--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Regards,
Please unblock pptpd (1.4.0-5)
The differences to the jessie version 1.4.0-3 are:
* -4 fixed an important bug where overlong interface names
might crash the bcrelay program (#765442)
* -5 fixed the patch description, that was an error on my side and I'd
really like to see the wrong attribution removed.
The debdiff is attached. It got a bit bigger since upstream decided to
re-arrange the affected code.
If you want to take a closer look, the upstream commit IDs are part of the
path, upstream git is at
git://git.code.sf.net/p/poptop/git
Regards,
Christoph
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.17.4 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
diff -Nru pptpd-1.4.0/debian/changelog pptpd-1.4.0/debian/changelog
--- pptpd-1.4.0/debian/changelog 2014-07-15 18:41:01.000000000 +0200
+++ pptpd-1.4.0/debian/changelog 2014-11-04 23:41:32.000000000 +0100
@@ -1,3 +1,17 @@
+pptpd (1.4.0-5) unstable; urgency=medium
+
+ * Fix description of patch introduced in 1.4.0-4
+
+ -- Christoph Biedl <debian.a...@manchmal.in-ulm.de> Tue, 04 Nov 2014
23:30:46 +0100
+
+pptpd (1.4.0-4) unstable; urgency=medium
+
+ * Fix buffer overflow from overlong interface names in bcrelay.
+ Closes: #765442
+ * Fixes an important bug, urgency set to medium
+
+ -- Christoph Biedl <debian.a...@manchmal.in-ulm.de> Sun, 26 Oct 2014
20:50:20 +0100
+
pptpd (1.4.0-3) unstable; urgency=low
* Fix status check in init script. Closes: #747146
diff -Nru pptpd-1.4.0/debian/patches/cherry-pick.1.4.0-11-g4ea2db6.ff.patch
pptpd-1.4.0/debian/patches/cherry-pick.1.4.0-11-g4ea2db6.ff.patch
--- pptpd-1.4.0/debian/patches/cherry-pick.1.4.0-11-g4ea2db6.ff.patch
1970-01-01 01:00:00.000000000 +0100
+++ pptpd-1.4.0/debian/patches/cherry-pick.1.4.0-11-g4ea2db6.ff.patch
2014-11-04 23:40:37.000000000 +0100
@@ -0,0 +1,1479 @@
+Subject: Cherry-pick 1.4.0-11-g4ea2db6 ff. to fix sprintf usage
+Author: James Cameron <qu...@laptop.org>
+Date: Thu Oct 16 08:22:36 2014 +1100
+Origin:
+ commit 4ea2db6028cc1079aa84ac1b92e23ba8a7ce9d8e
+ commit 2521c45c19106722f299c66d4e0ef86ff7486b54
+ commit eee8ad1adece7cc5dfcadaa3cf838cfaf0b01b05
+Bug-Debian: https://bugs.debian.org/765442
+Last-Update: 2014-10-25
+
+--- a/bcrelay.c
++++ b/bcrelay.c
+@@ -1,6 +1,6 @@
+-// A broadcast packet repeater. This packet repeater (currently designed for
+-// udp packets) will listen for broadcast packets.
+-// When it receives the packets, it will then re-broadcast the packet.
++// A broadcast packet repeater. This packet repeater (currently
++// designed for udp packets) will listen for broadcast packets. When
++// it receives the packets, it will then re-broadcast the packet.
+ //
+ // Written by TheyCallMeLuc(at)yahoo.com.au
+ // I accept no responsiblity for the function of this program if you
+@@ -8,58 +8,70 @@
+ // Modified for Poptop by Richard de Vroede <r.devro...@linvision.com>
+ // Ditto on the no responsibility.
+ //
+-// Rewritten by Norbert van Bolhuis <norb...@vanbolhuis.demon.nl> bcrelay
(v1.0+)
+-// now supports/does:
+-// 1) Relaying from PPP (VPN tunnel) interfaces, hereby creating a virtual
+-// LAN (w.r.t. UDP broadcasts) for VPN clients and ethernet PCs
+-// belonging/matching the subnet portion of the VPN IP addresses.
+-// So now broadcasting to/from all systems of the VPN has been implemented.
+-// Note that bcrelay v0.5 only relayed from LAN to VPN clients.
+-// It doesn't matter whether the systems on the VPN are on the LAN of the
+-// VPN server or have a VPN/PPTP connection (over the internet) to the VPN
+-// server. Broadcasts will always be relayed to/from all given interfaces.
And
+-// as long as the subnet portion of the IP addresses of the systems on the
VPN
+-// matches, the VPN server will be able to route properly. This means all
+-// networking applications/games that rely on a UDP broadcast from one or
+-// more PPP (VPN tunnel) interfaces will now see eachother and work over
+-// the VPN.
+-// Note that it depends on the networking application/game and whoever
+-// acts as application/game server/host who is sending (UPD) broadcasts
+-// and who is listening.
+-// 2) UDP broadcasts received on a PPP interface (VPN tunnel) sometimes
+-// don't carry the VPN IP address which pptpd provisioned. I've seen
+-// this happening on a WinXP SP1 box, especially when the application
+-// responsible for the UDP broadcasts isn't aware of the PPP interface.
+-// In this case it just uses the LAN IP src address for the IP src
+-// address of the inner (GRE encapsulated) IP packet. This breaks
+-// the "virtual LAN" and therefore bcrelay, as of this version, changes
+-// the src IP address to the VPN IP address (which pptpd provisioned)
++// Rewritten by Norbert van Bolhuis <norb...@vanbolhuis.demon.nl>
++// bcrelay (v1.0+) now supports/does:
++//
++// 1) Relaying from PPP (VPN tunnel) interfaces, hereby creating a
++// virtual LAN (w.r.t. UDP broadcasts) for VPN clients and ethernet
++// PCs belonging/matching the subnet portion of the VPN IP
++// addresses. So now broadcasting to/from all systems of the VPN
++// has been implemented. Note that bcrelay v0.5 only relayed from
++// LAN to VPN clients. It doesn't matter whether the systems on
++// the VPN are on the LAN of the VPN server or have a VPN/PPTP
++// connection (over the internet) to the VPN server. Broadcasts
++// will always be relayed to/from all given interfaces. And as long
++// as the subnet portion of the IP addresses of the systems on the
++// VPN matches, the VPN server will be able to route properly. This
++// means all networking applications/games that rely on a UDP
++// broadcast from one or more PPP (VPN tunnel) interfaces will now
++// see eachother and work over the VPN.
++//
++// Note that it depends on the networking application/game and
++// whoever acts as application/game server/host who is sending
++// (UDP) broadcasts and who is listening.
++//
++// 2) UDP broadcasts received on a PPP interface (VPN tunnel)
++// sometimes don't carry the VPN IP address which pptpd
++// provisioned. I've seen this happening on a WinXP SP1 box,
++// especially when the application responsible for the UDP
++// broadcasts isn't aware of the PPP interface. In this case it
++// just uses the LAN IP src address for the IP src address of the
++// inner (GRE encapsulated) IP packet. This breaks the "virtual
++// LAN" and therefore bcrelay, as of this version, changes the src
++// IP address to the VPN IP address (which pptpd provisioned)
+ // before relaying.
+-// 3) To avoid a UDP broadcast loop, bcrelay changes the IP TTL and the
+-// UDP checksum (to 1 and 0 respectively) of the UDP broadcasts it relays.
+-// No relaying will be done for UDP broadcasts with IP TTL=1 and UDP
+-// checksum=0. Could also (mis)use IP identification for this, but IP TTL
+-// and UDP chksum combination is expected to work fine.
+-// 4) bcrelay v0.5 forgot to update IP/UDP checksum when it changed the
+-// dest. IP address (e.g. from 192.168.1.255 to 255.255.255.255).
+-// Of course as of this version bcrelay always updates the IP/UDP
+-// checksum since the IP TTL and src IP address will change also.
+-// 5) Enhanced the (syslog) debugging capabilities. By default bcrelay will
+-// show what it is doing. Bcrelay will syslog the IP interfaces it tries
+-// to read/relay UDP broadcasts from/to. These interfaces are called
+-// the 'active interfaces', bcrelay will syslog the initial set of active
+-// interfaces and whenever the set changes. Currently there is no
difference
+-// between an incoming interface (given with -i) and an outgoing interface
+-// (given with -o), so bcrelay won't show this attribute. Also, bcrelay
will
+-// syslog a successfully relayed UDP broadcast, including the UDP port
numbers,
+-// the incoming interface and the interface(s) to which it was successfully
+-// relayed. The (new) -n option allows to suppress syslog tracing.
+-// If -n is given, bcrelay shows/syslogs nothing, except fatal error
+-// messages.
++//
++// 3) To avoid a UDP broadcast loop, bcrelay changes the IP TTL and
++// the UDP checksum (to 1 and 0 respectively) of the UDP broadcasts
++// it relays. No relaying will be done for UDP broadcasts with IP
++// TTL=1 and UDP checksum=0. Could also (mis)use IP identification
++// for this, but IP TTL and UDP chksum combination is expected to
++// work fine.
++//
++// 4) bcrelay v0.5 forgot to update IP/UDP checksum when it changed
++// the dest. IP address (e.g. from 192.168.1.255 to
++// 255.255.255.255). Of course as of this version bcrelay always
++// updates the IP/UDP checksum since the IP TTL and src IP address
++// will change also.
