diff options
author | Jason A. Donenfeld <zx2c4@gentoo.org> | 2017-03-17 15:37:57 +0100 |
---|---|---|
committer | Jason A. Donenfeld <zx2c4@gentoo.org> | 2017-03-17 15:38:28 +0100 |
commit | 9754f457cc6d0aeb90a1535a5228ef909e9584c9 (patch) | |
tree | ffbd77f41fb100837cc8f992f8dc863cd01c270d /net-vpn/nstx/files | |
parent | app-forensics/openscap: remove old (diff) | |
download | gentoo-9754f457cc6d0aeb90a1535a5228ef909e9584c9.tar.gz gentoo-9754f457cc6d0aeb90a1535a5228ef909e9584c9.tar.bz2 gentoo-9754f457cc6d0aeb90a1535a5228ef909e9584c9.zip |
Second half of net-vpn/ move
Diffstat (limited to 'net-vpn/nstx/files')
-rw-r--r-- | net-vpn/nstx/files/nstx-1.1_beta6_00-linux-tuntap.patch | 465 | ||||
-rw-r--r-- | net-vpn/nstx/files/nstx-1.1_beta6_01-bind-interface-name.patch | 134 | ||||
-rw-r--r-- | net-vpn/nstx/files/nstx-1.1_beta6_02-warn-on-frag.patch | 22 | ||||
-rw-r--r-- | net-vpn/nstx/files/nstx-1.1_beta6_03-delete-dwrite.patch | 18 | ||||
-rw-r--r-- | net-vpn/nstx/files/nstx-1.1_beta6_04-delete-werror.patch | 9 | ||||
-rw-r--r-- | net-vpn/nstx/files/nstx-1.1_beta6_05-respect-ldflags.patch | 19 | ||||
-rw-r--r-- | net-vpn/nstx/files/nstxcd.conf | 46 | ||||
-rw-r--r-- | net-vpn/nstx/files/nstxcd.init | 103 | ||||
-rw-r--r-- | net-vpn/nstx/files/nstxd.conf | 35 | ||||
-rw-r--r-- | net-vpn/nstx/files/nstxd.init | 94 |
10 files changed, 945 insertions, 0 deletions
diff --git a/net-vpn/nstx/files/nstx-1.1_beta6_00-linux-tuntap.patch b/net-vpn/nstx/files/nstx-1.1_beta6_00-linux-tuntap.patch new file mode 100644 index 000000000000..524fd705a86e --- /dev/null +++ b/net-vpn/nstx/files/nstx-1.1_beta6_00-linux-tuntap.patch @@ -0,0 +1,465 @@ +diff -ru nstx-1.1-beta6.orig/nstx_tuntap.c nstx-1.1-beta6/nstx_tuntap.c +--- nstx-1.1-beta6.orig/nstx_tuntap.c 2009-03-16 05:31:24.000000000 +0000 ++++ nstx-1.1-beta6/nstx_tuntap.c 2009-03-16 22:45:28.000000000 +0000 +@@ -19,13 +19,15 @@ + + #ifdef linux + #include <linux/if_tun.h> +-#define TUNDEV "/dev/net/tun" ++#define TUNINT "tun0" ++#define TUNDEVNODE "/dev/net/tun" + #else + # include <net/if_tun.h> ++# define TUNINT "NULL?" + # if __FreeBSD_version < 500000 +-# define TUNDEV "/dev/tun2" ++# define TUNDEVNODE "/dev/tun2" + # else +-# define TUNDEV "/dev/tun" ++# define TUNDEVNODE "/dev/tun" + # endif + #endif + +@@ -33,127 +35,135 @@ + + #define MAXPKT 2000 + +-#define TAPDEV "/dev/tap0" ++#define TAPINT "tap0" ++#define TAPDEVNODE "/dev/net/tun" + + int tfd = -1, nfd = -1; + static char dev[IFNAMSIZ+1]; + +-static int tun_alloc (const char *path); ++static int tun_alloc (const char * interface, const char * device_node); ++static int tap_alloc (const char * interface, const char * device_node); ++ + #ifdef linux +-static int tap_alloc (const char *path); ++static int tuntap_alloc_linux(const char * interface, const char * device_node, ++ int mode); ++#else ++static int tun_alloc_bsd(const char * interface, const char * device_node); + #endif + + void +-open_tuntap(const char *device) ++open_tuntap(const char * interface, const char * device_node, int tun) + { +- int tunerr; +-#ifdef linux +- int taperr; +-#endif ++ int err; ++ ++ if (!interface) ++ interface = (tun ? TUNINT : TAPINT); ++ ++ if (!device_node) ++ device_node = (tun ? TUNDEVNODE : TAPDEVNODE); ++ ++ fprintf(stderr, "Opening %s interface %s at %s... ", tun ? "tun" : "tap", ++ interface, device_node); ++ ++ err = (tun ? tun_alloc(interface, device_node) : tap_alloc(interface, ++ device_node)); ++ ++ if (!err) { ++ fprintf(stderr, "using interface %s\n", dev); ++ ++ if (tun) ++ fprintf(stderr, "you will now need to assign an ip and routing to " ++ "this interface\n"); ++ else ++ fprintf(stderr, "you will now need to add bridging or other rules " ++ "to this interface\n"); ++ return; ++ } + +- fprintf(stderr, "Opening tun/tap-device... "); +- if ((tunerr = tun_alloc(device ? device : TUNDEV)) ++ fprintf(stderr, "failed! (%s)\n", strerror(err)); ++ ++ fprintf(stderr, "Diagnostics: "); ++ ++ if (err == EPERM) ++ fprintf(stderr, "you usually have to be root to use nstx.