From: RISCi_ATOM Date: Sat, 5 Oct 2024 21:27:04 +0000 (-0400) Subject: xl2tpd : Add xl2tpd to base, pulled from upstream feed commit a111405eac397f4a48492e9... X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=bbeb7195f687042400f63cb12626275f1743cd20;p=librecmc%2Flibrecmc.git xl2tpd : Add xl2tpd to base, pulled from upstream feed commit a111405eac397f4a48492e9d710cea3aeb9092c3 --- diff --git a/package/network/services/xl2tpd/Makefile b/package/network/services/xl2tpd/Makefile new file mode 100644 index 0000000000..8abf256992 --- /dev/null +++ b/package/network/services/xl2tpd/Makefile @@ -0,0 +1,88 @@ +# +# Copyright (C) 2006-2015 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=xl2tpd +PKG_VERSION:=1.3.18 +PKG_RELEASE:=1 +PKG_MAINTAINER:=Yousong Zhou +PKG_LICENSE:=GPL-2.0 +PKG_LICENSE_FILES:=LICENSE + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/xelerance/xl2tpd.git +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) +PKG_SOURCE_VERSION:=v$(PKG_VERSION) +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_MIRROR_HASH:=f4faa15357063a2ac11e427adbcac6b51c755cc294f1a26fe4eb0c008840df31 + +PKG_INSTALL:=1 + +include $(INCLUDE_DIR)/package.mk + +define Package/xl2tpd + SECTION:=net + CATEGORY:=Network + TITLE:=An L2TP (Layer 2 Tunneling Protocol) daemon + URL:=http://www.xelerance.com/software/xl2tpd/ + SUBMENU:=VPN + DEPENDS:=+ppp-mod-pppol2tp +resolveip +endef + +define Package/xl2tpd/description +l2tpd is the open source implementation of the L2TP tunneling protocol (RFC2661). +It does implement both LAC and LNS role in a L2TP networking architecture. The +main goal of this protocol is to tunnel PPP frame trough an IP network. +endef + +ifneq (0,0) + # debugging options from Makefile of xl2tpd package + EXTRA_CFLAGS += \ + -DDEBUG_ZLB \ + -DDEBUG_HELLO \ + -DDEBUG_CLOSE \ + -DDEBUG_FLOW \ + -DDEBUG_FILE \ + -DDEBUG_AAA \ + -DDEBUG_PAYLOAD \ + -DDEBUG_CONTROL \ + -DDEBUG_PPPD \ + -DDEBUG_HIDDEN \ + -DDEBUG_ENTROPY \ + -DDEBUG_CONTROL_XMIT \ + -DDEBUG_MAGIC \ + -DDEBUG_FLOW_MORE \ + -DDEBUG_AUTH +endif + +define Package/xl2tpd/conffiles +/etc/xl2tpd/xl2tpd.conf +/etc/xl2tpd/xl2tp-secrets +/etc/ppp/options.xl2tpd +endef + +define Package/xl2tpd/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/local/sbin/xl2tpd $(1)/usr/sbin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/local/sbin/xl2tpd-control $(1)/usr/sbin/ + + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/xl2tpd.init $(1)/etc/init.d/xl2tpd + + $(INSTALL_DIR) $(1)/etc/xl2tpd + $(INSTALL_DATA) ./files/xl2tpd.conf $(1)/etc/xl2tpd/ + $(INSTALL_CONF) ./files/xl2tp-secrets $(1)/etc/xl2tpd/ + + $(INSTALL_DIR) $(1)/etc/ppp + $(INSTALL_DATA) ./files/options.xl2tpd $(1)/etc/ppp/ + + $(INSTALL_DIR) $(1)/lib/netifd/proto + $(INSTALL_BIN) ./files/l2tp.sh $(1)/lib/netifd/proto +endef + +$(eval $(call BuildPackage,xl2tpd)) diff --git a/package/network/services/xl2tpd/README.md b/package/network/services/xl2tpd/README.md new file mode 100644 index 0000000000..f6beead6b2 --- /dev/null +++ b/package/network/services/xl2tpd/README.md @@ -0,0 +1,45 @@ +# OpenWrt Package for xl2tpd + +xl2tpd is a development from the original l2tpd package originally written by +Mark Spencer, subsequently forked by Scott Balmos and David Stipp, inherited +by Jeff McAdams, modified substantially by Jacco de Leeuw and then forked +again by Xelerance (after it was abandoned by l2tpd.org). + +## Rationale for inclusion in OpenWrt + +l2tpd has some serious