Date: Thu, 14 Jun 2012 02:05:03 -0400 From: Jason Hellenthal <jhellenthal@dataix.net> To: David Woodhouse <dwmw2@infradead.org> Cc: ports@freebsd.org Subject: Patches for Review (security/vpnc) Message-ID: <20120614060503.GA5752@DataIX.net>
next in thread | raw e-mail | index | archive | help
--VrqPEDrXMn8OVzN4 Content-Type: multipart/mixed; boundary="AqsLC8rIMeq19msA" Content-Disposition: inline --AqsLC8rIMeq19msA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable David, Could you take a look over the following attached patches and comments and make a consideration on these. Thanks. --=20 - (2^(N-1)) --AqsLC8rIMeq19msA Content-Type: text/x-diff; charset=iso-8859-1 Content-Disposition: attachment; filename="vpnc-script-patchset.diff" Content-Transfer-Encoding: quoted-printable ------------------------------------------------------------------------ r2 | jh | 2012-06-14 01:14:16 -0400 (Thu, 14 Jun 2012) | 4 lines ASCII'fy the copyrights section. less(1) and other tools see it as binary. Index: vpnc-script =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- vpnc-script (revision 1) +++ vpnc-script (revision 2) @@ -1,8 +1,8 @@ #!/bin/sh # # Originally part of vpnc source code: -# =A9 2005-2012 Maurice Massar, J=F6rg Mayer, Antonio Borneo et al. -# =A9 2009-2012 David Woodhouse <dwmw2@infradead.org> +# (c) 2005-2012 Maurice Massar, J=F6rg Mayer, Antonio Borneo et al. +# (c) 2009-2012 David Woodhouse <dwmw2@infradead.org> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by ------------------------------------------------------------------------ r3 | jh | 2012-06-14 01:25:31 -0400 (Thu, 14 Jun 2012) | 13 lines Adjust checking for if_tun to use kldstat(8) in place of /dev/tun /dev/tun is legacy usage and should be discouraged from further use. When sysctl net.link.tun.devfs_cloning=3D0 there is no /dev/tun device to probe. kldstat(8) and the current flags (-qm) for FreeBSD reach back to 7.X and possibly further, so invoke them. While here kldload if_tun.ko quietly (-q) See if_tun(4), kldstat(8), kldload(8) Index: vpnc-script =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- vpnc-script (revision 2) +++ vpnc-script (revision 3) @@ -593,12 +593,12 @@ fi fi elif [ "$OS" =3D "FreeBSD" ]; then - if [ ! -e /dev/tun ]; then - kldload if_tun + if ! kldstat -qm if_tun; then + kldload -q if_tun fi elif [ "$OS" =3D "GNU/kFreeBSD" ]; then - if [ ! -e /dev/tun ]; then - kldload if_tun + if ! kldstat -qm if_tun; then + kldload -q if_tun fi elif [ "$OS" =3D "NetBSD" ]; then : ------------------------------------------------------------------------ r4 | jh | 2012-06-14 01:42:30 -0400 (Thu, 14 Jun 2012) | 11 lines Interface creation and deletion should be handled directly by vpnc and return status should be handed back over to the script for negotiation. For now comment out the implicit tunnel deletion function until it can be reworked. Things to consider are possible legacy use cases net.link.tun.devfs_cloning but should not be depended on. Index: vpnc-script =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- vpnc-script (revision 3) +++ vpnc-script (revision 4) @@ -712,7 +712,7 @@ if [ -n "$INTERNAL_IP4_DNS" ]; then $RESTORERESOLVCONF fi - destroy_tun_device + #destroy_tun_device } =20 #### Main ------------------------------------------------------------------------ --AqsLC8rIMeq19msA-- --VrqPEDrXMn8OVzN4 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJP2X8OAAoJEBSh2Dr1DU7Wwt0H/Rh7Td7mnKTDmIccbl1cgsaQ qt3Rd+52l3oBpxztSqvA4n2SlzKVx7pZm1hPGkyhozJzuISnbAuyWJtLxD+Tg4fs C9NvH4ocCnSoKUEhXwC/CaBpumHqOu8nL9V5EpZYCF9OoYtwQMJO5xV2K/eV6IwG BqhOU6cBLT0vX4lAbOafQz29GyO0OVltcV9yF+25RxE8SmVuDLc5J25Jp1BBuqi5 7lAheZXi0hQGaXgx9/fu67Bfa6rx0aO2atxTc0F7THZUxvPStCf+9FImSj+g7BVU +ORCqRvNabGSz+AljLxWPztuttAUa0o22kZDxDcfpUQp67/K0xFmw0hF0HOwmEE= =o6Hz -----END PGP SIGNATURE----- --VrqPEDrXMn8OVzN4--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120614060503.GA5752>