From 7c161dbd730ed12f9ae2a560a354a3e8e81b627e Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Fri, 11 Nov 2011 10:56:25 +0000 Subject: [PATCH] Add new features from upstream CVS - Add upstream patch to support setting SO_MARK for the PPTP TCP control connection as well as on the GRE packets - Add upstream patch to implement the --nohostroute option - Patch to fix broken Call-Disconnect-Notify code accepted upstream - Nobody else likes macros for commands --- pptp-1.7.2-nohostroute-option.patch | 150 ++++++++++++++++++++++++++++ pptp-1.7.2-so_mark.patch | 134 +++++++++++++++++++++++++ pptp.spec | 48 ++++++--- 3 files changed, 316 insertions(+), 16 deletions(-) create mode 100644 pptp-1.7.2-nohostroute-option.patch create mode 100644 pptp-1.7.2-so_mark.patch diff --git a/pptp-1.7.2-nohostroute-option.patch b/pptp-1.7.2-nohostroute-option.patch new file mode 100644 index 0000000..d683c88 --- /dev/null +++ b/pptp-1.7.2-nohostroute-option.patch @@ -0,0 +1,150 @@ +This implements the --nohostroute option that routing.c talks about. It +prevents pptp from adding a host route towards the VPN server and would +usually be used with either "Split tunneling" or the --rtmark option. +Also document it appropriately. + +(routing.c had it as --no-host-route, however the dashes are +inconsistent with --nobuffer and --nolaunchpppd) + +Signed-off-by: David Lamparter +Cc: David Lamparter +Cc: Franco Fichtner +--- +Attached code is put into public domain affirmed by both me +(David Lamparter, the author) as well as my employer (Adyton +Systems AG) who paid for it to be written. Assigning copyright +to the FSF is impossible under German law. + +David Lamparter | Software Developer | Adyton Systems AG +Mozartstr. 3 | 04107 Leipzig | Germany +phone +49 341.39 299 343 | fax +49 341.39 299 343-9 +trade register: Amtsgericht Leipzig HRB26578 + + ChangeLog | 6 ++++++ + NEWS | 1 + + pptp.8 | 27 +++++++++++++++++++++++++++ + pptp.c | 5 +++++ + pptp_callmgr.c | 7 +++++-- + routing.c | 2 +- + 6 files changed, 45 insertions(+), 3 deletions(-) + +diff --git a/pptp.8 b/pptp.8 +index 2da66c9..017b5db 100644 +--- a/pptp.8 ++++ b/pptp.8 +@@ -92,6 +92,11 @@ can be used with + + (requires root privileges or the CAP_NET_ADMIN capability.) + .TP ++.B \-\-nohostroute ++Do not configure a host route pointing towards the PPTP server. ++(cf. ROUTING below) ++ ++.TP + .B \-\-loglevel + Sets the debugging level (0=low, 1=default, 2=high) + +@@ -115,6 +120,28 @@ Default is 100. Has no effect if test-type is zero. The result of + test types 2 and 3 are undefined if this value is less than ten. + + ++.SH "ROUTING" ++When PPTP is used in conjunction with a default route on top of the ++tunnel (or just any route encompassing the PPTP server), ++the mechanics of routing would cause the PPTP packets themselves ++to be routed over the tunnel. This would result in an encapsulation ++loop, destroying connectivity. ++ ++.B pptp ++by default works around this by looking up the route towards the ++PPTP server at startup and configures a host route with that data. ++This essentially "freezes" routing for PPTP packets at the startup ++configuration. This behaviour can be disabled with ++.B --nohostroute ++if undesired (like when using ++.B --rtmark ++to implement policy routing). ++ ++.B NB: ++the route added by ++.B pptp ++is currently not deleted at exit! ++ + .SH "QUIRKS" + + .TP +diff --git a/pptp.c b/pptp.c +index 26b6006..a3d4ad6 100644 +--- a/pptp.c ++++ b/pptp.c +@@ -121,6 +121,7 @@ void usage(char *progname) + #ifdef