++//
++// 5) Enhanced the (syslog) debugging capabilities. By default bcrelay
++// will show what it is doing. Bcrelay will syslog the IP
++// interfaces it tries to read/relay UDP broadcasts from/to. These
++// interfaces are called the 'active interfaces', bcrelay will
++// syslog the initial set of active interfaces and whenever the set
++// changes. Currently there is no difference between an incoming
++// interface (given with -i) and an outgoing interface (given with
++// -o), so bcrelay won't show this attribute. Also, bcrelay will
++// syslog a successfully relayed UDP broadcast, including the UDP
++// port numbers, the incoming interface and the interface(s) to
++// which it was successfully relayed. The (new) -n option allows to
++// suppress syslog tracing. If -n is given, bcrelay shows/syslogs
++// nothing, except fatal error messages.
+ //
+ // This software is completely free. You can use and/or modify this
+-// software to your hearts content. You are free to redistribute it as
+-// long as it is accompanied with the source and my credit is included.
++// software to your hearts content. You are free to redistribute it
++// as long as it is accompanied with the source and my credit is
++// included.
+
+ #ifdef HAVE_CONFIG_H
+ #include "config.h"
+@@ -126,14 +138,16 @@
+ #define IP_UDPPDU_CHECKSUM_MSB_PTR(udppdu) ((unsigned char *)(udppdu) + 6 )
+ #define IP_UDPPDU_CHECKSUM_LSB_PTR(udppdu) ((unsigned char *)(udppdu) + 7 )
+
+-#define MAXIF 255 // Maximum interfaces to use
+-#define MAX_SELECT_WAIT 3 // Maximum time (in secs) to wait for input
on the socket/interfaces
+- // A time-out triggers the discovery of new
interfaces.
+-#define MAX_NODISCOVER_IFS 12 // Maximum time (in secs) to elaps before a
discovery of new
+- // interfaces is triggered. Only when a
packet keeps coming in
+- // (this prevents a select time-out) a
variable initialized with
+- // this #define becomes 0 and a rediscovery
of the interfaces is
+- // triggered.
++// Maximum interfaces to use
++#define MAXIF 255
++// Maximum time (in secs) to wait for input on the socket/interfaces A
++// time-out triggers the discovery of new interfaces.
++#define MAX_SELECT_WAIT 3
++// Maximum time (in secs) to elapse before a discovery of new
++// interfaces is triggered. Only when a packet keeps coming in (this
++// prevents a select time-out) a variable initialized with this
++// #define becomes 0 and a rediscovery of the interfaces is triggered.
++#define MAX_NODISCOVER_IFS 12
+ #define MAX_IFLOGTOSTR 16
+
+ /* Local function prototypes */
+@@ -152,15 +166,13 @@ struct packet {
+
+
+ /*
+- * struct that keeps track of the interfaces of the system
+- * selected upon usage by bcrelay (with -i and -o option).
+- * An array of this struct is returned by discoverActiveInterfaces.
+- * This array is reset (filled from scratch) each time
+- * discoverActiveInterfaces is called.
++ * struct that keeps track of the interfaces of the system selected
++ * upon usage by bcrelay (with -i and -o option). An array of this
++ * struct is returned by discoverActiveInterfaces. This array is
++ * reset (filled from scratch) each time discoverActiveInterfaces is
++ * called.
+ */
+ struct iflist {
+-//Fix 3mar2003
+- //char index;
+ int index;
+ u_int32_t bcast;
+ char ifname[16+1];
+@@ -176,10 +188,10 @@ struct iflist {
+
+
+ /*
+- * struct that keeps track of the socket fd's for every interface
+- * that is in use (and thus present in iflist).
+- * Two permanent arrays of this struct are used, one for the
+- * previous/old list and one for the current list.
++ * struct that keeps track of the socket fd's for every interface that
++ * is in use (and thus present in iflist). Two permanent arrays of
++ * this struct are used, one for the previous/old list and one for the
++ * current list.
+ */
+ struct ifsnr {
+ int sock_nr;
+@@ -198,7 +210,7 @@ static void bind_to_iface(int fd, int if
+
+ /*
+ * This global variable determines whether NVBCR_PRINTF actually
+- * displays something. While developping v1.0, NVBCR_PRINTF were
++ * displays something. While developing v1.0, NVBCR_PRINTF were
+ * printf and a lot of tracing/logging/debugging was done with these.
+ * Of course, by default these 'info' messages have been turned off
+ * now. Enable by setting variable to 1. Note that output will only
+@@ -209,100 +221,100 @@ static int do_org_info_printfs = 0;
+ static int vnologging = 0;
+ static int vdaemon = 0;
+
+-#define NVBCR_PRINTF( args ) \
+- if ((vdaemon == 0) && (do_org_info_printfs == 1)) printf args
++#define NVBCR_PRINTF( args ) \
++ if ((vdaemon == 0) && (do_org_info_printfs == 1)) printf args
+
+ static char empty[1] = "";
+-static char interfaces[32];
++static char reg_interfaces[MAX_IFLOGTOSTR*2+2];
+ static char log_interfaces[MAX_IFLOGTOSTR*MAXIF];
+-static char log_relayed[(MAX_IFLOGTOSTR-1)*MAXIF+81];
++static char log_relayed[MAX_IFLOGTOSTR*MAXIF+81];
+ static char *ipsec = empty;
+
+ static void showusage(char *prog)
+ {
+- printf("\nBCrelay v%s\n\n", VERSION);
+- printf("A broadcast packet repeater. This packet repeater (currently
designed for udp packets) will listen\n");
+- printf(" for broadcast packets. When it receives the packets, it will
then re-broadcast the packet.\n\n");
+- printf("Usage: %s [options], where options are:\n\n", prog);
+- printf(" [-d] [--daemon] Run as daemon.\n");
+- printf(" [-h] [--help] Displays this help message.\n");
+- printf(" [-i] [--incoming <ifin>] Defines from which interface
broadcasts will be relayed.\n");
+- printf(" [-n] [--nolog] No logging/tracing to
/var/log/messages.\n");
+- printf(" [-o] [--outgoing <ifout>] Defines to which interface
broadcasts will be relayed.\n");
+- printf(" [-s] [--ipsec <arg>] Defines an ipsec tunnel to be
relayed to.\n");
+- printf(" Since ipsec tunnels terminate on
the same interface, we need to define the broadcast\n");
+- printf(" address of the other end-point of
the tunnel. This is done as ipsec0:x.x.x.255\n");
+- printf(" [-v] [--version] Displays the BCrelay version
number.\n");
+- printf("\nLog messages and debugging go to syslog as DAEMON.\n\n");
+- printf("\nInterfaces can be specified as regexpressions, ie.
ppp[0-9]+\n\n");
++ printf("\nBCrelay v%s\n\n", VERSION);
++ printf("A broadcast packet repeater. This packet repeater (currently
designed for udp packets) will listen\n");
++ printf(" for broadcast packets. When it receives the packets, it will then
re-broadcast the packet.\n\n");
++ printf("Usage: %s [options], where options are:\n\n", prog);
++ printf(" [-d] [--daemon] Run as daemon.\n");
++ printf(" [-h] [--help] Displays this help message.\n");
++ printf(" [-i] [--incoming <ifin>] Defines from which interface broadcasts
will be relayed.\n");
++ printf(" [-n] [--nolog] No logging/tracing to
/var/log/messages.\n");
++ printf(" [-o] [--outgoing <ifout>] Defines to which interface broadcasts
will be relayed.\n");
++ printf(" [-s] [--ipsec <arg>] Defines an ipsec tunnel to be relayed
to.\n");
++ printf(" Since ipsec tunnels terminate on the
same interface, we need to define the broadcast\n");
++ printf(" address of the other end-point of the
tunnel. This is done as ipsec0:x.x.x.255\n");
++ printf(" [-v] [--version] Displays the BCrelay version number.\n");
++ printf("\nLog messages and debugging go to syslog as DAEMON.\n\n");
++ printf("\nInterfaces can be specified as regexpressions, ie.
