From 707f1f6c811a1ded05563cbea73918215880d570 Mon Sep 17 00:00:00 2001 From: nico Date: Wed, 12 Apr 2006 00:17:43 +0000 Subject: Prevent l2tpd from using PMTU discovery, setting the DF bit on all outgoing UDP packets (closes: #471) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@3621 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- openwrt/package/l2tpd/Makefile | 2 +- openwrt/package/l2tpd/patches/05-df-disable.patch | 25 +++++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 openwrt/package/l2tpd/patches/05-df-disable.patch (limited to 'openwrt/package/l2tpd') diff --git a/openwrt/package/l2tpd/Makefile b/openwrt/package/l2tpd/Makefile index fa1a0f948..6435f35a7 100644 --- a/openwrt/package/l2tpd/Makefile +++ b/openwrt/package/l2tpd/Makefile @@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=l2tpd PKG_VERSION:=0.70pre PKG_UPSTREAM_VERSION:=0.70-pre20031121 -PKG_RELEASE:=3.1 +PKG_RELEASE:=4.1 PKG_MD5SUM:=3f2707b6e16a8cb72e7bf64f574202fa PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/main/l/l2tpd diff --git a/openwrt/package/l2tpd/patches/05-df-disable.patch b/openwrt/package/l2tpd/patches/05-df-disable.patch new file mode 100644 index 000000000..806c48d12 --- /dev/null +++ b/openwrt/package/l2tpd/patches/05-df-disable.patch @@ -0,0 +1,25 @@ +Patch to stop l2tpd setting the DF bit on each of the packets it sends. +Apart from not being useful with L2TP, this also prevents interoperating +with Cisco IOS over IPSEC. + +--- l2tpd-0.70-pre20031121.orig/network.c.orig 2006-04-11 08:50:38.000000000 +0100 ++++ l2tpd-0.70-pre20031121.orig/network.c 2006-04-11 08:58:18.000000000 +0100 +@@ -56,6 +56,18 @@ + __FUNCTION__); + return -EINVAL; + }; ++#ifdef IP_MTU_DISCOVER ++#ifdef IP_PMTUDISC_DONT ++ { ++ /* Don't set DF bit on outbound packets */ ++ int val = IP_PMTUDISC_DONT; ++ if (setsockopt(server_socket, IPPROTO_IP, IP_MTU_DISCOVER, &val, sizeof(val)) < 0) ++ { ++ log (LOG_LOG, "Failed to disable PMTU discovery\n"); ++ } ++ } ++#endif ++#endif + /* L2TP/IPSec: Set up SA for listening port here? NTB 20011015 + */ + if (bind (server_socket, (struct sockaddr *) &server, sizeof (server))) -- cgit v1.2.3