SO_MARK + " --rtmark Use specified policy routing mark for all packets\n" + #endif ++ " --nohostroute Do not add host route towards \n" + " --loglevel Sets the debugging level (0=low, 1=default, 2=high)\n" + " --test-type Damage the packet stream by reordering\n" + " --test-rate Do the test every n packets\n", +@@ -136,6 +137,7 @@ struct in_addr localbind = { .s_addr = INADDR_ANY }; + struct in_addr localbind = { INADDR_NONE }; + #endif + int rtmark = 0; ++int nohostroute = 0; + static int signaled = 0; + + /*** do nothing signal handler ************************************************/ +@@ -217,6 +219,7 @@ int main(int argc, char **argv, char **envp) + {"test-type", 1, 0, 0}, + {"test-rate", 1, 0, 0}, + {"rtmark", 1, 0, 0}, ++ {"nohostroute", 0, 0, 0}, + {0, 0, 0, 0} + }; + int option_index = 0; +@@ -303,6 +306,8 @@ int main(int argc, char **argv, char **envp) + "this binary was compiled.\n"); + exit(2); + #endif ++ } else if (option_index == 16) { /* --nohostroute */ ++ nohostroute = 1; + } + break; + case '?': /* unrecognised option */ +diff --git a/pptp_callmgr.c b/pptp_callmgr.c +index e6b6fd3..3c5b83d 100644 +--- a/pptp_callmgr.c ++++ b/pptp_callmgr.c +@@ -32,6 +32,7 @@ + + extern struct in_addr localbind; /* from pptp.c */ + extern int rtmark; ++extern int nohostroute; + + int open_inetsock(struct in_addr inetaddr); + int open_unixsock(struct in_addr inetaddr); +@@ -124,8 +125,10 @@ int callmgr_main(int argc, char **argv, char **envp) + phonenr = argc == 3 ? argv[2] : NULL; + if (inet_aton(argv[1], &inetaddr) == 0) + fatal("Invalid IP address: %s", argv[1]); +- routing_init(inet_ntoa(inetaddr)); +- routing_start(); ++ if (!nohostroute) { ++ routing_init(inet_ntoa(inetaddr)); ++ routing_start(); ++ } + /* Step 1: Open sockets. */ + if ((inet_sock = open_inetsock(inetaddr)) < 0) + fatal("Could not open control connection to %s", argv[1]); +diff --git a/routing.c b/routing.c +index b132d64..7ef5724 100644 +--- a/routing.c ++++ b/routing.c +@@ -51,7 +51,7 @@ Design discussion. + The primary task of this module is to add a host route to the PPTP + server so that the kernel continues to deliver PPTP control and data + connection packets to the server despite the new PPP interface that is +-created. The flag --no-host-route is to disable this (not yet implemented). ++created. The flag --nohostroute is to disable this. + + A secondary task may be to implement all-to-tunnel routing if the + appropriate flag is specified on the command line. The flag diff --git a/pptp-1.7.2-so_mark.patch b/pptp-1.7.2-so_mark.patch new file mode 100644 index 0000000..f052c17 --- /dev/null +++ b/pptp-1.7.2-so_mark.patch @@ -0,0 +1,134 @@ +This adds support for setting SO_MARK for the PPTP TCP control +connection as well as on the GRE packets. SO_MARK is propagated +to the IP/IPv6 policy routing & netfilter mark. + +This makes working with "austrian style" pptp internet dialup +much easier since you can create a separate routing table for +pptpclient. There you put a separate default route for pptp, +and pppd then sets your regular default route as usual. + +Note: uses capability CAP_NET_ADMIN. + +Signed-off-by: David Lamparter +Cc: David Lamparter +Cc: Franco Fichtner +-- + +Attached code is put into public domain affirmed by both me +(David Lamparter, the author) as well as my employer (Adyton +Systems AG) who paid for it to be written. Assigning copyright +to the FSF is impossible under German law. + +-- +David Lamparter | Software Developer | Adyton Systems AG +Mozartstr. 