ppp[0-9]+\n\n");
+ }
+
+ static void showversion()
+ {
+- printf("BCrelay v%s\n", VERSION);
++ printf("BCrelay v%s\n", VERSION);
+ }
+
+ #ifndef HAVE_DAEMON
+ static void my_daemon(int argc, char **argv)
+ {
+- pid_t pid;
++ pid_t pid;
+ #ifndef BCRELAY_BIN
+-/* Need a smart way to locate the binary -rdv */
++ /* Need a smart way to locate the binary -rdv */
+ #define BCRELAY_BIN argv[0]
+ #endif
+ #ifndef HAVE_FORK
+- /* need to use vfork - eg, uClinux */
+- char **new_argv;
+- extern char **environ;
+- int minusd=0;
+- int i;
+- int fdr;
+-
+- /* Strip -d option */
+- new_argv = malloc((argc) * sizeof(char **));
+- fdr = open("/dev/null", O_RDONLY);
+- new_argv[0] = BCRELAY_BIN;
+- for (i = 1; argv[i] != NULL; i++) {
+- if (fdr != 0) { dup2(fdr, 0); close(fdr); }
+- if ( (strcmp(argv[i],"-d")) == 0 ) {
+- minusd=1;
+- }
+- if (minusd) {
+- new_argv[i] = argv[i+1];
+- } else {
+- new_argv[i] = argv[i];
+- }
+- }
+- syslog(LOG_DEBUG, "Option parse OK, re-execing as daemon");
+- fflush(stderr);
+- if ((pid = vfork()) == 0) {
+- if (setsid() < 0) { /* shouldn't fail */
+- syslog(LOG_ERR, "Setsid failed!");
+- _exit(1);
+- }
+- chdir("/");
+- umask(0);
+- /* execve only returns on an error */
+- execve(BCRELAY_BIN, new_argv, environ);
+- exit(1);
+- } else if (pid > 0) {
+- syslog(LOG_DEBUG, "Success re-execing as daemon!");
+- exit(0);
+- } else {
+- syslog(LOG_ERR, "Error vforking");
+- exit(1);
+- }
+-#else
+- pid=fork();
+- if (pid<0) { syslog(LOG_ERR, "Error forking"); _exit(1); }
+- if (pid>0) { syslog(LOG_DEBUG, "Parent exits"); _exit(0); }
+- if (pid==0) { syslog(LOG_DEBUG, "Running as child"); }
+- /* child (daemon) continues */
++ /* need to use vfork - eg, uClinux */
++ char **new_argv;
++ extern char **environ;
++ int minusd=0;
++ int i;
++ int fdr;
++
++ /* Strip -d option */
++ new_argv = malloc((argc) * sizeof(char **));
++ fdr = open("/dev/null", O_RDONLY);
++ new_argv[0] = BCRELAY_BIN;
++ for (i = 1; argv[i] != NULL; i++) {
++ if (fdr != 0) { dup2(fdr, 0); close(fdr); }
++ if ( (strcmp(argv[i],"-d")) == 0 ) {
++ minusd=1;
++ }
++ if (minusd) {
++ new_argv[i] = argv[i+1];
++ } else {
++ new_argv[i] = argv[i];
++ }
++ }
++ syslog(LOG_DEBUG, "Option parse OK, re-execing as daemon");
++ fflush(stderr);
++ if ((pid = vfork()) == 0) {
+ if (setsid() < 0) { /* shouldn't fail */
+ syslog(LOG_ERR, "Setsid failed!");
+ _exit(1);
+ }
+ chdir("/");
++ umask(0);
++ /* execve only returns on an error */
++ execve(BCRELAY_BIN, new_argv, environ);
++ exit(1);
++ } else if (pid > 0) {
++ syslog(LOG_DEBUG, "Success re-execing as daemon!");
++ exit(0);
++ } else {
++ syslog(LOG_ERR, "Error vforking");
++ exit(1);
++ }
++#else
++ pid=fork();
++ if (pid<0) { syslog(LOG_ERR, "Error forking"); _exit(1); }
++ if (pid>0) { syslog(LOG_DEBUG, "Parent exits"); _exit(0); }
++ if (pid==0) { syslog(LOG_DEBUG, "Running as child"); }
++ /* child (daemon) continues */
++ if (setsid() < 0) { /* shouldn't fail */
++ syslog(LOG_ERR, "Setsid failed!");
++ _exit(1);
++ }
++ chdir("/");
+ #endif
+ }
+ #endif
+@@ -321,78 +333,81 @@ int main(int argc, char **argv) {
+ exit(1);
+ #endif
+
+- /* open a connection to the syslog daemon */
+- openlog("bcrelay", LOG_PID, PPTP_FACILITY);
++ /* open a connection to the syslog daemon */
++ openlog("bcrelay", LOG_PID, PPTP_FACILITY);
+
+ while (1) {
+- int option_index = 0;
++ int option_index = 0;
+
+- static struct option long_options[] =
+- {
+- {"nolog", 0, 0, 0},
+- {"daemon", 0, 0, 0},
+- {"help", 0, 0, 0},
+- {"incoming", 1, 0, 0},
+- {"outgoing", 1, 0, 0},
+- {"ipsec", 1, 0, 0},
+- {"version", 0, 0, 0},
+- {0, 0, 0, 0}
+- };
+-
+- c = getopt_long(argc, argv, "ndhi:o:s:v", long_options,
&option_index);
+- if (c == -1)
+- break;
+- /* convert long options to short form */
+- if (c == 0)
+- c = "ndhiosv"[option_index];
+- switch (c) {
+- case 'n':
+- vnologging = 1;
+- break;
+- case 'd':
+- vdaemon = 1;
+- break;
+- case 'h':
+- showusage(argv[0]);
+- return 0;
+- case 'i':
+- ifin = strdup(optarg);
+- break;
+- case 'o':
+- ifout = strdup(optarg);
+- break;
+- case 's':
+- ipsec = strdup(optarg);
+- // Validate the ipsec parameters
+- regcomp(&preg,
"ipsec[0-9]+:[0-9]+.[0-9]+.[0-9]+.255", REG_EXTENDED);
+- if (regexec(&preg, ipsec, 0, NULL, 0)) {
+- syslog(LOG_INFO,"Bad syntax: %s", ipsec);
+- fprintf(stderr, "\nBad syntax: %s\n", ipsec);
+- showusage(argv[0]);
+- return 0;
+- } else {
+- regfree(&preg);
+- break;
+- }
+- case 'v':
+- showversion();
+- return 0;
+- default:
+- showusage(argv[0]);
+- return 1;
+- }
++ static struct option long_options[] =
++ {
++ {"nolog", 0, 0, 0},
++ {"daemon", 0, 0, 0},
++ {"help", 0, 0, 0},
++ {"incoming", 1, 0, 0},
++ {"outgoing", 1, 0, 0},
++ {"ipsec", 1, 0, 0},
++ {"version", 0, 0, 0},
++ {0, 0, 0, 0}
++ };
++
++ c = getopt_long(argc, argv, "ndhi:o:s:v", long_options, &option_index);
++ if (c == -1)
++ break;
++ /* convert long options to short form */
++ if (c == 0)
++ c = "ndhiosv"[option_index];
++ switch (c) {
++ case 'n':
++ vnologging = 1;
++ break;
++ case 'd':
++ vdaemon = 1;
++ break;
++ case 'h':
++ showusage(argv[0]);
++ return 0;
++ case 'i':
++ ifin = strdup(optarg);
++ break;
++ case 'o':
++ ifout = strdup(optarg);
++ break;
++ case 's':
++ ipsec = strdup(optarg);
++ // Validate the ipsec parameters
++ regcomp(&preg, "ipsec[0-9]+:[0-9]+.[0-9]+.[0-9]+.255", REG_EXTENDED);
++ if (regexec(&preg, ipsec, 0, NULL, 0)) {
++ syslog(LOG_INFO,"Bad syntax: %s", ipsec);
++ fprintf(stderr, "\nBad syntax: %s\n", ipsec);
++ showusage(argv[0]);
++ return 0;
++ } else {
++ regfree(&preg);
++ break;
++ }
++ case 'v':
++ showversion();
++ return 0;
++ default:
++ showusage(argv[0]);
++ return 1;
++ }
+ }
+ if (ifin == empty) {
+- syslog(LOG_INFO,"Incoming interface required!");
+- showusage(argv[0]);
+- _exit(1);
++ syslog(LOG_INFO,"Incoming interface required!");
++ showusage(argv[0]);
++ _exit(1);
+ }
+ if (ifout == empty && ipsec == empty) {
+- syslog(LOG_INFO,"Listen-mode or outgoing or IPsec interface
required!");
+- showusage(argv[0]);
+- _exit(1);
+- } else {
+- sprintf(interfaces,"%s|%s", ifin, ifout);
++ syslog(LOG_INFO,"Listen-mode or outgoing or IPsec interface required!");
++ showusage(argv[0]);
++ _exit(1);
++ }
++ if (snprintf(reg_interfaces, sizeof(reg_interfaces),
++ "%s|%s", ifin, ifout) >= sizeof(reg_interfaces)) {
++ syslog(LOG_ERR, "interface names exceed size");
++ _exit(1);
+ }
+
+ // If specified, become Daemon.
+@@ -426,7 +441,6 @@ static void mainloop(int argc, char **ar
+ {
+ socklen_t salen = sizeof(struct sockaddr_ll);
+ int i, s, rcg, j, no_discifs_cntr, ifs_change;
+- int logstr_cntr;
+ struct iflist *iflist = NULL; // Initialised after the 1st packet
+ struct sockaddr_ll sa;
+ struct packet *ipp_p;
+@@ -436,7 +450,10 @@ static void mainloop(int argc, char **ar
+ static struct ifsnr old_ifsnr[MAXIF+1]; // Old iflist to socket fd's
mapping list
+ static struct ifsnr cur_ifsnr[MAXIF+1]; // Current iflist to socket fd's
mapping list
+ unsigned char buf[1518];
+- char *logstr = empty;
++
++ char *lptr; /* log buffer pointer for next chunk append */
++ int lsize = 0; /* count of remaining unused bytes in log buffer */
++ int chunk; /* bytes to be added to log buffer by chunk */
+
+ no_discifs_cntr = MAX_NODISCOVER_IFS;
+ ifs_change = 0;
+@@ -449,7 +466,8 @@ static void mainloop(int argc, char **ar
+
+
+ /*
+- * Discover interfaces (initial set) and create a dedicated socket bound to
the interface
++ * Discover interfaces (initial set) and create a dedicated socket
++ * bound to the interface
+ */
+ memset(old_ifsnr, -1, sizeof(old_ifsnr));
+ memset(cur_ifsnr, -1, sizeof(cur_ifsnr));
+@@ -464,313 +482,367 @@ static void mainloop(int argc, char **ar
+ }
+ NVBCR_PRINTF(("Displaying INITIAL active interfaces..\n"));
+ if (vnologging == 0) {
+- logstr = log_interfaces;
+- logstr_cntr = sprintf(logstr, "Initial active interfaces: ");
+- logstr += logstr_cntr;
++ lptr = log_interfaces;
++ lsize = sizeof(log_interfaces);
++ chunk = snprintf(lptr, lsize, "%s ", "Initial active interfaces:");
++ if (chunk < lsize) {
++ lptr += chunk;
++ lsize -= chunk;
++ }
+ }
+ for (i = 0; iflist[i].index; i++)
+- {
+- NVBCR_PRINTF(("\t\tactive interface number: %d, if=(%s), sock_nr=%d\n",
i, iflistToString(&(iflist[i])), cur_ifsnr[i].sock_nr));
+- if (vnologging == 0) {
+- logstr_cntr = sprintf(logstr, "%s ", iflistLogIToString(&(iflist[i]),
i, &(cur_ifsnr[i])));
+- logstr += logstr_cntr;
++ {
++ NVBCR_PRINTF(("\t\tactive interface number: %d, if=(%s), sock_nr=%d\n",
i, iflistToString(&(iflist[i])), cur_ifsnr[i].sock_nr));
++ if (vnologging == 0) {
++ chunk = snprintf(lptr, lsize, "%s ",
++ iflistLogIToString(&(iflist[i]), i,
&(cur_ifsnr[i])));
++ if (chunk < lsize) {
++ lptr += chunk;
++ lsize -= chunk;
++ }
++ }
+ }
+- }
+ if (vnologging == 0) syslog(LOG_INFO, "%s", log_interfaces);
+
+ // Main loop
+ while (1)
+- {
+-
+- /*
+- * Check all (interface) sockets for incoming packets
+- */
+- FD_ZERO(&sock_set);
+- for (i=0; iflist[i].index; ++i)
+- {
+- if (cur_ifsnr[i].sock_nr >= 0) {
+- FD_SET(cur_ifsnr[i].sock_nr, &sock_set);
+- }
+- }
+-
+- /*
+- * Don't wait more than MAX_SELECT_WAIT seconds
+- */
+- time_2_wait.tv_sec = MAX_SELECT_WAIT;
+- time_2_wait.tv_usec = 0L;
+-
+- /* select on sockets */
+- rcg = select(MAXIF, &sock_set, (fd_set *) NULL,(fd_set *) NULL,
&time_2_wait);
+-
+- if (rcg < 0)
+ {
+- syslog(LOG_ERR, "Error, select error! (rv=%d, errno=%d)", rcg, errno);
+- exit(1);
+- }
+
+- if (rcg == 0)
+- {
+- /* TimeOut, rediscover interfaces */
+- NVBCR_PRINTF(("Select timeout, rediscover interfaces\n"));
+- copy_ifsnr(cur_ifsnr, old_ifsnr);
+- memset(cur_ifsnr, -1, sizeof(cur_ifsnr));
+- iflist = discoverActiveInterfaces(s);
+ /*
+- * Build new cur_ifsnr list.
