Attachment #12793 for bug #24569

View | Details | Raw Unified | Return to bug 24569
Collapse All | Expand All




/* global vars */
ipcp_options ipcp_wantoptions[NUM_PPP];	/* Options that we want to request */
ipcp_options ipcp_gotoptions[NUM_PPP];	/* Options that peer ack'd */
ipcp_options ipcp_allowoptions[NUM_PPP];/* Options we allow peer to request */
ipcp_options ipcp_hisoptions[NUM_PPP];	/* Options that we ack'd */

/* local vars */

static void ip_check_options __P((void));
static int  ip_demand_conf __P((int));
static int  ip_active_pkt __P((u_char *, int));
static void create_resolv __P((u_int32_t, u_int32_t));

struct protent ipcp_protent = {
    PPP_IPCP,


#define LENCIVJ(neg, old)	(neg ? (old? CILEN_COMPRESS : CILEN_VJ) : 0)
#define LENCIADDR(neg, old)	(neg ? (old? CILEN_ADDRS : CILEN_ADDR) : 0)
#define LENCIDNS(neg)		(neg ? (CILEN_ADDR) : 0)
    /*
     * First see if we want to change our options to the old
     * forms because we have received old forms from the peer.

    }

    return (LENCIADDR(go->neg_addr, go->old_addrs) +
	    LENCIVJ(go->neg_vj, go->old_vj) +
	    LENCIDNS(go->req_dns1) +
	    LENCIDNS(go->req_dns2)) ;
}



	    neg = 0; \
    }

#define ADDCIDNS(opt, neg, addr) \
    if (neg) { \
	if (len >= CILEN_ADDR) { \
	    u_int32_t l; \
	    PUTCHAR(opt, ucp); \
	    PUTCHAR(CILEN_ADDR, ucp); \
	    l = ntohl(addr);\
	    PUTLONG(l, ucp); \
	    len -= CILEN_ADDR; \
	} else \
	    neg = 0; \
    }

    ADDCIADDR((go->old_addrs? CI_ADDRS: CI_ADDR), go->neg_addr,
	      go->old_addrs, go->ouraddr, go->hisaddr);

    ADDCIVJ(CI_COMPRESSTYPE, go->neg_vj, go->vj_protocol, go->old_vj,
	    go->maxslotindex, go->cflag);
	    
    ADDCIDNS(CI_MS_DNS1,go->req_dns1,go->dnsaddr[0]);
    
    ADDCIDNS(CI_MS_DNS2,go->req_dns2,go->dnsaddr[1]);

    *lenp -= len;
}

	} \
    }

#define ACKCIDNS(opt, neg, addr) \
    if (neg) { \
	u_int32_t l; \
	if ((len -= CILEN_ADDR) < 0) \
	    goto bad; \
	GETCHAR(citype, p); \
	GETCHAR(cilen, p); \
	if (cilen != CILEN_ADDR || citype != opt) \
	    goto bad; \
	GETLONG(l, p); \
	cilong = htonl(l);\
	if (addr != cilong) \
	    goto bad; \
    }

    ACKCIADDR((go->old_addrs? CI_ADDRS: CI_ADDR), go->neg_addr,
	      go->old_addrs, go->ouraddr, go->hisaddr);

    ACKCIVJ(CI_COMPRESSTYPE, go->neg_vj, go->vj_protocol, go->old_vj,
	    go->maxslotindex, go->cflag);
	    
    ACKCIDNS(CI_MS_DNS1,go->req_dns1,go->dnsaddr[0]);
    
    ACKCIDNS(CI_MS_DNS2,go->req_dns2,go->dnsaddr[1]);

    /*
     * If there are any remaining CIs, then this packet is bad.

    u_char cimaxslotindex, cicflag;
    u_char citype, cilen, *next;
    u_short cishort;
    u_int32_t ciaddr1, ciaddr2, l, cidnsaddr;
    ipcp_options no;		/* options we've seen Naks for */
    ipcp_options try;		/* options to request next time */


        code \
    }

#define NAKCIDNS(opt, neg, code) \
    if (go->neg && \
	((cilen = p[1]) == CILEN_ADDR) && \
	len >= cilen && \
	p[0] == opt) { \
	len -= cilen; \
	INCPTR(2, p); \
	GETLONG(l, p); \
	cidnsaddr = htonl(l); \
	no.neg = 1; \
	code \
    }

    /*
     * Accept the peer's idea of {our,his} address, if different
     * from our idea, only if the accept_{local,remote} flag is set.

