diff -Nru xl2tpd-1.3.10/debian/changelog xl2tpd-1.3.10/debian/changelog --- xl2tpd-1.3.10/debian/changelog 2017-10-22 10:26:04.000000000 -0700 +++ xl2tpd-1.3.10/debian/changelog 2018-07-12 12:07:29.000000000 -0700 @@ -1,3 +1,11 @@ +xl2tpd (1.3.10-1ubuntu1) bionic; urgency=medium + + * Fix ENODEV errors with linux kernel 4.15 (LP: #1760796) + - d/p/fix-for-enodev.patch: cherry-pick patch from upstream to no + longer attempt to obtain IP_PKTINFO by default. + + -- Billy Olsen Thu, 12 Jul 2018 12:07:29 -0700 + xl2tpd (1.3.10-1) unstable; urgency=medium * New upstream release. diff -Nru xl2tpd-1.3.10/debian/patches/fix-for-enodev.patch xl2tpd-1.3.10/debian/patches/fix-for-enodev.patch --- xl2tpd-1.3.10/debian/patches/fix-for-enodev.patch 1969-12-31 17:00:00.000000000 -0700 +++ xl2tpd-1.3.10/debian/patches/fix-for-enodev.patch 2018-07-12 12:07:29.000000000 -0700 @@ -0,0 +1,79 @@ +From: Douglas Kosovic +Bug: https://github.com/xelerance/xl2tpd/issues/147 +Bug-Ubuntu: https://launchpad.net/bugs/1760796 +Origin: upstream, https://github.com/xelerance/xl2tpd/commit/9c2cd4933478a83075df5b10f24af7589e90abc3.patch +Subject: [PATCH] Fix for ENODEV (No such device) error with Linux kernel 4.15 + +With kernel 4.15, in the ancillary IP_PKTINFO data received during a recvmsg() +call, `ipi_ifindex` is a bogus value that results in an ENODEV error in the +subsequent sendmsg() call. + +This fix no longer attempts to obtain the ancillary IP_PKTINFO data, except if +ipsecsaref is set to yes, e.g. when wanting to use a KLIPS patched kernel. + +gconfig.ipsecsaref and gconfig.forceuserspace were implicitly set to zero, now +are explicitly set to zero in file.c for clarity. +--- + file.c | 2 ++ + network.c | 32 ++++++++++++++++++-------------- + 2 files changed, 20 insertions(+), 14 deletions(-) + +diff --git a/file.c b/file.c +index f61c221..a6362c0 100644 +--- a/file.c ++++ b/file.c +@@ -42,6 +42,8 @@ int init_config () + + gconfig.port = UDP_LISTEN_PORT; + gconfig.sarefnum = IP_IPSEC_REFINFO; /* default use the latest we know */ ++ gconfig.ipsecsaref = 0; /* default off - requires patched KLIPS kernel module */ ++ gconfig.forceuserspace = 0; /* default off - allow kernel decap of data packets */ + gconfig.listenaddr = htonl(INADDR_ANY); /* Default is to bind (listen) to all interfaces */ + gconfig.debug_avp = 0; + gconfig.debug_network = 0; +diff --git a/network.c b/network.c +index 543d30e..c66d1e3 100644 +--- a/network.c ++++ b/network.c +@@ -78,23 +78,27 @@ int init_network (void) + * For L2TP/IPsec with KLIPSng, set the socket to receive IPsec REFINFO + * values. + */ +- arg=1; +- if(setsockopt(server_socket, IPPROTO_IP, gconfig.sarefnum, +- &arg, sizeof(arg)) != 0) { +- l2tp_log(LOG_CRIT, "setsockopt recvref[%d]: %s\n", gconfig.sarefnum, strerror(errno)); +- +- gconfig.ipsecsaref=0; +- } +- +- arg=1; +- if(setsockopt(server_socket, IPPROTO_IP, IP_PKTINFO, (char*)&arg, sizeof(arg)) != 0) { +- l2tp_log(LOG_CRIT, "setsockopt IP_PKTINFO: %s\n", strerror(errno)); ++ if (!gconfig.ipsecsaref) ++ { ++ l2tp_log (LOG_INFO, "Not looking for kernel SAref support.\n"); + } +-#else ++ else + { +- l2tp_log(LOG_INFO, "No attempt being made to use IPsec SAref's since we're not on a Linux machine.\n"); ++ arg=1; ++ if(setsockopt(server_socket, IPPROTO_IP, gconfig.sarefnum, &arg, sizeof(arg)) != 0) { ++ l2tp_log(LOG_CRIT, "setsockopt recvref[%d]: %s\n", gconfig.sarefnum, strerror(errno)); ++ gconfig.ipsecsaref=0; ++ } ++ else ++ { ++ arg=1; ++ if(setsockopt(server_socket, IPPROTO_IP, IP_PKTINFO, (char*)&arg, sizeof(arg)) != 0) { ++ l2tp_log(LOG_CRIT, "setsockopt IP_PKTINFO: %s\n", strerror(errno)); ++ } ++ } + } +- ++#else ++ l2tp_log(LOG_INFO, "No attempt being made to use IPsec SAref's since we're not on a Linux machine.\n"); + #endif + + #ifdef USE_KERNEL diff -Nru xl2tpd-1.3.10/debian/patches/series xl2tpd-1.3.10/debian/patches/series --- xl2tpd-1.3.10/debian/patches/series 1969-12-31 17:00:00.000000000 -0700 +++ xl2tpd-1.3.10/debian/patches/series 2018-07-12 12:07:22.000000000 -0700 @@ -0,0 +1 @@ +fix-for-enodev.patch