alignment problems on RISC platforms. It also runs +purely in userspace. + +Some of the features added in this fork include: + +1. IPSec SA reference tracking inconjunction with openswan's IPSec transport + mode, which adds support for multiple clients behind the same NAT router + and multiple clients on the same internal IP behind different NAT routers. + +2. Support for the pppol2tp kernel mode L2TP. + +3. Alignment and endian problems resolved. + +hcg + +## UCI options + +`server` takes the form `host[:port]` with port defaults to `1701`. It +specifies the l2tp server's address. + +`checkup_interval` tells netifd to check after that many seconds since last +setup attempt to see if the interface is up. If not it should issue another +teardown/setup round to retry the negotiation. This option defaults to 0 and +netifd will not do the check and retry. + +The following are generic ppp options and should have the same format and +semantics as with other ppp-related protocols. See +[uci/network#protocol_ppp](https://openwrt.org/docs/guide-user/network/wan/wan_interface_protocols#protocol_ppp_ppp_over_modem) +for details. + + username + password + keepalive + ipv6 + mtu + pppd_options diff --git a/package/network/services/xl2tpd/files/l2tp.sh b/package/network/services/xl2tpd/files/l2tp.sh new file mode 100644 index 0000000000..294c3ddecc --- /dev/null +++ b/package/network/services/xl2tpd/files/l2tp.sh @@ -0,0 +1,121 @@ +#!/bin/sh + +[ -x /usr/sbin/xl2tpd ] || exit 0 + +[ -n "$INCLUDE_ONLY" ] || { + . /lib/functions.sh + . ../netifd-proto.sh + init_proto "$@" +} + +proto_l2tp_init_config() { + proto_config_add_string "username" + proto_config_add_string "password" + proto_config_add_string "keepalive" + proto_config_add_string "pppd_options" + proto_config_add_boolean "ipv6" + proto_config_add_int "mtu" + proto_config_add_int "checkup_interval" + proto_config_add_string "server" + available=1 + no_device=1 + no_proto_task=1 + teardown_on_l3_link_down=1 +} + +proto_l2tp_setup() { + local interface="$1" + local optfile="/tmp/l2tp/options.${interface}" + local ip serv_addr server host + + json_get_var server server + host="${server%:*}" + for ip in $(resolveip -t 5 "$host"); do + ( proto_add_host_dependency "$interface" "$ip" ) + serv_addr=1 + done + [ -n "$serv_addr" ] || { + echo "Could not resolve server address" >&2 + sleep 5 + proto_setup_failed "$interface" + exit 1 + } + + # Start and wait for xl2tpd + if [ ! -p /var/run/xl2tpd/l2tp-control -o -z "$(pidof xl2tpd)" ]; then + /etc/init.d/xl2tpd restart + + local wait_timeout=0 + while [ ! -p /var/run/xl2tpd/l2tp-control ]; do + wait_timeout=$(($wait_timeout + 1)) + [ "$wait_timeout" -gt 5 ] && { + echo "Cannot find xl2tpd control file." >&2 + proto_setup_failed "$interface" + exit 1 + } + sleep 1 + done + fi + + local ipv6 keepalive username password pppd_options mtu + json_get_vars ipv6 keepalive username password pppd_options mtu + [ "$ipv6" = 1 ] || ipv6="" + + local interval="${keepalive##*[, ]}" + [ "$interval" != "$keepalive" ] || interval=5 + + keepalive="${keepalive:+lcp-echo-interval $interval lcp-echo-failure ${keepalive%%[, ]*}}" + username="${username:+user \"$username\" password \"$password\"}" + ipv6="${ipv6:++ipv6}" + mtu="${mtu:+mtu $mtu mru $mtu}" + + mkdir -p /tmp/l2tp + cat <"$optfile" +usepeerdns +nodefaultroute +ipparam "$interface" +ifname "l2tp-$interface" +ip-up-script /lib/netifd/ppp-up +ipv6-up-script /lib/netifd/ppp-up +ip-down-script /lib/netifd/ppp-down +ipv6-down-script /lib/netifd/ppp-down +# Don't wait for LCP term responses; exit immediately when killed. +lcp-max-terminate 0 +$keepalive +$username +$ipv6 +$mtu +$pppd_options +EOF + + xl2tpd-control add-lac l2tp-${interface} pppoptfile=${optfile} lns=${server} || { + echo "xl2tpd-control: Add l2tp-$interface failed" >&2 + proto_setup_failed "$interface" + exit 1 + } + xl2tpd-control connect-lac l2tp-${interface} || { + echo "xl2tpd-control: Connect l2tp-$interface failed" >&2 + proto_setup_failed "$interface" + exit 1 + } +} + +proto_l2tp_teardown() { + local interface="$1" + local optfile="/tmp/l2tp/options.${interface}" + + rm -f ${optfile} + if [ -p /var/run/xl2tpd/l2tp-control ]; then + xl2tpd-control remove-lac l2tp-${interface} || { + echo "xl2tpd-control: Remove l2tp-$interface failed" >&2 + } + fi + # Wait for interface to go down + while [ -d /sys/class/net/l2tp-${interface} ]; do + sleep 1 + done +} + +[ -n "$INCLUDE_ONLY" ] || { + add_protocol l2tp +} diff --git a/package/network/services/xl2tpd/files/options.xl2tpd b/package/network/services/xl2tpd/files/options.xl2tpd new file mode 100644 index 0000000000..5ef0d94414 --- /dev/null +++ b/package/network/services/xl2tpd/files/options.xl2tpd @@ -0,0 +1,20 @@ +# +noauth +debug +dump +logfd 2 +logfile /var/log/xl2tpd.log +noccp +novj +novjccomp +nopcomp +noaccomp +mtu 1400 +mru 1400 +require-mschap-v2 +lcp-echo-interval 20 +lcp-echo-failure 5 +connect-delay 5000 +nodefaultroute +noipdefault +proxyarp diff --git a/package/network/services/xl2tpd/files/xl2tp-secrets b/package/network/services/xl2tpd/files/xl2tp-secrets new file mode 100644 index 0000000000..0fb513f6fb --- /dev/null +++ b/package/network/services/xl2tpd/files/xl2tp-secrets @@ -0,0 +1,5 @@ +# Secrets for authenticating l2tp tunnels +# us them secret +# * marko blah2 +# zeus marko blah +# * * interop diff --git a/package/network/services/xl2tpd/files/xl2tpd.conf b/package/network/services/xl2tpd/files/xl2tpd.conf new file mode 100644 index 0000000000..2423ff6454 --- /dev/null +++ b/package/network/services/xl2tpd/files/xl2tpd.conf @@ -0,0 +1,23 @@ +[global] +port = 1701 +auth file = /etc/xl2tpd/xl2tp-secrets +access control = no + +;[lns default] +;exclusive = yes +;ip range = 192.168.254.202-192.168.254.210 +;lac = 10.0.1.2 +;hidden bit = no +;local ip = 192.168.254.200 +;length bit = yes +;refuse authentication = yes +;name = VersaLink +;ppp debug = yes +;pppoptfile = /etc/ppp/options.xl2tpd + +;[lac left] +;lns = 10.0.1.2 +;refuse authentication = yes +;name = VersaLink +;ppp debug = yes +;pppoptfile = /etc/ppp/options.xl2tpd diff --git a/package/network/services/xl2tpd/files/xl2tpd.conf.sample b/package/network/services/xl2tpd/files/xl2tpd.conf.sample new file mode 100644 index 0000000000..477afa5a69 --- /dev/null +++ b/package/network/services/xl2tpd/files/xl2tpd.conf.sample @@ -0,0 +1,73 @@ +; +; Sample l2tpd configuration file +; +; This example file should give you some idea of how the options for l2tpd +; should work. The best place to look for a list of all options is in +; the source code itself, until I have the time to write better documetation :) +; Specifically, the file "file.c" contains a list of commands at the end. +; +; You most definitely don't have to spell out everything as it is done here +; +; [global] ; Global parameters: +; port = 1701 ; * Bind to port 1701 +; auth file = /etc/xl2tpd/xl2tp-secrets ; * Where our challenge secrets are +; access