#! /bin/sh /usr/share/dpatch/dpatch-run
## 09_config_disable_dpd.dpatch by James Tait <james.tait@wyrddreams.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Add a config option to disable DPD.

@DPATCH@

diff -urNad vpnc-0.4.0.orig/config.c vpnc-0.4.0/config.c
--- vpnc-0.4.0.orig/config.c	2007-04-27 17:46:37.000000000 +0100
+++ vpnc-0.4.0/config.c	2007-04-27 17:45:50.000000000 +0100
@@ -39,7 +39,7 @@
 
 int opt_debug = 0;
 int opt_nd;
-int opt_1des, opt_no_encryption;
+int opt_1des, opt_no_encryption, opt_disable_dpd;
 enum natt_mode_enum opt_natt_mode;
 enum vendor_enum opt_vendor;
 enum if_mode_enum opt_if_mode;
@@ -410,6 +410,13 @@
 		"Diffie-Hellman group to use for PFS",
 		config_def_pfs
 	}, {
+		CONFIG_DISABLE_DPD, 0, 1,
+		"--disable-dpd",
+		"Disable Dead Peer Detection",
+		NULL,
+		"Disables RFC 3706 Dead Peer Detection",
+		NULL
+	}, {
 		CONFIG_ENABLE_1DES, 0, 1,
 		"--enable-1des",
 		"Enable Single DES",
@@ -757,6 +764,7 @@
 		
 		opt_debug = (config[CONFIG_DEBUG]) ? atoi(config[CONFIG_DEBUG]) : 0;
 		opt_nd = (config[CONFIG_ND]) ? 1 : 0;
+		opt_disable_dpd = (config[CONFIG_DISABLE_DPD]) ? 1 : 0;
 		opt_1des = (config[CONFIG_ENABLE_1DES]) ? 1 : 0;
 		opt_no_encryption = (config[CONFIG_ENABLE_NO_ENCRYPTION]) ? 1 : 0;
 		opt_udpencapport=atoi(config[CONFIG_UDP_ENCAP_PORT]);
diff -urNad vpnc-0.4.0.orig/config.h vpnc-0.4.0/config.h
--- vpnc-0.4.0.orig/config.h	2007-04-27 17:46:37.000000000 +0100
+++ vpnc-0.4.0/config.h	2007-04-27 17:46:05.000000000 +0100
@@ -31,6 +31,7 @@
 	CONFIG_SCRIPT,
 	CONFIG_DEBUG,
 	CONFIG_DOMAIN,
+	CONFIG_DISABLE_DPD,
 	CONFIG_ENABLE_1DES,
 	CONFIG_ENABLE_NO_ENCRYPTION,
 	CONFIG_ND,
@@ -92,7 +93,7 @@
 extern enum vendor_enum opt_vendor;
 extern int opt_debug;
 extern int opt_nd;
-extern int opt_1des, opt_no_encryption;
+extern int opt_1des, opt_no_encryption, opt_disable_dpd;
 extern enum natt_mode_enum opt_natt_mode;
 extern enum if_mode_enum opt_if_mode;
 extern uint16_t opt_udpencapport;
diff -urNad vpnc-0.4.0.orig/vpnc.c vpnc-0.4.0/vpnc.c
--- vpnc-0.4.0.orig/vpnc.c	2007-04-27 17:46:37.000000000 +0100
+++ vpnc-0.4.0/vpnc.c	2007-04-27 17:45:35.000000000 +0100
@@ -1268,8 +1268,12 @@
 					gcry_create_nonce(&s->ike.dpd_seqno, sizeof(s->ike.dpd_seqno));
 					s->ike.dpd_seqno &= 0x7FFFFFFF;
 					s->ike.dpd_seqno_ack = s->ike.dpd_seqno;
-					s->ike.do_dpd = 1;
 					DEBUG(2, printf("peer is DPD capable (RFC3706)\n"));
+					if (!opt_disable_dpd) {
+						s->ike.do_dpd = 1;
+					} else {
+						DEBUG(2, printf("DPD is disabled in config, ignoring DPD capability\n"));
+					}
 				} else {
 					hex_dump("unknown ISAKMP_PAYLOAD_VID: ",
 						rp->u.vid.data, rp->u.vid.length, NULL);