summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason A. Donenfeld <zx2c4@gentoo.org>2017-03-17 15:37:57 +0100
committerJason A. Donenfeld <zx2c4@gentoo.org>2017-03-17 15:38:28 +0100
commit9754f457cc6d0aeb90a1535a5228ef909e9584c9 (patch)
treeffbd77f41fb100837cc8f992f8dc863cd01c270d /net-vpn/nstx/files
parentapp-forensics/openscap: remove old (diff)
downloadgentoo-9754f457cc6d0aeb90a1535a5228ef909e9584c9.tar.gz
gentoo-9754f457cc6d0aeb90a1535a5228ef909e9584c9.tar.bz2
gentoo-9754f457cc6d0aeb90a1535a5228ef909e9584c9.zip
Second half of net-vpn/ move
Diffstat (limited to 'net-vpn/nstx/files')
-rw-r--r--net-vpn/nstx/files/nstx-1.1_beta6_00-linux-tuntap.patch465
-rw-r--r--net-vpn/nstx/files/nstx-1.1_beta6_01-bind-interface-name.patch134
-rw-r--r--net-vpn/nstx/files/nstx-1.1_beta6_02-warn-on-frag.patch22
-rw-r--r--net-vpn/nstx/files/nstx-1.1_beta6_03-delete-dwrite.patch18
-rw-r--r--net-vpn/nstx/files/nstx-1.1_beta6_04-delete-werror.patch9
-rw-r--r--net-vpn/nstx/files/nstx-1.1_beta6_05-respect-ldflags.patch19
-rw-r--r--net-vpn/nstx/files/nstxcd.conf46
-rw-r--r--net-vpn/nstx/files/nstxcd.init103
-rw-r--r--net-vpn/nstx/files/nstxd.conf35
-rw-r--r--net-vpn/nstx/files/nstxd.init94
10 files changed, 945 insertions, 0 deletions
diff --git a/net-vpn/nstx/files/nstx-1.1_beta6_00-linux-tuntap.patch b/net-vpn/nstx/files/nstx-1.1_beta6_00-linux-tuntap.patch
new file mode 100644
index 000000000000..524fd705a86e
--- /dev/null
+++ b/net-vpn/nstx/files/nstx-1.1_beta6_00-linux-tuntap.patch
@@ -0,0 +1,465 @@
+diff -ru nstx-1.1-beta6.orig/nstx_tuntap.c nstx-1.1-beta6/nstx_tuntap.c
+--- nstx-1.1-beta6.orig/nstx_tuntap.c 2009-03-16 05:31:24.000000000 +0000
++++ nstx-1.1-beta6/nstx_tuntap.c 2009-03-16 22:45:28.000000000 +0000
+@@ -19,13 +19,15 @@
+
+ #ifdef linux
+ #include <linux/if_tun.h>
+-#define TUNDEV "/dev/net/tun"
++#define TUNINT "tun0"
++#define TUNDEVNODE "/dev/net/tun"
+ #else
+ # include <net/if_tun.h>
++# define TUNINT "NULL?"
+ # if __FreeBSD_version < 500000
+-# define TUNDEV "/dev/tun2"
++# define TUNDEVNODE "/dev/tun2"
+ # else
+-# define TUNDEV "/dev/tun"
++# define TUNDEVNODE "/dev/tun"
+ # endif
+ #endif
+
+@@ -33,127 +35,135 @@
+
+ #define MAXPKT 2000
+
+-#define TAPDEV "/dev/tap0"
++#define TAPINT "tap0"
++#define TAPDEVNODE "/dev/net/tun"
+
+ int tfd = -1, nfd = -1;
+ static char dev[IFNAMSIZ+1];
+
+-static int tun_alloc (const char *path);
++static int tun_alloc (const char * interface, const char * device_node);
++static int tap_alloc (const char * interface, const char * device_node);
++
+ #ifdef linux
+-static int tap_alloc (const char *path);
++static int tuntap_alloc_linux(const char * interface, const char * device_node,
++ int mode);
++#else
++static int tun_alloc_bsd(const char * interface, const char * device_node);
+ #endif
+
+ void
+-open_tuntap(const char *device)
++open_tuntap(const char * interface, const char * device_node, int tun)
+ {
+- int tunerr;
+-#ifdef linux
+- int taperr;
+-#endif
++ int err;
++
++ if (!interface)
++ interface = (tun ? TUNINT : TAPINT);
++
++ if (!device_node)
++ device_node = (tun ? TUNDEVNODE : TAPDEVNODE);
++
++ fprintf(stderr, "Opening %s interface %s at %s... ", tun ? "tun" : "tap",
++ interface, device_node);
++
++ err = (tun ? tun_alloc(interface, device_node) : tap_alloc(interface,
++ device_node));
++
++ if (!err) {
++ fprintf(stderr, "using interface %s\n", dev);
++
++ if (tun)
++ fprintf(stderr, "you will now need to assign an ip and routing to "
++ "this interface\n");
++ else
++ fprintf(stderr, "you will now need to add bridging or other rules "
++ "to this interface\n");
++ return;
++ }
+
+- fprintf(stderr, "Opening tun/tap-device... ");
+- if ((tunerr = tun_alloc(device ? device : TUNDEV))
++ fprintf(stderr, "failed! (%s)\n", strerror(err));
++
++ fprintf(stderr, "Diagnostics: ");
++
++ if (err == EPERM)
++ fprintf(stderr, "you usually have to be root to use nstx.\n");
++ else if (err == ENOENT)
++ fprintf(stderr, "maybe you need kernel support -- did you modprobe "
++ "tap?\n");
++ else if (err == ENODEV)
++ fprintf(stderr, "maybe you need kernel support -- did you modprobe "
++ "tap?\n");
+ #ifdef linux
+- && (taperr = tap_alloc(device ? device : TAPDEV))
++#else
++ else if ((err == EINVAL) && !tun)
++ fprintf(stderr, "tap support is only available under linux\n");
+ #endif
+- ) {