+- * Make iflist[i] correspond with cur_ifsnr[i], so iflist[i].index ==
cur_ifsnr[i].ifindex
+- * The old list (old_ifsnr) is used to compare.
++ * Check all (interface) sockets for incoming packets
+ */
+- for (i=0; iflist[i].index; ++i) {
+- /* check to see if it is a NEW interface */
+- int fsnr = find_sock_nr(old_ifsnr, iflist[i].index);
+- if (fsnr == -1) {
+- /* found new interface, open dedicated socket and bind it to the
interface */
+- if ((cur_ifsnr[i].sock_nr = socket(PF_PACKET, SOCK_DGRAM,
htons(ETH_P_ALL))) < 0) {
+- syslog(LOG_ERR, "mainloop: Error, socket error! (rv=%d,
errno=%d)", cur_ifsnr[i].sock_nr, errno);
+- exit(1);
+- }
+- bind_to_iface(cur_ifsnr[i].sock_nr, iflist[i].index);
+- ifs_change = 1;
+- }
+- else
++ FD_ZERO(&sock_set);
++ for (i=0; iflist[i].index; ++i)
+ {
+- /*
+- * not a new interface, socket already openen, interface already
+- * bound. Update cur_ifsnr.
+- */
+- cur_ifsnr[i].sock_nr = fsnr;
+- }
+- cur_ifsnr[i].ifindex = iflist[i].index;
+- }
+- /* Close disappeared interfaces */
+- for (i=0; i<MAXIF; ++i)
+- {
+- if ((old_ifsnr[i].sock_nr != -1) && (old_ifsnr[i].ifindex != -1) &&
+- (find_sock_nr(cur_ifsnr, old_ifsnr[i].ifindex) == -1)) {
+- NVBCR_PRINTF(("Closing an interface (it disappeared), namely:
(s_nr=%d, ifidx=%d)\n", old_ifsnr[i].sock_nr, old_ifsnr[i].ifindex));
+- close(old_ifsnr[i].sock_nr);
+- old_ifsnr[i].sock_nr = -1;
+- old_ifsnr[i].ifindex = -1;
+- ifs_change = 1;
+- }
+- }
+- if (ifs_change == 1)
+- {
+- NVBCR_PRINTF(("Active interface set changed --> displaying current
active interfaces..\n"));
+- if (vnologging == 0) {
+- logstr = log_interfaces;
+- logstr_cntr = sprintf(logstr, "Active interface set changed to: ");
+- logstr += logstr_cntr;
+- }
+- for (i = 0; iflist[i].index; i++)
+- {
+- NVBCR_PRINTF(("\t\tactive interface number: %d, if=(%s),
sock_nr=%d\n", i, iflistToString(&(iflist[i])), cur_ifsnr[i].sock_nr));
+- if (vnologging == 0) {
+- logstr_cntr = sprintf(logstr, "%s ",
iflistLogIToString(&(iflist[i]), i, &(cur_ifsnr[i])));
+- logstr += logstr_cntr;
++ if (cur_ifsnr[i].sock_nr >= 0) {
++ FD_SET(cur_ifsnr[i].sock_nr, &sock_set);
+ }
+ }
+- if (vnologging == 0) syslog(LOG_INFO, "%s", log_interfaces);
+- ifs_change = 0;
+- }
+- continue;
+- }
+
+- if (rcg > 0)
+- {
+- /* rcg interfaces have pending input */
+- for (i=0; ((iflist[i].index != 0) && (rcg > 0)); ++i)
+- {
+- if ((cur_ifsnr[i].sock_nr != -1) &&
(FD_ISSET(cur_ifsnr[i].sock_nr,&sock_set)))
+- {
+- /* Valid socket number and pending input, let's read */
+- int rlen = read(cur_ifsnr[i].sock_nr, buf, sizeof(buf));
+- ipp_p = (struct packet *)&(buf[0]);
+- NVBCR_PRINTF(("IP_Packet=(tot_len=%d, id=%02x%02x, ttl=%d, prot=%s,
src_ip=%d.%d.%d.%d, dst_ip=%d.%d.%d.%d) (on if: %d/%d) ",
ntohs(ipp_p->ip.tot_len), (ntohs(ipp_p->ip.id))>>8,
(ntohs(ipp_p->ip.id))&0x00ff, ipp_p->ip.ttl,
IpProtToString(ipp_p->ip.protocol), (ntohl(ipp_p->ip.saddr))>>24,
((ntohl(ipp_p->ip.saddr))&0x00ff0000)>>16,
((ntohl(ipp_p->ip.saddr))&0x0000ff00)>>8, (ntohl(ipp_p->ip.saddr))&0x000000ff,
(ntohl(ipp_p->ip.daddr))>>24, ((ntohl(ipp_p->ip.daddr))&0x00ff0000)>>16,
((ntohl(ipp_p->ip.daddr))&0x0000ff00)>>8, (ntohl(ipp_p->ip.daddr))&0x000000ff,
i, iflist[i].index));
+- rcg -= 1;
+-
+- if ( (ipp_p->ip.protocol == IPPROTO_UDP) &&
+- (((ntohl(ipp_p->ip.daddr)) & 0x000000ff) == 0x000000ff) &&
+- (ipp_p->ip.ttl != 1) &&
+- (!((*IP_UDPPDU_CHECKSUM_MSB_PTR((unsigned char
*)ipp_p+(4*ipp_p->ip.ihl)) == 0) &&
+- (*IP_UDPPDU_CHECKSUM_LSB_PTR((unsigned char
*)ipp_p+(4*ipp_p->ip.ihl)) == 0))) )
+- {
+- int nrsent;
+- int ifindex_to_exclude = iflist[i].index;
++ /*
++ * Don't wait more than MAX_SELECT_WAIT seconds
++ */
++ time_2_wait.tv_sec = MAX_SELECT_WAIT;
++ time_2_wait.tv_usec = 0L;
+
+- NVBCR_PRINTF(("is an UDP BROADCAST (dstPort=%d, srcPort=%d) (with
TTL!=1 and UDP_CHKSUM!=0)\n\n",
+- ntohs(ipp_p->udp.dest), ntohs(ipp_p->udp.source)));
+- if (vnologging == 0) {
+- logstr = log_relayed;
+- logstr_cntr = sprintf(logstr, "UDP_BroadCast(sp=%d,dp=%d) from:
%s relayed to: ", ntohs(ipp_p->udp.source),
+- ntohs(ipp_p->udp.dest),
iflistLogRToString(&(iflist[i]), i, &(cur_ifsnr[i])));
+- logstr += logstr_cntr;
+- }
++ /* select on sockets */
++ rcg = select(MAXIF, &sock_set, (fd_set *) NULL,(fd_set *) NULL,
&time_2_wait);
+
+- /* going to relay a broadcast packet on all the other interfaces
*/
+- for (j=0; iflist[j].index; ++j)
+- {
+- int prepare_ipp = 0; // Changing the incoming UDP broadcast
needs to be done once
++ if (rcg < 0)
++ {
++ syslog(LOG_ERR, "Error, select error! (rv=%d, errno=%d)", rcg,
errno);
++ exit(1);
++ }
+
+- if (iflist[j].index != ifindex_to_exclude)
++ if (rcg == 0)
++ {
++ /* TimeOut, rediscover interfaces */
++ NVBCR_PRINTF(("Select timeout, rediscover interfaces\n"));
++ copy_ifsnr(cur_ifsnr, old_ifsnr);
++ memset(cur_ifsnr, -1, sizeof(cur_ifsnr));
++ iflist = discoverActiveInterfaces(s);
++ /*
++ * Build new cur_ifsnr list. Make iflist[i] correspond with
++ * cur_ifsnr[i], so iflist[i].index == cur_ifsnr[i].ifindex
++ * The old list (old_ifsnr) is used to compare.