	    }
	    );

    NAKCIDNS(CI_MS_DNS1, req_dns1,
	    try.dnsaddr[0] = cidnsaddr;
	    );

    NAKCIDNS(CI_MS_DNS2, req_dns2,
	    try.dnsaddr[1] = cidnsaddr;
	    );

    /*
     * There may be remaining CIs, if the peer is requesting negotiation
     * on an option that we didn't include in our request packet.

	try.neg = 0; \
     }

#define REJCIDNS(opt, neg, dnsaddr) \
    if(go->neg && \
	((cilen = p[1]) == CILEN_ADDR) && \
	len >= cilen && \
	p[0] == opt) { \
	u_int32_t l; \
	len -= cilen; \
	INCPTR(2, p); \
	GETLONG(l, p); \
	cilong = htonl(l); \
	/* Check rejected value. */ \
	if (cilong != dnsaddr) \
	    goto bad; \
	try.neg = 0; \
    }

    REJCIADDR((go->old_addrs? CI_ADDRS: CI_ADDR), neg_addr,
	      go->old_addrs, go->ouraddr, go->hisaddr);

    REJCIVJ(CI_COMPRESSTYPE, neg_vj, go->vj_protocol, go->old_vj,
	    go->maxslotindex, go->cflag);

    REJCIDNS(CI_MS_DNS1, req_dns1, go->dnsaddr[0]);

    REJCIDNS(CI_MS_DNS2, req_dns2, go->dnsaddr[1]);

    /*
     * If there are any remaining CIs, then this packet is bad.
     */

    }
    script_setenv("IPLOCAL", ip_ntoa(go->ouraddr));
    script_setenv("IPREMOTE", ip_ntoa(ho->hisaddr));
    
    if (go->dnsaddr[0] || go->dnsaddr[1]) {
	script_setenv("USEPEERDNS","1");
	if (go->dnsaddr[0])
	    script_setenv("DNS1",ip_ntoa(go->dnsaddr[0]));
	if (go->dnsaddr[1])
	    if (go->dnsaddr[1] != go->dnsaddr[0]) /* if addresses are not same */
		script_setenv("DNS2",ip_ntoa(go->dnsaddr[1]));
	if (update_resolv)
	    create_resolv(go->dnsaddr[0], go->dnsaddr[1]);
    }

    /*
     * Check that the peer is allowed to use the IP address it wants.


	syslog(LOG_NOTICE, "local  IP address %s", ip_ntoa(go->ouraddr));
	syslog(LOG_NOTICE, "remote IP address %s", ip_ntoa(ho->hisaddr));
	if (go->dnsaddr[0])
	    syslog(LOG_NOTICE, "primary DNS address %s",ip_ntoa(go->dnsaddr[0]));
	if (go->dnsaddr[1])
	    if (go->dnsaddr[1] != go->dnsaddr[0])
		syslog(LOG_NOTICE, "secondary DNS address %s",ip_ntoa(go->dnsaddr[1]));
    }

