hak5
/
openwrt
mirror of https://github.com/hak5/openwrt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

move more extra packages from ./trunk to ./packages 

SVN-Revision: 12359
lede-17.01
Nicolas Thill 2008-08-20 22:00:41 +00:00
parent d9b755b3dc
commit 89124c8a0a
53 changed files with 0 additions and 6583 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
package/aodv-uu/Makefile
View File

@ -1,105 +0,0 @@
#
# Copyright (C) 2006-2008 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
# $Id$
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=aodv-uu
PKG_VERSION:=0.9.3
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://core.it.uu.se/core/files/
PKG_MD5SUM:=05460543054449cb4b170252a7168c65
include $(INCLUDE_DIR)/package.mk
define Package/aodv-uu/Default
TITLE:=Ad-hoc On-demand Distance Vector Routing
DEPENDS:=@BROKEN
URL:=http://core.it.uu.se/core/index.php/AODV-UU
endef
define Package/aodv-uu/Default/description
AODV is the Ad-hoc On-demand Distance Vector routing protocol
implementation created at Uppsala University.
endef
define Package/aodv-uu
$(call Package/aodv-uu/Default)
SECTION:=net
CATEGORY:=Network
TITLE+= (daemon)
endef
define Package/aodv-uu/description
$(call Package/aodv-uu/Default/description)
This package contains the AODV userland daemon.
endef
define KernelPackage/aodv-uu
$(call Package/aodv-uu/Default)
TITLE+= (kernel module)
FILES:=$(PKG_BUILD_DIR)/lnx/kaodv.$(LINUX_KMOD_SUFFIX)
SUBMENU:=Network Support
AUTOLOAD:=$(call AutoLoad,80,$(shell cat ./files/aodv-uu.modules))
endef
define KernelPackage/aodv-uu/description
$(call Package/aodv-uu/Default/description)
This package contains the AODV kernel module.
endef
ifeq ($(CONFIG_LINUX_2_6),y)
define Build/Compile/linux26
$(MAKE) -C $(LINUX_DIR) \
ARCH="$(LINUX_KARCH)" \
CROSS_COMPILE="$(TARGET_CROSS)" \
PATCHLEVEL="$(LINUX_VERSION)" \
KERNDIR="$(LINUX_DIR)" \
SUBDIRS="$(PKG_BUILD_DIR)/lnx" \
modules
endef
else
# We assume 2.4 builds are only for brcm-2.4 yet
define Build/Compile/linux24-brcm
$(call Build/Compile/Default,\
KERNEL_DIR="$(LINUX_DIR)" \
KCC="$(TARGET_CC)" \
CFLAGS="$(TARGET_CFLAGS)" \
kaodv-mips \
)
cp $(PKG_BUILD_DIR)/lnx/kaodv-mips.$(LINUX_KMOD_SUFFIX) $(PKG_BUILD_DIR)/lnx/kaodv.$(LINUX_KMOD_SUFFIX)
endef
endif
define Build/Compile
$(call Build/Compile/linux26)
$(call Build/Compile/linux24-brcm)
$(call Build/Compile/Default,\
KERNEL_DIR="$(LINUX_DIR)" \
KCC="$(TARGET_CC)" \
CFLAGS="$(TARGET_CFLAGS)" \
aodvd \
)
endef
define Package/aodv-uu/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/aodvd $(1)/usr/sbin
endef
define Package/kmod-aodv-uu/install
$(INSTALL_DIR) $(1)/etc/modules.d
$(INSTALL_DATA) ./files/aodv-uu.modules $(1)/etc/modules.d/80-aodv-uu
$(INSTALL_DIR) $(1)/lib/modules/$(LINUX_VERSION)
$(CP) $(PKG_BUILD_DIR)/lnx/kaodv.$(LINUX_KMOD_SUFFIX) $(1)/lib/modules/$(LINUX_VERSION)/
endef
$(eval $(call BuildPackage,aodv-uu))
$(eval $(call KernelPackage,aodv-uu))

1
package/aodv-uu/files/aodv-uu.modules
View File

@ -1 +0,0 @@
kaodv

64
package/aodv-uu/patches/001-normalize.patch
View File

@ -1,64 +0,0 @@
Index: aodv-uu-0.9.3/lnx/Makefile
===================================================================
--- aodv-uu-0.9.3.orig/lnx/Makefile 2007-06-04 13:22:19.859836128 +0200
+++ aodv-uu-0.9.3/lnx/Makefile 2007-06-04 13:22:19.932825032 +0200
@@ -30,7 +30,7 @@
KCFLAGS=-Wall -Wno-strict-aliasing -O2 $(KDEFS) $(KINC) $(XDEFS)
KCFLAGS_ARM=-Wall -O2 -D__KERNEL__ -DMODULE -nostdinc $(shell $(ARM_CC) -print-search-dirs | sed -ne 's/install: \(.*\)/-I \1include/gp') -I$(KERNEL_INC)
KCFLAGS_MIPS=-Wall -mips2 -O2 -fno-pic -mno-abicalls -mlong-calls -G0 -msoft-float -D__KERNEL__ -DMODULE -nostdinc $(shell $(MIPS_CC) -print-search-dirs | sed -ne 's/install: \(.*\)/-I \1include/gp') -I$(KERNEL_INC) $(XDEFS)
-
+endif
.PHONY: clean clean-2.4 clean-2.6 indent default
# Check for kernel version
@@ -89,5 +89,3 @@
etags *.c *.h
indent:
indent -kr -i8 -ts8 -sob -l80 -ss -ncs *.c *.h
-endif
-
Index: aodv-uu-0.9.3/Makefile
===================================================================
--- aodv-uu-0.9.3.orig/Makefile 2007-06-04 13:22:19.866835064 +0200
+++ aodv-uu-0.9.3/Makefile 2007-06-04 13:22:19.932825032 +0200
@@ -87,7 +87,7 @@
mips: aodvd-mips kaodv-mips
endian.h:
- $(CC) $(CFLAGS) -o endian endian.c
+ gcc -o endian endian.c
./endian > endian.h
$(OBJS): %.o: %.c Makefile
@@ -143,19 +143,18 @@
@makedepend -Y./ -- $(DEFS) -- $(SRC) &>/dev/null
@makedepend -a -Y./ -- $(KDEFS) kaodv.c &>/dev/null
-install: default
- install -s -m 755 aodvd /usr/sbin/aodvd
- @if [ ! -d /lib/modules/$(KERNEL)/aodv ]; then \
- mkdir /lib/modules/$(KERNEL)/aodv; \
- fi
-
- @echo "Installing kernel module in /lib/modules/$(KERNEL)/aodv/";
- @if [ -f ./kaodv.ko ]; then \
- install -m 644 kaodv.ko /lib/modules/$(KERNEL)/aodv/kaodv.ko; \
- else \
- install -m 644 kaodv.o /lib/modules/$(KERNEL)/aodv/kaodv.o; \
- fi
- /sbin/depmod -a
+install: install-aodvd install-kaodv
+
+install-aodvd:
+ @echo "Installing aodv in $(DESTDIR)/usr/sbin";
+ install -d -m0755 $(DESTDIR)/usr/sbin/
+ install -m0755 aodvd $(DESTDIR)/usr/sbin/aodvd
+
+install-kaodv:
+ @echo "Installing kernel module in $(DESTDIR)/lib/modules/$(KERNEL)/";
+ install -d -m0644 $(DESTDIR)/lib/modules/$(KERNEL)/
+ install -m 644 lnx/kaodv.$(KMOD_SUFFIX) $(DESTDIR)/lib/modules/$(KERNEL)/kaodv.$(KMOD_SUFFIX);
+
uninstall:
rm -f /usr/sbin/aodvd
rm -rf /lib/modules/$(KERNEL)/aodv

49
package/aodv-uu/patches/002-linux_2.6.19_ip_route_me_harder_change.patch
View File

@ -1,49 +0,0 @@
Index: aodv-uu-0.9.3/lnx/kaodv-mod.c
===================================================================
--- aodv-uu-0.9.3.orig/lnx/kaodv-mod.c 2007-06-04 13:22:19.830840536 +0200
+++ aodv-uu-0.9.3/lnx/kaodv-mod.c 2007-06-04 13:22:20.130794936 +0200
@@ -19,7 +19,7 @@
* Author: Erik Nordström, <erik.nordstrom@it.uu.se>
*
*****************************************************************************/
-#include <linux/config.h>
+#include <linux/autoconf.h>
#include <linux/version.h>
#ifdef KERNEL26
@@ -258,7 +258,11 @@
if (!(*skb))
return NF_STOLEN;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
+ ip_route_me_harder(skb, RTN_UNSPEC);
+#else
ip_route_me_harder(skb);
+#endif
}
break;
case NF_IP_POST_ROUTING:
Index: aodv-uu-0.9.3/lnx/kaodv-queue.c
===================================================================
--- aodv-uu-0.9.3.orig/lnx/kaodv-queue.c 2007-06-04 13:22:19.837839472 +0200
+++ aodv-uu-0.9.3/lnx/kaodv-queue.c 2007-06-04 13:22:20.130794936 +0200
@@ -29,6 +29,7 @@
#include <linux/spinlock.h>
#include <linux/sysctl.h>
#include <linux/proc_fs.h>
+#include <linux/version.h>
#include <net/sock.h>
#include <net/route.h>
#include <net/icmp.h>
@@ -246,7 +247,11 @@
if (!entry->skb)
goto next;
}
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
+ ip_route_me_harder(&entry->skb, RTN_UNSPEC);
+#else
ip_route_me_harder(&entry->skb);
+#endif
pkts++;

16
package/aodv-uu/patches/003-linux_2.6.19_security_netlink_recv_change.patch
View File

@ -1,16 +0,0 @@
Index: aodv-uu-0.9.3/lnx/kaodv-netlink.c
===================================================================
--- aodv-uu-0.9.3.orig/lnx/kaodv-netlink.c 2007-06-04 13:22:19.810843576 +0200
+++ aodv-uu-0.9.3/lnx/kaodv-netlink.c 2007-06-04 13:22:20.326765144 +0200
@@ -284,7 +284,11 @@
/* RCV_SKB_FAIL(-EINVAL); */
#ifdef KERNEL26
+# if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
+ if (security_netlink_recv(skb, CAP_NET_ADMIN))
+# else
if (security_netlink_recv(skb))
+# endif
RCV_SKB_FAIL(-EPERM);
#endif
//write_lock_bh(&queue_lock);