control = yes ; * Refuse connections without IP match +; rand source = dev ; Source for entropy for random +; ; numbers, options are: +; ; dev - reads of /dev/urandom +; ; sys - uses rand() +; ; egd - reads from egd socket +; ; egd is not yet implemented +; +; [lns default] ; Our fallthrough LNS definition +; exclusive = no ; * Only permit one tunnel per host +; ip range = 192.168.0.1-192.168.0.20 ; * Allocate from this IP range +; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts +; ip range = 192.168.0.5 ; * But this one is okay +; ip range = lac1-lac2 ; * And anything from lac1 to lac2's IP +; lac = 192.168.1.4 - 192.168.1.8 ; * These can connect as LAC's +; no lac = untrusted.marko.net ; * This guy can't connect +; hidden bit = no ; * Use hidden AVP's? +; local ip = 192.168.1.2 ; * Our local IP to use +; length bit = yes ; * Use length bit in payload? +; require chap = yes ; * Require CHAP auth. by peer +; refuse pap = yes ; * Refuse PAP authentication +; refuse chap = no ; * Refuse CHAP authentication +; refuse authentication = no ; * Refuse authentication altogether +; require authentication = yes ; * Require peer to authenticate +; unix authentication = no ; * Use /etc/passwd for auth. +; name = myhostname ; * Report this as our hostname +; ppp debug = no ; * Turn on PPP debugging +; pppoptfile = /etc/ppp/options.xl2tpd.lns ; * ppp options file +; call rws = 10 ; * RWS for call (-1 is valid) +; tunnel rws = 4 ; * RWS for tunnel (must be > 0) +; flow bit = yes ; * Include sequence numbers +; challenge = yes ; * Challenge authenticate peer ; +; +; [lac marko] ; Example VPN LAC definition +; lns = lns.marko.net ; * Who is our LNS? +; lns = lns2.marko.net ; * A backup LNS (not yet used) +; redial = yes ; * Redial if disconnected? +; redial timeout = 15 ; * Wait n seconds between redials +; max redials = 5 ; * Give up after n consecutive failures +; hidden bit = yes ; * User hidden AVP's? +; local ip = 192.168.1.1 ; * Force peer to use this IP for us +; remote ip = 192.168.1.2 ; * Force peer to use this as their IP +; length bit = no ; * Use length bit in payload? +; require pap = no ; * Require PAP auth. by peer +; require chap = yes ; * Require CHAP auth. by peer +; refuse pap = yes ; * Refuse PAP authentication +; refuse chap = no ; * Refuse CHAP authentication +; refuse authentication = no ; * Refuse authentication altogether +; require authentication = yes ; * Require peer to authenticate +; name = marko ; * Report this as our hostname +; ppp debug = no ; * Turn on PPP debugging +; pppoptfile = /etc/ppp/options.xl2tpd.marko ; * ppp options file for this lac +; call rws = 10 ; * RWS for call (-1 is valid) +; tunnel rws = 4 ; * RWS for tunnel (must be > 0) +; flow bit = yes ; * Include sequence numbers +; challenge = yes ; * Challenge authenticate peer +; +; [lac cisco] ; Another quick LAC +; lns = cisco.marko.net ; * Required, but can take from default +; require authentication = yes diff --git a/package/network/services/xl2tpd/files/xl2tpd.init b/package/network/services/xl2tpd/files/xl2tpd.init new file mode 100644 index 0000000000..7d2e9ea30c --- /dev/null +++ b/package/network/services/xl2tpd/files/xl2tpd.init @@ -0,0 +1,24 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2006-2015 OpenWrt.org + +START=60 +USE_PROCD=1 + +BIN=xl2tpd +RUN_D="/var/run/xl2tpd" +PID_F="/var/run/xl2tpd.pid" + +start_service() { + rm -rf "$RUN_D" + mkdir -p "$RUN_D" + + procd_open_instance + procd_set_param