\n"); ++ else if (err == ENOENT) ++ fprintf(stderr, "maybe you need kernel support -- did you modprobe " ++ "tap?\n"); ++ else if (err == ENODEV) ++ fprintf(stderr, "maybe you need kernel support -- did you modprobe " ++ "tap?\n"); + #ifdef linux +- && (taperr = tap_alloc(device ? device : TAPDEV)) ++#else ++ else if ((err == EINVAL) && !tun) ++ fprintf(stderr, "tap support is only available under linux\n"); + #endif +- ) { +- fprintf(stderr, "failed!\n" +- "Diagnostics:\nTun ("TUNDEV"): "); +- switch (tunerr) { +- case EPERM: +- fprintf(stderr, "Permission denied. You usually have to " +- "be root to use nstx.\n"); +- break; +- case ENOENT: +- fprintf(stderr, TUNDEV " not found. Please create /dev/net/ and\n" +- " mknod /dev/net/tun c 10 200 to use the tun-device\n"); +- break; +- case ENODEV: +- fprintf(stderr, "Device not available. Make sure you have " +- "kernel-support\n for the tun-device. Under linux, you " +- "need tun.o (Universal tun/tap-device)\n"); +- break; +- default: +- perror("Unexpected error"); +- break; +- } +- fprintf(stderr, "Tap ("TAPDEV"):\n(only available under linux)\n"); ++ else ++ fprintf(stderr, "none, sorry\n"); ++ ++ exit(EXIT_FAILURE); ++} ++ ++int tun_alloc(const char * interface, const char * device_node) ++{ + #ifdef linux +- switch (taperr) { +- case EPERM: +- fprintf(stderr, "Permission denied. You generally have to " +- "be root to use nstx.\n"); +- break; +- case ENOENT: +- fprintf(stderr, TAPDEV " not found. Please\n" +- " mknod /dev/tap0 c 36 16 to use the tap-device\n"); +- break; +- case ENODEV: +- fprintf(stderr, "Device not available. Make sure you have kernel-support\n" +- " for the tap-device. Under linux, you need netlink_dev.o and ethertap.o\n"); +- break; +- default: +- fprintf(stderr, "Unexpected error: %s\n", strerror(taperr)); +- break; +- } ++ return tuntap_alloc_linux(interface, device_node, IFF_TUN); ++#else ++ return tun_alloc_bsd(interface, device_node); + #endif +- exit(EXIT_FAILURE); +- } +- +- fprintf(stderr, "using device %s\n" +- "Please configure this device appropriately (IP, routes, etc.)\n", dev); + } + +-int +-tun_alloc (const char *path) ++int tap_alloc(const char * interface, const char * device_node) + { + #ifdef linux +- struct ifreq ifr; ++ return tuntap_alloc_linux(interface, device_node, IFF_TAP); + #else +- struct stat st; ++ return EINVAL; + #endif +- +- if ((tfd = open(path, O_RDWR)) < 0) +- return errno; ++} + + #ifdef linux +- memset(&ifr, 0, sizeof(ifr)); ++ ++int tuntap_alloc_linux(const char * interface, const char * device_node, ++ int mode) ++{ ++ struct ifreq ifr; ++ ++ if ((tfd = open(device_node, O_RDWR)) < 0) ++ return errno; ++ ++ memset(&ifr, 0, sizeof(ifr)); + +- ifr.ifr_flags = IFF_TUN|IFF_NO_PI; ++ ifr.ifr_flags = mode | IFF_NO_PI; ++ strncpy(ifr.ifr_name, interface, sizeof(ifr.ifr_name)); ++ ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = 0; + +- if (ioctl(tfd, TUNSETIFF, (void *) &ifr) < 0) +- { +- close(tfd); +- tfd = -1; +- return errno; +- } +- strncpy(dev, ifr.ifr_name, IFNAMSIZ+1); +-#else +- fstat(tfd, &st); +- strncpy(dev, devname(st.st_rdev, S_IFCHR), IFNAMSIZ+1); +-#endif ++ if (ioctl(tfd, TUNSETIFF, (void *) &ifr) < 0) { ++ close(tfd); ++ tfd = -1; ++ return errno; ++ } ++ ++ strncpy(dev, ifr.ifr_name, IFNAMSIZ+1); + +- return 0; ++ return 0; + } + ++#else /* bsd */ + +-#ifdef linux +-int +-tap_alloc(const char *path) ++int tun_alloc_bsd(const char * interface, const char * device_node) + { +- char *ptr; +- +- if ((tfd = open(path, O_RDWR)) < 0) ++ struct stat st; ++ ++ if ((tfd = open(device_node, O_RDWR)) < 0) + return errno; +- +- if ((ptr = strrchr(path, '/'))) +- strncpy(dev, ptr+1, IFNAMSIZ+1); +- else +- strncpy(dev, path, IFNAMSIZ+1); ++ ++ fstat(tfd, &st); ++ strncpy(dev, devname(st.st_rdev, S_IFCHR), IFNAMSIZ+1); + + return 0; + } +-#endif ++ ++#endif /* linux/bsd */ + + void + open_ns(const char *ip) +diff -ru nstx-1.1-beta6.orig/nstxcd.8 nstx-1.1-beta6/nstxcd.8 +--- nstx-1.1-beta6.orig/nstxcd.8 2009-03-16 05:31:24.000000000 +0000 ++++ nstx-1.1-beta6/nstxcd.8 2009-03-16 23:16:21.000000000 +0000 +@@ -3,7 +3,7 @@ + nstxcd \- IP over DNS tunneling client + + .SH SYNOPSIS +-.B "nstxcd \fIDOMAIN\fR \fIIPADDRESS\fR" ++.B "nstxcd \fIOPTIONS\fR \fIDOMAIN\fR \fIIPADDRESS\fR" + + .SH DESCRIPTION + .B nstxcd +@@ -13,6 +13,14 @@ + .SH OPTIONS + .B nstxcd + takes the following options: ++.IP \-I tun/tap interface ++Use this tun/tap interface instead of the default (tun0/tap0) ++.IP \-d tun/tap device node ++Use this tun/tap device node instead of the default (/dev/net/tun on Linux) ++.IP \-t ++Tun mode (default) ++.IP \-T ++Tap mode + .IP "domain" + The domain that nstxcd will send requests to. This domain must be delegated + to a machine that is running nstxd. +@@ -22,9 +30,9 @@ + .SH USAGE + .Bnstxcd + should be run against a domain that has been delegated to a machine running +-nstxd. It will then take any packets that are sent to the tun0 interface and +-send them over DNS to the other tunnel endpoint. Responses will appear on +-the tun0 interface. ++nstxd. It will then take any packets that are sent to the tun/tap interface and ++send them over DNS to the other tunnel endpoint. Responses will appear on the ++tun/tap interface. + + .SH AUTHORS + +diff -ru nstx-1.1-beta6.orig/nstxcd.c nstx-1.1-beta6/nstxcd.c +--- nstx-1.1-beta6.orig/nstxcd.c 2009-03-16 05:31:24.000000000 +0000 ++++ nstx-1.1-beta6/nstxcd.c 2009-03-16 23:16:07.000000000 +0000 +@@ -55,25 +55,44 @@ + static void + usage(const char *prog, int code) + { +- fprintf(stderr, "Usage: %s [-d tun-device] <domainname> <dns-server>\n" +- "Example: %s tun.yomama.com 125.23.53.12\n", prog, prog); ++ fprintf(stderr, "Usage: %s [options] <domainname> <dns-server>\n" ++ "Where options are:\n" ++ "\t-d path (use this tun/tap device node instead of default)\n" ++ "\t-I interface (use this tun/tap interface instead of default)\n" ++#ifdef linux ++ "\t-t (tun mode, default)\n" ++ "\t-T (tap mode)\n" ++#endif ++ "example:\n" ++ "%s tun.yomama.com 125.23.53.12\n", prog, prog); + exit(code); + } + + int main (int argc, char * argv[]) { + struct nstxmsg *msg; +- const char *device = NULL; ++ const char *interface = NULL; ++ const char *device_node = NULL; + int ch; ++ int tun = 1; + + nsid = time(NULL); + + if (argc < 3) + usage(argv[0], EX_USAGE); + +- while ((ch = getopt(argc, argv, "hd:")) != -1) { ++ while ((ch = getopt(argc, argv, "hd:I:tT")) != -1) { + switch (ch) { ++ case 'I': ++ interface = optarg; ++ break; + case 'd': +- device = optarg; ++ device_node = optarg; ++ break; ++ case 't': ++ tun = 1; ++ break; ++ case 'T': ++ tun = 0; + break; + case 'h': + usage(argv[0], 0); +@@ -85,7 +104,7 @@ + dns_setsuffix(argv[optind]); + + qsettimeout(10); +- open_tuntap(device); ++ open_tuntap(interface, device_node, tun); + open_ns(argv[optind + 1]); + + for (;;) { +diff -ru nstx-1.1-beta6.orig/nstxd.8 nstx-1.1-beta6/nstxd.8 +--- nstx-1.1-beta6.orig/nstxd.8 2009-03-16 05:31:24.000000000 +0000 ++++ nstx-1.1-beta6/nstxd.8 2009-03-16 23:16:32.000000000 +0000 +@@ -3,7 +3,7 @@ + nstxd \- IP over DNS tunneling daemon + + .SH SYNOPSIS +-.B "nstxd \fIOPTION\fR \fIDOMAIN\fR" ++.B "nstxd \fIOPTIONS\fR \fIDOMAIN\fR" + + .SH DESCRIPTION + .B nstxd +@@ -14,8 +14,14 @@ + .SH OPTIONS + .B nstxd + takes the following option: +-.IP \-d tun-device +-Use this tun device instead of tun0 ++.IP \-I tun/tap interface ++Use this tun/tap interface instead of the default (tun0/tap0) ++.IP \-d tun/tap device node ++Use this tun/tap