28
package/aodv-uu/patches/004-linux_2.6.19_includes.patch
View File

@ -1,28 +0,0 @@
Index: aodv-uu-0.9.3/main.c
===================================================================
--- aodv-uu-0.9.3.orig/main.c 2007-06-04 13:22:19.782847832 +0200
+++ aodv-uu-0.9.3/main.c 2007-06-04 13:22:20.513736720 +0200
@@ -26,6 +26,8 @@
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
+#include <linux/types.h>
+#include <linux/if.h>
#include <linux/sockios.h>
#include <linux/wireless.h>
#include <getopt.h>
Index: aodv-uu-0.9.3/nl.c
===================================================================
--- aodv-uu-0.9.3.orig/nl.c 2007-06-04 13:22:19.789846768 +0200
+++ aodv-uu-0.9.3/nl.c 2007-06-04 13:22:20.513736720 +0200
@@ -33,6 +33,10 @@
#include <netinet/in.h>
#include <arpa/inet.h>
#include <linux/rtnetlink.h>
+#include <linux/version.h>
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
+#include <linux/if_addr.h>
+#endif
#include "defs.h"
#include "lnx/kaodv-netlink.h"

164
package/aodv-uu/patches/005-linux_2.6.22_skbuff.patch
View File

@ -1,164 +0,0 @@
Index: aodv-uu-0.9.3/lnx/kaodv-compat.h
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ aodv-uu-0.9.3/lnx/kaodv-compat.h 2007-06-17 02:49:46.844217144 +0200
@@ -0,0 +1,15 @@
+#ifndef __KAODV_COMPAT_H
+#define __KAODV_COMPAT_H
+
+#include <linux/version.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22)
+
+#define ip_hdr(_skb) (_skb)->nh.iph
+#define skb_reset_network_header(_skb) do { \
+ _skb->nh.iph = (struct iphdr *)_skb->data; \
+ } while (0);
+
+
+#endif /* LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22) */
+
+#endif
Index: aodv-uu-0.9.3/lnx/kaodv-ipenc.c
===================================================================
--- aodv-uu-0.9.3.orig/lnx/kaodv-ipenc.c 2007-06-17 02:31:56.448941960 +0200
+++ aodv-uu-0.9.3/lnx/kaodv-ipenc.c 2007-06-17 02:45:50.420159064 +0200
@@ -64,7 +64,7 @@
if (skb->sk != NULL)
skb_set_owner_w(nskb, skb->sk);
- iph = skb->nh.iph;
+ iph = ip_hdr(skb);
skb_put(nskb, sizeof(struct min_ipenc_hdr));
@@ -78,7 +78,8 @@
skb = nskb;
/* Update pointers */
- iph = skb->nh.iph = (struct iphdr *)skb->data;
+ skb_reset_network_header(skb);
+ iph = (struct iphdr *)skb->data;
ipe = (struct min_ipenc_hdr *)(skb->data + (iph->ihl << 2));
@@ -99,8 +100,8 @@
ip_send_check(iph);
- if (skb->nh.iph->id == 0)
- ip_select_ident(skb->nh.iph, skb->dst, NULL);
+ if (ip_hdr(skb)->id == 0)
+ ip_select_ident(ip_hdr(skb), skb->dst, NULL);
return skb;
}
@@ -108,9 +109,7 @@
struct sk_buff *ip_pkt_decapsulate(struct sk_buff *skb)
{
struct min_ipenc_hdr *ipe;
- /* skb->nh.iph is probably not set yet */
- struct iphdr *iph = skb->nh.iph;
-
+ struct iphdr *iph = ip_hdr(skb);
ipe = (struct min_ipenc_hdr *)((char *)iph + (iph->ihl << 2));
@@ -123,8 +122,9 @@
skb->len - (iph->ihl << 2) - sizeof(struct min_ipenc_hdr));
skb_trim(skb, skb->len - sizeof(struct min_ipenc_hdr));
-
- skb->nh.iph = iph = (struct iphdr *)skb->data;
+
+ skb_reset_network_header(skb);
+ iph = (struct iphdr *)skb->data;
iph->tot_len = htons((ntohs(iph->tot_len) - sizeof(struct min_ipenc_hdr)));
ip_send_check(iph);
Index: aodv-uu-0.9.3/lnx/kaodv-ipenc.h
===================================================================
--- aodv-uu-0.9.3.orig/lnx/kaodv-ipenc.h 2007-06-17 02:44:13.881835120 +0200
+++ aodv-uu-0.9.3/lnx/kaodv-ipenc.h 2007-06-17 02:44:16.549429584 +0200
@@ -27,6 +27,7 @@
#include <linux/ip.h>
#include <linux/skbuff.h>
#include <asm/byteorder.h>
+#include "kaodv-compat.h"
#define IPPROTO_MIPE 55
Index: aodv-uu-0.9.3/lnx/kaodv-mod.c
===================================================================
--- aodv-uu-0.9.3.orig/lnx/kaodv-mod.c 2007-06-17 02:43:33.776931992 +0200
+++ aodv-uu-0.9.3/lnx/kaodv-mod.c 2007-06-17 02:43:39.008136728 +0200
@@ -120,7 +120,7 @@
const struct net_device *out,
int (*okfn) (struct sk_buff *))
{
- struct iphdr *iph = (*skb)->nh.iph;
+ struct iphdr *iph = ip_hdr(*skb);
struct expl_entry e;
struct in_addr ifaddr, bcaddr;
int res = 0;
@@ -188,7 +188,7 @@
if (is_gateway && iph->protocol == IPPROTO_MIPE &&
iph->daddr == ifaddr.s_addr) {
ip_pkt_decapsulate(*skb);
- iph = (*skb)->nh.iph;
+ iph = ip_hdr(*skb);
return NF_ACCEPT;
}
/* Ignore packets generated locally or that are for this
Index: aodv-uu-0.9.3/lnx/kaodv-mod.h
===================================================================
--- aodv-uu-0.9.3.orig/lnx/kaodv-mod.h 2007-06-17 02:44:32.498005032 +0200
+++ aodv-uu-0.9.3/lnx/kaodv-mod.h 2007-06-17 02:44:34.662675952 +0200
@@ -5,6 +5,7 @@
#include <linux/inetdevice.h>
#include <linux/list.h>
#include <linux/spinlock.h>
+#include "kaodv-compat.h"
/* Interface information */
struct if_info {
Index: aodv-uu-0.9.3/lnx/kaodv-queue.c
===================================================================
--- aodv-uu-0.9.3.orig/lnx/kaodv-queue.c 2007-06-17 02:45:01.513593992 +0200
+++ aodv-uu-0.9.3/lnx/kaodv-queue.c 2007-06-17 02:45:11.534070648 +0200
@@ -152,7 +152,7 @@
{
int status = -EINVAL;
struct kaodv_queue_entry *entry;
- struct iphdr *iph = skb->nh.iph;
+ struct iphdr *iph = ip_hdr(skb);
entry = kmalloc(sizeof(*entry), GFP_ATOMIC);
Index: aodv-uu-0.9.3/lnx/kaodv-queue.h
===================================================================
--- aodv-uu-0.9.3.orig/lnx/kaodv-queue.h 2007-06-17 02:44:50.537262648 +0200
+++ aodv-uu-0.9.3/lnx/kaodv-queue.h 2007-06-17 02:44:53.629792512 +0200
@@ -21,6 +21,7 @@
*****************************************************************************/
#ifndef _KAODV_QUEUE_H
#define _KAODV_QUEUE_H
+#include "kaodv-compat.h"
#define KAODV_QUEUE_DROP 1
#define KAODV_QUEUE_SEND 2
Index: aodv-uu-0.9.3/lnx/kaodv-netlink.c
===================================================================
--- aodv-uu-0.9.3.orig/lnx/kaodv-netlink.c 2007-06-17 02:47:48.927143264 +0200
+++ aodv-uu-0.9.3/lnx/kaodv-netlink.c 2007-06-17 02:49:11.604574384 +0200
@@ -338,8 +338,10 @@
netlink_register_notifier(&kaodv_nl_notifier);
#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,14))
kaodvnl = netlink_kernel_create(NETLINK_AODV, kaodv_netlink_rcv_sk);
-#else
+#elif (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22))
kaodvnl = netlink_kernel_create(NETLINK_AODV, AODVGRP_MAX, kaodv_netlink_rcv_sk, THIS_MODULE);
+#else
+ kaodvnl = netlink_kernel_create(NETLINK_AODV, AODVGRP_MAX, kaodv_netlink_rcv_sk, NULL, THIS_MODULE);
#endif
if (kaodvnl == NULL) {
printk(KERN_ERR "kaodv_netlink: failed to create netlink socket\n");

59
package/gmp/Makefile
View File

@ -1,59 +0,0 @@
#
# Copyright (C) 2006-2008 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
# $Id$
include $(TOPDIR)/rules.mk
PKG_NAME:=gmp
PKG_VERSION:=4.2.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=@GNU/gmp
PKG_MD5SUM:=7ce52531644e6d12f16911b7e3151f3f
include $(INCLUDE_DIR)/package.mk
define Package/libgmp
SECTION:=libs
CATEGORY:=Libraries
TITLE:=GNU multiprecision arithmetic library
URL:=http://gmplib.org/
endef
define Package/libgmp/description
GMP is a free library for arbitrary precision arithmetic, operating on
signed integers, rational numbers, and floating point numbers.
endef
TARGET_CFLAGS += $(FPIC)
CONFIGURE_VARS += CC="$(TARGET_CROSS)gcc"
CONFIGURE_ARGS += \
--enable-shared \
--enable-static \
define Build/Compile
$(call Build/Compile/Default, \
DESTDIR="$(PKG_INSTALL_DIR)" \
CC="$(TARGET_CC)" \
all install \
)
endef
define Build/InstallDev
mkdir -p $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/gmp* $(1)/usr/include/
mkdir -p $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libgmp.{a,so*} $(1)/usr/lib/
endef
define Package/libgmp/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libgmp.so.* $(1)/usr/lib/
endef
$(eval $(call BuildPackage,libgmp))

