update to OpenVPN 2.1rc22.

rdomain support from Laurent Ghigonis. tested by various. ok bernd@, benoit@
2009-11-26 22:55:27 +00:00 · 2009-11-26 22:55:27 +00:00 · 4c0617af08
commit 4c0617af08
parent e4750f009c
9 changed files with 134 additions and 9 deletions
--- a/net/openvpn/Makefile
+++ b/net/openvpn/Makefile
@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.26 2009/10/10 13:35:33 sthen Exp $
+# $OpenBSD: Makefile,v 1.27 2009/11/26 22:55:27 fkr Exp $

 COMMENT=	easy-to-use, robust, and highly configurable VPN

-VERSION=	2.1_rc20
+VERSION=	2.1_rc22
 DISTNAME=	openvpn-${VERSION}
-PKGNAME=	${DISTNAME:S/_//g}p0
+PKGNAME=	${DISTNAME:S/_//g}
 CATEGORIES=	net security

 HOMEPAGE=	http://openvpn.net/
--- a/net/openvpn/distinfo
+++ b/net/openvpn/distinfo
@ -1,5 +1,5 @@
-MD5 (openvpn-2.1_rc20.tar.gz) = gYf48hUH+qxeMg4ydHIDuA==
-RMD160 (openvpn-2.1_rc20.tar.gz) = TdeSTLQaJo52qTr2b9BflI8i5fM=
-SHA1 (openvpn-2.1_rc20.tar.gz) = qw6Si9fUiW3bAGG/OrqfPNbO/m4=
-SHA256 (openvpn-2.1_rc20.tar.gz) = TUI7SMs8zGa1ZpuUBNywKMtir0EDYcCeYFbbDF0qEmc=
-SIZE (openvpn-2.1_rc20.tar.gz) = 844253
+MD5 (openvpn-2.1_rc22.tar.gz) = pMpdefdGf8U3sha/8cdE8g==
+RMD160 (openvpn-2.1_rc22.tar.gz) = CM4B7YOJlw6ODxfXqESPpg2mafQ=
+SHA1 (openvpn-2.1_rc22.tar.gz) = pLKjHCrOh+sIgi9kgrkcfRbZePc=
+SHA256 (openvpn-2.1_rc22.tar.gz) = 1TM006UqzodwJ/dupw2NmCRNZ9yNxCiHW/rlqMwnJAA=
+SIZE (openvpn-2.1_rc22.tar.gz) = 846651
--- a/net/openvpn/patches/patch-init_c
+++ b/net/openvpn/patches/patch-init_c
@ -0,0 +1,11 @@
+$OpenBSD: patch-init_c,v 1.1 2009/11/26 22:55:27 fkr Exp $
+--- init.c.orig	Thu Oct  1 18:02:18 2009
+++ init.c	Thu Oct 29 18:44:33 2009
+@@ -2216,6 +2216,7 @@ do_init_socket_1 (struct context *c, const int mode)
+ 			   c->options.mtu_discover_type,
+ 			   c->options.rcvbuf,
+ 			   c->options.sndbuf,
+			   c->options.rdomain,
+ 			   sockflags);
+ }
+ 
--- a/net/openvpn/patches/patch-openvpn_8
+++ b/net/openvpn/patches/patch-openvpn_8
@ -0,0 +1,15 @@
+$OpenBSD: patch-openvpn_8,v 1.1 2009/11/26 22:55:27 fkr Exp $
+--- openvpn.8.orig	Sat Nov 21 00:02:43 2009
+++ openvpn.8	Fri Nov 20 23:45:31 2009
+@@ -1313,6 +1313,11 @@ on both client and server for maximum effect.
+ Currently defaults to 100.
+ .\"*********************************************************
+ .TP
+.B --rdomain n
+(OpenBSD only) Set the routing domain.
+Defaults to 0.
+.\"*********************************************************
+.TP
+ .B --shaper n
+ Limit bandwidth of outgoing tunnel data to
+ .B n
--- a/net/openvpn/patches/patch-options_c
+++ b/net/openvpn/patches/patch-options_c
@ -0,0 +1,31 @@
+$OpenBSD: patch-options_c,v 1.1 2009/11/26 22:55:27 fkr Exp $
+--- options.c.orig	Fri Nov 20 13:09:14 2009
+++ options.c	Fri Nov 20 23:38:08 2009
+@@ -250,6 +250,7 @@ static const char usage_message[] =
+   "--sndbuf size   : Set the TCP/UDP send buffer size.\n"
+   "--rcvbuf size   : Set the TCP/UDP receive buffer size.\n"
+   "--txqueuelen n  : Set the tun/tap TX queue length to n (Linux only).\n"
+  "--rdomain n     : Set the routing domain (default=0, OpenBSD only)\n"
+   "--mlock         : Disable Paging -- ensures key material and tunnel\n"
+   "                  data will never be written to disk.\n"
+   "--up cmd        : Shell cmd to execute after successful tun device open.\n"
+@@ -1253,6 +1254,7 @@ show_settings (const struct options *o)
+ #endif
+   SHOW_INT (rcvbuf);
+   SHOW_INT (sndbuf);
+  SHOW_INT (rdomain);