    /*

    argv[6] = ipparam;
    argv[7] = NULL;
    run_program(script, argv, 0);
}

/*
 * create_resolve - create the replacement resolv.conf file
 */
static void
create_resolv(peerdns1, peerdns2)
    u_int32_t peerdns1, peerdns2;
{
    FILE *f;
    f = fopen(_PATH_RESOLV, "w");
    if (f == NULL) {
	syslog(LOG_ERR, "Failed to create %s: %m", _PATH_RESOLV);
	return;
    }
    
    if (peerdns1)
	fprintf(f, "\nnameserver %s\n", ip_ntoa(peerdns1));

    if (peerdns2)
	if (peerdns2 != peerdns1) /* if addresses are not same */
	    fprintf(f, "nameserver %s\n", ip_ntoa(peerdns2));

    if (ferror(f))
	syslog(LOG_ERR, "Write failed to %s: %m", _PATH_RESOLV);

    fclose(f);
}

/*

Lines 46-51 Link Here

(-)ipcp.h (+2 lines)
46	int neg_addr : 1; /* Negotiate IP Address? */	46	int neg_addr : 1; /* Negotiate IP Address? */
47	int old_addrs : 1; /* Use old (IP-Addresses) option? */	47	int old_addrs : 1; /* Use old (IP-Addresses) option? */
48	int req_addr : 1; /* Ask peer to send IP address? */	48	int req_addr : 1; /* Ask peer to send IP address? */
		49	int req_dns1 : 1; /* Ask peer to send DNS1 address? */
		50	int req_dns2 : 1; /* Ask peer to send DNS2 address? */
49	int default_route : 1; /* Assign default route through interface? */	51	int default_route : 1; /* Assign default route through interface? */
50	int proxy_arp : 1; /* Make proxy ARP entry for peer? */	52	int proxy_arp : 1; /* Make proxy ARP entry for peer? */
51	int neg_vj : 1; /* Van Jacobson Compression? */	53	int neg_vj : 1; /* Van Jacobson Compression? */

Lines 113-118 Link Here

(-)options.c (+33 lines)
113	int holdoff = 30; /* # seconds to pause before reconnecting */	113	int holdoff = 30; /* # seconds to pause before reconnecting */
114	int refuse_pap = 0; /* Set to say we won't do PAP */	114	int refuse_pap = 0; /* Set to say we won't do PAP */
115	int refuse_chap = 0; /* Set to say we won't do CHAP */	115	int refuse_chap = 0; /* Set to say we won't do CHAP */
		116	int hide_password = 0; /* Hide password in log */
		117	int update_resolv = 0; /* Update resolv.conf */
116		118
117	#ifdef MSLANMAN	119	#ifdef MSLANMAN
118	int ms_lanman = 0; /* Nonzero if use LanMan password instead of NT */	120	int ms_lanman = 0; /* Nonzero if use LanMan password instead of NT */
Lines 230-235 Link Here
230	static int setwinsaddr __P((char **));	232	static int setwinsaddr __P((char **));
231	static int showversion __P((char **));	233	static int showversion __P((char **));
232	static int showhelp __P((char **));	234	static int showhelp __P((char **));
		235	static int usepeerdns __P((char **));
		236	static int hide_pass __P((char **));
		237	static int resolv_update __P((char **));
233		238
234	#ifdef PPP_FILTER	239	#ifdef PPP_FILTER
235	static int setpdebug __P((char **));	240	static int setpdebug __P((char **));
Lines 387-392 Link Here
387	/* end compat hack */	392	/* end compat hack */
388	{"ms-dns", 1, setdnsaddr}, /* DNS address for the peer's use */	393	{"ms-dns", 1, setdnsaddr}, /* DNS address for the peer's use */
389	{"ms-wins", 1, setwinsaddr}, /* Nameserver for SMB over TCP/IP for peer */	394	{"ms-wins", 1, setwinsaddr}, /* Nameserver for SMB over TCP/IP for peer */
		395	{"usepeerdns",0, usepeerdns}, /* Ask peer for DNS addrs */
		396	{"hide-password",0, hide_pass}, /* Hide password in log */
		397	{"update-resolv",0,resolv_update}, /* Update resolv.conf */
390	{"noipx", 0, resetipxproto}, /* Disable IPXCP (and IPX) */	398	{"noipx", 0, resetipxproto}, /* Disable IPXCP (and IPX) */
391	{"-ipx", 0, resetipxproto}, /* Disable IPXCP (and IPX) */	399	{"-ipx", 0, resetipxproto}, /* Disable IPXCP (and IPX) */
392	{"--version", 0, showversion}, /* Show version number */	400	{"--version", 0, showversion}, /* Show version number */
Lines 1978-1983 Link Here
1978	{	1986	{
1979	ipcp_allowoptions[0].default_route = 0;	1987	ipcp_allowoptions[0].default_route = 0;
1980	ipcp_wantoptions[0].default_route = 0;	1988	ipcp_wantoptions[0].default_route = 0;
		1989	return 1;
		1990	}
		1991
		1992	static int
		1993	usepeerdns(argv)
		1994	char **argv;
		1995	{
		1996	ipcp_wantoptions[0].req_dns1 = 1;
		1997	ipcp_wantoptions[0].req_dns2 = 1;
		1998	return 1;
		1999	}
		2000
		2001	static int
		2002	hide_pass(argv)
		2003	char **argv;
		2004	{
		2005	hide_password = 1;
		2006	return 1;
		2007	}
		2008
		2009	static int
		2010	resolv_update(argv)
		2011	char **argv;
		2012	{
		2013	update_resolv = 1;
1981	return 1;	2014	return 1;
1982	}	2015	}
1983		2016