86
package/ipsec-tools/Makefile
View File

@ -1,86 +0,0 @@
#
# Copyright (C) 2006 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
# $Id$
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=ipsec-tools
PKG_VERSION:=0.7
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=@SF/ipsec-tools
PKG_MD5SUM:=c0a586924edde35264ecfe94ad1c261f
include $(INCLUDE_DIR)/package.mk
define Package/ipsec-tools
SECTION:=net
CATEGORY:=Network
DEPENDS:=@LINUX_2_6 +libopenssl
TITLE:=IPsec management tools
URL:=http://ipsec-tools.sourceforge.net/
endef
CONFIGURE_ARGS += \
--enable-shared \
--enable-static \
--with-kernel-headers="$(LINUX_DIR)/include" \
--without-readline \
--with-openssl="$(STAGING_DIR)/usr" \
--without-libradius \
--without-libpam \
--enable-dpd \
--enable-hybrid \
--enable-security-context=no \
--enable-natt \
--enable-adminport \
--enable-ipv6
define Build/Configure
(cd $(PKG_BUILD_DIR); touch \
configure.ac \
aclocal.m4 \
Makefile.in \
config.h.in \
configure \
);
$(call Build/Configure/Default)
echo "#undef HAVE_SHADOW_H" >> $(PKG_BUILD_DIR)/config.h
endef
# override CFLAGS holding "-Werror" that break builds on compile warnings
define Build/Compile
$(MAKE) -C $(PKG_BUILD_DIR) \
DESTDIR="$(PKG_INSTALL_DIR)" \
CFLAGS="$(TARGET_CFLAGS)" \
all install
endef
define Package/ipsec-tools/install
$(INSTALL_DIR) $(1)/etc
$(INSTALL_CONF) $(PKG_BUILD_DIR)/src/racoon/samples/racoon.conf $(1)/etc/
$(SED) 's|@sysconfdir_x@|/etc|g' $(1)/etc/racoon.conf
$(INSTALL_DIR) $(1)/etc/racoon
$(INSTALL_CONF) $(PKG_BUILD_DIR)/src/racoon/samples/psk.txt $(1)/etc/racoon/
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libipsec.so.* $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libracoon.so.* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/plainrsa-gen $(1)/usr/sbin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/racoon $(1)/usr/sbin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/racoonctl $(1)/usr/sbin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/setkey $(1)/usr/sbin/
endef
define Package/ipsec-tools/conffiles
/etc/racoon.conf
/etc/racoon/psk.txt
endef
$(eval $(call BuildPackage,ipsec-tools))

26
package/ipsec-tools/patches/001-no_libfl.patch
View File

@ -1,26 +0,0 @@
Index: ipsec-tools-0.6.6/src/racoon/cftoken.l
===================================================================
--- ipsec-tools-0.6.6.orig/src/racoon/cftoken.l 2007-06-04 13:22:36.567296208 +0200
+++ ipsec-tools-0.6.6/src/racoon/cftoken.l 2007-06-04 13:22:36.646284200 +0200
@@ -105,6 +105,8 @@
static int incstackp = 0;
static int yy_first_time = 1;
+
+int yywrap(void) { return 1; }
%}
/* common seciton */
Index: ipsec-tools-0.6.6/src/setkey/token.l
===================================================================
--- ipsec-tools-0.6.6.orig/src/setkey/token.l 2007-06-04 13:22:36.575294992 +0200
+++ ipsec-tools-0.6.6/src/setkey/token.l 2007-06-04 13:22:36.646284200 +0200
@@ -84,6 +84,8 @@
#ifndef SADB_X_EALG_AESCTR
#define SADB_X_EALG_AESCTR (-1)
#endif
+
+int yywrap(void) { return 1; }
%}
/* common section */

26
package/ipsec-tools/patches/002-configure_cppflags_typo.patch
View File

@ -1,26 +0,0 @@
Index: ipsec-tools-0.6.6/configure.ac
===================================================================
--- ipsec-tools-0.6.6.orig/configure.ac 2007-06-04 13:22:36.540300312 +0200
+++ ipsec-tools-0.6.6/configure.ac 2007-06-04 13:22:36.841254560 +0200
@@ -183,7 +183,7 @@
if test "x$crypto_dir" != "x"; then
LIBS="$LIBS -L${crypto_dir}/lib"
- CPPFLAGS="-I${crypto_dir}/include $CPPLAGS"
+ CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
fi
AC_MSG_CHECKING(openssl version)
Index: ipsec-tools-0.6.6/configure
===================================================================
--- ipsec-tools-0.6.6.orig/configure 2007-06-04 13:22:36.547299248 +0200
+++ ipsec-tools-0.6.6/configure 2007-06-04 13:22:36.850253192 +0200
@@ -23687,7 +23687,7 @@
if test "x$crypto_dir" != "x"; then
LIBS="$LIBS -L${crypto_dir}/lib"
- CPPFLAGS="-I${crypto_dir}/include $CPPLAGS"
+ CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
fi
echo "$as_me:$LINENO: checking openssl version" >&5
echo $ECHO_N "checking openssl version... $ECHO_C" >&6

22
package/ipsec-tools/patches/003-linux_2.6.19_rtnetlink_changes.diff
View File

@ -1,22 +0,0 @@
Index: ipsec-tools-0.6.6/src/racoon/grabmyaddr.c
===================================================================
--- ipsec-tools-0.6.6.orig/src/racoon/grabmyaddr.c 2007-06-04 13:22:36.521303200 +0200
+++ ipsec-tools-0.6.6/src/racoon/grabmyaddr.c 2007-06-04 13:22:37.064220664 +0200
@@ -77,10 +77,17 @@
#ifdef __linux__
#include <linux/types.h>
#include <linux/rtnetlink.h>
+#include <linux/version.h>
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
+# include <linux/if_addr.h>
+#endif
#ifndef HAVE_GETIFADDRS
#define HAVE_GETIFADDRS
#define NEED_LINUX_GETIFADDRS
#endif
+#ifndef IFA_RTA
+# define IFA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
+#endif
#endif
#ifndef HAVE_GETIFADDRS

51
package/isakmpd/Makefile
View File

@ -1,51 +0,0 @@
#
# Copyright (C) 2006 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
# $Id$
include $(TOPDIR)/rules.mk
PKG_NAME:=isakmpd
PKG_VERSION:=20041012
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).orig.tar.gz
PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/main/i/isakmpd/
PKG_MD5SUM:=e6d25a9e232fb186e1a48dc06453bd57
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION).orig
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/kernel.mk
define Package/isakmpd
SECTION:=net
CATEGORY:=Network
DEPENDS:=@LINUX_2_6 +libopenssl +keynote +libgmp
TITLE:=IPsec management tools
URL:=http://isakmpd.sourceforge.net/
endef
define Build/Compile
CFLAGS="$(TARGET_CFLAGS)" \
$(MAKE) -C $(PKG_BUILD_DIR) \
$(TARGET_CONFIGURE_OPTS) \
LINUX_DIR="$(LINUX_DIR)" \
EXTRA_CPPFLAGS="$(TARGET_CPPFLAGS) -I$(STAGING_DIR)/usr/include/openssl -I$(STAGING_DIR)/usr/include/keynote" \
EXTRA_LDFLAGS="$(TARGET_LDFLAGS)"
$(MAKE) -C $(PKG_BUILD_DIR) \
DESTDIR="$(PKG_INSTALL_DIR)" \
INSTALL="install -c" \
install-bin
endef
define Package/isakmpd/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/* $(1)/
endef
$(eval $(call BuildPackage,isakmpd))

1753
package/isakmpd/patches/010-debian_3.patch
View File

File diff suppressed because it is too large Load Diff

154
package/isakmpd/patches/020-standardize.patch
View File

@ -1,154 +0,0 @@
Index: isakmpd-20041012.orig/GNUmakefile
===================================================================
--- isakmpd-20041012.orig.orig/GNUmakefile 2007-06-04 13:22:39.283883224 +0200
+++ isakmpd-20041012.orig/GNUmakefile 2007-06-04 13:22:39.722816496 +0200
@@ -168,7 +168,6 @@
X509= x509.c
CFLAGS+= -DUSE_LIBCRYPTO
LDADD+= -lcrypto
-DPADD+= ${LIBCRYPTO}
endif
ifdef USE_RAWKEY
@@ -242,3 +241,16 @@
realcleandepend:
rm -f .depend tags
+
+# Install rules
+install: install-bin install-man
+
+install-bin: isakmpd
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ $(INSTALL) $(INSTALL_OPTS) -m 755 isakmpd $(DESTDIR)$(BINDIR)
+
+install-man:
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ $(INSTALL) $(INSTALL_OPTS) -m 444 isakmpd.8 $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(MANDIR)/man5
+ $(INSTALL) $(INSTALL_OPTS) -m 444 isakmpd.conf.5 isakmpd.policy.5 $(DESTDIR)$(MANDIR)/man5
Index: isakmpd-20041012.orig/samples/Makefile
===================================================================
--- isakmpd-20041012.orig.orig/samples/Makefile 2007-06-04 13:22:39.015923960 +0200
+++ isakmpd-20041012.orig/samples/Makefile 2007-06-04 13:22:39.722816496 +0200
@@ -26,7 +26,7 @@
#
FILES= VPN-* policy singlehost-*
-TARGETDIR= /usr/share/ipsec/isakmpd
+TARGETDIR= /usr/share/isakmpd/samples
# The mkdir below is for installation on OpenBSD pre 2.7
install:
Index: isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep
===================================================================
--- isakmpd-20041012.orig.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.291882008 +0200
+++ isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.722816496 +0200
@@ -25,18 +25,18 @@
# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
-LIBGMP:= /usr/lib/libgmp.a
-LIBCRYPTO:= /usr/lib/libcrypto.a
+LIBGMP:=
+LIBCRYPTO:= -lcrypto
LIBSYSDEPDIR:= ${.CURDIR}/sysdep/common/libsysdep
LIBSYSDEP:= ${LIBSYSDEPDIR}/libsysdep.a
-LDADD+= -lgmp ${LIBSYSDEP} ${LIBCRYPTO}
+LDADD+= $(EXTRA_LDFLAGS) -lgmp ${LIBSYSDEP} ${LIBCRYPTO}
DPADD+= ${LIBGMP} ${LIBSYSDEP}
CFLAGS+= -DHAVE_GETNAMEINFO -DUSE_OLD_SOCKADDR -DHAVE_PCAP \
-DNEED_SYSDEP_APP -DMP_FLAVOUR=MP_FLAVOUR_GMP -DUSE_AES \
-I${.CURDIR}/sysdep/linux/include -I${.CURDIR}/sysdep/common \
- -I/usr/include/openssl
+ $(EXTRA_CPPFLAGS)
FEATURES= debug tripledes blowfish cast ec aggressive x509 policy
FEATURES+= dpd nat_traversal isakmp_cfg des aes
Index: isakmpd-20041012.orig/Makefile
===================================================================
--- isakmpd-20041012.orig.orig/Makefile 2007-06-04 13:22:39.028921984 +0200
+++ isakmpd-20041012.orig/Makefile 2007-06-04 13:22:39.723816344 +0200
@@ -147,7 +147,6 @@
.ifdef USE_LIBCRYPTO
CFLAGS+= -DUSE_LIBCRYPTO
LDADD+= -lcrypto
-DPADD+= ${LIBCRYPTO}
.endif
.ifdef USE_LIBDES
Index: isakmpd-20041012.orig/apps/certpatch/Makefile
===================================================================
--- isakmpd-20041012.orig.orig/apps/certpatch/Makefile 2007-06-04 13:22:39.035920920 +0200
+++ isakmpd-20041012.orig/apps/certpatch/Makefile 2007-06-04 13:22:39.723816344 +0200
@@ -40,7 +40,6 @@
.PATH: ${TOPSRC} ${TOPSRC}/sysdep/${OS} ${TOPOBJ}
CFLAGS+= -I${TOPSRC} -I${TOPSRC}/sysdep/${OS} -I${TOPOBJ} -Wall
LDADD+= -lcrypto
-DPADD+= ${LIBCRYPTO}
MAN= certpatch.8
.if ${FEATURES:Mgmp} == "gmp"
Index: isakmpd-20041012.orig/regress/crypto/Makefile
===================================================================
--- isakmpd-20041012.orig.orig/regress/crypto/Makefile 2007-06-04 13:22:39.041920008 +0200
+++ isakmpd-20041012.orig/regress/crypto/Makefile 2007-06-04 13:22:39.723816344 +0200
@@ -13,7 +13,7 @@
-DUSE_TRIPLEDES -DUSE_CAST -DUSE_BLOWFISH -DUSE_DES \
-DUSE_AES
LDADD+= -lcrypto -ldes
-DPADD+= ${LIBCRYPTO} ${LIBDES}
+DPADD+= ${LIBDES}
NOMAN=
DEBUG= -g
Index: isakmpd-20041012.orig/regress/dh/Makefile
===================================================================
--- isakmpd-20041012.orig.orig/regress/dh/Makefile 2007-06-04 13:22:39.048918944 +0200
+++ isakmpd-20041012.orig/regress/dh/Makefile 2007-06-04 13:22:39.726815888 +0200
@@ -15,7 +15,6 @@
-DUSE_EC
NOMAN=
LDADD+= -lcrypto
-DPADD+= ${LIBCRYPTO}
DEBUG= -g
.if ${FEATURES:Mgmp} == "gmp"
Index: isakmpd-20041012.orig/regress/group/Makefile
===================================================================
--- isakmpd-20041012.orig.orig/regress/group/Makefile 2007-06-04 13:22:39.054918032 +0200
+++ isakmpd-20041012.orig/regress/group/Makefile 2007-06-04 13:22:39.727815736 +0200
@@ -15,7 +15,6 @@
-DUSE_EC
NOMAN=
LDADD+= -lcrypto
-DPADD+= ${LIBCRYPTO}
DEBUG= -g
.if ${FEATURES:Mgmp} == "gmp"
Index: isakmpd-20041012.orig/regress/rsakeygen/Makefile
===================================================================
--- isakmpd-20041012.orig.orig/regress/rsakeygen/Makefile 2007-06-04 13:22:39.060917120 +0200
+++ isakmpd-20041012.orig/regress/rsakeygen/Makefile 2007-06-04 13:22:39.727815736 +0200
@@ -62,7 +62,6 @@
.ifdef USE_LIBCRYPTO
CFLAGS+= -DUSE_LIBCRYPTO
LDADD+= -lcrypto
-DPADD+= ${LIBCRYPTO}
.endif
.if !defined (HAVE_DLOPEN) && !defined (USE_LIBCRYPTO)
Index: isakmpd-20041012.orig/regress/x509/Makefile
===================================================================
--- isakmpd-20041012.orig.orig/regress/x509/Makefile 2007-06-04 13:22:39.068915904 +0200
+++ isakmpd-20041012.orig/regress/x509/Makefile 2007-06-04 13:22:39.727815736 +0200
@@ -78,7 +78,6 @@
X509= x509.c
CFLAGS+= -DUSE_LIBCRYPTO
LDADD+= -lcrypto ${LIBLWRES}
-DPADD+= ${LIBCRYPTO}
.endif
.if !defined (HAVE_DLOPEN) && !defined (USE_LIBCRYPTO) || !defined (USE_KEYNOTE)

