LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

ocserv: added various patches 

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
lilik-openwrt-22.03
Nikos Mavrogiannopoulos 10 years ago
parent
0e6e2b519d
commit
5b4822fbbe
5 changed files with 152 additions and 1 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      net/ocserv/Makefile
  2. +24
    -0
      net/ocserv/patches/0001-worker-call-sigprocmask-prior-to-entering-main-loop.patch
  3. +26
    -0
      net/ocserv/patches/0002-worker-when-the-UDP-socket-is-updated-update-the-DTL.patch
  4. +76
    -0
      net/ocserv/patches/0003-after-fork-restore-the-default-signal-mask.patch
  5. +25
    -0
      net/ocserv/patches/0004-added-work-around-for-infinite-loop-if-the-UDP-descr.patch

+ 1
- 1
net/ocserv/Makefile View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=ocserv
PKG_VERSION:=0.8.2
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_BUILD_DIR :=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz


+ 24
- 0
net/ocserv/patches/0001-worker-call-sigprocmask-prior-to-entering-main-loop.patch View File

@ -0,0 +1,24 @@
From 9be381859d7c9077ed652a82ec06ef01494d413d Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Fri, 8 Aug 2014 12:27:08 +0200
Subject: [PATCH 01/10] worker: call sigprocmask() prior to entering main loop
---
src/worker-vpn.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/worker-vpn.c b/src/worker-vpn.c
index 1c30f14..55ab375 100644
--- a/src/worker-vpn.c
+++ b/src/worker-vpn.c
@@ -1856,6 +1856,7 @@ static int connect_handler(worker_st * ws)
bandwidth_init(&ws->b_tx, ws->config->tx_per_sec);
session_info_send(ws);
+ sigprocmask(SIG_BLOCK, &blockset, NULL);
/* worker main loop */
for (;;) {
--
2.0.0

+ 26
- 0
net/ocserv/patches/0002-worker-when-the-UDP-socket-is-updated-update-the-DTL.patch View File

@ -0,0 +1,26 @@
From c567a129f4dac88d1b3c4508484a2dffd78e1e5a Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Fri, 22 Aug 2014 11:57:15 +0200
Subject: [PATCH 06/10] worker: when the UDP socket is updated, update the DTLS
session
---
src/worker-misc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/worker-misc.c b/src/worker-misc.c
index 52be346..bde24d7 100644
--- a/src/worker-misc.c
+++ b/src/worker-misc.c
@@ -139,6 +139,8 @@ int handle_worker_commands(struct worker_st *ws)
close(fd);
return 0;
}
+ if (ws->dtls_session != NULL)
+ gnutls_transport_set_ptr(ws->dtls_session, (gnutls_transport_ptr_t)(long)fd);
} else { /* received client hello */
ws->udp_state = UP_SETUP;
}
--
2.0.0

+ 76
- 0
net/ocserv/patches/0003-after-fork-restore-the-default-signal-mask.patch View File

@ -0,0 +1,76 @@
From 817f757577ef78bcc19aecf73d6ecf1b11258c82 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Fri, 22 Aug 2014 15:23:16 +0200
Subject: [PATCH 07/10] after fork restore the default signal mask
---
src/main-user.c | 2 ++
src/main.c | 5 +++--
src/main.h | 1 +
3 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/main-user.c b/src/main-user.c
index bc16e3a..9b57e00 100644
--- a/src/main-user.c
+++ b/src/main-user.c
@@ -66,6 +66,8 @@ const char* script;
char local[64] = "";
char remote[64] = "";
+ sigprocmask(SIG_SETMASK, &sig_default_set, NULL);
+
snprintf(real, sizeof(real), "%u", (unsigned)proc->pid);
setenv("ID", real, 1);
diff --git a/src/main.c b/src/main.c
index 8bb3061..a71bde6 100644
--- a/src/main.c
+++ b/src/main.c
@@ -64,6 +64,7 @@ static unsigned int terminate = 0;
static unsigned int reload_conf = 0;
unsigned int need_maintenance = 0;
static unsigned int need_children_cleanup = 0;
+sigset_t sig_default_set;
static void ms_sleep(unsigned ms)
{
@@ -974,7 +975,7 @@ int main(int argc, char** argv)
exit(1);
}
- sigprocmask(SIG_BLOCK, &blockset, NULL);
+ sigprocmask(SIG_BLOCK, &blockset, &sig_default_set);
alarm(MAINTAINANCE_TIME(s));
for (;;) {
@@ -1061,6 +1062,7 @@ int main(int argc, char** argv)
/* close any open descriptors, and erase
* sensitive data before running the worker
*/
+ sigprocmask(SIG_SETMASK, &sig_default_set, NULL);
close(cmd_fd[0]);
clear_lists(s);
@@ -1096,7 +1098,6 @@ int main(int argc, char** argv)
* sensitive data have to be overwritten anyway. */
malloc_trim(0);
#endif
- sigprocmask(SIG_UNBLOCK, &blockset, NULL);
vpn_server(ws);
exit(0);
} else if (pid == -1) {
diff --git a/src/main.h b/src/main.h
index de3d00c..cf5a0b1 100644
--- a/src/main.h
+++ b/src/main.h
@@ -39,6 +39,7 @@
#define COOKIE_KEY_SIZE 16
+extern sigset_t sig_default_set;
int cmd_parser (void *pool, int argc, char **argv, struct cfg_st** config);
void reload_cfg_file(void *pool, struct cfg_st* config);
void clear_cfg_file(struct cfg_st* config);
--
2.0.0

+ 25
- 0
net/ocserv/patches/0004-added-work-around-for-infinite-loop-if-the-UDP-descr.patch View File

@ -0,0 +1,25 @@
diff --git a/src/worker-vpn.c b/src/worker-vpn.c
index 55ab375..12cd3c8 100644
--- a/src/worker-vpn.c
+++ b/src/worker-vpn.c
@@ -1071,9 +1071,20 @@ static int dtls_mainloop(worker_st * ws, struct timespec *tnow)
{
int ret, l;
+#if GNUTLS_VERSION_NUMBER <= 0x030210
+ /* work-around an infinite loop caused by gnutls_record_recv()
+ * always succeeding by counting every error as a discarded packet.
+ */
+ ret = gnutls_record_get_discarded(ws->dtls_session);
+ if (ret > 1000) {
+ ws->udp_state = UP_DISABLED;
+ return 0;
+ }
+#endif
switch (ws->udp_state) {
case UP_ACTIVE:
case UP_INACTIVE:
+
ret =
tls_recv_nb(ws->dtls_session, ws->buffer, ws->buffer_size);
oclog(ws, LOG_TRANSFER_DEBUG,

Write Preview
Loading…
Cancel
Save