device node instead of the default (/dev/net/tun on linux) ++.IP \-t ++Tun mode (default) ++.IP \-T ++Tap mode + .IP \-i ipaddr + Bind to this IP address rather than every available address + .IP \-C dir +@@ -33,9 +39,9 @@ + .SH USAGE + A domain should be delegated to the machine that will run nstxd. nstxd should + then be run giving that domain as the only argument. nstxd will then listen +-for requests and translate them into IP packets that will appear on the tun0 +-interface. Packets sent to the tun0 interface will be transferred back to +-the client as DNS answers. ++for requests and translate them into IP packets that will appear on the given ++tun/tap interface. Packets sent to the tun/tap interface will be transferred ++back to the client as DNS answers. + + .SH AUTHORS + +diff -ru nstx-1.1-beta6.orig/nstxd.c nstx-1.1-beta6/nstxd.c +--- nstx-1.1-beta6.orig/nstxd.c 2009-03-16 05:31:24.000000000 +0000 ++++ nstx-1.1-beta6/nstxd.c 2009-03-16 23:15:30.000000000 +0000 +@@ -55,7 +55,12 @@ + { + fprintf (stderr, "usage: %s [options] <domainname>\n" + "Where options are:\n" +- "\t-d tun-device (use this tun/tap device instead of default\n" ++ "\t-d path (use this tun/tap device node instead of default)\n" ++ "\t-I interface (use this tun/tap interface instead of default)\n" ++#ifdef linux ++ "\t-t (tun mode, default)\n" ++ "\t-T (tap mode)\n" ++#endif + "\t-i ip.to.bi.nd (bind to port 53 on this IP only)\n" + "\t-C dir (chroot() to this directory after initialization)\n" + "\t-D (call daemon(3) to detach from terminal)\n" +@@ -68,13 +73,15 @@ + + int main (int argc, char *argv[]) { + signed char ch; +- const char *device = NULL, *dir = NULL; ++ const char *interface = NULL, *dir = NULL; ++ const char *device_node = NULL; + in_addr_t bindto = INADDR_ANY; + uid_t uid = 0; + int daemonize = 0; + int logmask = LOG_UPTO(LOG_INFO); ++ int tun = 1; + +- while ((ch = getopt(argc, argv, "gDC:u:hd:i:")) != -1) { ++ while ((ch = getopt(argc, argv, "gDC:u:hd:I:i:tT")) != -1) { + switch(ch) { + case 'i': + bindto = inet_addr(optarg); +@@ -84,8 +91,17 @@ + exit(EX_USAGE); + } + break; ++ case 'I': ++ interface = optarg; ++ break; + case 'd': +- device = optarg; ++ device_node = optarg; ++ break; ++ case 't': ++ tun = 1; ++ break; ++ case 'T': ++ tun = 0; + break; + case 'D': + daemonize = 1; +@@ -121,7 +137,7 @@ + + dns_setsuffix(argv[optind]); + +- open_tuntap(device); ++ open_tuntap(interface, device_node, tun); + open_ns_bind(bindto); + + if (dir) { +diff -ru nstx-1.1-beta6.orig/nstxfun.h nstx-1.1-beta6/nstxfun.h +--- nstx-1.1-beta6.orig/nstxfun.h 2009-03-16 05:31:24.000000000 +0000 ++++ nstx-1.1-beta6/nstxfun.h 2009-03-16 22:40:44.000000000 +0000 +@@ -52,7 +52,7 @@ + + /* DNS */ + +-void open_tuntap (const char *device); ++void open_tuntap (const char * interface, const char * device_node, int tun); + void open_ns (const char *ip); + void open_ns_bind(in_addr_t ip); + diff --git a/net-vpn/nstx/files/nstx-1.1_beta6_01-bind-interface-name.patch b/net-vpn/nstx/files/nstx-1.1_beta6_01-bind-interface-name.patch new file mode 100644 index 000000000000..0d65f0f6d68b --- /dev/null +++ b/net-vpn/nstx/files/nstx-1.1_beta6_01-bind-interface-name.patch @@ -0,0 +1,134 @@ +diff -ru nstx-1.1-beta6.tuntap/Makefile nstx-1.1-beta6/Makefile +--- nstx-1.1-beta6.tuntap/Makefile 2009-03-16 23:22:11.000000000 +0000 ++++ nstx-1.1-beta6/Makefile 2009-03-16 23:27:09.000000000 +0000 +@@ -1,9 +1,9 @@ + CFLAGS += -ggdb -Wall -Werror -Wsign-compare + +-NSTXD_SRCS = nstxd.c nstx_encode.c nstx_pstack.c nstx_dns.c nstx_tuntap.c nstx_queue.c ++NSTXD_SRCS = nstxd.c nstx_encode.c nstx_pstack.c nstx_dns.c nstx_tuntap.c nstx_queue.c nstx_util.c + NSTXD_OBJS = ${NSTXD_SRCS:.c=.o} + +-NSTXCD_SRCS = nstxcd.c nstx_encode.c nstx_pstack.c nstx_dns.c nstx_tuntap.o nstx_queue.c ++NSTXCD_SRCS = nstxcd.c nstx_encode.c nstx_pstack.c