161
package/isakmpd/patches/030-openssl_hashes.patch
View File

@ -1,161 +0,0 @@
Index: isakmpd-20041012.orig/GNUmakefile
===================================================================
--- isakmpd-20041012.orig.orig/GNUmakefile 2007-06-04 13:22:39.722816496 +0200
+++ isakmpd-20041012.orig/GNUmakefile 2007-06-04 13:22:40.000774240 +0200
@@ -76,13 +76,14 @@
isakmp_fld.c isakmp_fld.h
MAN= isakmpd.8 isakmpd.conf.5 isakmpd.policy.5
-CFLAGS+= -O2 ${DEBUG} -Wall -DNEED_SYSDEP_APP \
+CFLAGS+= ${DEBUG} -Wall -DNEED_SYSDEP_APP \
-I${.CURDIR} -I${.CURDIR}/sysdep/${OS} -I. \
# Different debugging & profiling suggestions
# Include symbolic debugging info
DEBUG= -g
+CFLAGS+= -g
# Do execution time profiles
#CFLAGS+= -pg
@@ -175,6 +176,14 @@
CFLAGS+= -DUSE_RAWKEY
endif
+ifdef USE_OPENSSL_MD5
+CFLAGS+= -DUSE_OPENSSL_MD5
+endif
+
+ifdef USE_OPENSSL_SHA1
+CFLAGS+= -DUSE_OPENSSL_SHA1
+endif
+
SRCS+= ${IPSEC_SRCS} ${X509} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \
$(ISAKMP_CFG) ${DPD} ${NAT_TRAVERSAL}
CFLAGS+= ${IPSEC_CFLAGS}
Index: isakmpd-20041012.orig/sysdep/common/libsysdep/GNUmakefile
===================================================================
--- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/GNUmakefile 2007-06-04 13:22:38.959932472 +0200
+++ isakmpd-20041012.orig/sysdep/common/libsysdep/GNUmakefile 2007-06-04 13:22:40.000774240 +0200
@@ -31,10 +31,18 @@
.CURDIR:= $(shell pwd)
LIB= sysdep
-SRCS= arc4random.c blowfish.c cast.c md5.c sha1.c strlcat.c strlcpy.c
+SRCS= arc4random.c blowfish.c cast.c strlcat.c strlcpy.c
NOMAN=
CFLAGS+= -I${.CURDIR}/.. -I/usr/include/machine
+ifeq (,$(findstring USE_OPENSSL_MD5,$(CFLAGS)))
+SRCS+=md5.c
+endif
+
+ifeq (,$(findstring USE_OPENSSL_SHA1,$(CFLAGS)))
+SRCS+=sha1.c
+endif
+
lib${LIB}.a: ${SRCS:%.c=%.o}
ar cq $@ ${SRCS:%.c=%.o}
Index: isakmpd-20041012.orig/sysdep/common/libsysdep/md5.c
===================================================================
--- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/md5.c 2007-06-04 13:22:38.964931712 +0200
+++ isakmpd-20041012.orig/sysdep/common/libsysdep/md5.c 2007-06-04 13:22:40.000774240 +0200
@@ -5,6 +5,8 @@
* changes to accommodate it in the kernel by ji.
*/
+#ifndef USE_OPENSSL_MD5
+
/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
*/
@@ -390,3 +392,4 @@
#endif
#endif
+#endif /* USE_OPENSSL_MD5 */
Index: isakmpd-20041012.orig/sysdep/common/libsysdep/sha1.c
===================================================================
--- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/sha1.c 2007-06-04 13:22:38.970930800 +0200
+++ isakmpd-20041012.orig/sysdep/common/libsysdep/sha1.c 2007-06-04 13:22:40.001774088 +0200
@@ -1,5 +1,7 @@
/* $OpenBSD: sha1.c,v 1.2 2001/01/28 22:38:48 niklas Exp $ */
+#ifndef USE_OPENSSL_SHA1
+
/*
SHA-1 in C
By Steve Reid <steve@edmweb.com>
@@ -171,3 +173,5 @@
SHA1Transform(context->state, context->buffer);
#endif
}
+
+#endif /* USE_OPENSSL_SHA1 */
Index: isakmpd-20041012.orig/sysdep/common/md5.h
===================================================================
--- isakmpd-20041012.orig.orig/sysdep/common/md5.h 2007-06-04 13:22:38.976929888 +0200
+++ isakmpd-20041012.orig/sysdep/common/md5.h 2007-06-04 13:22:40.001774088 +0200
@@ -1,5 +1,15 @@
/* $OpenBSD: md5.h,v 1.2 2001/01/28 22:38:47 niklas Exp $ */
+#ifdef USE_OPENSSL_MD5
+
+#include <openssl/md5.h>
+
+#define MD5Init MD5_Init
+#define MD5Update MD5_Update
+#define MD5Final MD5_Final
+
+#else /* USE_OPENSSL_MD5 */
+
/* GLOBAL.H - RSAREF types and constants
*/
@@ -71,3 +81,5 @@
void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *));
#define _MD5_H_
+
+#endif /* USE_OPENSSL_MD5 */
Index: isakmpd-20041012.orig/sysdep/common/sha1.h
===================================================================
--- isakmpd-20041012.orig.orig/sysdep/common/sha1.h 2007-06-04 13:22:38.982928976 +0200
+++ isakmpd-20041012.orig/sysdep/common/sha1.h 2007-06-04 13:22:40.001774088 +0200
@@ -1,5 +1,16 @@
/* $OpenBSD: sha1.h,v 1.2 2001/01/28 22:38:47 niklas Exp $ */
+#ifdef USE_OPENSSL_SHA1
+
+#include <openssl/sha.h>
+
+typedef SHA_CTX SHA1_CTX;
+#define SHA1Init SHA1_Init
+#define SHA1Update SHA1_Update
+#define SHA1Final SHA1_Final
+
+#else /* USE_OPENSSL_SHA1 */
+
/*
SHA-1 in C
By Steve Reid <steve@edmweb.com>
@@ -16,3 +27,5 @@
void SHA1Init(SHA1_CTX* context);
void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int len);
void SHA1Final(unsigned char digest[20], SHA1_CTX* context);
+
+#endif /* USE_OPENSSL_SHA1 */
Index: isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep
===================================================================
--- isakmpd-20041012.orig.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.722816496 +0200
+++ isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:40.001774088 +0200
@@ -47,6 +47,8 @@
USE_LIBCRYPO= defined
HAVE_DLOPEN= defined
USE_KEYNOTE= defined
+USE_OPENSSL_MD5= defined
+USE_OPENSSL_SHA1= defined
# hack libsysdep.a dependenc
${LIBSYSDEPDIR}/.depend ${LIBSYSDEP}:

18
package/isakmpd/patches/040-security_fix.patch
View File

@ -1,18 +0,0 @@
Index: isakmpd-20041012.orig/ipsec.c
===================================================================
--- isakmpd-20041012.orig.orig/ipsec.c 2007-06-04 13:22:39.283883224 +0200
+++ isakmpd-20041012.orig/ipsec.c 2007-06-04 13:22:40.247736696 +0200
@@ -2176,9 +2176,10 @@
{
struct ipsec_proto *iproto = proto->data;
- if (proto->sa->phase == 2 && section)
- iproto->replay_window = conf_get_num(section, "ReplayWindow",
- DEFAULT_REPLAY_WINDOW);
+ if (proto->sa->phase == 2)
+ iproto->replay_window = section ? conf_get_num(section,
+ "ReplayWindow", DEFAULT_REPLAY_WINDOW) :
+ DEFAULT_REPLAY_WINDOW;
}
/*

