pkgsrc/net/openvpn/patches/patch-ac
manu eabb682a3d Upgrade OpenVPN to 2.3.0
Bump openvpn-acct-wtmpx to add its licence and to take into account the
new location of plugin directory

Significant changes since 2.2.x:
 * Full IPv6 support
 * SSL layer modularised, enabling easier implementation for other SSL
   libraries
 * PolarSSL support as a drop-in replacement for OpenSSL
 * New plug-in API providing direct certificate access, improved logging API
   and easier to extend in the future
 * Added 'dev_type' environment variable to scripts and plug-ins - which
   is set to 'TUN' or 'TAP'
 * New feature: --management-external-key - to provide access to the
   encryption keys via the management interface
 * New feature: --x509-track option, more fine grained access to X.509
   fields in scripts and plug-ins
 * New feature: --client-nat support
 * New feature: --mark which can mark encrypted packets from the tunnel,
   suitable for more advanced routing and firewalling
 * New feature: --management-query-proxy - manage proxy settings via the
   management interface (supercedes --http-proxy-fallback)
 * New feature: --stale-routes-check, which cleans up the internal
   routing table
 * New feature: --x509-username-field, where other X.509v3 fields can be
   used for the authentication instead of Common Name
 * Improved client-kill management interface command
 * Improved UTF-8 support - and added --compat-names to provide backwards
   compatibility with older scripts/plug-ins
 * Improved auth-pam with COMMONNAME support, passing the certificate's
   common name in the PAM conversation
 * More options can now be used inside <connection> blocks
 * Completely new build system, enabling easier cross-compilation and
   Windows builds
 * Much of the code has been better documented
 * Many documentation updates
 * Plenty of bug fixes and other code clean-ups
2013-02-10 05:55:07 +00:00

62 lines
2 KiB
Text

$NetBSD: patch-ac,v 1.10 2013/02/10 05:55:07 manu Exp $
--- src/openvpn/tun.c.orig 2011-04-06 16:05:52.000000000 +0000
+++ src/openvpn/tun.c
@@ -805,15 +805,15 @@ do_ifconfig (struct tuntap *tt,
* NetBSD has distinct tun and tap devices
* so we don't need the "link0" extra parameter to specify we want to do
* tunneling at the ethernet level
+ * NB: The tun driver has no broadcast capability.
*/
argv_printf (&argv,
- "%s %s %s netmask %s mtu %d broadcast %s",
+ "%s %s %s netmask %s mtu %d",
IFCONFIG_PATH,
actual,
ifconfig_local,
ifconfig_remote_netmask,
- tun_mtu,
- ifconfig_broadcast
+ tun_mtu
);
argv_msg (M_INFO, &argv);
openvpn_execve_check (&argv, es, S_FATAL, "NetBSD ifconfig failed");
@@ -1023,7 +1023,37 @@ open_tun_generic (const char *dev, const
if (dynamic && !has_digit((unsigned char *)dev))
{
int i;
- for (i = 0; i < 256; ++i)
+#if defined(TAPGIFNAME)
+ /*
+ * Perhaps we have a cloning device. Try opening
+ * the device without any appended digits,
+ * and use ioctl(,TAPGIFNAME,) to get the resulting
+ * interface name.
+ */
+ openvpn_snprintf (tunname, sizeof (tunname), "/dev/%s", dev);
+ if ((tt->fd = open (tunname, O_RDWR)) > 0)
+ {
+ struct ifreq ifr;
+ if (ioctl (tt->fd, TAPGIFNAME, (void*)&ifr) < 0)
+ {
+ msg (D_READ_WRITE | M_ERRNO,
+ "ioctl(,TAPGIFNAME,) failed for %s", tunname);
+ close(tt->fd);
+ }
+ else
+ {
+ strlcpy (dynamic_name, ifr.ifr_name,
+ sizeof (dynamic_name));
+ dynamic_opened = true;
+ msg (M_INFO, "TUN/TAP dynamic interface %s opened",
+ dynamic_name);
+ }
+ }
+ if (!dynamic_opened)
+ msg (D_READ_WRITE | M_ERRNO, "Tried opening %s (failed)",
+ tunname);
+#endif /* TAPGIFNAME */
+ for (i = 0; i < 256 && !dynamic_opened; ++i)
{
openvpn_snprintf (tunname, sizeof (tunname),
"/dev/%s%d", dev, i);