From 1ce800446da6f22a802159dff7879bec52ce0ade Mon Sep 17 00:00:00 2001
From: Michael Rash <mbr@cipherdyne.org>
Date: Tue, 17 Feb 2015 23:21:05 -0800
Subject: [PATCH 1/3] [server] Bug fix to not include pcap.h in
 --enable-udp-server mode

---
 CREDITS                 | 4 ++++
 ChangeLog               | 5 +++++
 server/pcap_capture.c   | 3 +--
 server/process_packet.c | 5 +++++
 4 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/CREDITS b/CREDITS
index d8690be7..e3e59e24 100644
--- a/CREDITS
+++ b/CREDITS
@@ -209,3 +209,7 @@ Grant Pannell
       and individual IP addresses can be specified as well. Also, multiple IP's
       and/or networks can be defined as a comma separated list (e.g.
       "192.168.10.0/24,10.1.1.123").
+
+Alexander Kozhevnikov
+    - Reported a bug when fwknop is compiled with --enable-udp-server where
+      the server was including pcap.h
diff --git a/ChangeLog b/ChangeLog
index 13e4a93a..b886b301 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+fwknop-2.6.6 (02//2015):
+    - [server] Bug fix when compiled with --enable-udp-server to not include
+      pcap.h, which is likely not installed whenever libpcap is also not
+      installed. This bug was reported by Alexander Kozhevnikov.
+
 fwknop-2.6.5 (12/16/2014):
     - [server] (Grant Pannell) Added a new access.conf variable "DESTINATION"
       to define the destination address for which an SPA packet will be
diff --git a/server/pcap_capture.c b/server/pcap_capture.c
index 43557597..23f8cb1b 100644
--- a/server/pcap_capture.c
+++ b/server/pcap_capture.c
@@ -29,6 +29,7 @@
  *****************************************************************************
 */
 
+#if USE_LIBPCAP
 
 #include <pcap.h>
 
@@ -45,8 +46,6 @@
   #include <sys/wait.h>
 #endif
 
-#if USE_LIBPCAP
-
 /* The pcap capture routine.
 */
 int
diff --git a/server/process_packet.c b/server/process_packet.c
index 868d42fd..7be81c88 100644
--- a/server/process_packet.c
+++ b/server/process_packet.c
@@ -31,6 +31,9 @@
  *
  *****************************************************************************
 */
+
+#if USE_LIBPCAP
+
 #include <pcap.h>
 
 #include "fwknopd_common.h"
@@ -228,4 +231,6 @@ process_packet(unsigned char *args, const struct pcap_pkthdr *packet_header,
     return;
 }
 
+#endif /* USE_LIBPCAP */
+
 /***EOF***/

From bf251034e3ac16a92fa2df59ce05c9cde2c13cc8 Mon Sep 17 00:00:00 2001
From: Michael Rash <mbr@cipherdyne.org>
Date: Wed, 18 Feb 2015 19:37:37 -0500
Subject: [PATCH 2/3] [server] bug fix to exclude pcap.h only in
 --enable-udp-server mode

This commit fixes issue #143 on github reported by Coacher. The previous
commit introduced a build time error for non UDP server mode as seen
here:

https://paste.kde.org/pkaxwobwr
---
 server/pcap_capture.c   | 6 ++++--
 server/process_packet.c | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/server/pcap_capture.c b/server/pcap_capture.c
index 23f8cb1b..c64c1b9d 100644
--- a/server/pcap_capture.c
+++ b/server/pcap_capture.c
@@ -30,8 +30,8 @@
 */
 
 #if USE_LIBPCAP
-
-#include <pcap.h>
+  #include <pcap.h>
+#endif
 
 #include "fwknopd_common.h"
 #include "pcap_capture.h"
@@ -46,6 +46,8 @@
   #include <sys/wait.h>
 #endif
 
+#if USE_LIBPCAP
+
 /* The pcap capture routine.
 */
 int
diff --git a/server/process_packet.c b/server/process_packet.c
index 7be81c88..10467d9c 100644
--- a/server/process_packet.c
+++ b/server/process_packet.c
@@ -33,8 +33,8 @@
 */
 
 #if USE_LIBPCAP
-
-#include <pcap.h>
+  #include <pcap.h>
+#endif
 
 #include "fwknopd_common.h"
 #include "netinet_common.h"
@@ -43,6 +43,8 @@
 #include "utils.h"
 #include "log_msg.h"
 
+#if USE_LIBPCAP
+
 void
 process_packet(unsigned char *args, const struct pcap_pkthdr *packet_header,
     const unsigned char *packet)

From 322ae853888b17f250125acd91942b0ed1ed9eea Mon Sep 17 00:00:00 2001
From: Damien Stuart <dstuart@dstuart.org>
Date: Wed, 18 Feb 2015 22:44:53 -0500
Subject: [PATCH 3/3] Fixed a bug in configure.ac that did not allow specifying
 alternate firewall exe if firewall-cmd was found by configure.