13
package/isakmpd/patches/050-ar_cross.patch
View File

@ -1,13 +0,0 @@
Index: isakmpd-20041012.orig/sysdep/common/libsysdep/GNUmakefile
===================================================================
--- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/GNUmakefile 2007-06-04 13:22:40.000774240 +0200
+++ isakmpd-20041012.orig/sysdep/common/libsysdep/GNUmakefile 2007-06-04 13:22:40.431708728 +0200
@@ -44,7 +44,7 @@
endif
lib${LIB}.a: ${SRCS:%.c=%.o}
- ar cq $@ ${SRCS:%.c=%.o}
+ $(AR) cq $@ ${SRCS:%.c=%.o}
clean:
rm -f lib${LIB}.a ${SRCS:%.c=%.o}

55
package/keynote/Makefile
View File

@ -1,55 +0,0 @@
#
# Copyright (C) 2006 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
# $Id$
include $(TOPDIR)/rules.mk
PKG_NAME:=keynote
PKG_VERSION:=2.3
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://downloads.openwrt.org/sources/
PKG_MD5SUM:=b569066ac2ba1356c2112b118a7d74d0
include $(INCLUDE_DIR)/package.mk
define Package/keynote
SECTION:=net
CATEGORY:=Network
DEPENDS:=@LINUX_2_6 +libopenssl
TITLE:=Simple and flexible trust-management system
URL:=http://www1.cs.columbia.edu/~angelos/keynote.html
endef
define Package/keynote/description
KeyNote is a simple and flexible trust-management system designed to work
well for a variety of large- and small- scale Internet-based applications.
It provides a single, unified language for both local policies and
credentials.
endef
CONFIGURE_ARGS += \
--enable-static \
--enable-shared
MAKE_FLAGS += \
CFLAGS="$(TARGET_CFLAGS)"
define Build/InstallDev
mkdir -p $(1)/usr/include/keynote
$(CP) $(PKG_BUILD_DIR)/{assertion,header,keynote,signature}.h $(1)/usr/include/keynote/
mkdir -p $(1)/usr/lib
$(CP) $(PKG_BUILD_DIR)/libkeynote.a $(1)/usr/lib/
endef
define Package/keynote/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/keynote $(1)/usr/sbin/
endef
$(eval $(call BuildPackage,keynote))

345
package/keynote/patches/001-build.patch
View File

@ -1,345 +0,0 @@
Index: keynote-2.3/configure.in
===================================================================
--- keynote-2.3.orig/configure.in 2007-06-04 13:22:41.284579072 +0200
+++ keynote-2.3/configure.in 2007-06-04 13:22:41.389563112 +0200
@@ -21,19 +21,13 @@
AC_PATH_PROG(ECHO, echo, /bin/echo)
AC_PATH_PROG(SED, sed, /usr/bin/sed)
-dnl Checks for libraries.
-LIBS="-L/usr/lib -L/usr/local/lib -L/usr/ssl/lib -L/usr/openssl/lib\
- -L/usr/local/ssl/lib -L/usr/local/openssl/lib -L/usr/pkg/lib -L/pkg/lib"
-
AC_CHECK_LIB(m, floor, LIBS="$LIBS -lm")
AC_CHECK_LIB(rsaref, RSAPrivateDecrypt, LIBS="$LIBS -lrsaref")
AC_CHECK_LIB(crypto, i2a_ASN1_STRING, LIBS="$LIBS -lcrypto")
AC_CHECK_LIB(RSAglue, RSA_ref_private_encrypt, LIBS="$LIBS -lRSAglue")
dnl Checks for header files.
-CPPFLAGS="-I/usr/include -I/usr/local/include -I/usr/ssl/include\
- -I/usr/local/ssl/include -I/usr/openssl/include -I/usr/pkg/include\
- -I/usr/local/openssl/include -I/pkg/include"
+CPPFLAGS="-I/usr/include/openssl"
AC_HEADER_STDC
AC_HEADER_TIME
Index: keynote-2.3/keynote-keygen.c
===================================================================
--- keynote-2.3.orig/keynote-keygen.c 2007-06-04 13:22:41.290578160 +0200
+++ keynote-2.3/keynote-keygen.c 2007-06-04 13:22:41.389563112 +0200
@@ -161,7 +161,7 @@
if (strlen(algname) + 2 > prlen)
{
fprintf(stderr, "Parameter ``print-length'' should be larger "
- "than the length of AlgorithmName (%d)\n", strlen(algname));
+ "than the length of AlgorithmName (%lu)\n", strlen(algname));
exit(-1);
}
Index: keynote-2.3/keynote.l
===================================================================
--- keynote-2.3.orig/keynote.l 2007-06-04 13:22:41.295577400 +0200
+++ keynote-2.3/keynote.l 2007-06-04 13:22:41.390562960 +0200
@@ -61,7 +61,8 @@
static struct lex_list *keynote_lex_list = (struct lex_list *) NULL;
static int keynote_max_lex_list = 32;
static int keynote_lex_counter = 0;
-static int first_tok = 0;
+extern int first_tok;
+int first_tok = 0;
%}
digit [0-9]
specnumber [1-9][0-9]*
@@ -766,7 +767,7 @@
if (0)
{
yyunput(0, NULL);
- yy_flex_realloc(0, NULL);
+ yy_flex_realloc(NULL, 0);
}
return en;
Index: keynote-2.3/keynote-ver.l
===================================================================
--- keynote-2.3.orig/keynote-ver.l 2007-06-04 13:22:41.301576488 +0200
+++ keynote-2.3/keynote-ver.l 2007-06-04 13:22:41.390562960 +0200
@@ -267,7 +267,7 @@
if (0)
{
yyunput(0, NULL);
- yy_flex_realloc(0, NULL);
+ yy_flex_realloc(NULL, 0);
}
}
Index: keynote-2.3/keynote-ver.y
===================================================================
--- keynote-2.3.orig/keynote-ver.y 2007-06-04 13:22:41.306575728 +0200
+++ keynote-2.3/keynote-ver.y 2007-06-04 13:22:41.390562960 +0200
@@ -49,7 +49,7 @@
return keynote_errno;
free($1);
}
-
+ ;
expr: VSTRING EQ STRING { int i = kn_add_action(sessid, $1, $3, 0);
if (i != 0)
@@ -64,6 +64,7 @@
free($1);
free($3);
} expr
+ ;
%%
void
kverror(char *s)
Index: keynote-2.3/keynote.y
===================================================================
--- keynote-2.3.orig/keynote.y 2007-06-04 13:22:41.311574968 +0200
+++ keynote-2.3/keynote.y 2007-06-04 13:22:41.391562808 +0200
@@ -73,8 +73,7 @@
%}
%%
-grammarswitch: LOCINI { keynote_exceptionflag = keynote_donteval = 0; }
- localinit
+grammarswitch: LOCINI { keynote_exceptionflag = keynote_donteval = 0; } localinit
| ACTSTR { keynote_exceptionflag = keynote_donteval = 0; } program
| KEYPRE { keynote_exceptionflag = keynote_donteval = 0; }
keypredicate
@@ -91,17 +90,17 @@
STRING { keynote_lex_remove($3);
keynote_privkey = $3;
}
-
+ ;
keypredicate: /* Nothing */ { keynote_returnvalue = 0;
return 0;
}
| notemptykeypredicate { keynote_returnvalue = $1;
return 0;
}
-
+ ;
notemptykeypredicate: key { $$ = $1; }
| keyexp { $$ = $1; }
-
+ ;
keyexp: notemptykeypredicate AND { if (($1 == 0) && !keynote_justrecord)
keynote_donteval = 1;
} notemptykeypredicate
@@ -138,7 +137,7 @@
else
$$ = 0;
} /* K-th */
-
+ ;
keylist: key
{ /* Don't do anything if we're just recording */
if (!keynote_justrecord && !keynote_donteval)
@@ -155,7 +154,7 @@
keylistcount++;
}
-
+ ;
key: str {
if (keynote_donteval)
$$ = 0;
@@ -193,10 +192,10 @@
}
}
}
-
+ ;
localinit: /* Nothing */
| localconstants
-
+ ;
localconstants: VARIABLE EQQ STRING
{
int i;
@@ -265,12 +264,12 @@
if (i != RESULT_TRUE)
return -1;
} localconstants
-
+ ;
program: prog {
keynote_returnvalue = $1;
return 0;
}
-
+ ;
prog: /* Nada */ { $$ = 0; }
| notemptyprog {
/*
@@ -285,7 +284,7 @@
else
$$ = $4;
}
-
+ ;
notemptyprog: expr HINT afterhint
{
if (checkexception($1))
@@ -300,7 +299,7 @@
else
$$ = 0;
}
-
+ ;
afterhint: str { if (keynote_exceptionflag || keynote_donteval)
$$ = 0;
else
@@ -315,7 +314,7 @@
}
}
| OPENBLOCK prog CLOSEBLOCK { $$ = $2; }
-
+ ;
expr: OPENPAREN expr CLOSEPAREN { $$ = $2; }
| expr AND { if ($1 == 0)
@@ -334,19 +333,19 @@
| stringexp { $$ = $1; }
| TRUE { $$ = 1; }
| FALSE { $$ = 0; }
-
+ ;
numexp: numex LT numex { $$ = $1 < $3; }
| numex GT numex { $$ = $1 > $3; }
| numex EQ numex { $$ = $1 == $3; }
| numex LE numex { $$ = $1 <= $3; }
| numex GE numex { $$ = $1 >= $3; }
| numex NE numex { $$ = $1 != $3; }
-
+ ;
floatexp: floatex LT floatex { $$ = $1 < $3; }
| floatex GT floatex { $$ = $1 > $3; }
| floatex LE floatex { $$ = $1 <= $3; }
| floatex GE floatex { $$ = $1 >= $3; }
-
+ ;
numex: numex PLUS numex { $$ = $1 + $3; }
| numex MINUS numex { $$ = $1 - $3; }
| numex MULT numex { $$ = $1 * $3; }
@@ -384,7 +383,7 @@
free($2);
}
}
-
+ ;
floatex: floatex PLUS floatex { $$ = ($1 + $3); }
| floatex MINUS floatex { $$ = ($1 - $3); }
| floatex MULT floatex { $$ = ($1 * $3); }
@@ -418,7 +417,7 @@
free($2);
}
}
-
+ ;
stringexp: str EQ str {
if (keynote_exceptionflag || keynote_donteval)
$$ = 0;
@@ -529,9 +528,9 @@
if (i == 0)
{
#if !defined(HAVE_SNPRINTF)
- sprintf(grp, "%d", preg.re_nsub);
+ sprintf(grp, "%d", (int)preg.re_nsub);
#else /* !HAVE_SNPRINTF */
- snprintf(grp, 3, "%d", preg.re_nsub);
+ snprintf(grp, 3, "%d", (int)preg.re_nsub);
#endif /* !HAVE_SNPRINTF */
if (keynote_env_add("_0", grp, &keynote_temp_list,
1, 0) != RESULT_TRUE)
@@ -579,7 +578,7 @@
}
}
}
-
+ ;
str: str DOTT str { if (keynote_exceptionflag || keynote_donteval)
$$ = (char *) NULL;
else
@@ -605,7 +604,7 @@
}
}
| strnotconcat { $$ = $1; }
-
+ ;
strnotconcat: STRING { $$ = $1; }
| OPENPAREN str CLOSEPAREN { $$ = $2; }
| VARIABLE { if (keynote_exceptionflag || keynote_donteval)
@@ -660,6 +659,7 @@
return -1;
}
}
+ ;
%%
/*
Index: keynote-2.3/Makefile.in
===================================================================
--- keynote-2.3.orig/Makefile.in 2007-06-04 13:22:41.317574056 +0200
+++ keynote-2.3/Makefile.in 2007-06-04 13:22:41.391562808 +0200
@@ -41,7 +41,8 @@
YACCFLAGS = -d -p kn -b k
LEXFLAGS2 = -Pkv -s -i
LEXFLAGS = -Cr -Pkn -s -i
-CFLAGS = -O2 -Wall # -g
+CFLAGS = -O2 -Wall -fno-strict-aliasing # -g
+LDFLAGS = @LDFLAGS@
RMFLAGS2 = -rf
RMFLAGS = -f
NROFFFLAGS = -mandoc
@@ -83,7 +84,7 @@
$(RANLIB) $(TARGET)
$(TARGET2): $(TARGET) $(OBJS2)
- $(CC) $(CFLAGS) -o $(TARGET2) $(OBJS2) $(LIBS)
+ $(CC) $(CFLAGS) -o $(TARGET2) $(OBJS2) $(LDFLAGS) $(LIBS)
k.tab.c: keynote.y header.h keynote.h assertion.h config.h
$(YACC) $(YACCFLAGS) keynote.y
Index: keynote-2.3/signature.c
===================================================================
--- keynote-2.3.orig/signature.c 2007-06-04 13:22:41.323573144 +0200
+++ keynote-2.3/signature.c 2007-06-04 13:22:41.392562656 +0200
@@ -515,7 +515,7 @@
kk = dc->dec_key;
if (keytype == KEYNOTE_PRIVATE_KEY)
{
- if (d2i_DSAPrivateKey((DSA **) &kk, &decoded, len) == (DSA *) NULL)
+ if (d2i_DSAPrivateKey((DSA **) &kk, (const unsigned char **) &decoded, len) == (DSA *) NULL)
{
if (ptr != (unsigned char *) NULL)
free(ptr);
@@ -526,7 +526,7 @@
}
else
{
- if (d2i_DSAPublicKey((DSA **) &kk, &decoded, len) == (DSA *) NULL)
+ if (d2i_DSAPublicKey((DSA **) &kk, (const unsigned char **) &decoded, len) == (DSA *) NULL)
{
if (ptr != (unsigned char *) NULL)
free(ptr);
@@ -556,7 +556,7 @@
kk = dc->dec_key;
if (keytype == KEYNOTE_PRIVATE_KEY)
{
- if (d2i_RSAPrivateKey((RSA **) &kk, &decoded, len) == (RSA *) NULL)
+ if (d2i_RSAPrivateKey((RSA **) &kk, (const unsigned char **) &decoded, len) == (RSA *) NULL)
{
if (ptr != (unsigned char *) NULL)
free(ptr);
@@ -567,7 +567,7 @@
}
else
{
- if (d2i_RSAPublicKey((RSA **) &kk, &decoded, len) == (RSA *) NULL)
+ if (d2i_RSAPublicKey((RSA **) &kk, (const unsigned char **) &decoded, len) == (RSA *) NULL)
{
if (ptr != (unsigned char *) NULL)
free(ptr);