nstx_dns.c nstx_tuntap.o nstx_queue.c nstx_util.c + NSTXCD_OBJS = ${NSTXCD_SRCS:.c=.o} + + PROGS = nstxd nstxcd +diff -ru nstx-1.1-beta6.tuntap/nstx_util.c nstx-1.1-beta6/nstx_util.c +--- nstx-1.1-beta6.tuntap/nstx_util.c 2004-06-27 21:43:34.000000000 +0000 ++++ nstx-1.1-beta6/nstx_util.c 2009-03-16 23:28:37.000000000 +0000 +@@ -27,6 +27,10 @@ + #include <stdio.h> + #include <sys/types.h> + #include <sys/socket.h> ++#include <net/if.h> ++#include <sys/ioctl.h> ++#include <arpa/inet.h> ++#include <errno.h> + + #include "nstxfun.h" + +@@ -48,6 +52,48 @@ + close(fd); + } + ++static int iface_addr(const char * name, in_addr_t * result) { ++ int r, s; ++ struct ifreq ifr; ++ struct sockaddr_in * sin; ++ ++ s = socket(AF_INET, SOCK_DGRAM, 0); ++ ++ if (s < 0) { ++ perror("socket"); ++ return s; ++ } ++ ++ strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); ++ ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = 0; ++ ++ r = ioctl(s, SIOCGIFADDR, &ifr); ++ ++ if (r < 0) { ++ perror("ioctl(SIOCGIFADDR)"); ++ return r; ++ } ++ ++ sin = (struct sockaddr_in *)&ifr.ifr_addr; ++ *result = sin->sin_addr.s_addr; ++ ++ if (*result == INADDR_ANY || *result == INADDR_NONE) { ++ fprintf(stderr, "interface %s has no assigned address\n", name); ++ return -EINVAL; ++ } ++ ++ return 0; ++} ++ ++int addr_convert(const char * s, in_addr_t * result) { ++ *result = inet_addr(s); ++ ++ if (*result != INADDR_NONE) ++ return 0; ++ ++ return iface_addr(s, result); ++} ++ + #ifdef WITH_PKTDUMP + void + pktdump (const char *prefix, unsigned short id, const char *data, +diff -ru nstx-1.1-beta6.tuntap/nstxd.8 nstx-1.1-beta6/nstxd.8 +--- nstx-1.1-beta6.tuntap/nstxd.8 2009-03-16 23:23:46.000000000 +0000 ++++ nstx-1.1-beta6/nstxd.8 2009-03-16 23:29:59.000000000 +0000 +@@ -22,8 +22,8 @@ + Tun mode (default) + .IP \-T + Tap mode +-.IP \-i ipaddr +-Bind to this IP address rather than every available address ++.IP \-i ipaddr|interface ++Bind to this IP address or interface rather than every available address + .IP \-C dir + Chroot to this directory on startup + .IP \-D +diff -ru nstx-1.1-beta6.tuntap/nstxd.c nstx-1.1-beta6/nstxd.c +--- nstx-1.1-beta6.tuntap/nstxd.c 2009-03-16 23:23:46.000000000 +0000 ++++ nstx-1.1-beta6/nstxd.c 2009-03-16 23:32:45.000000000 +0000 +@@ -61,7 +61,7 @@ + "\t-t (tun mode, default)\n" + "\t-T (tap mode)\n" + #endif +- "\t-i ip.to.bi.nd (bind to port 53 on this IP only)\n" ++ "\t-i ip|interface (bind to port 53 on this IP/interface only)\n" + "\t-C dir (chroot() to this directory after initialization)\n" + "\t-D (call daemon(3) to detach from terminal)\n" + "\t-g (enable debug messages)\n" +@@ -80,14 +80,15 @@ + int daemonize = 0; + int logmask = LOG_UPTO(LOG_INFO); + int tun = 1; ++ int r; + + while ((ch = getopt(argc, argv, "gDC:u:hd:I:i:tT")) != -1) { + switch(ch) { + case 'i': +- bindto = inet_addr(optarg); +- if (bindto == INADDR_NONE) { +- fprintf(stderr, "`%s' is not an IP-address\n", +- optarg); ++ r = addr_convert(optarg, &bindto); ++ if (r < 0) { ++ fprintf(stderr, "couldn't use interface %s: %s\n", optarg, ++ strerror(-r)); + exit(EX_USAGE); + } + break; +diff -ru nstx-1.1-beta6.tuntap/nstxfun.h nstx-1.1-beta6/nstxfun.h +--- nstx-1.1-beta6.tuntap/nstxfun.h 2009-03-16 23:23:46.000000000 +0000 ++++ nstx-1.1-beta6/nstxfun.h 2009-03-16 23:28:37.000000000 +0000 +@@ -102,4 +102,6 @@ + void pktdump (const char *, unsigned short, const char *, size_t, int); + #endif + ++int addr_convert(const char *, in_addr_t *); ++ + #endif /* _NSTXHDR_H */ diff --git a/net-vpn/nstx/files/nstx-1.1_beta6_02-warn-on-frag.patch b/net-vpn/nstx/files/nstx-1.1_beta6_02-warn-on-frag.patch new file mode 100644 index 000000000000..251ad583150b --- /dev/null +++ b/net-vpn/nstx/files/nstx-1.1_beta6_02-warn-on-frag.patch @@ -0,0 +1,22 @@ +Only in nstx-1.1-beta6.orig/: nstx_dns.o +Only in nstx-1.1-beta6.orig/: nstx_encode.o +Only in nstx-1.1-beta6.orig/: nstx_pstack.o +diff -ru nstx-1.1-beta6.orig/nstx_tuntap.c nstx-1.1-beta6/nstx_tuntap.c +--- nstx-1.1-beta6.orig/nstx_tuntap.c 2009-03-16 23:56:02.000000000 +0000 ++++ nstx-1.1-beta6/nstx_tuntap.c 2009-03-17 00:06:00.000000000 +0000 +@@ -274,7 +274,13 @@ + sendtun(const char *data, size_t len) + { + // printf("Sent len %d, csum %d\n", len, checksum(data, len)); +- write(tfd, data, len); ++ size_t w = write(tfd, data, len); ++ ++ if (w < len) { ++ fprintf(stderr, "packet was descrutively fragmented! (len=%zd, " ++ "wrote=%zd)\n", ++ len, w); ++ } + } + + void +Only in nstx-1.1-beta6.orig/: nstxd.o diff --git a/net-vpn/nstx/files/nstx-1.1_beta6_03-delete-dwrite.patch b/net-vpn/nstx/files/nstx-1.1_beta6_03-delete-dwrite.patch new file mode 100644 index 000000000000..e943fa106b73 --- /dev/null +++ b/net-vpn/nstx/files/nstx-1.1_beta6_03-delete-dwrite.patch @@ -0,0 +1,18 @@ +diff -ru nstx-1.1-beta6.orig/nstx_util.c nstx-1.1-beta6/nstx_util.c +--- nstx-1.1-beta6.orig/nstx_util.c 2009-03-17 00:08:18.000000000 +0000 ++++ nstx-1.1-beta6/nstx_util.c 2009-03-17 00:08:37.000000000 +0000 +@@ -44,14 +44,6 @@ + return x; + } + +-void dwrite (char *path, char *buf, int len) { +- int fd; +- +- fd = open(path, O_RDWR|O_CREAT|O_TRUNC, 0600); +- write(fd, buf, len); +- close(fd); +-} +- + static int iface_addr(const char * name, in_addr_t * result) { + int r, s; + struct ifreq ifr; diff --git a/net-vpn/nstx/files/nstx-1.1_beta6_04-delete-werror.patch b/net-vpn/nstx/files/nstx-1.1_beta6_04-delete-werror.patch new file mode 100644 index 000000000000..35f7d0199b9d --- /dev/null +++ b/net-vpn/nstx/files/nstx-1.1_beta6_04-delete-werror.patch @@ -0,0 +1,9 @@ +diff -ru nstx-1.1-beta6.orig/Makefile nstx-1.1-beta6/Makefile +--- nstx-1.1-beta6.orig/Makefile 2009-03-17 03:29:43.000000000 +0000 ++++ nstx-1.1-beta6/Makefile 2009-03-17 03:29:53.000000000 +0000 +@@ -1,4 +1,4 @@ +-CFLAGS += -ggdb -Wall -Werror -Wsign-compare ++CFLAGS += -ggdb -Wall -Wsign-compare + + NSTXD_SRCS = nstxd.c nstx_encode.c nstx_pstack.c nstx_dns.c nstx_tuntap.c nstx_queue.c nstx_util.c + NSTXD_OBJS = ${NSTXD_SRCS:.c=.o} diff --git a/net-vpn/nstx/files/nstx-1.1_beta6_05-respect-ldflags.patch b/net-vpn/nstx/files/nstx-1.1_beta6_05-respect-ldflags.patch new file mode 100644 index 000000000000..47edb029edb9 --- /dev/null +++ b/net-vpn/nstx/files/nstx-1.1_beta6_05-respect-ldflags.patch @@ -0,0 +1,19 @@ +Respects LDFLAGS + +http://bugs.gentoo.org/show_bug.cgi?id=323919 + +--- nstx-1.1-beta6/Makefile ++++ nstx-1.1-beta6/Makefile +@@ -11,10 +11,10 @@ + all: $(PROGS) + + nstxd: $(NSTXD_OBJS) +- $(CC) $(CFLAGS) -o nstxd $(NSTXD_OBJS) ++ $(CC) $(CFLAGS) $(LDFLAGS) -o nstxd $(NSTXD_OBJS) + + nstxcd: $(NSTXCD_OBJS) +- $(CC) $(CFLAGS) -o nstxcd $(NSTXCD_OBJS) ++ $(CC) $(CFLAGS) $(LDFLAGS) -o nstxcd $(NSTXCD_OBJS) + + clean: + rm -f *.o $(PROGS) Makefile.bak *~ core diff --git a/net-vpn/nstx/files/nstxcd.conf b/net-vpn/nstx/files/nstxcd.conf new file mode 100644 index 000000000000..a04b9d09571e --- /dev/null +++ b/net-vpn/nstx/files/nstxcd.conf @@ -0,0 +1,46 @@ +# /etc/conf.d/nstxcd: config file for /etc/init.d/nstxcd + +# DOMAIN is the DNS domain which will be the base for NSTX tunneling. You must +# set up this domain such that its nameserver points to this machine. For +# example, if your tunnel domain is "tunnelhere.example.com", the nameserver for +# example.com should have the following record: +# +# tunnelhere.example.com IN NS this.machine.example.com +#DOMAIN="tunnelhere.example.com" + +# Set to "TUN" for TUN (IP/layer-3) mode, or "TAP" for TAP (ethernet/layer-2) +# mode. You must use the same mode your server is using, or you will send and +# receive only garbage. +MODE="TUN" + +# This will be the virtual TUN/TAP interface created by nstxcd. If unset, +# defaults to tun0 or tap0. Note that