Lines 25-30 Link Here

(-)pathnames.h (+1 lines)
25	#define _PATH_PEERFILES "/etc/ppp/peers/"	25	#define _PATH_PEERFILES "/etc/ppp/peers/"
26	#define _PATH_PPPDENY "/etc/ppp/ppp.deny"	26	#define _PATH_PPPDENY "/etc/ppp/ppp.deny"
27	#define _PATH_PPPSHELLS "/etc/ppp/ppp.shells"	27	#define _PATH_PPPSHELLS "/etc/ppp/ppp.shells"
		28	#define _PATH_RESOLV "/etc/resolv.conf"
28		29
29	#ifdef IPX_CHANGE	30	#ifdef IPX_CHANGE
30	#define _PATH_IPXUP "/etc/ppp/ipx-up"	31	#define _PATH_IPXUP "/etc/ppp/ipx-up"

Lines 49-55 Link Here

(-)pppd.8 (-1 / +16 lines)
49	.B active-filter \fIfilter-expression	49	.B active-filter \fIfilter-expression
50	Specifies a packet filter to be applied to data packets to determine	50	Specifies a packet filter to be applied to data packets to determine
51	which packets are to be regarded as link activity, and therefore reset	51	which packets are to be regarded as link activity, and therefore reset
52	the idle timer, or cause the link to be brought up in demand-dialling	52	the idle timer, or cause the link to be brought up in demand-dialing
53	mode. This option is useful in conjunction with the	53	mode. This option is useful in conjunction with the
54	\fBidle\fR option if there are packets being sent or received	54	\fBidle\fR option if there are packets being sent or received
55	regularly over the link (for example, routing information packets)	55	regularly over the link (for example, routing information packets)
Lines 459-464 Link Here
459	instance of this option specifies the primary WINS address; the second	459	instance of this option specifies the primary WINS address; the second
460	instance (if given) specifies the secondary WINS address.	460	instance (if given) specifies the secondary WINS address.
461	.TP	461	.TP
		462	.B usepeerdns
		463	Ask the peer for up to 2 DNS server addresses. The addresses supplied
		464	by the peer (if any) are passed to the /etc/ppp/ip-up script in the
		465	environment variables DNS1 and DNS2.
		466	.TP
		467	.B update-resolv
		468	The /etc/resolv.conf will be updated with the DNS addresses supplied
		469	by the peer (if any). But environment variables DNS1 and DNS2 are
		470	still available. This option is work in conjunction with the
		471	\fBusepeerdns\fR option only.
		472	.TP
462	.B name \fIname	473	.B name \fIname
463	Set the name of the local system for authentication purposes to	474	Set the name of the local system for authentication purposes to
464	\fIname\fR. This is a privileged option. With this option, pppd will	475	\fIname\fR. This is a privileged option. With this option, pppd will
Lines 649-654 Link Here
649	.B user \fIname	660	.B user \fIname
650	Sets the name used for authenticating the local system to the peer to	661	Sets the name used for authenticating the local system to the peer to
651	\fIname\fR.	662	\fIname\fR.
		663	.TP
		664	.B hide-password
		665	When logging the contents of PAP packets, this option causes pppd to
		666	exclude the password string from the log.
652	.TP	667	.TP
653	.B vj-max-slots \fIn	668	.B vj-max-slots \fIn
654	Sets the number of connection slots to be used by the Van Jacobson	669	Sets the number of connection slots to be used by the Van Jacobson

