rpms/pptp
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Add new features from upstream CVS

Browse Source 
- Add upstream patch to support setting SO_MARK for the PPTP TCP control
  connection as well as on the GRE packets
- Add upstream patch to implement the --nohostroute option
- Patch to fix broken Call-Disconnect-Notify code accepted upstream
- Nobody else likes macros for commands
This commit is contained in:
Paul Howarth 2011-11-11 10:56:25 +00:00
parent 73af80be84
commit 7c161dbd73
3 changed files with 316 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
pptp-1.7.2-nohostroute-option.patch Normal file
View File

@ -0,0 +1,150 @@
This implements the --nohostroute option that routing.c talks about. It
prevents pptp from adding a host route towards the VPN server and would
usually be used with either "Split tunneling" or the --rtmark option.
Also document it appropriately.
(routing.c had it as --no-host-route, however the dashes are
inconsistent with --nobuffer and --nolaunchpppd)
Signed-off-by: David Lamparter <david.lamparter@adyton.net>
Cc: David Lamparter <equinox@diac24.net>
Cc: Franco Fichtner <franco.fichtner@adyton.net>
---
Attached code is put into public domain affirmed by both me
(David Lamparter, the author) as well as my employer (Adyton
Systems AG) who paid for it to be written. Assigning copyright
to the FSF is impossible under German law.
David Lamparter | Software Developer | Adyton Systems AG
Mozartstr. 3 | 04107 Leipzig | Germany
phone +49 341.39 299 343 | fax +49 341.39 299 343-9
trade register: Amtsgericht Leipzig HRB26578
ChangeLog | 6 ++++++
NEWS | 1 +
pptp.8 | 27 +++++++++++++++++++++++++++
pptp.c | 5 +++++
pptp_callmgr.c | 7 +++++--
routing.c | 2 +-
6 files changed, 45 insertions(+), 3 deletions(-)
diff --git a/pptp.8 b/pptp.8
index 2da66c9..017b5db 100644
--- a/pptp.8
+++ b/pptp.8
@@ -92,6 +92,11 @@ can be used with
(requires root privileges or the CAP_NET_ADMIN capability.)
.TP
+.B \-\-nohostroute
+Do not configure a host route pointing towards the PPTP server.
+(cf. ROUTING below)
+
+.TP
.B \-\-loglevel <level>
Sets the debugging level (0=low, 1=default, 2=high)
@@ -115,6 +120,28 @@ Default is 100. Has no effect if test-type is zero. The result of
test types 2 and 3 are undefined if this value is less than ten.
+.SH "ROUTING"
+When PPTP is used in conjunction with a default route on top of the
+tunnel (or just any route encompassing the PPTP server),
+the mechanics of routing would cause the PPTP packets themselves
+to be routed over the tunnel. This would result in an encapsulation
+loop, destroying connectivity.
+
+.B pptp
+by default works around this by looking up the route towards the
+PPTP server at startup and configures a host route with that data.
+This essentially "freezes" routing for PPTP packets at the startup
+configuration. This behaviour can be disabled with
+.B --nohostroute
+if undesired (like when using
+.B --rtmark
+to implement policy routing).
+
+.B NB:
+the route added by
+.B pptp
+is currently not deleted at exit!