no IP configuration will be supplied by +# nstxd -- you must do this yourself using net scripts. +#TUNTAP_INTERFACE=tun53 + +# The DNS server where nstxcd will send queries. This is not necessarily the +# same server as the one where the nstxd server is running. What constitutes a +# good choice here depends on your situation: if you can send DNS queries to an +# arbitrary address on the Internet, you could simply point straight to the +# instance of nstxd, if you know its IP address. If you don't, you might use a +# public DNS server, like one of the ones hosted by Level3 (4.2.2.1-4.2.2.6), +# although it is almost certainly better to set up your nstxd server instance +# with dynamic DNS so you can always find it. +# +# If you are constrained to sending DNS queries to a DHCP-provided server on +# your local LAN, your only choice is to point to that server. This will always +# work, but may yield limited performance relative to directly talking to nstxd +# or talking via a high-performance DNS server. +# +# If you leave DNS_SERVER unset, the init script will select the first +# nameserver from resolv.conf. This is the most fault-tolerant configuration. +#DNS_SERVER="" + +# This option contains a space-separated list of interfaces that should be up +# before we start. It's convenient to put your DHCP-facing address in here, so +# autodetection of DNS_SERVER from resolv.conf will work. +#NEED_INTERFACES="" + +# Other miscellaneous options to pass to nstxcd (man 7 nstxcd for details) +#NSTXCD_OPTS="" + diff --git a/net-vpn/nstx/files/nstxcd.init b/net-vpn/nstx/files/nstxcd.init new file mode 100644 index 000000000000..444358970731 --- /dev/null +++ b/net-vpn/nstx/files/nstxcd.init @@ -0,0 +1,103 @@ +#!/sbin/openrc-run +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# (Written by Phillip Berndt <phillip.berndt at gmail dot com>) +# (Modified by Steven Brudenell <steven dot brudenell at gmail>) + +depend() { + local iface + + for iface in ${NEED_INTERFACES} ; do + need net.${iface} + done + + # If the user set TUNTAP_INTERFACE, they probably have a net script + # configuring that interface. nstxcd is responsible for actually creating + # the stupid thing, so we need to run before the config. + if [ ! -z ${TUNTAP_INTERFACE} ] ; then + if [ -x /etc/init.d/net.${TUNTAP_INTERFACE} ] ; then + before net.${TUNTAP_INTERFACE} + fi + fi +} + +loadtun() { + if [ ! -e /dev/net/tun ] + then + ebegin "Loading TUN/TAP kernel module" + modprobe -q tun + eend $? + fi + + if [ ! -e /dev/net/tun ] + then + eend 1 "Failed to load TUN driver! (did you compile your kernel with TUN/TAP support?)" + return 1 + fi + + return 0 +} + +checkconfig() { + if [ -z "${DOMAIN}" ] ; then + eerror "DOMAIN must be set" + return 1 + fi + + [ -z "${TUNTAP_INTERFACE}" ] || NSTXCD_OPTS="${NSTXCD_OPTS} -I ${TUNTAP_INTERFACE}" + [ -z "${TUNTAP_DEVICE}" ] || NSTXCD_OPTS="${NSTXCD_OPTS} -d ${TUNTAP_DEVICE}" + + case "${MODE}" in + TUN) + NSTXCD_OPTS="${NSTXCD_OPTS} -t" + ;; + TAP) + NSTXCD_OPTS="${NSTXCD_OPTS} -T" + ;; + *) + eerror "MODE must be either TUN or TAP" + return 1 + ;; + esac + + if [ -z "${DNS_SERVER}" ] ; then + DNS_SERVER=`awk '/^nameserver/{ print $2; exit; }' /etc/resolv.conf` + + if [ -z "${DNS_SERVER}" ] ; then + eerror "DNS_SERVER not set, and couldn't determine a nameserver from /etc/resolv.conf" + return 1 + fi + export DNS_SERVER + fi + + return 0 +} + +start() { + checkconfig || return 1 + + loadtun || return 1 + + ebegin "Starting nstxcd" + + start-stop-daemon \ + --start \ + --background \ + --make-pidfile \ + --exec /usr/sbin/nstxcd \ + --pidfile "/var/run/nstxcd.pid" \ + -- ${NSTXCD_OPTS} ${DOMAIN} ${DNS_SERVER} + + eend $? +} + +stop() { + ebegin "Stopping nstxcd" + + start-stop-daemon \ + --stop \ + --exec /usr/sbin/nstxcd \ + --pidfile "/var/run/nstxcd.pid" + + eend $? +} diff --git