Lines 110-115 Link Here

(-)pppd.h (+2 lines)
110	extern int holdoff; /* Dead time before restarting */	110	extern int holdoff; /* Dead time before restarting */
111	extern int refuse_pap; /* Don't wanna auth. ourselves with PAP */	111	extern int refuse_pap; /* Don't wanna auth. ourselves with PAP */
112	extern int refuse_chap; /* Don't wanna auth. ourselves with CHAP */	112	extern int refuse_chap; /* Don't wanna auth. ourselves with CHAP */
		113	extern int hide_password; /* Hide password in log */
		114	extern int update_resolv; /* Update resolv.conf */
113	#ifdef PPP_FILTER	115	#ifdef PPP_FILTER
114	extern struct bpf_program pass_filter; /* Filter for pkts to pass */	116	extern struct bpf_program pass_filter; /* Filter for pkts to pass */
115	extern struct bpf_program active_filter; /* Filter for link-active pkts */	117	extern struct bpf_program active_filter; /* Filter for link-active pkts */

Lines 591-597 Link Here

(-)upap.c (-2 / +4 lines)
591	printer(arg, " user=");	591	printer(arg, " user=");
592	print_string(user, ulen, printer, arg);	592	print_string(user, ulen, printer, arg);
593	printer(arg, " password=");	593	printer(arg, " password=");
594	print_string(pwd, wlen, printer, arg);	594	if (!hide_password)
		595	print_string(pwd, wlen, printer, arg);
		596	else
		597	printer(arg, "\"********\"");
595	break;	598	break;
596	case UPAP_AUTHACK:	599	case UPAP_AUTHACK:
597	case UPAP_AUTHNAK:	600	case UPAP_AUTHNAK:
598	------------CUT HERE-------------