+
.SH "QUIRKS"
.TP
diff --git a/pptp.c b/pptp.c
index 26b6006..a3d4ad6 100644
--- a/pptp.c
+++ b/pptp.c
@@ -121,6 +121,7 @@ void usage(char *progname)
#ifdef SO_MARK
" --rtmark <n> Use specified policy routing mark for all packets\n"
#endif
+ " --nohostroute Do not add host route towards <hostname>\n"
" --loglevel <level> Sets the debugging level (0=low, 1=default, 2=high)\n"
" --test-type <type> Damage the packet stream by reordering\n"
" --test-rate <n> Do the test every n packets\n",
@@ -136,6 +137,7 @@ struct in_addr localbind = { .s_addr = INADDR_ANY };
struct in_addr localbind = { INADDR_NONE };
#endif
int rtmark = 0;
+int nohostroute = 0;
static int signaled = 0;
/*** do nothing signal handler ************************************************/
@@ -217,6 +219,7 @@ int main(int argc, char **argv, char **envp)
{"test-type", 1, 0, 0},
{"test-rate", 1, 0, 0},
{"rtmark", 1, 0, 0},
+ {"nohostroute", 0, 0, 0},
{0, 0, 0, 0}
};
int option_index = 0;
@@ -303,6 +306,8 @@ int main(int argc, char **argv, char **envp)
"this binary was compiled.\n");
exit(2);
#endif
+ } else if (option_index == 16) { /* --nohostroute */
+ nohostroute = 1;
}
break;
case '?': /* unrecognised option */
diff --git a/pptp_callmgr.c b/pptp_callmgr.c
index e6b6fd3..3c5b83d 100644
--- a/pptp_callmgr.c
+++ b/pptp_callmgr.c
@@ -32,6 +32,7 @@
extern struct in_addr localbind; /* from pptp.c */
extern int rtmark;
+extern int nohostroute;
int open_inetsock(struct in_addr inetaddr);
int open_unixsock(struct in_addr inetaddr);
@@ -124,8 +125,10 @@ int callmgr_main(int argc, char **argv, char **envp)
phonenr = argc == 3 ? argv[2] : NULL;
if (inet_aton(argv[1], &inetaddr) == 0)
fatal("Invalid IP address: %s", argv[1]);
- routing_init(inet_ntoa(inetaddr));
- routing_start();
+ if (!nohostroute) {
+ routing_init(inet_ntoa(inetaddr));
+ routing_start();
+ }
/* Step 1: Open sockets. */
if ((inet_sock = open_inetsock(inetaddr)) < 0)
fatal("Could not open control connection to %s", argv[1]);
diff --git a/routing.c b/routing.c
index b132d64..7ef5724 100644
--- a/routing.c
+++ b/routing.c
@@ -51,7 +51,7 @@ Design discussion.
The primary task of this module is to add a host route to the PPTP
server so that the kernel continues to deliver PPTP control and data
connection packets to the server despite the new PPP interface that is
-created. The flag --no-host-route is to disable this (not yet implemented).
+created. The flag --nohostroute is to disable this.
A secondary task may be to implement all-to-tunnel routing if the
appropriate flag is specified on the command line. The flag

134
pptp-1.7.2-so_mark.patch Normal file
View File

@ -0,0 +1,134 @@
This adds support for setting SO_MARK for the PPTP TCP control
connection as well as on the GRE packets. SO_MARK is propagated
to the IP/IPv6 policy routing & netfilter mark.
This makes working with "austrian style" pptp internet dialup
much easier since you can create a separate routing table for
pptpclient. There you put a separate default route for pptp,
and pppd then sets your regular default route as usual.
Note: uses capability CAP_NET_ADMIN.
Signed-off-by: David Lamparter <david.lamparter@adyton.net>
Cc: David Lamparter <equinox@diac24.net>
Cc: Franco Fichtner <franco.fichtner@adyton.net>
--
Attached code is put into public domain affirmed by both me
(David Lamparter, the author) as well as my employer (Adyton
Systems AG) who paid for it to be written. Assigning copyright
to the FSF is impossible under German law.
--
David Lamparter | Software Developer | Adyton Systems AG
Mozartstr. 3 | 04107 Leipzig | Germany
phone +49 341.39 299 343 | fax +49 341.39 299 343-9
trade register: Amtsgericht Leipzig HRB26578
--- pptp-linux/pptp.8.orig 2008-05-14 08:32:52.000000000 +0200
+++ pptp-linux/pptp.8 2011-02-21 14:39:30.017877324 +0100
@@ -82,6 +82,16 @@
.B \-\-localbind <addr>
Bind to specified IP address instead of wildcard
.TP
+.B \-\-rtmark <n>
+Use specified policy routing mark for all packets.
+This causes both the TCP control connection's packets as well as the
+GRE packets to bear the given policy routing / netfilter mark. This
+can be used with
+.I ip rule
+(from iproute2) to use a separate routing table for the pptp client.