588
package/keynote/patches/002-cross_compile.patch
View File

@ -1,588 +0,0 @@
Index: keynote-2.3/configure
===================================================================
--- keynote-2.3.orig/configure 2007-06-04 13:22:41.259582872 +0200
+++ keynote-2.3/configure 2007-06-04 13:22:41.658522224 +0200
@@ -889,52 +889,10 @@
done
test -n "$YACC" || YACC="yacc"
-for ac_prog in openssl ssleay
-do
-# Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:898: checking for $ac_word" >&5
-if eval "test \"`echo '$''{'ac_cv_path_SSLEAY'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- case "$SSLEAY" in
- /*)
- ac_cv_path_SSLEAY="$SSLEAY" # Let the user override the test with a path.
- ;;
- ?:/*)
- ac_cv_path_SSLEAY="$SSLEAY" # Let the user override the test with a dos path.
- ;;
- *)
- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
- ac_dummy="\
- $PATH:/usr/local/bin:/usr/local/ssl/sbin:/usr/local/ssl/bin:/usr/ssl/bin:/usr/ssl/sbin:/usr/sbin:/usr/openssl/bin:/usr/openssl/bin:/usr/local/openssl/bin:/usr/local/openssl/sbin"
- for ac_dir in $ac_dummy; do
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/$ac_word; then
- ac_cv_path_SSLEAY="$ac_dir/$ac_word"
- break
- fi
- done
- IFS="$ac_save_ifs"
- ;;
-esac
-fi
-SSLEAY="$ac_cv_path_SSLEAY"
-if test -n "$SSLEAY"; then
- echo "$ac_t""$SSLEAY" 1>&6
-else
- echo "$ac_t""no" 1>&6
-fi
-
-test -n "$SSLEAY" && break
-done
-test -n "$SSLEAY" || SSLEAY="/usr/local/bin/ssleay"
-
# Extract the first word of "rm", so it can be a program name with args.
set dummy rm; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:938: checking for $ac_word" >&5
+echo "configure:896: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_RM'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -970,7 +928,7 @@
# Extract the first word of "ar", so it can be a program name with args.
set dummy ar; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:974: checking for $ac_word" >&5
+echo "configure:932: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_AR'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -1006,7 +964,7 @@
# Extract the first word of "nroff", so it can be a program name with args.
set dummy nroff; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1010: checking for $ac_word" >&5
+echo "configure:968: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_NROFF'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -1042,7 +1000,7 @@
# Extract the first word of "tar", so it can be a program name with args.
set dummy tar; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1046: checking for $ac_word" >&5
+echo "configure:1004: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_TAR'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -1078,7 +1036,7 @@
# Extract the first word of "true", so it can be a program name with args.
set dummy true; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1082: checking for $ac_word" >&5
+echo "configure:1040: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_TRUE'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -1114,7 +1072,7 @@
# Extract the first word of "mkdir", so it can be a program name with args.
set dummy mkdir; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1118: checking for $ac_word" >&5
+echo "configure:1076: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_MKDIR'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -1150,7 +1108,7 @@
# Extract the first word of "tr", so it can be a program name with args.
set dummy tr; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1154: checking for $ac_word" >&5
+echo "configure:1112: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_TR'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -1186,7 +1144,7 @@
# Extract the first word of "echo", so it can be a program name with args.
set dummy echo; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1190: checking for $ac_word" >&5
+echo "configure:1148: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_ECHO'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -1222,7 +1180,7 @@
# Extract the first word of "sed", so it can be a program name with args.
set dummy sed; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1226: checking for $ac_word" >&5
+echo "configure:1184: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_SED'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -1256,11 +1214,8 @@
fi
-LIBS="-L/usr/lib -L/usr/local/lib -L/usr/ssl/lib -L/usr/openssl/lib\
- -L/usr/local/ssl/lib -L/usr/local/openssl/lib -L/usr/pkg/lib -L/pkg/lib"
-
echo $ac_n "checking for floor in -lm""... $ac_c" 1>&6
-echo "configure:1264: checking for floor in -lm" >&5
+echo "configure:1219: checking for floor in -lm" >&5
ac_lib_var=`echo m'_'floor | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -1268,7 +1223,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lm $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 1272 "configure"
+#line 1227 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -1279,7 +1234,7 @@
floor()
; return 0; }
EOF
-if { (eval echo configure:1283: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1238: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -1300,7 +1255,7 @@
fi
echo $ac_n "checking for RSAPrivateDecrypt in -lrsaref""... $ac_c" 1>&6
-echo "configure:1304: checking for RSAPrivateDecrypt in -lrsaref" >&5
+echo "configure:1259: checking for RSAPrivateDecrypt in -lrsaref" >&5
ac_lib_var=`echo rsaref'_'RSAPrivateDecrypt | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -1308,7 +1263,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lrsaref $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 1312 "configure"
+#line 1267 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -1319,7 +1274,7 @@
RSAPrivateDecrypt()
; return 0; }
EOF
-if { (eval echo configure:1323: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1278: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -1340,7 +1295,7 @@
fi
echo $ac_n "checking for i2a_ASN1_STRING in -lcrypto""... $ac_c" 1>&6
-echo "configure:1344: checking for i2a_ASN1_STRING in -lcrypto" >&5
+echo "configure:1299: checking for i2a_ASN1_STRING in -lcrypto" >&5
ac_lib_var=`echo crypto'_'i2a_ASN1_STRING | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -1348,7 +1303,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lcrypto $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 1352 "configure"
+#line 1307 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -1359,7 +1314,7 @@
i2a_ASN1_STRING()
; return 0; }
EOF
-if { (eval echo configure:1363: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1318: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -1380,7 +1335,7 @@
fi
echo $ac_n "checking for RSA_ref_private_encrypt in -lRSAglue""... $ac_c" 1>&6
-echo "configure:1384: checking for RSA_ref_private_encrypt in -lRSAglue" >&5
+echo "configure:1339: checking for RSA_ref_private_encrypt in -lRSAglue" >&5
ac_lib_var=`echo RSAglue'_'RSA_ref_private_encrypt | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -1388,7 +1343,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lRSAglue $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 1392 "configure"
+#line 1347 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -1399,7 +1354,7 @@
RSA_ref_private_encrypt()
; return 0; }
EOF
-if { (eval echo configure:1403: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1358: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -1420,12 +1375,9 @@
fi
-CPPFLAGS="-I/usr/include -I/usr/local/include -I/usr/ssl/include\
- -I/usr/local/ssl/include -I/usr/openssl/include -I/usr/pkg/include\
- -I/usr/local/openssl/include -I/pkg/include"
echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
-echo "configure:1429: checking how to run the C preprocessor" >&5
+echo "configure:1381: checking how to run the C preprocessor" >&5
# On Suns, sometimes $CPP names a directory.
if test -n "$CPP" && test -d "$CPP"; then
CPP=
@@ -1440,13 +1392,13 @@
# On the NeXT, cc -E runs the code through the compiler's parser,
# not just through cpp.
cat > conftest.$ac_ext <<EOF
-#line 1444 "configure"
+#line 1396 "configure"
#include "confdefs.h"
#include <assert.h>
Syntax Error
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1450: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1402: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
:
@@ -1457,13 +1409,13 @@
rm -rf conftest*
CPP="${CC-cc} -E -traditional-cpp"
cat > conftest.$ac_ext <<EOF
-#line 1461 "configure"
+#line 1413 "configure"
#include "confdefs.h"
#include <assert.h>
Syntax Error
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1467: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1419: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
:
@@ -1474,13 +1426,13 @@
rm -rf conftest*
CPP="${CC-cc} -nologo -E"
cat > conftest.$ac_ext <<EOF
-#line 1478 "configure"
+#line 1430 "configure"
#include "confdefs.h"
#include <assert.h>
Syntax Error
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1484: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1436: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
:
@@ -1505,12 +1457,12 @@
echo "$ac_t""$CPP" 1>&6
echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
-echo "configure:1509: checking for ANSI C header files" >&5