+- fprintf(stderr, "failed!\n"
+- "Diagnostics:\nTun ("TUNDEV"): ");
+- switch (tunerr) {
+- case EPERM:
+- fprintf(stderr, "Permission denied. You usually have to "
+- "be root to use nstx.\n");
+- break;
+- case ENOENT:
+- fprintf(stderr, TUNDEV " not found. Please create /dev/net/ and\n"
+- " mknod /dev/net/tun c 10 200 to use the tun-device\n");
+- break;
+- case ENODEV:
+- fprintf(stderr, "Device not available. Make sure you have "
+- "kernel-support\n for the tun-device. Under linux, you "
+- "need tun.o (Universal tun/tap-device)\n");
+- break;
+- default:
+- perror("Unexpected error");
+- break;
+- }
+- fprintf(stderr, "Tap ("TAPDEV"):\n(only available under linux)\n");
++ else
++ fprintf(stderr, "none, sorry\n");
++
++ exit(EXIT_FAILURE);
++}
++
++int tun_alloc(const char * interface, const char * device_node)
++{
+ #ifdef linux
+- switch (taperr) {
+- case EPERM:
+- fprintf(stderr, "Permission denied. You generally have to "
+- "be root to use nstx.\n");
+- break;
+- case ENOENT:
+- fprintf(stderr, TAPDEV " not found. Please\n"
+- " mknod /dev/tap0 c 36 16 to use the tap-device\n");
+- break;
+- case ENODEV:
+- fprintf(stderr, "Device not available. Make sure you have kernel-support\n"
+- " for the tap-device. Under linux, you need netlink_dev.o and ethertap.o\n");
+- break;
+- default:
+- fprintf(stderr, "Unexpected error: %s\n", strerror(taperr));
+- break;
+- }
++ return tuntap_alloc_linux(interface, device_node, IFF_TUN);
++#else
++ return tun_alloc_bsd(interface, device_node);
+ #endif
+- exit(EXIT_FAILURE);
+- }
+-
+- fprintf(stderr, "using device %s\n"
+- "Please configure this device appropriately (IP, routes, etc.)\n", dev);
+ }
+
+-int
+-tun_alloc (const char *path)
++int tap_alloc(const char * interface, const char * device_node)
+ {
+ #ifdef linux
+- struct ifreq ifr;
++ return tuntap_alloc_linux(interface, device_node, IFF_TAP);
+ #else
+- struct stat st;
++ return EINVAL;
+ #endif
+-
+- if ((tfd = open(path, O_RDWR)) < 0)
+- return errno;
++}
+
+ #ifdef linux
+- memset(&ifr, 0, sizeof(ifr));
++
++int tuntap_alloc_linux(const char * interface, const char * device_node,
++ int mode)
++{
++ struct ifreq ifr;
++
++ if ((tfd = open(device_node, O_RDWR)) < 0)
++ return errno;
++
++ memset(&ifr, 0, sizeof(ifr));
+
+- ifr.ifr_flags = IFF_TUN|IFF_NO_PI;
++ ifr.ifr_flags = mode | IFF_NO_PI;
++ strncpy(ifr.ifr_name, interface, sizeof(ifr.ifr_name));
++ ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = 0;
+
+- if (ioctl(tfd, TUNSETIFF, (void *) &ifr) < 0)
+- {
+- close(tfd);
+- tfd = -1;
+- return errno;
+- }
+- strncpy(dev, ifr.ifr_name, IFNAMSIZ+1);
+-#else
+- fstat(tfd, &st);
+- strncpy(dev, devname(st.st_rdev, S_IFCHR), IFNAMSIZ+1);
+-#endif
++ if (ioctl(tfd, TUNSETIFF, (void *) &ifr) < 0) {
++ close(tfd);
++ tfd = -1;
++ return errno;
++ }
++
++ strncpy(dev, ifr.ifr_name, IFNAMSIZ+1);
+
+- return 0;
++ return 0;
+ }
+
++#else /* bsd */
+
+-#ifdef linux
+-int
+-tap_alloc(const char *path)
++int tun_alloc_bsd(const char * interface, const char * device_node)
+ {
+- char *ptr;
+-
+- if ((tfd = open(path, O_RDWR)) < 0)
++ struct stat st;
++
++ if ((tfd = open(device_node, O_RDWR)) < 0)
+ return errno;
+-
+- if ((ptr = strrchr(path, '/')))
+- strncpy(dev, ptr+1, IFNAMSIZ+1);
+- else
+- strncpy(dev, path, IFNAMSIZ+1);
++
++ fstat(tfd, &st);
++ strncpy(dev, devname(st.st_rdev, S_IFCHR), IFNAMSIZ+1);
+
+ return 0;
+ }
+-#endif
++
++#endif /* linux/bsd */
+
+ void
+ open_ns(const char *ip)
+diff -ru nstx-1.1-beta6.orig/nstxcd.8 nstx-1.1-beta6/nstxcd.8
+--- nstx-1.1-beta6.orig/nstxcd.8 2009-03-16 05:31:24.000000000 +0000
++++ nstx-1.1-beta6/nstxcd.8 2009-03-16 23:16:21.000000000 +0000
+@@ -3,7 +3,7 @@
+ nstxcd \- IP over DNS tunneling client
+
+ .SH SYNOPSIS
+-.B "nstxcd \fIDOMAIN\fR \fIIPADDRESS\fR"
++.B "nstxcd \fIOPTIONS\fR \fIDOMAIN\fR \fIIPADDRESS\fR"
+
+ .SH DESCRIPTION
+ .B nstxcd
+@@ -13,6 +13,14 @@
+ .SH OPTIONS
+ .B nstxcd
+ takes the following options:
++.IP \-I tun/tap interface
++Use this tun/tap interface instead of the default (tun0/tap0)
++.IP \-d tun/tap device node
++Use this tun/tap device node instead of the default (/dev/net/tun on Linux)
++.IP \-t
++Tun mode (default)
++.IP \-T
++Tap mode
+ .IP "domain"
+ The domain that nstxcd will send requests to. This domain must be delegated
+ to a machine that is running nstxd.