---
 configure.ac | 80 +++++++++++++++++++++++++++-------------------------
 1 file changed, 42 insertions(+), 38 deletions(-)

diff --git a/configure.ac b/configure.ac
index dfa46fbb..8fadbfb1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -630,28 +630,32 @@ dnl
   AS_IF([test "x$FORCE_FIREWALLD_EXE" != x], [
     FIREWALLD_EXE="$FORCE_FIREWALLD_EXE"    
   ],[
-  AS_IF([test "x$FORCE_IPTABLES_EXE" != x], [
-    IPTABLES_EXE="$FORCE_IPTABLES_EXE"    
-  ],[
-    AS_IF([test "x$FORCE_IPFW_EXE" != x], [
-      IPFW_EXE="$FORCE_IPFW_EXE"    
-      IPTABLES_EXE=""    
+    AS_IF([test "x$FORCE_IPTABLES_EXE" != x], [
+      IPTABLES_EXE="$FORCE_IPTABLES_EXE"    
+      FIREWALLD_EXE=""    
     ],[
-      AS_IF([test "x$FORCE_PF_EXE" != x], [
-        PF_EXE="$FORCE_PF_EXE"    
-        IPFW_EXE=""    
+      AS_IF([test "x$FORCE_IPFW_EXE" != x], [
+        IPFW_EXE="$FORCE_IPFW_EXE"    
         IPTABLES_EXE=""    
+        FIREWALLD_EXE=""    
       ],[
-        AS_IF([test "x$FORCE_IPF_EXE" != x], [
-          IPF_EXE="$FORCE_IPF_EXE"    
-          PF_EXE=""    
+        AS_IF([test "x$FORCE_PF_EXE" != x], [
+          PF_EXE="$FORCE_PF_EXE"    
           IPFW_EXE=""    
           IPTABLES_EXE=""    
+          FIREWALLD_EXE=""    
+        ],[
+          AS_IF([test "x$FORCE_IPF_EXE" != x], [
+            IPF_EXE="$FORCE_IPF_EXE"    
+            PF_EXE=""    
+            IPFW_EXE=""    
+            IPTABLES_EXE=""    
+            FIREWALLD_EXE=""    
+          ]
         ]
       ]
     ]
   ]
-  ]
   )))))
 
 dnl Determine which firewall exe we use (if we have one).
@@ -664,34 +668,34 @@ dnl
       FIREWALL_EXE=$FIREWALLD_EXE
       AC_DEFINE_UNQUOTED([FIREWALL_FIREWALLD], [1], [The firewall type: firewalld.])
   ],[
-  AS_IF([test "x$IPTABLES_EXE" != x], [
-      FW_DEF="FW_IPTABLES"
-      FIREWALL_TYPE="iptables" 
-      FIREWALL_EXE=$IPTABLES_EXE
-      AC_DEFINE_UNQUOTED([FIREWALL_IPTABLES], [1], [The firewall type: iptables.])
-  ],[
-    AS_IF([test "x$IPFW_EXE" != x], [
-        FW_DEF="FW_IPFW"
-        FIREWALL_TYPE="ipfw" 
-        FIREWALL_EXE=$IPFW_EXE
-        AC_DEFINE_UNQUOTED([FIREWALL_IPFW], [1], [The firewall type: ipfw.])
+    AS_IF([test "x$IPTABLES_EXE" != x], [
+        FW_DEF="FW_IPTABLES"
+        FIREWALL_TYPE="iptables" 
+        FIREWALL_EXE=$IPTABLES_EXE
+        AC_DEFINE_UNQUOTED([FIREWALL_IPTABLES], [1], [The firewall type: iptables.])
     ],[
-        AS_IF([test "x$PF_EXE" != x], [
-            FW_DEF="FW_PF"
-            FIREWALL_TYPE="pf"
-            FIREWALL_EXE=$PF_EXE
-            AC_DEFINE_UNQUOTED([FIREWALL_PF], [1], [The firewall type: pf.])
-        ],[
-            AS_IF([test "x$IPF_EXE" != x], [
-              AC_MSG_ERROR([Sorry - ipf was specified or the only one found, however, it is not supported yet.])
-              FIREWALL_TYPE="ipf" 
-              FIREWALL_EXE=$IPF_EXE
-              AC_DEFINE_UNQUOTED([FIREWALL_IPF], [1], [The firewall type: ipf.])
-          ], [AC_MSG_ERROR([No firewall program was found or specified.]) ]
-        ]
+      AS_IF([test "x$IPFW_EXE" != x], [
+          FW_DEF="FW_IPFW"
+          FIREWALL_TYPE="ipfw" 
+          FIREWALL_EXE=$IPFW_EXE
+          AC_DEFINE_UNQUOTED([FIREWALL_IPFW], [1], [The firewall type: ipfw.])
+      ],[
+          AS_IF([test "x$PF_EXE" != x], [
+              FW_DEF="FW_PF"
+              FIREWALL_TYPE="pf"
+              FIREWALL_EXE=$PF_EXE
+              AC_DEFINE_UNQUOTED([FIREWALL_PF], [1], [The firewall type: pf.])
+          ],[
+              AS_IF([test "x$IPF_EXE" != x], [
+                AC_MSG_ERROR([Sorry - ipf was specified or the only one found, however, it is not supported yet.])
+                FIREWALL_TYPE="ipf" 
+                FIREWALL_EXE=$IPF_EXE
+                AC_DEFINE_UNQUOTED([FIREWALL_IPF], [1], [The firewall type: ipf.])
+            ], [AC_MSG_ERROR([No firewall program was found or specified.]) ]
+          ]
+      ]
     ]
   ]
-  ]
   )))))
 
   AC_DEFINE_UNQUOTED([FIREWALL_EXE], ["$FIREWALL_EXE"],