- Add NAT keepalive capability as per RFC 3947

- Bump PORTREVISION PR: ports/100814 Submitted by: Daniel Roethlisberger <daniel(at)roe.ch> Approved by: krion (mentor), maintainer
svn path=/head/; revision=169083
2006-07-29 20:41:30 +00:00 · 2006-07-29 20:41:30 +00:00 · e38b37dc03 · 2021-03-31 03:12:20 +00:00
commit e38b37dc03
parent c344530da1
2 changed files with 49 additions and 1 deletions
--- a/security/vpnc/Makefile
+++ b/security/vpnc/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	vpnc
 PORTVERSION=	0.3.3
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	security
 MASTER_SITES=	http://www.unix-ag.uni-kl.de/~massar/vpnc/

--- a/security/vpnc/files/patch-tunip.c
+++ b/security/vpnc/files/patch-tunip.c
@ -0,0 +1,48 @@
+Index: tunip.c
+===================================================================
+--- tunip.c	(revision 67)
+++ tunip.c	(working copy)
+@@ -3,6 +3,7 @@
+    Copyright (C) 2002      Geoffrey Keating
+    Copyright (C) 2003-2005 Maurice Massar
+    Copyright (C) 2004      Tomas Mraz
+   Copyright (C) 2006      Daniel Roethlisberger
+ 
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+@@ -776,7 +777,16 @@
+ {
+ 	int sock;
+ 	struct pollfd pollfds[2];
+	int enable_keepalives;
+	int poll_timeout;
+ 
+	/* non-esp marker, nat keepalive payload (0xFF) */
+	char keepalive[5] = { 0x00, 0x00, 0x00, 0x00, 0xFF };
+
+	/* send keepalives if UDP encapsulation is enabled */
+	enable_keepalives = !strcmp(meth->name, "udpesp");
+	poll_timeout = enable_keepalives ? 20000 : -1;
+
+ 	pollfds[0].fd = tun_fd;
+ 	pollfds[0].events = POLLIN;
+ 	pollfds[1].fd = encap_get_fd(meth);
+@@ -786,8 +796,16 @@
+ 		int presult;
+ 
+ 		do {
+-			presult = poll(pollfds, sizeof(pollfds) / sizeof(pollfds[0]), -1);
+-		} while (presult == -1 && errno == EINTR && !do_kill);
+			presult = poll(pollfds, sizeof(pollfds) / sizeof(pollfds[0]), poll_timeout);
+			if (presult == 0 && enable_keepalives) {
+				/* send nat keepalive packet */
+				if(sendto(meth->fd, keepalive, sizeof(keepalive), 0,
+					(struct sockaddr*)&peer->remote_sa->dest,
+					sizeof(peer->remote_sa->dest)) == -1) {
+					syslog(LOG_ERR, "sendto: %m");
+				}
+			}
+		} while ((presult == 0 || (presult == -1 && errno == EINTR)) && !do_kill);
+ 		if (presult == -1) {
+ 			syslog(LOG_ERR, "poll: %m");
+ 			continue;