+@@ -22,9 +30,9 @@
+ .SH USAGE
+ .Bnstxcd
+ should be run against a domain that has been delegated to a machine running
+-nstxd. It will then take any packets that are sent to the tun0 interface and
+-send them over DNS to the other tunnel endpoint. Responses will appear on
+-the tun0 interface.
++nstxd. It will then take any packets that are sent to the tun/tap interface and
++send them over DNS to the other tunnel endpoint. Responses will appear on the
++tun/tap interface.
+
+ .SH AUTHORS
+
+diff -ru nstx-1.1-beta6.orig/nstxcd.c nstx-1.1-beta6/nstxcd.c
+--- nstx-1.1-beta6.orig/nstxcd.c 2009-03-16 05:31:24.000000000 +0000
++++ nstx-1.1-beta6/nstxcd.c 2009-03-16 23:16:07.000000000 +0000
+@@ -55,25 +55,44 @@
+ static void
+ usage(const char *prog, int code)
+ {
+- fprintf(stderr, "Usage: %s [-d tun-device] <domainname> <dns-server>\n"
+- "Example: %s tun.yomama.com 125.23.53.12\n", prog, prog);
++ fprintf(stderr, "Usage: %s [options] <domainname> <dns-server>\n"
++ "Where options are:\n"
++ "\t-d path (use this tun/tap device node instead of default)\n"
++ "\t-I interface (use this tun/tap interface instead of default)\n"
++#ifdef linux
++ "\t-t (tun mode, default)\n"
++ "\t-T (tap mode)\n"
++#endif
++ "example:\n"
++ "%s tun.yomama.com 125.23.53.12\n", prog, prog);
+ exit(code);
+ }
+
+ int main (int argc, char * argv[]) {
+ struct nstxmsg *msg;
+- const char *device = NULL;
++ const char *interface = NULL;
++ const char *device_node = NULL;
+ int ch;
++ int tun = 1;
+
+ nsid = time(NULL);
+
+ if (argc < 3)
+ usage(argv[0], EX_USAGE);
+
+- while ((ch = getopt(argc, argv, "hd:")) != -1) {
++ while ((ch = getopt(argc, argv, "hd:I:tT")) != -1) {
+ switch (ch) {
++ case 'I':
++ interface = optarg;
++ break;
+ case 'd':
+- device = optarg;
++ device_node = optarg;
++ break;
++ case 't':
++ tun = 1;
++ break;
++ case 'T':
++ tun = 0;
+ break;
+ case 'h':
+ usage(argv[0], 0);
+@@ -85,7 +104,7 @@
+ dns_setsuffix(argv[optind]);
+
+ qsettimeout(10);
+- open_tuntap(device);
++ open_tuntap(interface, device_node, tun);
+ open_ns(argv[optind + 1]);
+
+ for (;;) {
+diff -ru nstx-1.1-beta6.orig/nstxd.8 nstx-1.1-beta6/nstxd.8
+--- nstx-1.1-beta6.orig/nstxd.8 2009-03-16 05:31:24.000000000 +0000
++++ nstx-1.1-beta6/nstxd.8 2009-03-16 23:16:32.000000000 +0000
+@@ -3,7 +3,7 @@
+ nstxd \- IP over DNS tunneling daemon
+
+ .SH SYNOPSIS
+-.B "nstxd \fIOPTION\fR \fIDOMAIN\fR"
++.B "nstxd \fIOPTIONS\fR \fIDOMAIN\fR"
+
+ .SH DESCRIPTION
+ .B nstxd
+@@ -14,8 +14,14 @@
+ .SH OPTIONS
+ .B nstxd
+ takes the following option:
+-.IP \-d tun-device
+-Use this tun device instead of tun0
++.IP \-I tun/tap interface
++Use this tun/tap interface instead of the default (tun0/tap0)
++.IP \-d tun/tap device node
++Use this tun/tap device node instead of the default (/dev/net/tun on linux)
++.IP \-t
++Tun mode (default)
++.IP \-T
++Tap mode
+ .IP \-i ipaddr
+ Bind to this IP address rather than every available address
+ .IP \-C dir
+@@ -33,9 +39,9 @@
+ .SH USAGE
+ A domain should be delegated to the machine that will run nstxd. nstxd should
+ then be run giving that domain as the only argument. nstxd will then listen
+-for requests and translate them into IP packets that will appear on the tun0
+-interface. Packets sent to the tun0 interface will be transferred back to
+-the client as DNS answers.
