net-dialup/xl2tpd/files/xl2tpd-1.3.12-avp-workaround.patch - third_party/overlays/chromiumos-overlay - Git at Google

 From eefd06639cef7a97bd50e06725e5cabd299f1263 Mon Sep 17 00:00:00 2001
 From: Ben Chan <benchan@chromium.org>
 Date: Tue, 1 Nov 2011 17:05:56 -0700
 Subject: [PATCH] Patch xl2tpd-1.3.0 to exclude certain AVPs from L2TP control
  packets.

 Certain AVPs (see RFC 2661 for details) included in L2TP control packets
 by xl2tpd seem to be rejected by some VPN servers such as Check Point
 VPN. Those AVPs are either optional or not used in our use cases. This
 CL patches xl2tpd-1.3.0 to work around the issue by excluding those AVPs
 from L2TP control packets.

 BUG=chromium-os:22386
 TEST=Verified the following:
 1. Connected successfully to Check Point VPN server.
 2. Connected successfully to Windows 2008 RRAS server, Cisco ASA 5505
    and StrongSWAN VPN server with L2TP/IPsec pre-shared key to make sure
    the existing VPN support still works fine.
 3. network_VPN autotest test suite passed.

 Change-Id: I3474b62521b16fe55682d13f3716daec9c721edc
 Reviewed-on: https://gerrit.chromium.org/gerrit/11021
 Reviewed-by: Ken Mixter <kmixter@chromium.org>
 Tested-by: Ben Chan <benchan@chromium.org>
 ---
  avpsend.c | 13 +++++++++++++
  1 file changed, 13 insertions(+)

 diff --git a/avpsend.c b/avpsend.c
 index 7ba470a..c4b6326 100644
 --- a/avpsend.c
 +++ b/avpsend.c
 @@ -18,6 +18,13 @@
  #include <sys/utsname.h>
  #include "l2tp.h"

 +/*
 + * Several AVPs seem to be rejected by some VPN servers such as Check Point VPN.
 + * This macro is defined to exclude those AVPs from L2TP control packets as a
 + * workaround.
 + */
 +#define XL2TPD_WORK_AROUND_AVP_ISSUES
 +
  struct half_words {
  	_u16 s0;
  	_u16 s1;
 @@ -86,10 +93,12 @@ int add_bearer_caps_avp (struct buffer *buf, _u16 caps)

  int add_firmware_avp (struct buffer *buf)
  {
 +#ifndef XL2TPD_WORK_AROUND_AVP_ISSUES
      struct half_words *ptr = (struct half_words *) (buf->start + buf->len + sizeof(struct avp_hdr));
      add_nonmandatory_header(buf, 0x8, 0x6);
      ptr->s0 = htons (FIRMWARE_REV);
      buf->len += 0x8;
 +#endif  /* XL2TPD_WORK_AROUND_AVP_ISSUES */
      return 0;
  }

 @@ -108,9 +117,11 @@ int add_hostname_avp (struct buffer *buf, const char *hostname)

  int add_vendor_avp (struct buffer *buf)
  {
 +#ifndef XL2TPD_WORK_AROUND_AVP_ISSUES
      add_nonmandatory_header(buf, 0x6 + strlen (VENDOR_NAME), 0x8);
      strcpy ((char *) (buf->start + buf->len + sizeof(struct avp_hdr)), VENDOR_NAME);
      buf->len += 0x6 + strlen (VENDOR_NAME);
 +#endif  /* XL2TPD_WORK_AROUND_AVP_ISSUES */
      return 0;
  }

 @@ -232,11 +243,13 @@ int add_txspeed_avp (struct buffer *buf, int speed)

  int add_rxspeed_avp (struct buffer *buf, int speed)
  {
 +#ifndef XL2TPD_WORK_AROUND_AVP_ISSUES
      struct half_words *ptr = (struct half_words *) (buf->start + buf->len + sizeof(struct avp_hdr));
      add_nonmandatory_header(buf, 0xA, 0x26);
      ptr->s0 = htons ((speed >> 16) & 0xFFFF);
      ptr->s1 = htons (speed & 0xFFFF);
      buf->len += 0xA;
 +#endif  /* XL2TPD_WORK_AROUND_AVP_ISSUES */
      return 0;
  }

 --
 2.21.0.392.gf8f6787159e-goog
	From eefd06639cef7a97bd50e06725e5cabd299f1263 Mon Sep 17 00:00:00 2001
	From: Ben Chan <benchan@chromium.org>
	Date: Tue, 1 Nov 2011 17:05:56 -0700
	Subject: [PATCH] Patch xl2tpd-1.3.0 to exclude certain AVPs from L2TP control
	packets.

