Fix a problem where pipsecd opens a tun device that was previously used

by another application that had the IFHEAD flag set.  This fixes
truncation of incoming and outgoing packets because pipsecd expects this
flags to be cleared.

The MAINTAINER of this port (Patrick Bihan-Faou <patrick@mindstep.com>)
has asked to be removed as the maintainer of the port.  As I still use
this port, I am adopting it as it's new MAINTAINER.

PR:		ports/24753
Submitted by:	quinot@inf.enst.fr

2 files changed, 59 insertions, 9 deletions

diff --git a/net/pipsecd/Makefile b/net/pipsecd/Makefile
index 4669a63b9127..27a45fac0a64 100644
--- a/net/pipsecd/Makefile
+++ b/net/pipsecd/Makefile
@@ -7,12 +7,13 @@
 
 PORTNAME=	pipsecd
 PORTVERSION=	19991014
+PORTREVISION=	1
 CATEGORIES=	net security
 MASTER_SITES=	http://www.enst.fr/~beyssac/pipsec/ \
 		http://www.mindstep.com/pipsec/
 DISTNAME=	pipsec-19991014
 
-MAINTAINER=	patrick@mindstep.com
+MAINTAINER=	cy@FreeBSD.org
 
 USE_OPENSSL=	YES
 
diff --git a/net/pipsecd/files/patch-ab b/net/pipsecd/files/patch-ab
index b43d2182a8cb..adb8f1726fc3 100644
--- a/net/pipsecd/files/patch-ab
+++ b/net/pipsecd/files/patch-ab
@@ -1,6 +1,15 @@
---- tunip.c.orig	Tue Sep 21 18:20:40 1999
-+++ tunip.c	Sun Feb 20 20:36:27 2000
-@@ -54,12 +54,14 @@
+--- tunip.c.orig0	Tue Sep 21 15:20:40 1999
++++ tunip.c	Sat Feb 23 17:32:45 2002
+@@ -35,6 +35,8 @@
+ #include <unistd.h>
+ #include <fcntl.h>
+ #include <stdio.h>
++#include <sys/ioctl.h>
++#include <net/if_tun.h>
+ #include <netinet/in_systm.h>
+ #include <netinet/in.h>
+ #include <netinet/ip.h>
+@@ -54,12 +56,14 @@
  #include <blowfish.h>
  #include <cast.h>
  #include <des.h>
@@ -17,7 +26,7 @@
  #define _PATH_DEV_RANDOM	"/dev/random"
  
  #ifdef USE_ETHERTAP
-@@ -131,7 +133,9 @@
+@@ -131,7 +135,9 @@
  	des_key_schedule k3;
      } des3;
      CAST_KEY cast;
@@ -27,7 +36,7 @@
  } crypt_key;
  
  typedef struct crypt_method {
-@@ -304,12 +308,14 @@
+@@ -304,12 +310,14 @@
  void cast_cbc_decrypt(unsigned char *iv, crypt_key *dk,
  		      unsigned char *ct, unsigned int len);
  int cast_setkey(unsigned char *b, unsigned int len, crypt_key *k);
@@ -42,7 +51,7 @@
  void my_des_cbc_encrypt(unsigned char *iv, crypt_key *ek,
  			unsigned char *t, unsigned int len);
  void my_des_cbc_decrypt(unsigned char *iv, crypt_key *dk,
-@@ -379,14 +385,20 @@
+@@ -379,14 +387,20 @@
  
  hash_method_t *hash_list = &hash_ripemd160;
  
@@ -63,7 +72,47 @@
      "cast_cbc", 8, 8,
      cast_cbc_encrypt, cast_cbc_decrypt,
      cast_setkey, cast_setkey
-@@ -1974,6 +1986,7 @@
+@@ -704,13 +718,22 @@
+  */
+ int tun_send_ip(struct tun_method *this, struct encap_method *encap, int fd)
+ {
+-    int sent;
++    int sent, i;
+ 
+     if (this->link_header_size) {
+         encap->buflen += this->link_header_size;
+         encap->buf -= this->link_header_size;
+         memcpy(encap->buf, this->link_header, this->link_header_size);
+     }
++#if 0
++    printf ("Packet sent to tun dev:");
++    for (i = 0; i < encap->buflen; i++) {
++      if (!(i % 16))
++        printf ("\n    ");
++      printf (" %02x", encap->buf[i]);
++    }
++    printf ("\n\n");   
++#endif
+     sent = write(fd, encap->buf, encap->buflen);
+     if (sent != encap->buflen)
+         syslog(LOG_ERR, "truncated in: %d -> %d\n", encap->buflen, sent);
+@@ -1120,6 +1143,7 @@
+ 	    }
+ 	} else if (strcmp(arg, "if") == 0) {
+ 	    int fd;
++	    int i = 0;
+ 	    struct sa_desc *local_sa, *remote_sa;
+ 	    struct peer_desc *peer;
+ 
+@@ -1128,6 +1152,7 @@
+ 		perror(arg);
+ 		continue;
+ 	    }
++	    ioctl (fd, TUNSIFHEAD, &i);
+ 
+ 	    local_sa = NULL;
+ 	    remote_sa = NULL;
+@@ -1974,6 +1999,7 @@
      return 0;
  }
  
@@ -71,7 +120,7 @@
  void my_idea_cbc_encrypt(unsigned char *iv, crypt_key *ek,
  			 unsigned char *t, unsigned int len)
  {
-@@ -2002,6 +2015,7 @@
+@@ -2002,6 +2028,7 @@
      idea_set_decrypt_key(&k->idea, &k->idea);
      return 0;
  }