++for requests and translate them into IP packets that will appear on the given
++tun/tap interface. Packets sent to the tun/tap interface will be transferred
++back to the client as DNS answers.
+
+ .SH AUTHORS
+
+diff -ru nstx-1.1-beta6.orig/nstxd.c nstx-1.1-beta6/nstxd.c
+--- nstx-1.1-beta6.orig/nstxd.c 2009-03-16 05:31:24.000000000 +0000
++++ nstx-1.1-beta6/nstxd.c 2009-03-16 23:15:30.000000000 +0000
+@@ -55,7 +55,12 @@
+ {
+ fprintf (stderr, "usage: %s [options] <domainname>\n"
+ "Where options are:\n"
+- "\t-d tun-device (use this tun/tap device instead of default\n"
++ "\t-d path (use this tun/tap device node instead of default)\n"
++ "\t-I interface (use this tun/tap interface instead of default)\n"
++#ifdef linux
++ "\t-t (tun mode, default)\n"
++ "\t-T (tap mode)\n"
++#endif
+ "\t-i ip.to.bi.nd (bind to port 53 on this IP only)\n"
+ "\t-C dir (chroot() to this directory after initialization)\n"
+ "\t-D (call daemon(3) to detach from terminal)\n"
+@@ -68,13 +73,15 @@
+
+ int main (int argc, char *argv[]) {
+ signed char ch;
+- const char *device = NULL, *dir = NULL;
++ const char *interface = NULL, *dir = NULL;
++ const char *device_node = NULL;
+ in_addr_t bindto = INADDR_ANY;
+ uid_t uid = 0;
+ int daemonize = 0;
+ int logmask = LOG_UPTO(LOG_INFO);
++ int tun = 1;
+
+- while ((ch = getopt(argc, argv, "gDC:u:hd:i:")) != -1) {
++ while ((ch = getopt(argc, argv, "gDC:u:hd:I:i:tT")) != -1) {
+ switch(ch) {
+ case 'i':
+ bindto = inet_addr(optarg);
+@@ -84,8 +91,17 @@
+ exit(EX_USAGE);
+ }
+ break;
++ case 'I':
++ interface = optarg;
++ break;
+ case 'd':
+- device = optarg;
++ device_node = optarg;
++ break;
++ case 't':
++ tun = 1;
++ break;
++ case 'T':
++ tun = 0;
+ break;
+ case 'D':
+ daemonize = 1;
+@@ -121,7 +137,7 @@
+
+ dns_setsuffix(argv[optind]);
+
+- open_tuntap(device);
++ open_tuntap(interface, device_node, tun);
+ open_ns_bind(bindto);
+
+ if (dir) {
+diff -ru nstx-1.1-beta6.orig/nstxfun.h nstx-1.1-beta6/nstxfun.h
+--- nstx-1.1-beta6.orig/nstxfun.h 2009-03-16 05:31:24.000000000 +0000
++++ nstx-1.1-beta6/nstxfun.h 2009-03-16 22:40:44.000000000 +0000
+@@ -52,7 +52,7 @@
+
+ /* DNS */
+
+-void open_tuntap (const char *device);
++void open_tuntap (const char * interface, const char * device_node, int tun);
+ void open_ns (const char *ip);
+ void open_ns_bind(in_addr_t ip);
+
diff --git a/net-vpn/nstx/files/nstx-1.1_beta6_01-bind-interface-name.patch b/net-vpn/nstx/files/nstx-1.1_beta6_01-bind-interface-name.patch
new file mode 100644
index 000000000000..0d65f0f6d68b
--- /dev/null
+++ b/net-vpn/nstx/files/nstx-1.1_beta6_01-bind-interface-name.patch
@@ -0,0 +1,134 @@
+diff -ru nstx-1.1-beta6.tuntap/Makefile nstx-1.1-beta6/Makefile
+--- nstx-1.1-beta6.tuntap/Makefile 2009-03-16 23:22:11.000000000 +0000
++++ nstx-1.1-beta6/Makefile 2009-03-16 23:27:09.000000000 +0000
+@@ -1,9 +1,9 @@
+ CFLAGS += -ggdb -Wall -Werror -Wsign-compare
+
+-NSTXD_SRCS = nstxd.c nstx_encode.c nstx_pstack.c nstx_dns.c nstx_tuntap.c nstx_queue.c
++NSTXD_SRCS = nstxd.c nstx_encode.c nstx_pstack.c nstx_dns.c nstx_tuntap.c nstx_queue.c nstx_util.c
+ NSTXD_OBJS = ${NSTXD_SRCS:.c=.o}
+
+-NSTXCD_SRCS = nstxcd.c nstx_encode.c nstx_pstack.c nstx_dns.c nstx_tuntap.o nstx_queue.c
++NSTXCD_SRCS = nstxcd.c nstx_encode.c nstx_pstack.c nstx_dns.c nstx_tuntap.o nstx_queue.c nstx_util.c
+ NSTXCD_OBJS = ${NSTXCD_SRCS:.c=.o}
+
+ PROGS = nstxd nstxcd
+diff -ru nstx-1.1-beta6.tuntap/nstx_util.c nstx-1.1-beta6/nstx_util.c
+--- nstx-1.1-beta6.tuntap/nstx_util.c 2004-06-27 21:43:34.000000000 +0000
++++ nstx-1.1-beta6/nstx_util.c 2009-03-16 23:28:37.000000000 +0000
+@@ -27,6 +27,10 @@