a/net-vpn/nstx/files/nstxd.conf b/net-vpn/nstx/files/nstxd.conf new file mode 100644 index 000000000000..4d3365a7142d --- /dev/null +++ b/net-vpn/nstx/files/nstxd.conf @@ -0,0 +1,35 @@ +# /etc/conf.d/nstxd: config file for /etc/init.d/nstxd + +# DOMAIN is the DNS domain which will be the base for NSTX tunneling. You must +# set up this domain such that its nameserver points to this machine. For +# example, if your tunnel domain is "tunnelhere.example.com", the nameserver for +# example.com should have the following record: +# +# tunnelhere.example.com IN NS this.machine.example.com +#DOMAIN="tunnelhere.example.com" + +# Set to "TUN" for TUN (IP/layer-3) mode, or "TAP" for TAP (ethernet/layer-2) +# mode. Your clients must run in the same mode, or you will send and receive +# only garbage. +MODE="TUN" + +# This will be the virtual TUN/TAP interface created by nstxd. If unset, +# defaults to tun0 or tap0. Note that no IP configuration will be supplied by +# nstxd -- you must do this yourself using net scripts. +#TUNTAP_INTERFACE=tun53 + +# Interface to bind to, instead of binding to all available interfaces. You can +# supply either an interface name or IP address here. Useful if you run an +# internal DNS server but want to run NSTX on your external interface. Note that +# nstxd always binds to port 53. +#BIND_INTERFACE=eth1 +#BIND_INTERFACE=1.2.3.4 + +# Chroot to this directory after startup +#CHROOT=/dev/null + +# Drop privileges to this user after startup +#NSTXD_USER=nstxd + +# Other miscellaneous options to pass to nstxd (man 7 nstxd for details) +#NSTXD_OPTS="" diff --git a/net-vpn/nstx/files/nstxd.init b/net-vpn/nstx/files/nstxd.init new file mode 100644 index 000000000000..2bf2a4133251 --- /dev/null +++ b/net-vpn/nstx/files/nstxd.init @@ -0,0 +1,94 @@ +#!/sbin/openrc-run +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# (Written by Phillip Berndt <phillip.berndt at gmail dot com>) +# (Modified by Steven Brudenell <steven dot brudenell at gmail>) + +depend() { + if [ ! -z "${BIND_INTERFACE}" ] ; then + if [ -x /etc/init.d/net.${BIND_INTERFACE} ] ; then + need net.${BIND_INTERFACE} + fi + fi + + # If the user set TUNTAP_INTERFACE, they probably have a net script + # configuring that interface. nstxcd is responsible for actually creating + # the stupid thing, so we need to run before the config. + if [ ! -z "${TUNTAP_INTERFACE}" ] ; then + if [ -x /etc/init.d/net.${TUNTAP_INTERFACE} ] ; then + before net.${TUNTAP_INTERFACE} + fi + fi +} + +loadtun() { + if [ ! -e /dev/net/tun ] + then + ebegin "Loading TUN/TAP kernel module" + modprobe -q tun + eend $? + fi + + if [ ! -e /dev/net/tun ] + then + eend 1 "Failed to load TUN driver! (did you compile your kernel with TUN/TAP support?)" + return 1 + fi + + return 0 +} + +checkconfig() { + if [ -z "${DOMAIN}" ] ; then + eerror "DOMAIN must be set" + return 1 + fi + + [ -z "${TUNTAP_INTERFACE}" ] || NSTXD_OPTS="${NSTXD_OPTS} -I ${TUNTAP_INTERFACE}" + [ -z "${TUNTAP_DEVICE}" ] || NSTXD_OPTS="${NSTXD_OPTS} -d ${TUNTAP_DEVICE}" + [ -z "${BIND_INTERFACE}" ] || NSTXD_OPTS="${NSTXD_OPTS} -i ${BIND_INTERFACE}" + [ -z "${CHROOT}" ] || NSTXD_OPTS="${NSTXD_OPTS} -C ${CHROOT}" + [ -z "${NSTXD_USER}" ] || NSTXD_OPTS="${NSTXD_OPTS} -u ${NSTXD_USER}" + + case "${MODE}" in + TUN) + NSTXD_OPTS="${NSTXD_OPTS} -t" + ;; + TAP) + NSTXD_OPTS="${NSTXD_OPTS} -T" + ;; + *) + eerror "MODE must be either TUN or TAP" + return 1 + ;; + esac +} + +start() { + checkconfig || return 1 + + loadtun || return 1 + + ebegin "Starting nstxd" + + start-stop-daemon \ + --start \ + --background \ + --make-pidfile \ + --exec /usr/sbin/nstxd \ + --pidfile "/var/run/nstxd.pid" \ + -- ${NSTXD_OPTS} ${DOMAIN} + + eend $? +} + +stop() { + ebegin "Stopping nstxd" + + start-stop-daemon \ + --stop \ + --exec /usr/sbin/nstxd \ + --pidfile "/var/run/nstxd.pid" + + eend $? +} |