================================================================== --- a/vpnc-disconnect +++ b/vpnc-disconnect @@ -1,8 +1,8 @@ #!/bin/sh -pid=/var/run/vpnc/pid +pid=/var/run/vpnc.pid if [ $# -ne 0 ]; then echo "Usage: $0" 1>&2 exit 1 fi ++++++ vpnc-restart-after-timeout.diff ++++++ --- /var/tmp/diff_new_pack.wO1M0B/_old 2012-01-05 13:50:19.000000000 +0100 +++ /var/tmp/diff_new_pack.wO1M0B/_new 2012-01-05 13:50:19.000000000 +0100 @@ -2,7 +2,7 @@ =================================================================== --- a/tunip.c +++ b/tunip.c -@@ -884,10 +884,13 @@ static void vpnc_main_loop(struct sa_blo +@@ -882,10 +882,13 @@ static void vpnc_main_loop(struct sa_blo time(NULL) - s->ipsec.life.start, s->ipsec.life.seconds, s->ipsec.life.rx/1024, @@ -13,28 +13,28 @@ + do_kill = -3; } while ((presult == 0 || (presult == -1 && errno == EINTR)) && !do_kill); if (presult == -1) { - syslog(LOG_ERR, "select: %m"); + logmsg(LOG_ERR, "select: %m"); continue; } -@@ -945,10 +948,13 @@ static void vpnc_main_loop(struct sa_blo +@@ -943,10 +946,13 @@ static void vpnc_main_loop(struct sa_blo } } switch (do_kill) { + case -3: -+ syslog(LOG_NOTICE, "connection terminated by timeout -> restart"); ++ logmsg(LOG_NOTICE, "connection terminated by timeout -> restart"); + break; case -2: - syslog(LOG_NOTICE, "connection terminated by dead peer detection"); + logmsg(LOG_NOTICE, "connection terminated by dead peer detection"); break; case -1: - syslog(LOG_NOTICE, "connection terminated by peer"); + logmsg(LOG_NOTICE, "connection terminated by peer"); Index: b/vpnc.c =================================================================== --- a/vpnc.c +++ b/vpnc.c -@@ -3779,24 +3779,25 @@ int main(int argc, char **argv) +@@ -3777,24 +3777,25 @@ int main(int argc, char **argv) #endif gcry_check_version("1.1.90"); gcry_control(GCRYCTL_INIT_SECMEM, 16384, 0); @@ -64,7 +64,7 @@ init_sockaddr(&s->opt_src_ip, config[CONFIG_LOCAL_ADDR]); DEBUGTOP(2, printf("S2 make_socket\n")); s->ike.src_port = atoi(config[CONFIG_LOCAL_PORT]); -@@ -3847,10 +3848,11 @@ int main(int argc, char **argv) +@@ -3845,10 +3846,11 @@ int main(int argc, char **argv) close_tunnel(s); /* Free resources */ -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
