Patch for pfil 2.1.4 Solaris 9 tunnel support

Thu, 21 Oct 2004 17:22:29 -0700 

IP Filter bug report form.
--------------------------
IP Filter Version: 4.1.3
Operating System Version: Solaris 9 x86
Configuration: LKM

Description of problem:

The pfil start script doesn't parse /etc/hostname.* filenames
correctly and also doesn't handle setting up pfil for a tunnel.

How to repeat:

Install, create hostname.ip.tun0 containing:

  feith-bb-vpn feith-asp-vpn netmask 0xfffffffc \
    tsrc feith-bb tdst prepnet-rt mtu 1440 up

, and reboot.  First problem is the script tries to plumb / unplumb
ip instead of ip.tun0 causing an error message regarding DL_INFO_ACK
timing out.  Second problem is autopush doesn't help when dealing
with a tunnel since the network card is the tun streams module instead
of a device driver.  The enclosed patch to S10pfil fixes the problem.

*** SunOS/S10pfil.ORIGINAL      Sat Jul 17 10:37:33 2004
--- SunOS/S10pfil       Thu Oct 21 20:04:02 2004
*************** fixif()
*** 10,15 ****
--- 10,48 ----
        fi
  }
  
+ fixtun()
+ {
+       # Unfortunately tunnels are implemented using
+       # a streams modules, not a device driver so
+       # autopush isn't of much help.  The current
+       # approach is to see if /usr/bin exists in
+       # which case it's late enough in the game
+       # to plumb the tunnel and modinsert pfil.
+ 
+       ifname="$1"
+ 
+       if [ -d /usr/bin ] ; then
+               ifconfig $ifname plumb
+               set -- `ifconfig $ifname modlist`
+               pos=""
+               while [ $# -ge 2 -a -z "$pos" ]
+                       do
+                               case "$2" in
+                                       tun) pos="$1"
+                                               ;;
+                                       pfil) return
+                                               ;;
+                                       *)
+                                               ;;
+                               esac
+                               shift 2
+                       done
+               if [ -n "$pos" ] ; then
+                       ifconfig $ifname modinsert [EMAIL PROTECTED]
+               fi
+       fi
+ }
+ 
  
  case "$1" in
        start)
*************** case "$1" in
*** 26,32 ****
                                        IFS="$IFS.:"
                                        set -- $i
                                        IFS="$ORIGIFS"
!                                       ifname="$2"
                                        if [ $ifname != $y ] ; then
                                                y=$ifname
                                                fixif $ifname
--- 59,74 ----
                                        IFS="$IFS.:"
                                        set -- $i
                                        IFS="$ORIGIFS"
!                                       case "$2" in
!                                               # Handle tunnels
!                                               ip|ip6) ifname="$2.$3"
!                                                       fixtun $ifname
!                                                       continue
!                                                       ;;
!                                               # Normal interfaces
!                                               *) ifname="$2"
!                                                       ;;
!                                       esac
                                        if [ $ifname != $y ] ; then
                                                y=$ifname
                                                fixif $ifname

-- John
-------------------------------------------------------------------------
|   Feith Systems  |   Voice: 1-215-646-8000  |  Email: [EMAIL PROTECTED]  |
|    John Wehle    |     Fax: 1-215-540-5495  |                         |
-------------------------------------------------------------------------

Reply via email to