+ #include <stdio.h>
+ #include <sys/types.h>
+ #include <sys/socket.h>
++#include <net/if.h>
++#include <sys/ioctl.h>
++#include <arpa/inet.h>
++#include <errno.h>
+
+ #include "nstxfun.h"
+
+@@ -48,6 +52,48 @@
+ close(fd);
+ }
+
++static int iface_addr(const char * name, in_addr_t * result) {
++ int r, s;
++ struct ifreq ifr;
++ struct sockaddr_in * sin;
++
++ s = socket(AF_INET, SOCK_DGRAM, 0);
++
++ if (s < 0) {
++ perror("socket");
++ return s;
++ }
++
++ strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name));
++ ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = 0;
++
++ r = ioctl(s, SIOCGIFADDR, &ifr);
++
++ if (r < 0) {
++ perror("ioctl(SIOCGIFADDR)");
++ return r;
++ }
++
++ sin = (struct sockaddr_in *)&ifr.ifr_addr;
++ *result = sin->sin_addr.s_addr;
++
++ if (*result == INADDR_ANY || *result == INADDR_NONE) {
++ fprintf(stderr, "interface %s has no assigned address\n", name);
++ return -EINVAL;
++ }
++
++ return 0;
++}
++
++int addr_convert(const char * s, in_addr_t * result) {
++ *result = inet_addr(s);
++
++ if (*result != INADDR_NONE)
++ return 0;
++
++ return iface_addr(s, result);
++}
++
+ #ifdef WITH_PKTDUMP
+ void
+ pktdump (const char *prefix, unsigned short id, const char *data,
+diff -ru nstx-1.1-beta6.tuntap/nstxd.8 nstx-1.1-beta6/nstxd.8
+--- nstx-1.1-beta6.tuntap/nstxd.8 2009-03-16 23:23:46.000000000 +0000
++++ nstx-1.1-beta6/nstxd.8 2009-03-16 23:29:59.000000000 +0000
+@@ -22,8 +22,8 @@
+ Tun mode (default)
+ .IP \-T
+ Tap mode
+-.IP \-i ipaddr
+-Bind to this IP address rather than every available address
++.IP \-i ipaddr|interface
++Bind to this IP address or interface rather than every available address
+ .IP \-C dir
+ Chroot to this directory on startup
+ .IP \-D
+diff -ru nstx-1.1-beta6.tuntap/nstxd.c nstx-1.1-beta6/nstxd.c
+--- nstx-1.1-beta6.tuntap/nstxd.c 2009-03-16 23:23:46.000000000 +0000
++++ nstx-1.1-beta6/nstxd.c 2009-03-16 23:32:45.000000000 +0000
+@@ -61,7 +61,7 @@
+ "\t-t (tun mode, default)\n"
+ "\t-T (tap mode)\n"
+ #endif
+- "\t-i ip.to.bi.nd (bind to port 53 on this IP only)\n"
++ "\t-i ip|interface (bind to port 53 on this IP/interface only)\n"
+ "\t-C dir (chroot() to this directory after initialization)\n"
+ "\t-D (call daemon(3) to detach from terminal)\n"
+ "\t-g (enable debug messages)\n"
+@@ -80,14 +80,15 @@
+ int daemonize = 0;
+ int logmask = LOG_UPTO(LOG_INFO);
+ int tun = 1;
++ int r;
+
+ while ((ch = getopt(argc, argv, "gDC:u:hd:I:i:tT")) != -1) {
+ switch(ch) {
+ case 'i':
+- bindto = inet_addr(optarg);
+- if (bindto == INADDR_NONE) {
+- fprintf(stderr, "`%s' is not an IP-address\n",
+- optarg);
++ r = addr_convert(optarg, &bindto);
++ if (r < 0) {
++ fprintf(stderr, "couldn't use interface %s: %s\n", optarg,
++ strerror(-r));
+ exit(EX_USAGE);
+ }
+ break;
+diff -ru nstx-1.1-beta6.tuntap/nstxfun.h nstx-1.1-beta6/nstxfun.h
+--- nstx-1.1-beta6.tuntap/nstxfun.h 2009-03-16 23:23:46.000000000 +0000
++++ nstx-1.1-beta6/nstxfun.h 2009-03-16 23:28:37.000000000 +0000
+@@ -102,4 +102,6 @@
+ void pktdump (const char *, unsigned short, const char *, size_t, int);
+ #endif
+
++int addr_convert(const char *, in_addr_t *);
++
+ #endif /* _NSTXHDR_H */
diff --git a/net-vpn/nstx/files/nstx-1.1_beta6_02-warn-on-frag.patch b/net-vpn/nstx/files/nstx-1.1_beta6_02-warn-on-frag.patch
new file mode 100644
index 000000000000..251ad583150b
--- /dev/null
+++ b/net-vpn/nstx/files/nstx-1.1_beta6_02-warn-on-frag.patch
@@ -0,0 +1,22 @@
+Only in nstx-1.1-beta6.orig/: nstx_dns.o
+Only in nstx-1.1-beta6.orig/: nstx_encode.o
+Only in nstx-1.1-beta6.orig/: nstx_pstack.o
+diff -ru nstx-1.1-beta6.orig/nstx_tuntap.c nstx-1.1-beta6/nstx_tuntap.c