+
+(requires root privileges or the CAP_NET_ADMIN capability.)
+.TP
.B \-\-loglevel <level>
Sets the debugging level (0=low, 1=default, 2=high)
--- pptp-linux/pptp_callmgr.c.orig 2010-06-15 07:04:32.000000000 +0200
+++ pptp-linux/pptp_callmgr.c 2011-02-21 14:32:46.471449998 +0100
@@ -31,6 +31,7 @@
#include "routing.h"
extern struct in_addr localbind; /* from pptp.c */
+extern int rtmark;
int open_inetsock(struct in_addr inetaddr);
int open_unixsock(struct in_addr inetaddr);
@@ -321,6 +322,14 @@
warn("socket: %s", strerror(errno));
return s;
}
+#ifdef SO_MARK
+ if (rtmark) {
+ if (setsockopt(s, SOL_SOCKET, SO_MARK, &rtmark, sizeof(rtmark))) {
+ warn("setsockopt(SO_MARK): %s", strerror(errno));
+ close(s); return -1;
+ }
+ }
+#endif
if (localbind.s_addr != INADDR_NONE) {
bzero(&src, sizeof(src));
src.sin_family = AF_INET;
--- pptp-linux/pptp.c.orig 2010-06-16 01:38:04.000000000 +0200
+++ pptp-linux/pptp.c 2011-02-21 14:33:49.210896419 +0100
@@ -118,6 +118,9 @@
" --max-echo-wait Time to wait before giving up on lack of reply\n"
" --logstring <name> Use <name> instead of 'anon' in syslog messages\n"
" --localbind <addr> Bind to specified IP address instead of wildcard\n"
+#ifdef SO_MARK
+ " --rtmark <n> Use specified policy routing mark for all packets\n"
+#endif
" --loglevel <level> Sets the debugging level (0=low, 1=default, 2=high)\n"
" --test-type <type> Damage the packet stream by reordering\n"
" --test-rate <n> Do the test every n packets\n",
@@ -132,6 +135,7 @@
#else
struct in_addr localbind = { INADDR_NONE };
#endif
+int rtmark = 0;
static int signaled = 0;
/*** do nothing signal handler ************************************************/
@@ -212,6 +216,7 @@
{"version", 0, 0, 0},
{"test-type", 1, 0, 0},
{"test-rate", 1, 0, 0},
+ {"rtmark", 1, 0, 0},
{0, 0, 0, 0}
};
int option_index = 0;
@@ -290,6 +295,14 @@
test_type = atoi(optarg);
} else if (option_index == 14) { /* --test-rate */
test_rate = atoi(optarg);
+ } else if (option_index == 15) { /* --rtmark */
+#ifdef SO_MARK
+ rtmark = atoi(optarg);
+#else
+ fprintf(stderr, "--rtmark support was missing when "
+ "this binary was compiled.\n");
+ exit(2);
+#endif
}
break;
case '?': /* unrecognised option */
--- pptp-linux/pptp_gre.c.orig 2008-07-24 07:37:47.000000000 +0200
+++ pptp-linux/pptp_gre.c 2011-02-21 14:32:33.131567611 +0100
@@ -86,8 +86,17 @@
{
struct sockaddr_in src_addr, loc_addr;
extern struct in_addr localbind;
+ extern int rtmark;
int s = socket(AF_INET, SOCK_RAW, PPTP_PROTO);
if (s < 0) { warn("socket: %s", strerror(errno)); return -1; }
+#ifdef SO_MARK
+ if (rtmark) {
+ if (setsockopt(s, SOL_SOCKET, SO_MARK, &rtmark, sizeof(rtmark))) {
+ warn("setsockopt(SO_MARK): %s", strerror(errno));
+ close(s); return -1;
+ }
+ }
+#endif
if (localbind.s_addr != INADDR_NONE) {
bzero(&loc_addr, sizeof(loc_addr));
loc_addr.sin_family = AF_INET;

48
pptp.spec
View File

@ -1,6 +1,6 @@
Name: pptp
Version: 1.7.2
Release: 12%{?dist}
Release: 13%{?dist}
Summary: Point-to-Point Tunneling Protocol (PPTP) Client
Group: Applications/Internet
License: GPLv2+
@ -16,8 +16,10 @@ Patch5: pptp-1.7.2-pptpsetup-mppe.patch
Patch6: pptp-1.7.2-waitpid.patch
Patch7: pptp-1.7.2-conn-free.patch
Patch8: pptp-1.7.2-conn-free2.patch
Patch100: pptp-1.7.2-call-disconnect-notify.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Patch9: pptp-1.7.2-call-disconnect-notify.patch
Patch10: pptp-1.7.2-so_mark.patch
Patch11: pptp-1.7.2-nohostroute-option.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
Requires: ppp >= 2.4.2, /sbin/ip
%if 0%{?fedora} > 14
Requires: systemd-units
@ -57,7 +59,7 @@ tunnels.
