head 1.1; access; symbols pkgsrc-2026Q1:1.1.0.122 pkgsrc-2026Q1-base:1.1 pkgsrc-2025Q4:1.1.0.120 pkgsrc-2025Q4-base:1.1 pkgsrc-2025Q3:1.1.0.118 pkgsrc-2025Q3-base:1.1 pkgsrc-2025Q2:1.1.0.116 pkgsrc-2025Q2-base:1.1 pkgsrc-2025Q1:1.1.0.114 pkgsrc-2025Q1-base:1.1 pkgsrc-2024Q4:1.1.0.112 pkgsrc-2024Q4-base:1.1 pkgsrc-2024Q3:1.1.0.110 pkgsrc-2024Q3-base:1.1 pkgsrc-2024Q2:1.1.0.108 pkgsrc-2024Q2-base:1.1 pkgsrc-2024Q1:1.1.0.106 pkgsrc-2024Q1-base:1.1 pkgsrc-2023Q4:1.1.0.104 pkgsrc-2023Q4-base:1.1 pkgsrc-2023Q3:1.1.0.102 pkgsrc-2023Q3-base:1.1 pkgsrc-2023Q2:1.1.0.100 pkgsrc-2023Q2-base:1.1 pkgsrc-2023Q1:1.1.0.98 pkgsrc-2023Q1-base:1.1 pkgsrc-2022Q4:1.1.0.96 pkgsrc-2022Q4-base:1.1 pkgsrc-2022Q3:1.1.0.94 pkgsrc-2022Q3-base:1.1 pkgsrc-2022Q2:1.1.0.92 pkgsrc-2022Q2-base:1.1 pkgsrc-2022Q1:1.1.0.90 pkgsrc-2022Q1-base:1.1 pkgsrc-2021Q4:1.1.0.88 pkgsrc-2021Q4-base:1.1 pkgsrc-2021Q3:1.1.0.86 pkgsrc-2021Q3-base:1.1 pkgsrc-2021Q2:1.1.0.84 pkgsrc-2021Q2-base:1.1 pkgsrc-2021Q1:1.1.0.82 pkgsrc-2021Q1-base:1.1 pkgsrc-2020Q4:1.1.0.80 pkgsrc-2020Q4-base:1.1 pkgsrc-2020Q3:1.1.0.78 pkgsrc-2020Q3-base:1.1 pkgsrc-2020Q2:1.1.0.74 pkgsrc-2020Q2-base:1.1 pkgsrc-2020Q1:1.1.0.54 pkgsrc-2020Q1-base:1.1 pkgsrc-2019Q4:1.1.0.76 pkgsrc-2019Q4-base:1.1 pkgsrc-2019Q3:1.1.0.72 pkgsrc-2019Q3-base:1.1 pkgsrc-2019Q2:1.1.0.70 pkgsrc-2019Q2-base:1.1 pkgsrc-2019Q1:1.1.0.68 pkgsrc-2019Q1-base:1.1 pkgsrc-2018Q4:1.1.0.66 pkgsrc-2018Q4-base:1.1 pkgsrc-2018Q3:1.1.0.64 pkgsrc-2018Q3-base:1.1 pkgsrc-2018Q2:1.1.0.62 pkgsrc-2018Q2-base:1.1 pkgsrc-2018Q1:1.1.0.60 pkgsrc-2018Q1-base:1.1 pkgsrc-2017Q4:1.1.0.58 pkgsrc-2017Q4-base:1.1 pkgsrc-2017Q3:1.1.0.56 pkgsrc-2017Q3-base:1.1 pkgsrc-2017Q2:1.1.0.52 pkgsrc-2017Q2-base:1.1 pkgsrc-2017Q1:1.1.0.50 pkgsrc-2017Q1-base:1.1 pkgsrc-2016Q4:1.1.0.48 pkgsrc-2016Q4-base:1.1 pkgsrc-2016Q3:1.1.0.46 pkgsrc-2016Q3-base:1.1 pkgsrc-2016Q2:1.1.0.44 pkgsrc-2016Q2-base:1.1 pkgsrc-2016Q1:1.1.0.42 pkgsrc-2016Q1-base:1.1 pkgsrc-2015Q4:1.1.0.40 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.38 pkgsrc-2015Q3-base:1.1 pkgsrc-2015Q2:1.1.0.36 pkgsrc-2015Q2-base:1.1 pkgsrc-2015Q1:1.1.0.34 pkgsrc-2015Q1-base:1.1 pkgsrc-2014Q4:1.1.0.32 pkgsrc-2014Q4-base:1.1 pkgsrc-2014Q3:1.1.0.30 pkgsrc-2014Q3-base:1.1 pkgsrc-2014Q2:1.1.0.28 pkgsrc-2014Q2-base:1.1 pkgsrc-2014Q1:1.1.0.26 pkgsrc-2014Q1-base:1.1 pkgsrc-2013Q4:1.1.0.24 pkgsrc-2013Q4-base:1.1 pkgsrc-2013Q3:1.1.0.22 pkgsrc-2013Q3-base:1.1 pkgsrc-2013Q2:1.1.0.20 pkgsrc-2013Q2-base:1.1 pkgsrc-2013Q1:1.1.0.18 pkgsrc-2013Q1-base:1.1 pkgsrc-2012Q4:1.1.0.16 pkgsrc-2012Q4-base:1.1 pkgsrc-2012Q3:1.1.0.14 pkgsrc-2012Q3-base:1.1 pkgsrc-2012Q2:1.1.0.12 pkgsrc-2012Q2-base:1.1 pkgsrc-2012Q1:1.1.0.10 pkgsrc-2012Q1-base:1.1 pkgsrc-2011Q4:1.1.0.8 pkgsrc-2011Q4-base:1.1 pkgsrc-2011Q3:1.1.0.6 pkgsrc-2011Q3-base:1.1 pkgsrc-2011Q2:1.1.0.4 pkgsrc-2011Q2-base:1.1 pkgsrc-2011Q1:1.1.0.2 pkgsrc-2011Q1-base:1.1; locks; strict; comment @# @; 1.1 date 2011.03.05.17.54.17; author cegger; state Exp; branches; next ; desc @@ 1.1 log @Apply patches from debian: - Bug fix: "Disconnect after an hour and loops trying to reconnect" - Additional vpnc functionality (resolvconf, Target Networks, DNSUpdate options) Bump revision Forgot to 'cvs add' the new files before. Sorry. @ text @$NetBSD$ --- vpnc.c.orig 2008-11-19 20:55:51.000000000 +0000 +++ vpnc.c @@@@ -360,6 +360,8 @@@@ static void