+--- nstx-1.1-beta6.orig/nstx_tuntap.c 2009-03-16 23:56:02.000000000 +0000
++++ nstx-1.1-beta6/nstx_tuntap.c 2009-03-17 00:06:00.000000000 +0000
+@@ -274,7 +274,13 @@
+ sendtun(const char *data, size_t len)
+ {
+ // printf("Sent len %d, csum %d\n", len, checksum(data, len));
+- write(tfd, data, len);
++ size_t w = write(tfd, data, len);
++
++ if (w < len) {
++ fprintf(stderr, "packet was descrutively fragmented! (len=%zd, "
++ "wrote=%zd)\n",
++ len, w);
++ }
+ }
+
+ void
+Only in nstx-1.1-beta6.orig/: nstxd.o
diff --git a/net-vpn/nstx/files/nstx-1.1_beta6_03-delete-dwrite.patch b/net-vpn/nstx/files/nstx-1.1_beta6_03-delete-dwrite.patch
new file mode 100644
index 000000000000..e943fa106b73
--- /dev/null
+++ b/net-vpn/nstx/files/nstx-1.1_beta6_03-delete-dwrite.patch
@@ -0,0 +1,18 @@
+diff -ru nstx-1.1-beta6.orig/nstx_util.c nstx-1.1-beta6/nstx_util.c
+--- nstx-1.1-beta6.orig/nstx_util.c 2009-03-17 00:08:18.000000000 +0000
++++ nstx-1.1-beta6/nstx_util.c 2009-03-17 00:08:37.000000000 +0000
+@@ -44,14 +44,6 @@
+ return x;
+ }
+
+-void dwrite (char *path, char *buf, int len) {
+- int fd;
+-
+- fd = open(path, O_RDWR|O_CREAT|O_TRUNC, 0600);
+- write(fd, buf, len);
+- close(fd);
+-}
+-
+ static int iface_addr(const char * name, in_addr_t * result) {
+ int r, s;
+ struct ifreq ifr;
diff --git a/net-vpn/nstx/files/nstx-1.1_beta6_04-delete-werror.patch b/net-vpn/nstx/files/nstx-1.1_beta6_04-delete-werror.patch
new file mode 100644
index 000000000000..35f7d0199b9d
--- /dev/null
+++ b/net-vpn/nstx/files/nstx-1.1_beta6_04-delete-werror.patch
@@ -0,0 +1,9 @@
+diff -ru nstx-1.1-beta6.orig/Makefile nstx-1.1-beta6/Makefile
+--- nstx-1.1-beta6.orig/Makefile 2009-03-17 03:29:43.000000000 +0000
++++ nstx-1.1-beta6/Makefile 2009-03-17 03:29:53.000000000 +0000
+@@ -1,4 +1,4 @@
+-CFLAGS += -ggdb -Wall -Werror -Wsign-compare
++CFLAGS += -ggdb -Wall -Wsign-compare
+
+ NSTXD_SRCS = nstxd.c nstx_encode.c nstx_pstack.c nstx_dns.c nstx_tuntap.c nstx_queue.c nstx_util.c
+ NSTXD_OBJS = ${NSTXD_SRCS:.c=.o}
diff --git a/net-vpn/nstx/files/nstx-1.1_beta6_05-respect-ldflags.patch b/net-vpn/nstx/files/nstx-1.1_beta6_05-respect-ldflags.patch
new file mode 100644
index 000000000000..47edb029edb9
--- /dev/null
+++ b/net-vpn/nstx/files/nstx-1.1_beta6_05-respect-ldflags.patch
@@ -0,0 +1,19 @@
+Respects LDFLAGS
+
+http://bugs.gentoo.org/show_bug.cgi?id=323919
+
+--- nstx-1.1-beta6/Makefile
++++ nstx-1.1-beta6/Makefile
+@@ -11,10 +11,10 @@
+ all: $(PROGS)
+
+ nstxd: $(NSTXD_OBJS)
+- $(CC) $(CFLAGS) -o nstxd $(NSTXD_OBJS)
++ $(CC) $(CFLAGS) $(LDFLAGS) -o nstxd $(NSTXD_OBJS)
+
+ nstxcd: $(NSTXCD_OBJS)
+- $(CC) $(CFLAGS) -o nstxcd $(NSTXCD_OBJS)
++ $(CC) $(CFLAGS) $(LDFLAGS) -o nstxcd $(NSTXCD_OBJS)
+
+ clean:
+ rm -f *.o $(PROGS) Makefile.bak *~ core
diff --git a/net-vpn/nstx/files/nstxcd.conf b/net-vpn/nstx/files/nstxcd.conf
new file mode 100644
index 000000000000..a04b9d09571e
--- /dev/null
+++ b/net-vpn/nstx/files/nstxcd.conf
@@ -0,0 +1,46 @@
+# /etc/conf.d/nstxcd: config file for /etc/init.d/nstxcd
+
+# DOMAIN is the DNS domain which will be the base for NSTX tunneling. You must
+# set up this domain such that its nameserver points to this machine. For
+# example, if your tunnel domain is "tunnelhere.example.com", the nameserver for
+# example.com should have the following record:
+#
+# tunnelhere.example.com IN NS this.machine.example.com
+#DOMAIN="tunnelhere.example.com"
+
+# Set to "TUN" for TUN (IP/layer-3) mode, or "TAP" for TAP (ethernet/layer-2)
+# mode. You must use the same mode your server is using, or you will send and
+# receive only garbage.