command $BIN -D -l -p "$PID_F" + procd_set_param respawn + procd_close_instance +} + +stop_service() { + rm -rf "$RUN_D" + rm -rf "$PID_F" +} diff --git a/package/network/services/xl2tpd/patches/0001-xl2tpd-control-fix-out-of-bound-access.patch b/package/network/services/xl2tpd/patches/0001-xl2tpd-control-fix-out-of-bound-access.patch new file mode 100644 index 0000000000..0ee0376f2a --- /dev/null +++ b/package/network/services/xl2tpd/patches/0001-xl2tpd-control-fix-out-of-bound-access.patch @@ -0,0 +1,24 @@ +From f94ffac18ddfe72b00ec849a34c71d6bc5bcb767 Mon Sep 17 00:00:00 2001 +From: Yousong Zhou +Date: Thu, 12 Nov 2020 14:31:23 +0800 +Subject: [PATCH] xl2tpd-control: fix out-of-bound access + +It can cause segfault when presented with unknown command name + +Fixes 90884c62 ("xl2tpd-control refactoring") +--- + xl2tpd-control.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/xl2tpd-control.c ++++ b/xl2tpd-control.c +@@ -83,7 +83,8 @@ struct command_t commands[] = { + {"available", &command_available, TUNNEL_NOT_REQUIRED}, + {"add-lns", &command_add_lns, TUNNEL_REQUIRED}, + {"status-lns", &command_status_lns, TUNNEL_REQUIRED}, +- {"remove-lns", &command_remove_lns, TUNNEL_REQUIRED} ++ {"remove-lns", &command_remove_lns, TUNNEL_REQUIRED}, ++ {}, + }; + + void usage() diff --git a/package/network/services/xl2tpd/patches/0002-Skip-building-pfc.patch b/package/network/services/xl2tpd/patches/0002-Skip-building-pfc.patch new file mode 100644 index 0000000000..4ec98f38a8 --- /dev/null +++ b/package/network/services/xl2tpd/patches/0002-Skip-building-pfc.patch @@ -0,0 +1,59 @@ +From f374c10c77d25863606566edcddaf02481f25032 Mon Sep 17 00:00:00 2001 +From: Yousong Zhou +Date: Fri, 18 Oct 2019 11:29:03 +0000 +Subject: [PATCH] Skip building pfc + +It can cause build failure, see [1] + + [1] https://github.com/openwrt/packages/issues/10270 +--- + Makefile | 15 +++------------ + 1 file changed, 3 insertions(+), 12 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -115,10 +115,10 @@ BINDIR?=$(DESTDIR)${PREFIX}/bin + MANDIR?=$(DESTDIR)${PREFIX}/share/man + + +-all: $(EXEC) pfc $(CONTROL_EXEC) ++all: $(EXEC) $(CONTROL_EXEC) + + clean: +- rm -f $(OBJS) $(EXEC) pfc.o pfc $(CONTROL_EXEC) ++ rm -f $(OBJS) $(EXEC) $(CONTROL_EXEC) + + $(EXEC): $(OBJS) $(HDRS) + $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LDLIBS) +@@ -126,10 +126,6 @@ $(EXEC): $(OBJS) $(HDRS) + $(CONTROL_EXEC): $(CONTROL_SRCS) + $(CC) $(CFLAGS) $(LDFLAGS) $(CONTROL_SRCS) -o $@ + +-pfc: +- $(CC) $(CFLAGS) -c contrib/pfc.c +- $(CC) $(LDFLAGS) -o pfc pfc.o -lpcap $(LDLIBS) +- + romfs: + $(ROMFSINST) /bin/$(EXEC) + +@@ -142,7 +138,7 @@ packagingprep: + sed -i "s/Version: .*/Version: ${XL2TPDBASEVERSION}/" packaging/*/*.spec + sed -i "s/PKG_VERSION:=.*/PKG_VERSION:=${XL2TPDBASEVERSION}/" packaging/openwrt/Makefile + +-install: ${EXEC} pfc ${CONTROL_EXEC} ++install: ${EXEC} ${CONTROL_EXEC} + install -d -m 0755 ${SBINDIR} + install -m 0755 $(EXEC) ${SBINDIR}/$(EXEC) + install -d -m 0755 ${MANDIR}/man5 +@@ -151,11 +147,6 @@ install: ${EXEC} pfc ${CONTROL_EXEC} + install -m 0644 doc/xl2tpd-control.8 ${MANDIR}/man8/ + install -m 0644 doc/xl2tpd.conf.5 doc/l2tp-secrets.5 \ + ${MANDIR}/man5/ +- # pfc +- install -d -m 0755 ${BINDIR} +- install -m 0755 pfc ${BINDIR}/pfc +- install -d -m 0755 ${MANDIR}/man1 +- install -m 0644 contrib/pfc.1 ${MANDIR}/man1/ + # control exec + install -d -m 0755 ${SBINDIR} + install -m 0755 $(CONTROL_EXEC) ${SBINDIR}/$(CONTROL_EXEC)