	Certain AVPs (see RFC 2661 for details) included in L2TP control packets
	by xl2tpd seem to be rejected by some VPN servers such as Check Point
	VPN. Those AVPs are either optional or not used in our use cases. This
	CL patches xl2tpd-1.3.0 to work around the issue by excluding those AVPs
	from L2TP control packets.

	BUG=chromium-os:22386
	TEST=Verified the following:
	1. Connected successfully to Check Point VPN server.
	2. Connected successfully to Windows 2008 RRAS server, Cisco ASA 5505
	and StrongSWAN VPN server with L2TP/IPsec pre-shared key to make sure
	the existing VPN support still works fine.
	3. network_VPN autotest test suite passed.

	Change-Id: I3474b62521b16fe55682d13f3716daec9c721edc
	Reviewed-on: https://gerrit.chromium.org/gerrit/11021
	Reviewed-by: Ken Mixter <kmixter@chromium.org>
	Tested-by: Ben Chan <benchan@chromium.org>
	---
	avpsend.c \| 13 +++++++++++++
	1 file changed, 13 insertions(+)

	diff --git a/avpsend.c b/avpsend.c
	index 7ba470a..c4b6326 100644
	--- a/avpsend.c
	+++ b/avpsend.c
	@@ -18,6 +18,13 @@
	#include <sys/utsname.h>
	#include "l2tp.h"

	+/*
	+ * Several AVPs seem to be rejected by some VPN servers such as Check Point VPN.
	+ * This macro is defined to exclude those AVPs from L2TP control packets as a
	+ * workaround.
	+ */
	+#define XL2TPD_WORK_AROUND_AVP_ISSUES
	+
	struct half_words {
	_u16 s0;
	_u16 s1;
	@@ -86,10 +93,12 @@ int add_bearer_caps_avp (struct buffer *buf, _u16 caps)

	int add_firmware_avp (struct buffer *buf)
	{
	+#ifndef XL2TPD_WORK_AROUND_AVP_ISSUES
	struct half_words ptr = (struct half_words ) (buf->start + buf->len + sizeof(struct avp_hdr));
	add_nonmandatory_header(buf, 0x8, 0x6);
	ptr->s0 = htons (FIRMWARE_REV);
	buf->len += 0x8;
	+#endif /* XL2TPD_WORK_AROUND_AVP_ISSUES */
	return 0;
	}

	@@ -108,9 +117,11 @@ int add_hostname_avp (struct buffer buf, const char hostname)

	int add_vendor_avp (struct buffer *buf)
	{
	+#ifndef XL2TPD_WORK_AROUND_AVP_ISSUES
	add_nonmandatory_header(buf, 0x6 + strlen (VENDOR_NAME), 0x8);
	strcpy ((char *) (buf->start + buf->len + sizeof(struct avp_hdr)), VENDOR_NAME);
	buf->len += 0x6 + strlen (VENDOR_NAME);
	+#endif /* XL2TPD_WORK_AROUND_AVP_ISSUES */
	return 0;
	}

	@@ -232,11 +243,13 @@ int add_txspeed_avp (struct buffer *buf, int speed)

	int add_rxspeed_avp (struct buffer *buf, int speed)
	{
	+#ifndef XL2TPD_WORK_AROUND_AVP_ISSUES
	struct half_words ptr = (struct half_words ) (buf->start + buf->len + sizeof(struct avp_hdr));
	add_nonmandatory_header(buf, 0xA, 0x26);
	ptr->s0 = htons ((speed >> 16) & 0xFFFF);
	ptr->s1 = htons (speed & 0xFFFF);
	buf->len += 0xA;
	+#endif /* XL2TPD_WORK_AROUND_AVP_ISSUES */
	return 0;
	}

	--
	2.21.0.392.gf8f6787159e-goog