++ */
++ for (i=0; iflist[i].index; ++i) {
++ /* check to see if it is a NEW interface */
++ int fsnr = find_sock_nr(old_ifsnr, iflist[i].index);
++ if (fsnr == -1) {
++ /* found new interface, open dedicated socket and bind
++ it to the interface */
++ if ((cur_ifsnr[i].sock_nr = socket(PF_PACKET, SOCK_DGRAM,
htons(ETH_P_ALL))) < 0) {
++ syslog(LOG_ERR, "mainloop: Error, socket error! (rv=%d,
errno=%d)", cur_ifsnr[i].sock_nr, errno);
++ exit(1);
++ }
++ bind_to_iface(cur_ifsnr[i].sock_nr, iflist[i].index);
++ ifs_change = 1;
++ }
++ else
+ {
+- NVBCR_PRINTF(("Going to sent UDP Broadcast on interface: %s,
sock_nr=%d\n", iflistToString(&(iflist[j])), cur_ifsnr[j].sock_nr));
+-
+- memset(&sa, 0, salen);
+-
+- sa.sll_family = AF_PACKET;
+- sa.sll_ifindex = iflist[j].index; /* Must be the SIOCGIFINDEX
number */
+- // Set the outgoing hardware address to 1's. True Broadcast
+- sa.sll_addr[0] = sa.sll_addr[1] = sa.sll_addr[2] =
sa.sll_addr[3] = 0xff;
+- sa.sll_addr[4] = sa.sll_addr[5] = sa.sll_addr[6] =
sa.sll_addr[7] = 0xff;
+- sa.sll_halen = 6;
+-
+ /*
+- * htons(ETH_P_IP) is necessary otherwise sendto will
+- * succeed but no packet is actually sent on the wire (this
+- * was the case for PPP interfaces, for ETH interfaces an
unknown
+- * LAN frame is sent if htons(ETH_P_IP) is not set as
protocol).
++ * not a new interface, socket already openen,
++ * interface already bound. Update cur_ifsnr.
+ */
+- sa.sll_protocol = htons(ETH_P_IP); /* ETH_P_PPP_MP */
++ cur_ifsnr[i].sock_nr = fsnr;
++ }
++ cur_ifsnr[i].ifindex = iflist[i].index;
++ }
++ /* Close disappeared interfaces */
++ for (i=0; i<MAXIF; ++i)
++ {
++ if ((old_ifsnr[i].sock_nr != -1) && (old_ifsnr[i].ifindex !=
-1) &&
++ (find_sock_nr(cur_ifsnr, old_ifsnr[i].ifindex) == -1)) {
++ NVBCR_PRINTF(("Closing an interface (it disappeared), namely:
(s_nr=%d, ifidx=%d)\n", old_ifsnr[i].sock_nr, old_ifsnr[i].ifindex));
++ close(old_ifsnr[i].sock_nr);
++ old_ifsnr[i].sock_nr = -1;
++ old_ifsnr[i].ifindex = -1;
++ ifs_change = 1;
++ }
++ }
++ if (ifs_change == 1)
++ {
++ NVBCR_PRINTF(("Active interface set changed --> displaying
current active interfaces..\n"));
++ if (vnologging == 0) {
++ lptr = log_interfaces;
++ lsize = sizeof(log_interfaces);
++ chunk = snprintf(lptr, lsize, "%s ",
++ "Active interface set changed to:");
++ if (chunk < lsize) {
++ lptr += chunk;
++ lsize -= chunk;
++ }
++ }
++ for (i = 0; iflist[i].index; i++)
++ {
++ NVBCR_PRINTF(("\t\tactive interface number: %d, if=(%s),
sock_nr=%d\n", i, iflistToString(&(iflist[i])), cur_ifsnr[i].sock_nr));
++ if (vnologging == 0) {
++ chunk = snprintf(lptr, lsize, "%s ",
++ iflistLogIToString(&(iflist[i]),
i, &(cur_ifsnr[i])));
++ if (chunk < lsize) {
++ lptr += chunk;
++ lsize -= chunk;
++ }
++ }
++ }
++ if (vnologging == 0) syslog(LOG_INFO, "%s", log_interfaces);
++ ifs_change = 0;
++ }
++ continue;
++ }
++
++ if (rcg > 0)
++ {
++ /* rcg interfaces have pending input */
++ for (i=0; ((iflist[i].index != 0) && (rcg > 0)); ++i)
++ {
++ if ((cur_ifsnr[i].sock_nr != -1) &&
(FD_ISSET(cur_ifsnr[i].sock_nr,&sock_set)))
++ {
++ /* Valid socket number and pending input, let's read */
++ int rlen = read(cur_ifsnr[i].sock_nr, buf, sizeof(buf));
++ ipp_p = (struct packet *)&(buf[0]);
++ NVBCR_PRINTF(("IP_Packet=(tot_len=%d, id=%02x%02x, ttl=%d,
prot=%s, src_ip=%d.%d.%d.%d, dst_ip=%d.%d.%d.%d) (on if: %d/%d) ",
ntohs(ipp_p->ip.tot_len), (ntohs(ipp_p->ip.id))>>8,
(ntohs(ipp_p->ip.id))&0x00ff, ipp_p->ip.ttl,
IpProtToString(ipp_p->ip.protocol), (ntohl(ipp_p->ip.saddr))>>24,
((ntohl(ipp_p->ip.saddr))&0x00ff0000)>>16,
((ntohl(ipp_p->ip.saddr))&0x0000ff00)>>8, (ntohl(ipp_p->ip.saddr))&0x000000ff,
(ntohl(ipp_p->ip.daddr))>>24, ((ntohl(ipp_p->ip.daddr))&0x00ff0000)>>16,
((ntohl(ipp_p->ip.daddr))&0x0000ff00)>>8, (ntohl(ipp_p->ip.daddr))&0x000000ff,
i, iflist[i].index));
++ rcg -= 1;
++
++ if ( (ipp_p->ip.protocol == IPPROTO_UDP) &&
++ (((ntohl(ipp_p->ip.daddr)) & 0x000000ff) ==
0x000000ff) &&
++ (ipp_p->ip.ttl != 1) &&
++ (!((*IP_UDPPDU_CHECKSUM_MSB_PTR((unsigned char
*)ipp_p+(4*ipp_p->ip.ihl)) == 0) &&
++ (*IP_UDPPDU_CHECKSUM_LSB_PTR((unsigned char
*)ipp_p+(4*ipp_p->ip.ihl)) == 0))) )
++ {
++ int nrsent;
++ int ifindex_to_exclude = iflist[i].index;
++
++ NVBCR_PRINTF(("is an UDP BROADCAST (dstPort=%d,
srcPort=%d) (with TTL!=1 and UDP_CHKSUM!=0)\n\n",
++ ntohs(ipp_p->udp.dest),
ntohs(ipp_p->udp.source)));
++ if (vnologging == 0) {
++ lptr = log_relayed;
++ lsize = sizeof(log_relayed);
++ chunk = snprintf(lptr, lsize,
++ "UDP_BroadCast(sp=%d,dp=%d) from: %s
relayed to: ",
++ ntohs(ipp_p->udp.source),
++ ntohs(ipp_p->udp.dest),
++ iflistLogRToString(&(iflist[i]), i,
&(cur_ifsnr[i])));
++ if (chunk < lsize) {
++ lptr += chunk;
++ lsize -= chunk;
++ }
++ }
+
+- if (prepare_ipp == 0) {
+- // change TimeToLive to 1, This is to avoid loops, bcrelay
will *NOT* relay
+- // anything with TTL==1.
+- ipp_p->ip.ttl = 1;
++ /* going to relay a broadcast packet on all the
++ other interfaces */
++ for (j=0; iflist[j].index; ++j)
++ {
++ int prepare_ipp = 0; // Changing the incoming UDP
broadcast needs to be done once
++
++ if (iflist[j].index != ifindex_to_exclude)
++ {
++ NVBCR_PRINTF(("Going to sent UDP Broadcast on
interface: %s, sock_nr=%d\n", iflistToString(&(iflist[j])),
cur_ifsnr[j].sock_nr));
++
++ memset(&sa, 0, salen);
++
++ sa.sll_family = AF_PACKET;
++ sa.sll_ifindex = iflist[j].index; /* Must be
the SIOCGIFINDEX number */
++ // Set the outgoing hardware address to 1's.
True Broadcast
++ sa.sll_addr[0] = sa.sll_addr[1] =
sa.sll_addr[2] = sa.sll_addr[3] = 0xff;
++ sa.sll_addr[4] = sa.sll_addr[5] =
sa.sll_addr[6] = sa.sll_addr[7] = 0xff;
++ sa.sll_halen = 6;
++
++ /*
++ * htons(ETH_P_IP) is necessary
++ * otherwise sendto will succeed but no
++ * packet is actually sent on the wire
++ * (this was the case for PPP
++ * interfaces, for ETH interfaces an
++ * unknown LAN frame is sent if
++ * htons(ETH_P_IP) is not set as
++ * protocol).
++ */
++ sa.sll_protocol = htons(ETH_P_IP); /*
ETH_P_PPP_MP */
++
++ if (prepare_ipp == 0) {
++ // change TimeToLive to 1, This is to
++ // avoid loops, bcrelay will *NOT*
++ // relay anything with TTL==1.