+   SHOW_INT (sockflags);
+ 
+   SHOW_BOOL (fast_io);
+@@ -3989,6 +3991,11 @@ add_option (struct options *options,
+     {
+       VERIFY_PERMISSION (OPT_P_SOCKBUF);
+       options->sndbuf = positive_atoi (p[1]);
+    }
+  else if (streq (p[0], "rdomain") && p[1])
+    {
+      VERIFY_PERMISSION (OPT_P_SOCKFLAGS);
+      options->rdomain = positive_atoi (p[1]);
+     }
+   else if (streq (p[0], "socket-flags"))
+     {
--- a/net/openvpn/patches/patch-options_h
+++ b/net/openvpn/patches/patch-options_h
@ -0,0 +1,13 @@
+$OpenBSD: patch-options_h,v 1.1 2009/11/26 22:55:27 fkr Exp $
+--- options.h.orig	Thu Oct  1 18:02:18 2009
+++ options.h	Thu Oct 29 18:44:33 2009
+@@ -285,6 +285,9 @@ struct options
+   int rcvbuf;
+   int sndbuf;
+ 
+  /* routing domain */
+  int rdomain;
+
+   /* socket flags */
+   unsigned int sockflags;
+ 
--- a/net/openvpn/patches/patch-socket_c
+++ b/net/openvpn/patches/patch-socket_c
@ -0,0 +1,43 @@
+$OpenBSD: patch-socket_c,v 1.1 2009/11/26 22:55:27 fkr Exp $
+--- socket.c.orig	Thu Oct  1 18:02:18 2009
+++ socket.c	Thu Oct 29 21:27:46 2009
+@@ -503,6 +503,20 @@ socket_set_tcp_nodelay (int sd, int state)
+ #endif
+ }
+ 
+static void
+socket_set_rdomain (int sd, int rdomain)
+{
+#ifdef TARGET_OPENBSD
+  if (rdomain > 0)
+  {
+    if (setsockopt (sd, IPPROTO_IP, SO_RDOMAIN, &rdomain, sizeof(rdomain)) == -1)
+      msg (M_SOCKERR, "Socket flags: SO_RDOMAIN=%d failed, cannot bind on specified routing domain", rdomain);
+    else
+      dmsg (D_SOCKET_DEBUG, "Socket flags: SO_RDOMAIN=%d succeeded", rdomain);
+  }
+#endif
+}
+
+ static bool
+ socket_set_flags (int sd, unsigned int sockflags)
+ {
+@@ -1181,6 +1195,7 @@ link_socket_init_phase1 (struct link_socket *sock,
+ 			 int mtu_discover_type,
+ 			 int rcvbuf,
+ 			 int sndbuf,
+			 int rdomain,
+ 			 unsigned int sockflags)
+ {
+   ASSERT (sock);
+@@ -1291,6 +1306,10 @@ link_socket_init_phase1 (struct link_socket *sock,
+   else if (mode != LS_MODE_TCP_ACCEPT_FROM)
+     {
+       create_socket (sock);
+
+      /* set the routing domain for the socket */
+      socket_set_rdomain (sock->sd, rdomain);
+
+       resolve_bind_local (sock);
+       resolve_remote (sock, 1, NULL, NULL);
+     }
--- a/net/openvpn/patches/patch-socket_h
+++ b/net/openvpn/patches/patch-socket_h
@ -0,0 +1,11 @@
+$OpenBSD: patch-socket_h,v 1.1 2009/11/26 22:55:27 fkr Exp $
+--- socket.h.orig	Thu Oct  1 18:02:18 2009
+++ socket.h	Thu Oct 29 18:44:33 2009
+@@ -311,6 +311,7 @@ link_socket_init_phase1 (struct link_socket *sock,
+ 			 int mtu_discover_type,
+ 			 int rcvbuf,
+ 			 int sndbuf,
+			 int rdomain,
+ 			 unsigned int sockflags);
+ 
+ void link_socket_init_phase2 (struct link_socket *sock,
--- a/net/openvpn/pkg/PLIST
+++ b/net/openvpn/pkg/PLIST
@ -1,4 +1,4 @@
-@comment $OpenBSD: PLIST,v 1.10 2008/10/22 05:27:07 fkr Exp $
+@comment $OpenBSD: PLIST,v 1.11 2009/11/26 22:55:28 fkr Exp $
@newgroup _openvpn:577
@newuser _openvpn:577:_openvpn:daemon:OpenVPN Daemon:/nonexistent:/sbin/nologin
@man man/man8/openvpn.8
@ -79,6 +79,7 @@ share/examples/openvpn/sample-scripts/
 share/examples/openvpn/sample-scripts/auth-pam.pl
 share/examples/openvpn/sample-scripts/bridge-start
 share/examples/openvpn/sample-scripts/bridge-stop
+share/examples/openvpn/sample-scripts/bs
 share/examples/openvpn/sample-scripts/openvpn.init
 share/examples/openvpn/sample-scripts/ucn.pl
 share/examples/openvpn/sample-scripts/verify-cn