[xl2tpd] - Resolves rhbz#1109470 l2tpd/ipsec breaks when "ipsec saref" not set
Paul Wouters
pwouters at fedoraproject.org
Sat Jun 14 16:39:54 UTC 2014
commit 9f28c44f17c5b4ab6f59f2ff1f465743e6ca2787
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Jun 14 12:39:43 2014 -0400
- Resolves rhbz#1109470 l2tpd/ipsec breaks when "ipsec saref" not set
xl2tpd-1.3.6-saref.patch | 36 ++++++++++++++++++++++++++++++++++++
xl2tpd.spec | 7 ++++++-
2 files changed, 42 insertions(+), 1 deletions(-)
---
diff --git a/xl2tpd-1.3.6-saref.patch b/xl2tpd-1.3.6-saref.patch
new file mode 100644
index 0000000..c0b2160
--- /dev/null
+++ b/xl2tpd-1.3.6-saref.patch
@@ -0,0 +1,36 @@
+diff -Naur xl2tpd-5619e1771048e74b729804e8602f409af0f3faea-orig/file.c xl2tpd-5619e1771048e74b729804e8602f409af0f3faea/file.c
+--- xl2tpd-5619e1771048e74b729804e8602f409af0f3faea-orig/file.c 2014-01-15 15:58:37.000000000 -0500
++++ xl2tpd-5619e1771048e74b729804e8602f409af0f3faea/file.c 2014-06-14 12:34:06.422355636 -0400
+@@ -42,6 +42,8 @@
+
+ gconfig.port = UDP_LISTEN_PORT;
+ gconfig.sarefnum = IP_IPSEC_REFINFO; /* default use the latest we know */
++ gconfig.ipsecsaref = 0; /* default off - requires patched KLIPS kernel module */
++ gconfig.forceuserspace = 0; /* default off - allow kernel decap of data packets */
+ gconfig.listenaddr = htonl(INADDR_ANY); /* Default is to bind (listen) to all interfaces */
+ gconfig.debug_avp = 0;
+ gconfig.debug_network = 0;
+diff -Naur xl2tpd-5619e1771048e74b729804e8602f409af0f3faea-orig/network.c xl2tpd-5619e1771048e74b729804e8602f409af0f3faea/network.c
+--- xl2tpd-5619e1771048e74b729804e8602f409af0f3faea-orig/network.c 2014-01-15 15:58:37.000000000 -0500
++++ xl2tpd-5619e1771048e74b729804e8602f409af0f3faea/network.c 2014-06-14 12:37:06.953574143 -0400
+@@ -78,6 +78,12 @@
+ * For L2TP/IPsec with KLIPSng, set the socket to receive IPsec REFINFO
+ * values.
+ */
++ if (!gconfig.ipsecsaref)
++ {
++ l2tp_log (LOG_INFO, "Not looking for kernel SAref support.\n");
++ }
++ else
++ {
+ arg=1;
+ if(setsockopt(server_socket, IPPROTO_IP, gconfig.sarefnum,
+ &arg, sizeof(arg)) != 0) {
+@@ -85,6 +91,7 @@
+
+ gconfig.ipsecsaref=0;
+ }
++ }
+
+ arg=1;
+ if(setsockopt(server_socket, IPPROTO_IP, IP_PKTINFO, (char*)&arg, sizeof(arg)) != 0) {
diff --git a/xl2tpd.spec b/xl2tpd.spec
index 8dd48ad..33f792c 100644
--- a/xl2tpd.spec
+++ b/xl2tpd.spec
@@ -3,7 +3,7 @@
Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661)
Name: xl2tpd
Version: 1.3.6
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPL+
Url: https://github.com/xelerance/%{name}/
Group: System Environment/Daemons
@@ -12,6 +12,7 @@ Source1: xl2tpd.service
Source2: tmpfiles-xl2tpd.conf
Patch1: xl2tpd-1.3.6-conf.patch
Patch2: xl2tpd-1.3.6-md5-fips.patch
+Patch3: xl2tpd-1.3.6-saref.patch
Requires: ppp >= 2.4.5-18, kmod(l2tp_ppp.ko)
# If you want to authenticate against a Microsoft PDC/Active Directory
@@ -52,6 +53,7 @@ It was de-facto maintained by Jacco de Leeuw <jacco2 at dds.nl> in 2002 and 2003.
%setup -qn %{name}-%{commit}
%patch1 -p1
%patch2 -p1
+%patch3 -p1
%build
#make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH"
@@ -109,6 +111,9 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd
%ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control
%changelog
+* Sat Jun 14 2014 Paul Wouters <pwouters at redhat.com> - 1.3.6-4
+- Resolves rhbz#1109470 l2tpd/ipsec breaks when "ipsec saref" not set
+
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
More information about the scm-commits
mailing list