Return to bug 24569

Lines 42-48 Link Here

(-)ipcp.c (-4 / +127 lines)
42	/* global vars */	42	/* global vars */
43	ipcp_options ipcp_wantoptions[NUM_PPP]; /* Options that we want to request */	43	ipcp_options ipcp_wantoptions[NUM_PPP]; /* Options that we want to request */
44	ipcp_options ipcp_gotoptions[NUM_PPP]; /* Options that peer ack'd */	44	ipcp_options ipcp_gotoptions[NUM_PPP]; /* Options that peer ack'd */
45	ipcp_options ipcp_allowoptions[NUM_PPP]; /* Options we allow peer to request */	45	ipcp_options ipcp_allowoptions[NUM_PPP];/* Options we allow peer to request */
46	ipcp_options ipcp_hisoptions[NUM_PPP]; /* Options that we ack'd */	46	ipcp_options ipcp_hisoptions[NUM_PPP]; /* Options that we ack'd */
47		47
48	/* local vars */	48	/* local vars */
Lines 100-105 Link Here
100	static void ip_check_options __P((void));	100	static void ip_check_options __P((void));
101	static int ip_demand_conf __P((int));	101	static int ip_demand_conf __P((int));
102	static int ip_active_pkt __P((u_char *, int));	102	static int ip_active_pkt __P((u_char *, int));
		103	static void create_resolv __P((u_int32_t, u_int32_t));
103		104
104	struct protent ipcp_protent = {	105	struct protent ipcp_protent = {
105	PPP_IPCP,	106	PPP_IPCP,
Lines 301-307 Link Here
301		302
302	#define LENCIVJ(neg, old) (neg ? (old? CILEN_COMPRESS : CILEN_VJ) : 0)	303	#define LENCIVJ(neg, old) (neg ? (old? CILEN_COMPRESS : CILEN_VJ) : 0)
303	#define LENCIADDR(neg, old) (neg ? (old? CILEN_ADDRS : CILEN_ADDR) : 0)	304	#define LENCIADDR(neg, old) (neg ? (old? CILEN_ADDRS : CILEN_ADDR) : 0)
304		305	#define LENCIDNS(neg) (neg ? (CILEN_ADDR) : 0)
305	/*	306	/*
306	* First see if we want to change our options to the old	307	* First see if we want to change our options to the old
307	* forms because we have received old forms from the peer.	308	* forms because we have received old forms from the peer.
Lines 327-333 Link Here
327	}	328	}
328		329
329	return (LENCIADDR(go->neg_addr, go->old_addrs) +	330	return (LENCIADDR(go->neg_addr, go->old_addrs) +
330	LENCIVJ(go->neg_vj, go->old_vj));	331	LENCIVJ(go->neg_vj, go->old_vj) +
		332	LENCIDNS(go->req_dns1) +
		333	LENCIDNS(go->req_dns2)) ;
331	}	334	}
332		335
333		336
Lines 377-387 Link Here
377	neg = 0; \	380	neg = 0; \
378	}	381	}
379		382
		383	#define ADDCIDNS(opt, neg, addr) \
		384	if (neg) { \
		385	if (len >= CILEN_ADDR) { \
		386	u_int32_t l; \
		387	PUTCHAR(opt, ucp); \
		388	PUTCHAR(CILEN_ADDR, ucp); \
		389	l = ntohl(addr);\
		390	PUTLONG(l, ucp); \
		391	len -= CILEN_ADDR; \
		392	} else \
		393	neg = 0; \
		394	}
		395
380	ADDCIADDR((go->old_addrs? CI_ADDRS: CI_ADDR), go->neg_addr,	396	ADDCIADDR((go->old_addrs? CI_ADDRS: CI_ADDR), go->neg_addr,
381	go->old_addrs, go->ouraddr, go->hisaddr);	397	go->old_addrs, go->ouraddr, go->hisaddr);
382		398
383	ADDCIVJ(CI_COMPRESSTYPE, go->neg_vj, go->vj_protocol, go->old_vj,	399	ADDCIVJ(CI_COMPRESSTYPE, go->neg_vj, go->vj_protocol, go->old_vj,
384	go->maxslotindex, go->cflag);	400	go->maxslotindex, go->cflag);
		401
		402	ADDCIDNS(CI_MS_DNS1,go->req_dns1,go->dnsaddr[0]);
		403
		404	ADDCIDNS(CI_MS_DNS2,go->req_dns2,go->dnsaddr[1]);
385		405
386	*lenp -= len;	406	*lenp -= len;
387	}	407	}