+echo "configure:1461: checking for ANSI C header files" >&5
if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1514 "configure"
+#line 1466 "configure"
#include "confdefs.h"
#include <stdlib.h>
#include <stdarg.h>
@@ -1518,7 +1470,7 @@
#include <float.h>
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1522: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1474: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
rm -rf conftest*
@@ -1535,7 +1487,7 @@
if test $ac_cv_header_stdc = yes; then
# SunOS 4.x string.h does not declare mem*, contrary to ANSI.
cat > conftest.$ac_ext <<EOF
-#line 1539 "configure"
+#line 1491 "configure"
#include "confdefs.h"
#include <string.h>
EOF
@@ -1553,7 +1505,7 @@
if test $ac_cv_header_stdc = yes; then
# ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
cat > conftest.$ac_ext <<EOF
-#line 1557 "configure"
+#line 1509 "configure"
#include "confdefs.h"
#include <stdlib.h>
EOF
@@ -1574,7 +1526,7 @@
:
else
cat > conftest.$ac_ext <<EOF
-#line 1578 "configure"
+#line 1530 "configure"
#include "confdefs.h"
#include <ctype.h>
#define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
@@ -1585,7 +1537,7 @@
exit (0); }
EOF
-if { (eval echo configure:1589: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1541: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
then
:
else
@@ -1609,12 +1561,12 @@
fi
echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6
-echo "configure:1613: checking whether time.h and sys/time.h may both be included" >&5
+echo "configure:1565: checking whether time.h and sys/time.h may both be included" >&5
if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1618 "configure"
+#line 1570 "configure"
#include "confdefs.h"
#include <sys/types.h>
#include <sys/time.h>
@@ -1623,7 +1575,7 @@
struct tm *tp;
; return 0; }
EOF
-if { (eval echo configure:1627: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1579: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
ac_cv_header_time=yes
else
@@ -1647,17 +1599,17 @@
do
ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:1651: checking for $ac_hdr" >&5
+echo "configure:1603: checking for $ac_hdr" >&5
if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1656 "configure"
+#line 1608 "configure"
#include "confdefs.h"
#include <$ac_hdr>
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1661: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1613: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
rm -rf conftest*
@@ -1687,17 +1639,17 @@
do
ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:1691: checking for $ac_hdr" >&5
+echo "configure:1643: checking for $ac_hdr" >&5
if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1696 "configure"
+#line 1648 "configure"
#include "confdefs.h"
#include <$ac_hdr>
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1701: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1653: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
rm -rf conftest*
@@ -1726,12 +1678,12 @@
echo $ac_n "checking for working const""... $ac_c" 1>&6
-echo "configure:1730: checking for working const" >&5
+echo "configure:1682: checking for working const" >&5
if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1735 "configure"
+#line 1687 "configure"
#include "confdefs.h"
int main() {
@@ -1780,7 +1732,7 @@
; return 0; }
EOF
-if { (eval echo configure:1784: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1736: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
ac_cv_c_const=yes
else
@@ -1801,12 +1753,12 @@
fi
echo $ac_n "checking for u_int""... $ac_c" 1>&6
-echo "configure:1805: checking for u_int" >&5
+echo "configure:1757: checking for u_int" >&5
if eval "test \"`echo '$''{'ac_cv_type_u_int'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1810 "configure"
+#line 1762 "configure"
#include "confdefs.h"
#include <sys/types.h>
#if STDC_HEADERS
@@ -1834,12 +1786,12 @@
fi
echo $ac_n "checking for u_char""... $ac_c" 1>&6
-echo "configure:1838: checking for u_char" >&5
+echo "configure:1790: checking for u_char" >&5
if eval "test \"`echo '$''{'ac_cv_type_u_char'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1843 "configure"
+#line 1795 "configure"
#include "confdefs.h"
#include <sys/types.h>
#if STDC_HEADERS
@@ -1870,12 +1822,12 @@
for ac_func in regcomp open close read _open _close _read strchr memcpy
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:1874: checking for $ac_func" >&5
+echo "configure:1826: checking for $ac_func" >&5
if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1879 "configure"
+#line 1831 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
@@ -1898,7 +1850,7 @@
; return 0; }
EOF
-if { (eval echo configure:1902: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1854: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
@@ -1925,12 +1877,12 @@
for ac_func in strcasecmp strncasecmp stricmp strnicmp snprintf __b64_ntop
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:1929: checking for $ac_func" >&5
+echo "configure:1881: checking for $ac_func" >&5
if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1934 "configure"
+#line 1886 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
@@ -1953,7 +1905,7 @@
; return 0; }
EOF
-if { (eval echo configure:1957: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1909: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
@@ -1980,12 +1932,12 @@
for ac_func in getopt
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:1984: checking for $ac_func" >&5
+echo "configure:1936: checking for $ac_func" >&5
if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1989 "configure"
+#line 1941 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
@@ -2008,7 +1960,7 @@
; return 0; }
EOF
-if { (eval echo configure:2012: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1964: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
@@ -2172,7 +2124,6 @@
s%@CC@%$CC%g
s%@RANLIB@%$RANLIB%g
s%@YACC@%$YACC%g
-s%@SSLEAY@%$SSLEAY%g
s%@RM@%$RM%g
s%@AR@%$AR%g
s%@NROFF@%$NROFF%g
Index: keynote-2.3/configure.in
===================================================================
--- keynote-2.3.orig/configure.in 2007-06-04 13:22:41.389563112 +0200
+++ keynote-2.3/configure.in 2007-06-04 13:22:41.658522224 +0200
@@ -9,8 +9,8 @@
AC_PROG_CC
AC_PROG_RANLIB
AC_PROG_YACC
-AC_PATH_PROGS(SSLEAY, openssl ssleay, /usr/local/bin/ssleay, \
- $PATH:/usr/local/bin:/usr/local/ssl/sbin:/usr/local/ssl/bin:/usr/ssl/bin:/usr/ssl/sbin:/usr/sbin:/usr/openssl/bin:/usr/openssl/bin:/usr/local/openssl/bin:/usr/local/openssl/sbin)
+dnl AC_PATH_PROGS(SSLEAY, openssl ssleay, /usr/local/bin/ssleay, \
+dnl $PATH:/usr/local/bin:/usr/local/ssl/sbin:/usr/local/ssl/bin:/usr/ssl/bin:/usr/ssl/sbin:/usr/sbin:/usr/openssl/bin:/usr/openssl/bin:/usr/local/openssl/bin:/usr/local/openssl/sbin)
AC_PATH_PROG(RM, rm, /bin/rm)
AC_PATH_PROG(AR, ar, /usr/bin/ar)
AC_PATH_PROG(NROFF, nroff, /usr/bin/nroff)
@@ -27,7 +27,7 @@
AC_CHECK_LIB(RSAglue, RSA_ref_private_encrypt, LIBS="$LIBS -lRSAglue")
dnl Checks for header files.
-CPPFLAGS="-I/usr/include/openssl"
+dnl CPPFLAGS="-I/usr/include/openssl"
AC_HEADER_STDC
AC_HEADER_TIME

96
package/openswan/Makefile
View File

@ -1,96 +0,0 @@
#
# Copyright (C) 2006-2008 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
# $Id$
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=openswan
PKG_VERSION:=2.4.10
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.openswan.org/download
PKG_MD5SUM:=2b36785342c74d524d8d86bde89a445f
include $(INCLUDE_DIR)/package.mk
define Package/openswan/Default
TITLE:=Openswan
URL:=http://www.openswan.org/
DEPENDS:=@BROKEN
endef
define Package/openswan/Default/description
Openswan is an IPsec implementation for Linux.
endef
define Package/openswan
$(call Package/openswan/Default)
SECTION:=net
CATEGORY:=Network
DEPENDS+= +kmod-openswan +libgmp +ip
TITLE+= (daemon)
URL:=http://www.openswan.org/
endef
define Package/openswan/description
$(call Package/openswan/Default/description)
This package contains the Openswan user-land daemon.
endef
define KernelPackage/openswan
$(call Package/openswan/Default)
SUBMENU:=Network Support
TITLE+= (kernel module)
FILES:=$(PKG_BUILD_DIR)/modobj*/ipsec.$(LINUX_KMOD_SUFFIX)
endef
define KernelPackage/openswan/description
$(call Package/openswan/Default/description)
This package contains the Openswan kernel module.
endef
TARGET_CPPFLAGS = \
-I$(STAGING_DIR)/usr/include \
-I$(LINUX_DIR)/include
TARGET_LDFLAGS = \
-L$(STAGING_DIR)/usr/lib
OPENSWAN_MAKE := $(MAKE) -C $(PKG_BUILD_DIR) \
$(TARGET_CONFIGURE_OPTS) \
LINUX_RELEASE="$(LINUX_RELEASE)" \
KERNELSRC="$(LINUX_DIR)" \
ARCH="$(LINUX_KARCH)" \
CROSS_COMPILE="$(TARGET_CROSS)" \
USERCOMPILE="$(TARGET_CFLAGS) -I$(PKG_BUILD_DIR)/linux/include $(TARGET_CPPFLAGS) $(TARGET_LDFLAGS)" \
IPSECDIR="/usr/lib/ipsec" \
INC_USRLOCAL="/usr" \
INC_RCDEFAULT="/etc/init.d" \
MODPROBE="/sbin/insmod" \
LDFLAGS="$(TARGET_LDFLAGS)" \
DESTDIR="$(PKG_INSTALL_DIR)"
define Build/Compile
$(OPENSWAN_MAKE) \
programs module install
endef
define Package/openswan/install
$(CP) $(PKG_INSTALL_DIR)/* $(1)
$(INSTALL_DIR) $(1)/etc/init.d
$(CP) ./files/ipsec.init $(1)/etc/init.d/ipsec
rm -rf $(1)/usr/share
rm -rf $(1)/usr/man
rm -rf $(1)/var
rm -rf $(1)/etc/rc.d
find $(1) -name \*.old | xargs rm -rf
endef
$(eval $(call BuildPackage,openswan))
$(eval $(call KernelPackage,openswan))