++ ipp_p->ip.ttl = 1;
+
+- // The CRC gets broken here when sending over ipsec tunnels
but that
+- // should not matter as we reassemble the packet at the
other end.
+- ipp_p->ip.daddr = iflist[j].bcast;
++ // The CRC gets broken here when
++ // sending over ipsec tunnels but that
++ // should not matter as we reassemble
++ // the packet at the other end.
++ ipp_p->ip.daddr = iflist[j].bcast;
+
+- // check IP srcAddr (on some winXP boxes it is found to be
+- // different from the configured ppp address).
+- // Only do this for PPP interfaces.
+- if ((iflist[i].flags1 & IFLIST_FLAGS1_IF_IS_PPP) &&
+- (ntohl(ipp_p->ip.saddr) != iflist[i].ifdstaddr))
+- {
+- ipp_p->ip.saddr = htonl(iflist[i].ifdstaddr);
+- iflist[i].flags1 |= IFLIST_FLAGS1_CHANGED_INNER_SADDR;
+- }
++ // check IP srcAddr (on some winXP
++ // boxes it is found to be different
++ // from the configured ppp address).
++ // Only do this for PPP interfaces.
++ if ((iflist[i].flags1 &
IFLIST_FLAGS1_IF_IS_PPP) &&
++ (ntohl(ipp_p->ip.saddr) !=
iflist[i].ifdstaddr))
++ {
++ ipp_p->ip.saddr =
htonl(iflist[i].ifdstaddr);
++ iflist[i].flags1 |=
IFLIST_FLAGS1_CHANGED_INNER_SADDR;
++ }
+
+- // Update IP checkSum (TTL and src/dest IP Address might
have changed)
+- ip_update_checksum((unsigned char *)ipp_p);
+- /* Disable upper layer checksum */
+- udppdu = (unsigned char *)ipp_p + (4 * ipp_p->ip.ihl);
+- *IP_UDPPDU_CHECKSUM_MSB_PTR(udppdu) = (unsigned char)0;
+- *IP_UDPPDU_CHECKSUM_LSB_PTR(udppdu) = (unsigned char)0;
+-
+- prepare_ipp = 1;
++ // Update IP checkSum (TTL and
++ // src/dest IP Address might have
++ // changed)
++ ip_update_checksum((unsigned char *)ipp_p);
++ /* Disable upper layer checksum */
++ udppdu = (unsigned char *)ipp_p + (4 *
ipp_p->ip.ihl);
++ *IP_UDPPDU_CHECKSUM_MSB_PTR(udppdu) =
(unsigned char)0;
++ *IP_UDPPDU_CHECKSUM_LSB_PTR(udppdu) =
(unsigned char)0;
++
++ prepare_ipp = 1;
++ }
++
++ /*
++ * The beauty of sending IP packets on a
++ * PACKET socket of type SOCK_DGRAM is
++ * that there is no need to concern
++ * about the physical/link layer header
++ * because it is filled in automatically
++ * (based on the contents of sa).
++ */
++ if ((nrsent = sendto(cur_ifsnr[j].sock_nr,
ipp_p, rlen, MSG_DONTWAIT|MSG_TRYHARD, (struct sockaddr *)&sa, salen)) < 0)
++ {
++ if (errno == ENETDOWN) {
++ syslog(LOG_NOTICE, "ignored ENETDOWN from
sendto(), a network interface was going down?");
++ } else if (errno == ENXIO) {
++ syslog(LOG_NOTICE, "ignored ENXIO from
sendto(), a network interface went down?");
++ } else if (errno == ENOBUFS) {
++ syslog(LOG_NOTICE, "ignored ENOBUFS from
sendto(), temporary shortage of buffer memory");
++ } else {
++ syslog(LOG_ERR, "mainloop: Error, sendto
failed! (rv=%d, errno=%d)", nrsent, errno);
++ exit(1);
++ }
++ }
++ NVBCR_PRINTF(("Successfully relayed %d bytes
\n", nrsent));
++ if (vnologging == 0) {
++ chunk = snprintf(lptr, lsize, "%s ",
++
iflistLogRToString(&(iflist[j]), j, &(cur_ifsnr[j])));
++ if (chunk < lsize) {
++ lptr += chunk;
++ lsize -= chunk;
++ }
++ }
++ }
++ }
++ if (vnologging == 0) syslog(LOG_INFO, "%s",
log_relayed);
++ } else {
++ NVBCR_PRINTF(("is NOT an UDP BROADCAST (with TTL!=1 and
UDP_CHKSUM!=0)\n\n"));
++ }
+ }
++ }
++ /*
++ * Don't forget to discover new interfaces if we keep
++ * getting incoming packets (on an already discovered
++ * interface).
++ */
++ if (no_discifs_cntr == 0)
++ {
++ no_discifs_cntr = MAX_NODISCOVER_IFS;
+
+- /*
+- * The beauty of sending IP packets on a PACKET socket of
type SOCK_DGRAM is that
+- * there is no need to concern about the physical/link layer
header because it is
+- * filled in automatically (based on the contents of sa).
+- */
+- if ((nrsent = sendto(cur_ifsnr[j].sock_nr, ipp_p, rlen,
MSG_DONTWAIT|MSG_TRYHARD, (struct sockaddr *)&sa, salen)) < 0)
+- {
+- if (errno == ENETDOWN) {
+- syslog(LOG_NOTICE, "ignored ENETDOWN from sendto(), a
network interface was going down?");
+- } else if (errno == ENXIO) {
+- syslog(LOG_NOTICE, "ignored ENXIO from sendto(), a
network interface went down?");
+- } else if (errno == ENOBUFS) {
+- syslog(LOG_NOTICE, "ignored ENOBUFS from sendto(),
temporary shortage of buffer memory");
+- } else {
+- syslog(LOG_ERR, "mainloop: Error, sendto failed! (rv=%d,
errno=%d)", nrsent, errno);
++ /* no_discifs_cntr became 0, rediscover interfaces */
++ NVBCR_PRINTF(("no_discifs_cntr became 0, rediscover
interfaces\n"));
++ copy_ifsnr(cur_ifsnr, old_ifsnr);
++ memset(cur_ifsnr, -1, sizeof(cur_ifsnr));
++ iflist = discoverActiveInterfaces(s);
++ /*
++ * Build new cur_ifsnr list.
++ * Make iflist[i] correspond with cur_ifsnr[i], so
iflist[i].index == cur_ifsnr[i].ifindex
++ * The old list (old_ifsnr) is used to compare.
++ */
++ for (i=0; iflist[i].index; ++i) {
++ /* check to see if it is a NEW interface */
++ int fsnr = find_sock_nr(old_ifsnr, iflist[i].index);
++ if (fsnr == -1) {
++ /* found new interface, open dedicated socket and
++ bind it to the interface */
++ if ((cur_ifsnr[i].sock_nr = socket(PF_PACKET, SOCK_DGRAM,
htons(ETH_P_ALL))) < 0) {
++ syslog(LOG_ERR, "mainloop: Error, socket error! (rv=%d,
errno=%d)", cur_ifsnr[i].sock_nr, errno);
+ exit(1);
+ }
++ bind_to_iface(cur_ifsnr[i].sock_nr, iflist[i].index);
++ ifs_change = 1;
+ }
+- NVBCR_PRINTF(("Successfully relayed %d bytes \n", nrsent));
+- if (vnologging == 0) {
+- logstr_cntr = sprintf(logstr, "%s ",
iflistLogRToString(&(iflist[j]), j, &(cur_ifsnr[j])));
+- logstr += logstr_cntr;
+- }
++ else
++ {
++ /*
++ * not a new interface, socket already opened,
++ * interface already bound. Update cur_ifsnr.
++ */
++ cur_ifsnr[i].sock_nr = fsnr;
++ }
++ cur_ifsnr[i].ifindex = iflist[i].index;
+ }
++ /* Close disappeared interfaces */
++ for (i=0; i<MAXIF; ++i)
++ {
++ if ((old_ifsnr[i].sock_nr != -1) && (old_ifsnr[i].ifindex
!= -1) &&
++ (find_sock_nr(cur_ifsnr, old_ifsnr[i].ifindex) == -1)) {
++ NVBCR_PRINTF(("Closing an interface (it disappeared),
namely: (s_nr=%d, ifidx=%d)\n", old_ifsnr[i].sock_nr, old_ifsnr[i].ifindex));
++ close(old_ifsnr[i].sock_nr);
++ old_ifsnr[i].sock_nr = -1;
++ old_ifsnr[i].ifindex = -1;
++ ifs_change = 1;
++ }
++ }
++ if (ifs_change == 1)
++ {
++ NVBCR_PRINTF(("Active interface set changed --> displaying
current active interfaces..\n"));
++ if (vnologging == 0) {
++ lptr = log_interfaces;
++ lsize = sizeof(log_interfaces);
++ chunk = snprintf(lptr, lsize, "%s ",
++ "Active interface set changed to:");
++ if (chunk < lsize) {
++ lptr += chunk;
++ lsize -= chunk;
++ }
++ }
++ for (i = 0; iflist[i].index; i++)
++ {
++ NVBCR_PRINTF(("\t\tactive interface number: %d,
if=(%s), sock_nr=%d\n", i, iflistToString(&(iflist[i])), cur_ifsnr[i].sock_nr));
++ if (vnologging == 0) {
++ chunk = snprintf(lptr, lsize, "%s ",
++ iflistLogIToString(&(iflist[i]), i,
&(cur_ifsnr[i])));
++ if (chunk < lsize) {
++ lptr += chunk;
++ lsize -= chunk;
++ }
++ }
++ }
++ if (vnologging == 0) syslog(LOG_INFO, "%s", log_interfaces);
++ ifs_change = 0;
++ }
+ }
+- if (vnologging == 0) syslog(LOG_INFO, "%s", log_relayed);
+- } else {
+- NVBCR_PRINTF(("is NOT an UDP BROADCAST (with TTL!=1 and
UDP_CHKSUM!=0)\n\n"));
+- }
+- }
+- }
+- /*
+- * Don't forget to discover new interfaces if we keep getting
+- * incoming packets (on an already discovered interface).