Lines 457-467 Link Here
457	} \	477	} \
458	}	478	}
459		479
		480	#define ACKCIDNS(opt, neg, addr) \
		481	if (neg) { \
		482	u_int32_t l; \
		483	if ((len -= CILEN_ADDR) < 0) \
		484	goto bad; \
		485	GETCHAR(citype, p); \
		486	GETCHAR(cilen, p); \
		487	if (cilen != CILEN_ADDR \|\| citype != opt) \
		488	goto bad; \
		489	GETLONG(l, p); \
		490	cilong = htonl(l);\
		491	if (addr != cilong) \
		492	goto bad; \
		493	}
		494
460	ACKCIADDR((go->old_addrs? CI_ADDRS: CI_ADDR), go->neg_addr,	495	ACKCIADDR((go->old_addrs? CI_ADDRS: CI_ADDR), go->neg_addr,
461	go->old_addrs, go->ouraddr, go->hisaddr);	496	go->old_addrs, go->ouraddr, go->hisaddr);
462		497
463	ACKCIVJ(CI_COMPRESSTYPE, go->neg_vj, go->vj_protocol, go->old_vj,	498	ACKCIVJ(CI_COMPRESSTYPE, go->neg_vj, go->vj_protocol, go->old_vj,
464	go->maxslotindex, go->cflag);	499	go->maxslotindex, go->cflag);
		500
		501	ACKCIDNS(CI_MS_DNS1,go->req_dns1,go->dnsaddr[0]);
		502
		503	ACKCIDNS(CI_MS_DNS2,go->req_dns2,go->dnsaddr[1]);
465		504
466	/*	505	/*
467	* If there are any remaining CIs, then this packet is bad.	506	* If there are any remaining CIs, then this packet is bad.
Lines 494-500 Link Here
494	u_char cimaxslotindex, cicflag;	533	u_char cimaxslotindex, cicflag;
495	u_char citype, cilen, *next;	534	u_char citype, cilen, *next;
496	u_short cishort;	535	u_short cishort;
497	u_int32_t ciaddr1, ciaddr2, l;	536	u_int32_t ciaddr1, ciaddr2, l, cidnsaddr;
498	ipcp_options no; /* options we've seen Naks for */	537	ipcp_options no; /* options we've seen Naks for */
499	ipcp_options try; /* options to request next time */	538	ipcp_options try; /* options to request next time */
500		539
Lines 537-542 Link Here
537	code \	576	code \
538	}	577	}
539		578
		579	#define NAKCIDNS(opt, neg, code) \
		580	if (go->neg && \
		581	((cilen = p[1]) == CILEN_ADDR) && \
		582	len >= cilen && \
		583	p[0] == opt) { \
		584	len -= cilen; \
		585	INCPTR(2, p); \
		586	GETLONG(l, p); \
		587	cidnsaddr = htonl(l); \
		588	no.neg = 1; \
		589	code \
		590	}
		591
540	/*	592	/*
541	* Accept the peer's idea of {our,his} address, if different	593	* Accept the peer's idea of {our,his} address, if different
542	* from our idea, only if the accept_{local,remote} flag is set.	594	* from our idea, only if the accept_{local,remote} flag is set.
Lines 583-588 Link Here
583	}	635	}
584	);	636	);
585		637
		638	NAKCIDNS(CI_MS_DNS1, req_dns1,
		639	try.dnsaddr[0] = cidnsaddr;
		640	);
		641
		642	NAKCIDNS(CI_MS_DNS2, req_dns2,
		643	try.dnsaddr[1] = cidnsaddr;
		644	);
		645
586	/*	646	/*
587	* There may be remaining CIs, if the peer is requesting negotiation	647	* There may be remaining CIs, if the peer is requesting negotiation
588	* on an option that we didn't include in our request packet.	648	* on an option that we didn't include in our request packet.
Lines 719-730 Link Here
719	try.neg = 0; \	779	try.neg = 0; \
720	}	780	}
721		781
		782	#define REJCIDNS(opt, neg, dnsaddr) \
		783	if(go->neg && \
		784	((cilen = p[1]) == CILEN_ADDR) && \
		785	len >= cilen && \
		786	p[0] == opt) { \
		787	u_int32_t l; \
		788	len -= cilen; \
		789	INCPTR(2, p); \
		790	GETLONG(l, p); \
		791	cilong = htonl(l); \
		792	/* Check rejected value. */ \