+MODE="TUN"
+
+# This will be the virtual TUN/TAP interface created by nstxcd. If unset,
+# defaults to tun0 or tap0. Note that no IP configuration will be supplied by
+# nstxd -- you must do this yourself using net scripts.
+#TUNTAP_INTERFACE=tun53
+
+# The DNS server where nstxcd will send queries. This is not necessarily the
+# same server as the one where the nstxd server is running. What constitutes a
+# good choice here depends on your situation: if you can send DNS queries to an
+# arbitrary address on the Internet, you could simply point straight to the
+# instance of nstxd, if you know its IP address. If you don't, you might use a
+# public DNS server, like one of the ones hosted by Level3 (4.2.2.1-4.2.2.6),
+# although it is almost certainly better to set up your nstxd server instance
+# with dynamic DNS so you can always find it.
+#
+# If you are constrained to sending DNS queries to a DHCP-provided server on
+# your local LAN, your only choice is to point to that server. This will always
+# work, but may yield limited performance relative to directly talking to nstxd
+# or talking via a high-performance DNS server.
+#
+# If you leave DNS_SERVER unset, the init script will select the first
+# nameserver from resolv.conf. This is the most fault-tolerant configuration.
+#DNS_SERVER=""
+
+# This option contains a space-separated list of interfaces that should be up
+# before we start. It's convenient to put your DHCP-facing address in here, so
+# autodetection of DNS_SERVER from resolv.conf will work.
+#NEED_INTERFACES=""
+
+# Other miscellaneous options to pass to nstxcd (man 7 nstxcd for details)
+#NSTXCD_OPTS=""
+
diff --git a/net-vpn/nstx/files/nstxcd.init b/net-vpn/nstx/files/nstxcd.init
new file mode 100644
index 000000000000..444358970731
--- /dev/null
+++ b/net-vpn/nstx/files/nstxcd.init
@@ -0,0 +1,103 @@
+#!/sbin/openrc-run
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# (Written by Phillip Berndt <phillip.berndt at gmail dot com>)
+# (Modified by Steven Brudenell <steven dot brudenell at gmail>)
+
+depend() {
+ local iface
+
+ for iface in ${NEED_INTERFACES} ; do
+ need net.${iface}
+ done
+
+ # If the user set TUNTAP_INTERFACE, they probably have a net script
+ # configuring that interface. nstxcd is responsible for actually creating
+ # the stupid thing, so we need to run before the config.
+ if [ ! -z ${TUNTAP_INTERFACE} ] ; then
+ if [ -x /etc/init.d/net.${TUNTAP_INTERFACE} ] ; then
+ before net.${TUNTAP_INTERFACE}
+ fi
+ fi
+}
+
+loadtun() {
+ if [ ! -e /dev/net/tun ]
+ then
+ ebegin "Loading TUN/TAP kernel module"
+ modprobe -q tun
+ eend $?
+ fi
+
+ if [ ! -e /dev/net/tun ]
+ then
+ eend 1 "Failed to load TUN driver! (did you compile your kernel with TUN/TAP support?)"
+ return 1
+ fi
+
+ return 0
+}
+
+checkconfig() {
+ if [ -z "${DOMAIN}" ] ; then
+ eerror "DOMAIN must be set"
+ return 1
+ fi
+
+ [ -z "${TUNTAP_INTERFACE}" ] || NSTXCD_OPTS="${NSTXCD_OPTS} -I ${TUNTAP_INTERFACE}"
+ [ -z "${TUNTAP_DEVICE}" ] || NSTXCD_OPTS="${NSTXCD_OPTS} -d ${TUNTAP_DEVICE}"
+
+ case "${MODE}" in
+ TUN)
+ NSTXCD_OPTS="${NSTXCD_OPTS} -t"
+ ;;
+ TAP)
+ NSTXCD_OPTS="${NSTXCD_OPTS} -T"
+ ;;
+ *)
+ eerror "MODE must be either TUN or TAP"
+ return 1
+ ;;
+ esac
+
+ if [ -z "${DNS_SERVER}" ] ; then
+ DNS_SERVER=`awk '/^nameserver/{ print $2; exit; }' /etc/resolv.conf`
+
+ if [ -z "${DNS_SERVER}" ] ; then
+ eerror "DNS_SERVER not set, and couldn't determine a nameserver from /etc/resolv.conf"
+ return 1
+ fi
+ export DNS_SERVER
+ fi
+
+ return 0
+}
+
+start() {
+ checkconfig || return 1
+
+ loadtun || return 1
+
+ ebegin "Starting nstxcd"
+
+ start-stop-daemon \
+ --start \
+ --background \
+ --make-pidfile \
+ --exec /usr/sbin/nstxcd \
+ --pidfile "/var/run/nstxcd.pid" \
+ -- ${NSTXCD_OPTS} ${DOMAIN} ${DNS_SERVER}
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping nstxcd"
+
+ start-stop-daemon \
+ --stop \
+ --exec /usr/sbin/nstxcd \
+ --pidfile "/var/run/nstxcd.pid"
+
+ eend $?