+- */
+- if (no_discifs_cntr == 0)
+- {
+- no_discifs_cntr = MAX_NODISCOVER_IFS;
+-
+- /* no_discifs_cntr became 0, rediscover interfaces */
+- NVBCR_PRINTF(("no_discifs_cntr became 0, rediscover interfaces\n"));
+- copy_ifsnr(cur_ifsnr, old_ifsnr);
+- memset(cur_ifsnr, -1, sizeof(cur_ifsnr));
+- iflist = discoverActiveInterfaces(s);
+- /*
+- * Build new cur_ifsnr list.
+- * Make iflist[i] correspond with cur_ifsnr[i], so iflist[i].index ==
cur_ifsnr[i].ifindex
+- * The old list (old_ifsnr) is used to compare.
+- */
+- for (i=0; iflist[i].index; ++i) {
+- /* check to see if it is a NEW interface */
+- int fsnr = find_sock_nr(old_ifsnr, iflist[i].index);
+- if (fsnr == -1) {
+- /* found new interface, open dedicated socket and bind it to the
interface */
+- if ((cur_ifsnr[i].sock_nr = socket(PF_PACKET, SOCK_DGRAM,
htons(ETH_P_ALL))) < 0) {
+- syslog(LOG_ERR, "mainloop: Error, socket error! (rv=%d,
errno=%d)", cur_ifsnr[i].sock_nr, errno);
+- exit(1);
+- }
+- bind_to_iface(cur_ifsnr[i].sock_nr, iflist[i].index);
+- ifs_change = 1;
+- }
+ else
+- {
+- /*
+- * not a new interface, socket already openen, interface already
+- * bound. Update cur_ifsnr.
+- */
+- cur_ifsnr[i].sock_nr = fsnr;
+- }
+- cur_ifsnr[i].ifindex = iflist[i].index;
+- }
+- /* Close disappeared interfaces */
+- for (i=0; i<MAXIF; ++i)
+- {
+- if ((old_ifsnr[i].sock_nr != -1) && (old_ifsnr[i].ifindex != -1) &&
+- (find_sock_nr(cur_ifsnr, old_ifsnr[i].ifindex) == -1)) {
+- NVBCR_PRINTF(("Closing an interface (it disappeared), namely:
(s_nr=%d, ifidx=%d)\n", old_ifsnr[i].sock_nr, old_ifsnr[i].ifindex));
+- close(old_ifsnr[i].sock_nr);
+- old_ifsnr[i].sock_nr = -1;
+- old_ifsnr[i].ifindex = -1;
+- ifs_change = 1;
+- }
+- }
+- if (ifs_change == 1)
+- {
+- NVBCR_PRINTF(("Active interface set changed --> displaying current
active interfaces..\n"));
+- if (vnologging == 0) {
+- logstr = log_interfaces;
+- logstr_cntr = sprintf(logstr, "Active interface set changed to:
");
+- logstr += logstr_cntr;
+- }
+- for (i = 0; iflist[i].index; i++)
+- {
+- NVBCR_PRINTF(("\t\tactive interface number: %d, if=(%s),
sock_nr=%d\n", i, iflistToString(&(iflist[i])), cur_ifsnr[i].sock_nr));
+- if (vnologging == 0) {
+- logstr_cntr = sprintf(logstr, "%s ",
iflistLogIToString(&(iflist[i]), i, &(cur_ifsnr[i])));
+- logstr += logstr_cntr;
++ {
++ no_discifs_cntr -= MAX_SELECT_WAIT;
+ }
+- }
+- if (vnologging == 0) syslog(LOG_INFO, "%s", log_interfaces);
+- ifs_change = 0;
+ }
+- }
+- else
+- {
+- no_discifs_cntr -= MAX_SELECT_WAIT;
+- }
+ }
+- }
+ }
+
+ // Discover active interfaces
+@@ -788,102 +860,102 @@ discoverActiveInterfaces(int s) {
+ /* Reset ifs */
+ memset(&ifs, 0, sizeof(ifs));
+
+- //regcomp(&preg, argv[1], REG_ICASE|REG_EXTENDED);
+- regcomp(&preg, interfaces, REG_ICASE|REG_EXTENDED);
++ regcomp(&preg, reg_interfaces, REG_ICASE|REG_EXTENDED);
+ ifs.ifc_len = MAXIF*sizeof(struct ifreq);
+ ifs.ifc_req = malloc(ifs.ifc_len);
+ ioctl(s, SIOCGIFCONF, &ifs); // Discover active interfaces
+ for (i = 0; i * sizeof(struct ifreq) < ifs.ifc_len && cntr < MAXIF; i++)
+- {
+- if (regexec(&preg, ifs.ifc_req[i].ifr_name, 0, NULL, 0) == 0) {
+-
+- /*
+- * Get interface flags and check status and type.
+- * Only if interface is up it will be used.
+- */
+- memset(&ifrflags, 0, sizeof(ifrflags));
+- strncpy(ifrflags.ifr_name, ifs.ifc_req[i].ifr_name,
strlen(ifs.ifc_req[i].ifr_name));
+- if (ioctl(s, SIOCGIFFLAGS, &ifrflags) < 0) {
+- syslog(LOG_ERR, "discoverActiveInterfaces: Error, SIOCGIFFLAGS
Failed! (errno=%d)", errno);
+- exit(1);
+- }
+-
+- if (ifrflags.ifr_flags & IFF_UP)
+- {
+- /*
+- * Get interface index
+- */
+- ioctl(s, SIOCGIFINDEX, &ifs.ifc_req[i]);
+-//Fix 3mar2003
+- //iflist[cntr].index = (char)ifs.ifc_req[i].ifr_ifindex;
+- iflist[cntr].index = ifs.ifc_req[i].ifr_ifindex;
+-
+- /*
+- * Get interface name
+- */
+- strncpy(iflist[cntr].ifname, ifs.ifc_req[i].ifr_ifrn.ifrn_name,
+- sizeof(iflist[cntr].ifname));
+- iflist[cntr].ifname[sizeof(iflist[cntr].ifname)-1] = 0;
++ {
++ if (regexec(&preg, ifs.ifc_req[i].ifr_name, 0, NULL, 0) == 0) {
+
+ /*
+- * Get local IP address
++ * Get interface flags and check status and type.
++ * Only if interface is up it will be used.
+ */
+- memset(&ifr, 0, sizeof(ifr));
+- ifr.ifr_addr.sa_family = AF_INET;
+- (void)strncpy(ifr.ifr_name, iflist[cntr].ifname,
strlen(iflist[cntr].ifname)+1);
+- if (ioctl(s, SIOCGIFADDR, (char *)&ifr) < 0) {
+- syslog(LOG_ERR, "discoverActiveInterfaces: Error, SIOCGIFADDR
Failed! (errno=%d)", errno);
++ memset(&ifrflags, 0, sizeof(ifrflags));
++ strncpy(ifrflags.ifr_name, ifs.ifc_req[i].ifr_name,
strlen(ifs.ifc_req[i].ifr_name));
++ if (ioctl(s, SIOCGIFFLAGS, &ifrflags) < 0) {
++ syslog(LOG_ERR, "discoverActiveInterfaces: Error, SIOCGIFFLAGS
Failed! (errno=%d)", errno);
+ exit(1);
+ }
+- sin = (struct sockaddr_in *)&ifr.ifr_addr;
+- iflist[cntr].ifaddr = ntohl(sin->sin_addr.s_addr);
+
+- iflist[cntr].flags1 = 0;
++ if (ifrflags.ifr_flags & IFF_UP)
++ {
++ /*
++ * Get interface index
++ */
++ ioctl(s, SIOCGIFINDEX, &ifs.ifc_req[i]);
++ //Fix 3mar2003
++ //iflist[cntr].index = (char)ifs.ifc_req[i].ifr_ifindex;
++ iflist[cntr].index = ifs.ifc_req[i].ifr_ifindex;
+
+- if (ifrflags.ifr_flags & IFF_POINTOPOINT) {
+- /*
+- * Get remote IP address (only for PPP interfaces)
+- */
+- memset(&ifr, 0, sizeof(ifr));
+- ifr.ifr_addr.sa_family = AF_INET;
+- (void)strncpy(ifr.ifr_name, iflist[cntr].ifname,
strlen(iflist[cntr].ifname)+1);
+- if (ioctl(s, SIOCGIFDSTADDR, (char *)&ifr) < 0) {
+- syslog(LOG_ERR, "discoverActiveInterfaces: Error, SIOCGIFDSTADDR
Failed! (errno=%d)", errno);
+- exit(1);
+- }
+- sin = (struct sockaddr_in *)&ifr.ifr_addr;
+- iflist[cntr].ifdstaddr = ntohl(sin->sin_addr.s_addr);
++ /*
++ * Get interface name
++ */
++ strncpy(iflist[cntr].ifname, ifs.ifc_req[i].ifr_ifrn.ifrn_name,
++ sizeof(iflist[cntr].ifname));
++ iflist[cntr].ifname[sizeof(iflist[cntr].ifname)-1] = 0;
+
+- iflist[cntr].flags1 |= IFLIST_FLAGS1_IF_IS_PPP;
+- iflist[cntr].bcast = INADDR_BROADCAST;
+- }
+- else if (ifrflags.ifr_flags & IFF_BROADCAST)
+- {
+- iflist[cntr].ifdstaddr = 0;
+- iflist[cntr].flags1 |= IFLIST_FLAGS1_IF_IS_ETH;
+- iflist[cntr].bcast = INADDR_BROADCAST;
+- }
+- else
+- {
+- iflist[cntr].ifdstaddr = 0;
+- iflist[cntr].flags1 |= IFLIST_FLAGS1_IF_IS_UNKNOWN;
+- iflist[cntr].bcast = INADDR_BROADCAST;
+- }
++ /*
++ * Get local IP address
++ */
++ memset(&ifr, 0, sizeof(ifr));
++ ifr.ifr_addr.sa_family = AF_INET;
++ (void)strncpy(ifr.ifr_name, iflist[cntr].ifname,
strlen(iflist[cntr].ifname)+1);
++ if (ioctl(s, SIOCGIFADDR, (char *)&ifr) < 0) {
++ syslog(LOG_ERR, "discoverActiveInterfaces: Error, SIOCGIFADDR
Failed! (errno=%d)", errno);
++ exit(1);
++ }
++ sin = (struct sockaddr_in *)&ifr.ifr_addr;
++ iflist[cntr].ifaddr = ntohl(sin->sin_addr.s_addr);
+
+- cntr++;
+- }
+- // IPSEC tunnels are a fun one. We must change the destination address
+- // so that it will be routed to the correct tunnel end point.