		793	if (cilong != dnsaddr) \
		794	goto bad; \
		795	try.neg = 0; \
		796	}
		797
722	REJCIADDR((go->old_addrs? CI_ADDRS: CI_ADDR), neg_addr,	798	REJCIADDR((go->old_addrs? CI_ADDRS: CI_ADDR), neg_addr,
723	go->old_addrs, go->ouraddr, go->hisaddr);	799	go->old_addrs, go->ouraddr, go->hisaddr);
724		800
725	REJCIVJ(CI_COMPRESSTYPE, neg_vj, go->vj_protocol, go->old_vj,	801	REJCIVJ(CI_COMPRESSTYPE, neg_vj, go->vj_protocol, go->old_vj,
726	go->maxslotindex, go->cflag);	802	go->maxslotindex, go->cflag);
727		803
		804	REJCIDNS(CI_MS_DNS1, req_dns1, go->dnsaddr[0]);
		805
		806	REJCIDNS(CI_MS_DNS2, req_dns2, go->dnsaddr[1]);
		807
728	/*	808	/*
729	* If there are any remaining CIs, then this packet is bad.	809	* If there are any remaining CIs, then this packet is bad.
730	*/	810	*/
Lines 1159-1164 Link Here
1159	}	1239	}
1160	script_setenv("IPLOCAL", ip_ntoa(go->ouraddr));	1240	script_setenv("IPLOCAL", ip_ntoa(go->ouraddr));
1161	script_setenv("IPREMOTE", ip_ntoa(ho->hisaddr));	1241	script_setenv("IPREMOTE", ip_ntoa(ho->hisaddr));
		1242
		1243	if (go->dnsaddr[0] \|\| go->dnsaddr[1]) {
		1244	script_setenv("USEPEERDNS","1");
		1245	if (go->dnsaddr[0])
		1246	script_setenv("DNS1",ip_ntoa(go->dnsaddr[0]));
		1247	if (go->dnsaddr[1])
		1248	if (go->dnsaddr[1] != go->dnsaddr[0]) /* if addresses are not same */
		1249	script_setenv("DNS2",ip_ntoa(go->dnsaddr[1]));
		1250	if (update_resolv)
		1251	create_resolv(go->dnsaddr[0], go->dnsaddr[1]);
		1252	}
1162		1253
1163	/*	1254	/*
1164	* Check that the peer is allowed to use the IP address it wants.	1255	* Check that the peer is allowed to use the IP address it wants.
Lines 1252-1257 Link Here
1252		1343
1253	syslog(LOG_NOTICE, "local IP address %s", ip_ntoa(go->ouraddr));	1344	syslog(LOG_NOTICE, "local IP address %s", ip_ntoa(go->ouraddr));
1254	syslog(LOG_NOTICE, "remote IP address %s", ip_ntoa(ho->hisaddr));	1345	syslog(LOG_NOTICE, "remote IP address %s", ip_ntoa(ho->hisaddr));
		1346	if (go->dnsaddr[0])
		1347	syslog(LOG_NOTICE, "primary DNS address %s",ip_ntoa(go->dnsaddr[0]));
		1348	if (go->dnsaddr[1])
		1349	if (go->dnsaddr[1] != go->dnsaddr[0])
		1350	syslog(LOG_NOTICE, "secondary DNS address %s",ip_ntoa(go->dnsaddr[1]));
1255	}	1351	}
1256		1352
1257	/*	1353	/*
Lines 1353-1358 Link Here
1353	argv[6] = ipparam;	1449	argv[6] = ipparam;
1354	argv[7] = NULL;	1450	argv[7] = NULL;
1355	run_program(script, argv, 0);	1451	run_program(script, argv, 0);
		1452	}
		1453
		1454	/*
		1455	* create_resolve - create the replacement resolv.conf file
		1456	*/
		1457	static void
		1458	create_resolv(peerdns1, peerdns2)
		1459	u_int32_t peerdns1, peerdns2;
		1460	{
		1461	FILE *f;
		1462	f = fopen(_PATH_RESOLV, "w");
		1463	if (f == NULL) {
		1464	syslog(LOG_ERR, "Failed to create %s: %m", _PATH_RESOLV);
		1465	return;
		1466	}
		1467
		1468	if (peerdns1)
		1469	fprintf(f, "\nnameserver %s\n", ip_ntoa(peerdns1));
		1470
		1471	if (peerdns2)
		1472	if (peerdns2 != peerdns1) /* if addresses are not same */
		1473	fprintf(f, "nameserver %s\n", ip_ntoa(peerdns2));
		1474
		1475	if (ferror(f))
		1476	syslog(LOG_ERR, "Write failed to %s: %m", _PATH_RESOLV);
		1477
		1478	fclose(f);
1356	}	1479	}
1357		1480
1358	/*	1481	/*