+}
diff --git a/net-vpn/nstx/files/nstxd.conf b/net-vpn/nstx/files/nstxd.conf
new file mode 100644
index 000000000000..4d3365a7142d
--- /dev/null
+++ b/net-vpn/nstx/files/nstxd.conf
@@ -0,0 +1,35 @@
+# /etc/conf.d/nstxd: config file for /etc/init.d/nstxd
+
+# DOMAIN is the DNS domain which will be the base for NSTX tunneling. You must
+# set up this domain such that its nameserver points to this machine. For
+# example, if your tunnel domain is "tunnelhere.example.com", the nameserver for
+# example.com should have the following record:
+#
+# tunnelhere.example.com IN NS this.machine.example.com
+#DOMAIN="tunnelhere.example.com"
+
+# Set to "TUN" for TUN (IP/layer-3) mode, or "TAP" for TAP (ethernet/layer-2)
+# mode. Your clients must run in the same mode, or you will send and receive
+# only garbage.
+MODE="TUN"
+
+# This will be the virtual TUN/TAP interface created by nstxd. If unset,
+# defaults to tun0 or tap0. Note that no IP configuration will be supplied by
+# nstxd -- you must do this yourself using net scripts.
+#TUNTAP_INTERFACE=tun53
+
+# Interface to bind to, instead of binding to all available interfaces. You can
+# supply either an interface name or IP address here. Useful if you run an
+# internal DNS server but want to run NSTX on your external interface. Note that
+# nstxd always binds to port 53.
+#BIND_INTERFACE=eth1
+#BIND_INTERFACE=1.2.3.4
+
+# Chroot to this directory after startup
+#CHROOT=/dev/null
+
+# Drop privileges to this user after startup
+#NSTXD_USER=nstxd
+
+# Other miscellaneous options to pass to nstxd (man 7 nstxd for details)
+#NSTXD_OPTS=""
diff --git a/net-vpn/nstx/files/nstxd.init b/net-vpn/nstx/files/nstxd.init
new file mode 100644
index 000000000000..2bf2a4133251
--- /dev/null
+++ b/net-vpn/nstx/files/nstxd.init
@@ -0,0 +1,94 @@
+#!/sbin/openrc-run
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# (Written by Phillip Berndt <phillip.berndt at gmail dot com>)
+# (Modified by Steven Brudenell <steven dot brudenell at gmail>)
+
+depend() {
+ if [ ! -z "${BIND_INTERFACE}" ] ; then
+ if [ -x /etc/init.d/net.${BIND_INTERFACE} ] ; then
+ need net.${BIND_INTERFACE}
+ fi
+ fi
+
+ # If the user set TUNTAP_INTERFACE, they probably have a net script
+ # configuring that interface. nstxcd is responsible for actually creating
+ # the stupid thing, so we need to run before the config.
+ if [ ! -z "${TUNTAP_INTERFACE}" ] ; then
+ if [ -x /etc/init.d/net.${TUNTAP_INTERFACE} ] ; then
+ before net.${TUNTAP_INTERFACE}
+ fi
+ fi
+}
+
+loadtun() {
+ if [ ! -e /dev/net/tun ]
+ then
+ ebegin "Loading TUN/TAP kernel module"
+ modprobe -q tun
+ eend $?
+ fi
+
+ if [ ! -e /dev/net/tun ]
+ then
+ eend 1 "Failed to load TUN driver! (did you compile your kernel with TUN/TAP support?)"
+ return 1
+ fi
+
+ return 0
+}
+
+checkconfig() {
+ if [ -z "${DOMAIN}" ] ; then
+ eerror "DOMAIN must be set"
+ return 1
+ fi
+
+ [ -z "${TUNTAP_INTERFACE}" ] || NSTXD_OPTS="${NSTXD_OPTS} -I ${TUNTAP_INTERFACE}"
+ [ -z "${TUNTAP_DEVICE}" ] || NSTXD_OPTS="${NSTXD_OPTS} -d ${TUNTAP_DEVICE}"
+ [ -z "${BIND_INTERFACE}" ] || NSTXD_OPTS="${NSTXD_OPTS} -i ${BIND_INTERFACE}"
+ [ -z "${CHROOT}" ] || NSTXD_OPTS="${NSTXD_OPTS} -C ${CHROOT}"
+ [ -z "${NSTXD_USER}" ] || NSTXD_OPTS="${NSTXD_OPTS} -u ${NSTXD_USER}"
+
+ case "${MODE}" in
+ TUN)
+ NSTXD_OPTS="${NSTXD_OPTS} -t"
+ ;;
+ TAP)
+ NSTXD_OPTS="${NSTXD_OPTS} -T"
+ ;;
+ *)
+ eerror "MODE must be either TUN or TAP"
+ return 1
+ ;;
+ esac
+}
+
+start() {
+ checkconfig || return 1
+
+ loadtun || return 1
+
+ ebegin "Starting nstxd"
+
+ start-stop-daemon \
+ --start \
+ --background \
+ --make-pidfile \
+ --exec /usr/sbin/nstxd \
+ --pidfile "/var/run/nstxd.pid" \
+ -- ${NSTXD_OPTS} ${DOMAIN}
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping nstxd"
+
+ start-stop-daemon \
+ --stop \
+ --exec /usr/sbin/nstxd \
+ --pidfile "/var/run/nstxd.pid"
+
+ eend $?
+}