%patch4 -p0 -b .encrypt
# Don't check for MPPE capability in kernel and pppd at all because current
# Fedora releases and EL >= 5 include MPPE support out of the box (#502967)
# Fedora releases and EL 5 include MPPE support out of the box (#502967)
%patch5 -p1 -b .mppe
# Fix waitpid usage (upstream patch)
@ -69,30 +71,37 @@ tunnels.
# Avoid using connection struct after it is freed (upstream patch)
%patch8 -p0 -b .conn-free2
# Fix broken Call-Disconnect-Notify code
# Submitted upstream: http://marc.info/?l=pptpclient-devel&m=128594487715881&w=1
%patch100 -p1 -b .callids
# Add call ID of outgoing call so that Call-Disconnect-Notify from peer causes
# correct disconnection sequence (upstream patch)
%patch9 -p1 -b .cdn
# Add support for setting SO_MARK for the PPTP TCP control connection as well
# as on the GRE packets (upstream patch)
%patch10 -p1 -b .so_mark
# Implement the --nohostroute option that routing.c talks about (upstream patch)
%patch11 -p1 -b .nohostroute
# Pacify rpmlint
%{__perl} -pi -e 's/install -o root -m 555 pptp/install -m 755 pptp/;' Makefile
perl -pi -e 's/install -o root -m 555 pptp/install -m 755 pptp/;' Makefile
%build
%{__make} %{?_smp_mflags} CFLAGS="-Wall %{optflags}" IP=/sbin/ip
make %{?_smp_mflags} CFLAGS="-Wall %{optflags}" IP=/sbin/ip
%install
%{__rm} -rf %{buildroot}
%{__make} DESTDIR=%{buildroot} install
%{__install} -d -m 750 %{buildroot}%{_localstatedir}/run/pptp
rm -rf %{buildroot}
make DESTDIR=%{buildroot} install
install -d -m 750 %{buildroot}%{_localstatedir}/run/pptp
# Make sure /var/run/pptp exists at boot time for systems
# with /var/run on tmpfs (#656672)
%if 0%{?fedora} > 14
%{__install} -d -m 755 %{buildroot}%{_sysconfdir}/tmpfiles.d
%{__install} -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/tmpfiles.d/pptp.conf
install -d -m 755 %{buildroot}%{_sysconfdir}/tmpfiles.d
install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/tmpfiles.d/pptp.conf
%endif
%clean
%{__rm} -rf %{buildroot}
rm -rf %{buildroot}
%files
%defattr(-,root,root,-)
@ -114,7 +123,14 @@ tunnels.
%{_mandir}/man8/pptpsetup.8*
%changelog
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.2-12
* Tue Nov 8 2011 Paul Howarth <paul@city-fan.org> 1.7.2-13
- Patch to fix broken Call-Disconnect-Notify code accepted upstream
- Add upstream patch to support setting SO_MARK for the PPTP TCP control
connection as well as on the GRE packets
- Add upstream patch to implement the --nohostroute option
- Nobody else likes macros for commands
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> 1.7.2-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Nov 30 2010 Paul Howarth <paul@city-fan.org> 1.7.2-11