3 | 04107 Leipzig | Germany +phone +49 341.39 299 343 | fax +49 341.39 299 343-9 +trade register: Amtsgericht Leipzig HRB26578 + +--- pptp-linux/pptp.8.orig 2008-05-14 08:32:52.000000000 +0200 ++++ pptp-linux/pptp.8 2011-02-21 14:39:30.017877324 +0100 +@@ -82,6 +82,16 @@ + .B \-\-localbind + Bind to specified IP address instead of wildcard + .TP ++.B \-\-rtmark ++Use specified policy routing mark for all packets. ++This causes both the TCP control connection's packets as well as the ++GRE packets to bear the given policy routing / netfilter mark. This ++can be used with ++.I ip rule ++(from iproute2) to use a separate routing table for the pptp client. ++ ++(requires root privileges or the CAP_NET_ADMIN capability.) ++.TP + .B \-\-loglevel + Sets the debugging level (0=low, 1=default, 2=high) + +--- pptp-linux/pptp_callmgr.c.orig 2010-06-15 07:04:32.000000000 +0200 ++++ pptp-linux/pptp_callmgr.c 2011-02-21 14:32:46.471449998 +0100 +@@ -31,6 +31,7 @@ + #include "routing.h" + + extern struct in_addr localbind; /* from pptp.c */ ++extern int rtmark; + + int open_inetsock(struct in_addr inetaddr); + int open_unixsock(struct in_addr inetaddr); +@@ -321,6 +322,14 @@ + warn("socket: %s", strerror(errno)); + return s; + } ++#ifdef SO_MARK ++ if (rtmark) { ++ if (setsockopt(s, SOL_SOCKET, SO_MARK, &rtmark, sizeof(rtmark))) { ++ warn("setsockopt(SO_MARK): %s", strerror(errno)); ++ close(s); return -1; ++ } ++ } ++#endif + if (localbind.s_addr != INADDR_NONE) { + bzero(&src, sizeof(src)); + src.sin_family = AF_INET; +--- pptp-linux/pptp.c.orig 2010-06-16 01:38:04.000000000 +0200 ++++ pptp-linux/pptp.c 2011-02-21 14:33:49.210896419 +0100 +@@ -118,6 +118,9 @@ + " --max-echo-wait Time to wait before giving up on lack of reply\n" + " --logstring Use instead of 'anon' in syslog messages\n" + " --localbind Bind to specified IP address instead of wildcard\n" ++#ifdef SO_MARK ++ " --rtmark Use specified policy routing mark for all packets\n" ++#endif + " --loglevel Sets the debugging level (0=low, 1=default, 2=high)\n" + " --test-type Damage the packet stream by reordering\n" + " --test-rate Do the test every n packets\n", +@@ -132,6 +135,7 @@ + #else + struct in_addr localbind = { INADDR_NONE }; + #endif ++int rtmark = 0; + static int signaled = 0; + + /*** do nothing signal handler ************************************************/ +@@ -212,6 +216,7 @@ + {"version", 0, 0, 0}, + {"test-type", 1, 0, 0}, + {"test-rate", 1, 0, 0}, ++ {"rtmark", 1, 0, 0}, + {0, 0, 0, 0} + }; + int option_index = 0; +@@ -290,6 +295,14 @@ + test_type = atoi(optarg); + } else if (option_index == 14) { /* --test-rate */ + test_rate = atoi(optarg); ++ } else if (option_index == 15) { /* --rtmark */ ++#ifdef SO_MARK ++ rtmark = atoi(optarg); ++#else ++ fprintf(stderr, "--rtmark support was missing when " ++ "this binary was compiled.\n"); ++ exit(2); ++#endif + } + break; + case '?': /* unrecognised option */ +--- pptp-linux/pptp_gre.c.orig 2008-07-24 07:37:47.000000000 +0200 ++++ pptp-linux/pptp_gre.c 2011-02-21 14:32:33.131567611 +0100 +@@ -86,8 +86,17 @@ + { + struct sockaddr_in src_addr, loc_addr; + extern struct in_addr localbind; ++ extern int rtmark; + int s = socket(AF_INET, SOCK_RAW, PPTP_PROTO); + if (s < 0) { warn("socket: %s", strerror(errno)); return -1; } ++#ifdef SO_MARK ++ if (rtmark) { ++ if (setsockopt(s, SOL_SOCKET, SO_MARK, &rtmark, sizeof(rtmark))) { ++ warn("setsockopt(SO_MARK): %s", strerror(errno)); ++ close(s); return -1; ++ } ++ } ++#endif + if (localbind.s_addr != INADDR_NONE) { + bzero(&loc_addr, sizeof(loc_addr)); + loc_addr.sin_family = AF_INET; diff --git a/pptp.spec b/pptp.spec index cdafe74..289dd08 100644 --- a/pptp.spec +++ b/pptp.spec @@ -1,6 +1,6 @@ Name: pptp Version: 1.7.2 -Release: 12%{?dist} +Release: 13%{?dist} Summary: Point-to-Point Tunneling Protocol (PPTP) Client Group: Applications/Internet License: GPLv2+ @@ -16,8 +16,10 @@ Patch5: pptp-1.7.2-pptpsetup-mppe.patch Patch6: pptp-1.7.2-waitpid.patch Patch7: pptp-1.7.2-conn-free.patch Patch8: pptp-1.7.2-conn-free2.patch -Patch100: pptp-1.7.2-call-disconnect-notify.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +Patch9: pptp-1.7.2-call-disconnect-notify.patch +Patch10: pptp-1.7.2-so_mark.patch +Patch11: pptp-1.7.2-nohostroute-option.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu) Requires: ppp >= 2.4.2, /sbin/ip %if 0%{?fedora} > 14 Requires: systemd-units @@ -57,7 +59,7 @@ tunnels. %patch4 -p0 -b .encrypt # Don't check for MPPE capability in kernel and pppd at all because current -# Fedora releases and EL >= 5 include MPPE support out of the box (#502967) +# Fedora releases and EL ≥ 5 include MPPE support out of the box (#502967) %patch5 -p1 -b .mppe # Fix waitpid usage (upstream patch) @@ -69,30 +71,37 @@ tunnels. # Avoid using connection struct after it is freed (upstream patch) %patch8 -p0 -b .conn-free2 -# Fix broken Call-Disconnect-Notify code -# Submitted upstream: http://marc.info/?l=pptpclient-devel&m=128594487715881&w=1 -%patch100 -p1 -b .callids +# Add call ID of outgoing call so that Call-Disconnect-Notify from peer causes +# correct disconnection sequence (upstream patch) +%patch9 -p1 -b .cdn + +# Add support for setting SO_MARK for the PPTP TCP control connection as well +# as on the GRE packets (upstream patch) +%patch10 -p1 -b .so_mark + +# Implement the --nohostroute option that routing.c talks about (upstream patch) +%patch11 -p1 -b .nohostroute # Pacify rpmlint -%{__perl} -pi -e 's/install -o root -m 555 pptp/install -m 755 pptp/;' Makefile +perl -pi -e 's/install -o root -m 555 pptp/install -m 755 pptp/;' Makefile %build -%{__make} %{?_smp_mflags} CFLAGS="-Wall %{optflags}" IP=/sbin/ip +make %{?_smp_mflags} CFLAGS="-Wall %{optflags}" IP=/sbin/ip %install -%{__rm} -rf %{buildroot} -%{__make} DESTDIR=%{buildroot} install -%{__install} -d -m 750 %{buildroot}%{_localstatedir}/run/pptp +rm -rf %{buildroot} +make DESTDIR=%{buildroot} install +install -d -m 750 %{buildroot}%{_localstatedir}/run/pptp # Make sure /var/run/pptp exists at boot time for systems # with /var/run on tmpfs (#656672) %if 0%{?fedora} > 14 -%{__install} -d -m 755 %{buildroot}%{_sysconfdir}/tmpfiles.d -%{__install} -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/tmpfiles.d/pptp.conf +install -d -m 755 %{buildroot}%{_sysconfdir}/tmpfiles.d +install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/tmpfiles.d/pptp.conf %endif %clean -%{__rm} -rf %{buildroot} +rm -rf %{buildroot} %files %defattr(-,root,root,-) @@ -114,7 +123,14 @@ tunnels. %{_mandir}/man8/pptpsetup.8* %changelog -* Wed Feb 09 2011 Fedora Release Engineering - 1.7.2-12 +* Tue Nov 8 2011 Paul Howarth 1.7.2-13 +- Patch to fix broken Call-Disconnect-Notify code accepted upstream +- Add upstream patch to support setting SO_MARK for the PPTP TCP control + connection as well as on the GRE packets +- Add upstream patch to implement the --nohostroute option +- Nobody else likes macros for commands + +* Wed Feb 09 2011 Fedora Release Engineering 1.7.2-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Tue Nov 30 2010 Paul Howarth 1.7.2-11