+- // We can define several tunnel end points for the same ipsec interface.
+- } else if (ipsec != empty && strncmp(ifs.ifc_req[i].ifr_name, "ipsec", 5)
== 0) {
+- if (strncmp(ifs.ifc_req[i].ifr_name, ipsec, 6) == 0) {
+- struct hostent *hp = gethostbyname(ipsec+7);
+- ioctl(s, SIOCGIFINDEX, &ifs.ifc_req[i]);
+- iflist[cntr].index = ifs.ifc_req[i].ifr_ifindex; /* Store the
SIOCGIFINDEX number */
+- memcpy(&(iflist[cntr++].bcast), hp->h_addr, sizeof(u_int32_t));
++ iflist[cntr].flags1 = 0;
++
++ if (ifrflags.ifr_flags & IFF_POINTOPOINT) {
++ /*
++ * Get remote IP address (only for PPP interfaces)
++ */
++ memset(&ifr, 0, sizeof(ifr));
++ ifr.ifr_addr.sa_family = AF_INET;
++ (void)strncpy(ifr.ifr_name, iflist[cntr].ifname,
strlen(iflist[cntr].ifname)+1);
++ if (ioctl(s, SIOCGIFDSTADDR, (char *)&ifr) < 0) {
++ syslog(LOG_ERR, "discoverActiveInterfaces: Error,
SIOCGIFDSTADDR Failed! (errno=%d)", errno);
++ exit(1);
++ }
++ sin = (struct sockaddr_in *)&ifr.ifr_addr;
++ iflist[cntr].ifdstaddr = ntohl(sin->sin_addr.s_addr);
++
++ iflist[cntr].flags1 |= IFLIST_FLAGS1_IF_IS_PPP;
++ iflist[cntr].bcast = INADDR_BROADCAST;
++ }
++ else if (ifrflags.ifr_flags & IFF_BROADCAST)
++ {
++ iflist[cntr].ifdstaddr = 0;
++ iflist[cntr].flags1 |= IFLIST_FLAGS1_IF_IS_ETH;
++ iflist[cntr].bcast = INADDR_BROADCAST;
++ }
++ else
++ {
++ iflist[cntr].ifdstaddr = 0;
++ iflist[cntr].flags1 |= IFLIST_FLAGS1_IF_IS_UNKNOWN;
++ iflist[cntr].bcast = INADDR_BROADCAST;
++ }
++
++ cntr++;
++ }
++ // IPSEC tunnels are a fun one. We must change the
++ // destination address so that it will be routed to the
++ // correct tunnel end point. We can define several tunnel end
++ // points for the same ipsec interface.
++ } else if (ipsec != empty && strncmp(ifs.ifc_req[i].ifr_name, "ipsec",
5) == 0) {
++ if (strncmp(ifs.ifc_req[i].ifr_name, ipsec, 6) == 0) {
++ struct hostent *hp = gethostbyname(ipsec+7);
++ ioctl(s, SIOCGIFINDEX, &ifs.ifc_req[i]);
++ iflist[cntr].index = ifs.ifc_req[i].ifr_ifindex; /* Store the
SIOCGIFINDEX number */
++ memcpy(&(iflist[cntr++].bcast), hp->h_addr, sizeof(u_int32_t));
++ }
+ }
+ }
+- }
+
+ iflist[cntr].index = 0; // Terminate list
+ free(ifs.ifc_req); // Stop that leak.
+@@ -934,28 +1006,33 @@ void ip_update_checksum(unsigned char *i
+ static char *IpProtToString( unsigned char prot )
+ {
+ switch( prot )
+- {
+- case 0x11:
+- return "UDP";
+- case 0x6:
+- return "TCP";
+- case 0x2f:
+- return "GRE";
+- case 0x1:
+- return "ICMP";
+- default:
+- return "???";
+- }
++ {
++ case 0x11:
++ return "UDP";
++ case 0x6:
++ return "TCP";
++ case 0x2f:
++ return "GRE";
++ case 0x1:
++ return "ICMP";
++ default:
++ return "???";
++ }
+ }
+
+ static char *iflistToString( struct iflist *ifp )
+ {
+- static char str_tr[80+1];
++ static char str_tr[MAX_IFLOGTOSTR+90];
+
+- sprintf(str_tr, "index=%d, ifname=%s, ifaddr=%ld.%ld.%ld.%ld,
ifdstaddr=%ld.%ld.%ld.%ld, flags1=0x%04lx",
++ snprintf(str_tr, sizeof(str_tr), "index=%d, ifname=%s,
ifaddr=%ld.%ld.%ld.%ld, ifdstaddr=%ld.%ld.%ld.%ld, flags1=0x%04lx",
+ ifp->index, ifp->ifname,
+- (ifp->ifaddr)>>24, ((ifp->ifaddr)&0x00ff0000)>>16,
((ifp->ifaddr)&0x0000ff00)>>8, (ifp->ifaddr)&0x000000ff,
+- (ifp->ifdstaddr)>>24, ((ifp->ifdstaddr)&0x00ff0000)>>16,
((ifp->ifdstaddr)&0x0000ff00)>>8,
++ (ifp->ifaddr)>>24,
++ ((ifp->ifaddr)&0x00ff0000)>>16,
++ ((ifp->ifaddr)&0x0000ff00)>>8,
++ (ifp->ifaddr)&0x000000ff,
++ (ifp->ifdstaddr)>>24,
++ ((ifp->ifdstaddr)&0x00ff0000)>>16,
++ ((ifp->ifdstaddr)&0x0000ff00)>>8,
+ (ifp->ifdstaddr)&0x000000ff, ifp->flags1);
+
+ return str_tr;
+@@ -963,21 +1040,16 @@ static char *iflistToString( struct ifli
+
+ static char *iflistLogRToString( struct iflist *ifp, int idx, struct ifsnr
*ifnr )
+ {
+- static char str_tr[MAX_IFLOGTOSTR]; /*
+- * This makes function: 1)
non-reentrant (doesn't matter).
+- * 2) not useable
multiple times by (s)printf.
+- */
+- sprintf(str_tr, "%s", ifp->ifname);
++ static char str_tr[MAX_IFLOGTOSTR];
++ snprintf(str_tr, sizeof(str_tr), "%s", ifp->ifname);
+ return str_tr;
+ }
+
+ static char *iflistLogIToString( struct iflist *ifp, int idx, struct ifsnr
*ifnr )
+ {
+- static char str_tr[MAX_IFLOGTOSTR]; /*
+- * This makes function: 1)
non-reentrant (doesn't matter).
+- * 2) not useable
multiple times by (s)printf.
+- */
+- sprintf(str_tr, "%s(%d/%d/%d)", ifp->ifname, idx, ifp->index,
ifnr->sock_nr);
++ static char str_tr[MAX_IFLOGTOSTR+64];
++ snprintf(str_tr, sizeof(str_tr), "%s(%d/%d/%d)", ifp->ifname,
++ idx, ifp->index, ifnr->sock_nr);
+ return str_tr;
+ }
+
+@@ -1001,10 +1073,10 @@ static void copy_ifsnr(struct ifsnr *fro
+ int i;
+
+ for (i=0; i<MAXIF; ++i)
+- {
+- to[i].sock_nr = from[i].sock_nr;
+- to[i].ifindex = from[i].ifindex;
+- }
++ {
++ to[i].sock_nr = from[i].sock_nr;
++ to[i].ifindex = from[i].ifindex;
++ }
+ }
+
+ static int find_sock_nr(struct ifsnr *l, int ifidx)
+@@ -1016,4 +1088,3 @@ static int find_sock_nr(struct ifsnr *l,
+ /* not found */
+ return -1;
+ }
+-
diff -Nru pptpd-1.4.0/debian/patches/series pptpd-1.4.0/debian/patches/series
--- pptpd-1.4.0/debian/patches/series 2013-10-20 15:32:16.000000000 +0200
+++ pptpd-1.4.0/debian/patches/series 2014-10-26 20:50:10.000000000 +0100
@@ -1,3 +1,3 @@
build_hardening-flags.patch
build_plugin.patch
-
+cherry-pick.1.4.0-11-g4ea2db6.ff.patch
signature.asc
Description: Digital signature
--- End Message ---