config_tunnel(struct sa_bloc { setenv("VPNGATEWAY", inet_ntoa(s->dst), 1); setenv("reason", "connect", 1); + setenv("DNS_UPDATE", config[CONFIG_DNS_UPDATE], 1); + setenv("TARGET_NETWORKS", config[CONFIG_TARGET_NETWORKS], 1); system(config[CONFIG_SCRIPT]); } @@@@ -1147,7 +1149,7 @@@@ static struct isakmp_payload *make_our_s static void lifetime_ike_process(struct sa_block *s, struct isakmp_attribute *a) { - uint32_t value; + uint32_t value = 0; assert(a != NULL); assert(a->type == IKE_ATTRIB_LIFE_TYPE); @@@@ -1174,7 +1176,7 @@@@ static void lifetime_ike_process(struct static void lifetime_ipsec_process(struct sa_block *s, struct isakmp_attribute *a) { - uint32_t value; + uint32_t value = 0; assert(a != NULL); assert(a->type == ISAKMP_IPSEC_ATTRIB_SA_LIFE_TYPE); @@@@ -2861,28 +2863,34 @@@@ static void do_phase2_qm(struct sa_block free(dh_shared_secret); free_isakmp_packet(r); - if ((opt_natt_mode == NATT_CISCO_UDP) && s->ipsec.peer_udpencap_port) { - s->esp_fd = make_socket(s, opt_udpencapport, s->ipsec.peer_udpencap_port); - s->ipsec.encap_mode = IPSEC_ENCAP_UDP_TUNNEL; - s->ipsec.natt_active_mode = NATT_ACTIVE_CISCO_UDP; - } else if (s->ipsec.encap_mode != IPSEC_ENCAP_TUNNEL) { - s->esp_fd = s->ike_fd; - } else { + if (s->esp_fd == 0) { + if ((opt_natt_mode == NATT_CISCO_UDP) && s->ipsec.peer_udpencap_port) { + s->esp_fd = make_socket(s, opt_udpencapport, s->ipsec.peer_udpencap_port); + s->ipsec.encap_mode = IPSEC_ENCAP_UDP_TUNNEL; + s->ipsec.natt_active_mode = NATT_ACTIVE_CISCO_UDP; + } else if (s->ipsec.encap_mode != IPSEC_ENCAP_TUNNEL) { + s->esp_fd = s->ike_fd; + } else { #ifdef IP_HDRINCL - int hincl = 1; + int hincl = 1; #endif - s->esp_fd = socket(PF_INET, SOCK_RAW, IPPROTO_ESP); - if (s->esp_fd == -1) { - close_tunnel(s); - error(1, errno, "Couldn't open socket of ESP. Maybe something registered ESP already.\nPlease try '--natt-mode force-natt' or disable whatever is using ESP.\nsocket(PF_INET, SOCK_RAW, IPPROTO_ESP)"); - } + s->esp_fd = socket(PF_INET, SOCK_RAW, IPPROTO_ESP); + if (s->esp_fd == -1) { + close_tunnel(s); + error(1, errno, "Couldn't open socket of ESP. Maybe something registered ESP already.\nPlease try '--natt-mode force-natt' or disable whatever is using ESP.\nsocket(PF_INET, SOCK_RAW, IPPROTO_ESP)"); + } +#ifdef FD_CLOEXEC + /* do not pass socket to vpnc-script, etc. */ + fcntl(s->esp_fd, F_SETFD, FD_CLOEXEC); +#endif #ifdef IP_HDRINCL - if (setsockopt(s->esp_fd, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof(hincl)) == -1) { - close_tunnel(s); - error(1, errno, "setsockopt(esp_fd, IPPROTO_IP, IP_HDRINCL, 1)"); - } + if (setsockopt(s->esp_fd, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof(hincl)) == -1) { + close_tunnel(s); + error(1, errno, "setsockopt(esp_fd, IPPROTO_IP, IP_HDRINCL, 1)"); + } #endif + } } s->ipsec.rx.seq_id = s->ipsec.tx.seq_id = 1; @@@@ -3224,9 +3232,14 @@@@ void process_late_ike(struct sa_block *s */ /* FIXME: any cleanup needed??? */ - free_isakmp_packet(r); - do_phase2_qm(s); - return; + if (rp->u.d.num_spi >= 1 && memcmp(rp->u.d.spi[0], &s->ipsec.tx.spi, 4) == 0) { + free_isakmp_packet(r); + do_phase2_qm(s); + return; + } else { + DEBUG(2, printf("got isakmp delete with bogus spi, ignoring...\n")); + continue; + } } /* skip ipsec-esp delete */ if (rp->u.d.protocol != ISAKMP_IPSEC_PROTO_ISAKMP) { @