158
package/openswan/files/ipsec.init
View File

@ -1,158 +0,0 @@
#!/bin/sh /etc/rc.common
# IPsec startup and shutdown script
# Copyright (C) 1998, 1999, 2001 Henry Spencer.
# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
# Copyright (C) 2006 OpenWrt.org
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# RCSID $Id: setup.in,v 1.122.6.1 2005/07/25 19:17:03 ken Exp $
#
# ipsec init.d script for starting and stopping
# the IPsec security subsystem (KLIPS and Pluto).
#
# This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
# and is also accessible as "ipsec setup" (the preferred route for human
# invocation).
#
# The startup and shutdown times are a difficult compromise (in particular,
# it is almost impossible to reconcile them with the insanely early/late
# times of NFS filesystem startup/shutdown). Startup is after startup of
# syslog and pcmcia support; shutdown is just before shutdown of syslog.
#
# chkconfig: 2345 47 76
# description: IPsec provides encrypted and authenticated communications; \
# KLIPS is the kernel half of it, Pluto is the user-level management daemon.
START=60
script_init() {
me='ipsec setup' # for messages
# where the private directory and the config files are
IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/libexec/ipsec}"
IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/lib/ipsec}"
IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}"
IPSEC_CONFS="${IPSEC_CONFS-/etc}"
if test " $IPSEC_DIR" = " " # if we were not called by the ipsec command
then
# we must establish a suitable PATH ourselves
PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
export PATH
IPSEC_DIR="$IPSEC_LIBDIR"
export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
fi
# Check that the ipsec command is available.
found=
for dir in `echo $PATH | tr ':' ' '`
do
if test -f $dir/ipsec -a -x $dir/ipsec
then
found=yes
break # NOTE BREAK OUT
fi
done
if ! test "$found"
then
echo "cannot find ipsec command -- \`$1' aborted" |
logger -s -p daemon.error -t ipsec_setup
exit 1
fi
# Pick up IPsec configuration (until we have done this, successfully, we
# do not know where errors should go, hence the explicit "daemon.error"s.)
# Note the "--export", which exports the variables created.
eval `ipsec _confread $config --optional --varprefix IPSEC --export --type config setup`
if test " $IPSEC_confreadstatus" != " "
then
case $1 in
stop|--stop|_autostop)
echo "$IPSEC_confreadstatus -- \`$1' may not work" |
logger -s -p daemon.error -t ipsec_setup;;
*) echo "$IPSEC_confreadstatus -- \`$1' aborted" |
logger -s -p daemon.error -t ipsec_setup;
exit 1;;
esac
fi
IPSEC_confreadsection=${IPSEC_confreadsection:-setup}
export IPSEC_confreadsection
IPSECsyslog=${IPSECsyslog-daemon.error}
export IPSECsyslog
# misc setup
umask 022
mkdir -p /var/run/pluto
}
script_command() {
if [ "${USER}" != "root" ]
then
echo "permission denied (must be superuser)" |
logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
exit 1
fi
# make sure all required directories exist
if [ ! -d /var/run/pluto ]
then
mkdir -p /var/run/pluto
fi
if [ ! -d /var/lock/subsys ]
then
mkdir -p /var/lock/subsys
fi
tmp=/var/run/pluto/ipsec_setup.st
outtmp=/var/run/pluto/ipsec_setup.out
(
ipsec _realsetup $1
echo "$?" >$tmp
) > ${outtmp} 2>&1
st=$?
if test -f $tmp
then
st=`cat $tmp`
rm -f $tmp
fi
if [ -f ${outtmp} ]; then
cat ${outtmp} | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
rm -f ${outtmp}
fi
}
start() {
script_init start "$@"
script_command start "$@"
}
stop() {
script_init stop "$@"
script_command stop "$@"
}
restart() {
script_init stop "$@"
script_command stop "$@"
script_command start "$@"
}
status() {
script_init status "$@"
ipsec _realsetup status
}
EXTRA_COMMANDS=status
EXTRA_HELP=" status Show the status of the service"

33
package/openswan/patches/110-scripts.patch
View File

@ -1,33 +0,0 @@
diff -urN openswan.old/programs/loggerfix openswan.dev/programs/loggerfix
--- openswan.old/programs/loggerfix 1970-01-01 01:00:00.000000000 +0100
+++ openswan.dev/programs/loggerfix 2006-10-08 20:41:08.000000000 +0200
@@ -0,0 +1,5 @@
+#!/bin/sh
+# use filename instead of /dev/null to log, but dont log to flash or ram
+# pref. log to nfs mount
+echo "$*" >> /dev/null
+exit 0
diff -urN openswan.old/programs/_plutorun/_plutorun.in openswan.dev/programs/_plutorun/_plutorun.in
--- openswan.old/programs/_plutorun/_plutorun.in 2006-10-08 20:43:21.000000000 +0200
+++ openswan.dev/programs/_plutorun/_plutorun.in 2006-10-08 20:41:08.000000000 +0200
@@ -147,7 +147,7 @@
exit 1
fi
else
- if test ! -w "`dirname $stderrlog`"
+ if test ! -w "`echo $stderrlog | sed -r 's/(^.*\/)(.*$)/\1/'`"
then
echo Cannot write to directory to create \"$stderrlog\".
exit 1
diff -urN openswan.old/programs/_realsetup/_realsetup.in openswan.dev/programs/_realsetup/_realsetup.in
--- openswan.old/programs/_realsetup/_realsetup.in 2006-10-08 20:43:21.000000000 +0200
+++ openswan.dev/programs/_realsetup/_realsetup.in 2006-10-08 20:41:08.000000000 +0200
@@ -232,7 +232,7 @@
# misc pre-Pluto setup
- perform test -d `dirname $subsyslock` "&&" touch $subsyslock
+ perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock
if test " $IPSECforwardcontrol" = " yes"
then

39
package/openswan/patches/120-use_dev_urandom.patch
View File

@ -1,39 +0,0 @@
Index: openswan-2.4.8/programs/ranbits/ranbits.c
===================================================================
--- openswan-2.4.8.orig/programs/ranbits/ranbits.c 2007-06-04 13:22:49.835279168 +0200
+++ openswan-2.4.8/programs/ranbits/ranbits.c 2007-06-04 13:22:51.648003592 +0200
@@ -29,7 +29,7 @@
#include <openswan.h>
#ifndef DEVICE
-#define DEVICE "/dev/random"
+#define DEVICE "/dev/urandom"
#endif
#ifndef QDEVICE
#define QDEVICE "/dev/urandom"
Index: openswan-2.4.8/programs/rsasigkey/rsasigkey.c
===================================================================
--- openswan-2.4.8.orig/programs/rsasigkey/rsasigkey.c 2007-06-04 13:22:49.842278104 +0200
+++ openswan-2.4.8/programs/rsasigkey/rsasigkey.c 2007-06-04 13:22:51.649003440 +0200
@@ -31,7 +31,7 @@
#include <gmp.h>
#ifndef DEVICE
-#define DEVICE "/dev/random"
+#define DEVICE "/dev/urandom"
#endif
#ifndef MAXBITS
#define MAXBITS 20000
Index: openswan-2.4.8/programs/starter/files.h
===================================================================
--- openswan-2.4.8.orig/programs/starter/files.h 2007-06-04 13:22:49.850276888 +0200
+++ openswan-2.4.8/programs/starter/files.h 2007-06-04 13:22:51.649003440 +0200
@@ -36,7 +36,7 @@
#define MY_PID_FILE "/var/run/pluto/ipsec-starter.pid"
-#define DEV_RANDOM "/dev/random"
+#define DEV_RANDOM "/dev/urandom"
#define DEV_URANDOM "/dev/urandom"
#define PROC_IPSECVERSION "/proc/net/ipsec_version"

89
package/shfs/Makefile
View File

@ -1,89 +0,0 @@
#
# Copyright (C) 2006 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
# $Id$
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=shfs
PKG_VERSION:=0.35
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/shfs
PKG_MD5SUM:=016f49d71bc32eee2b5d11fc1600cfbe
include $(INCLUDE_DIR)/package.mk
define Package/shfs/Default
TITLE:=ShFS
URL:=http://shfs.sourceforge.net/
endef
define Package/shfs/Default/description
ShFS is a simple and easy to use Linux kernel module which allows you to
mount remote filesystems using a plain shell (SSH) connection. When using
ShFS, you can access all remote files just like the local ones, only the
access is governed through the transport security of SSH.
endef
define KernelPackage/shfs
$(call Package/shfs/Default)
TITLE+= (kernel module)
DEPENDS:=@LINUX_2_4
FILES:=$(PKG_INSTALL_DIR)/lib/modules/$(LINUX_VERSION)/kernel/fs/shfs/shfs.$(LINUX_KMOD_SUFFIX)
SUBMENU:=Filesystems
AUTOLOAD:=$(call AutoLoad,40,shfs)
endef
define KernelPackage/shfs/description
$(call Package/shfs/Default/description)
This package contains the ShFS kernel module.
endef
define Package/shfs-utils
$(call Package/shfs/Default)
SECTION:=utils
CATEGORY:=Utilities
DEPENDS+=+kmod-shfs
TITLE+= (utilities)
endef
define Package/shfs-utils/description
$(call Package/shfs/Default/description)
This package contains the ShFS utilities.
endef
define Build/Compile
$(MAKE) -C $(PKG_BUILD_DIR) \
ARCH="$(LINUX_KARCH)" \
CROSS_COMPILE="$(TARGET_CROSS)" \
OFLAGS="$(TARGET_CFLAGS)" \
CC="$(TARGET_CC)" \
LINKER="$(TARGET_CC)" \
KERNEL="$(LINUX_VERSION)" \
KERNEL_SOURCES="$(LINUX_DIR)" \
ROOT="$(PKG_INSTALL_DIR)" \
module module-install
$(MAKE) -C $(PKG_BUILD_DIR) \
OFLAGS="$(TARGET_CFLAGS)" \
CC="$(TARGET_CC)" \
LINKER="$(TARGET_CC)" \
KERNEL_SOURCES="$(LINUX_DIR)" \
ROOT="$(PKG_INSTALL_DIR)" \
utils utils-install
endef
define Package/shfs-utils/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/shfs{,u}mount $(1)/usr/bin/
$(INSTALL_DIR) $(1)/sbin
ln -sf /usr/bin/shfsmount $(1)/sbin/mount.shfs
endef
$(eval $(call KernelPackage,shfs))
$(eval $(call BuildPackage,shfs-utils))

100
package/shfs/patches/100-kmod_build.patch
View File

@ -1,100 +0,0 @@
Index: shfs-0.35/shfs/Linux-2.4/Makefile
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.4/Makefile 2007-06-04 13:22:58.143016200 +0200
+++ shfs-0.35/shfs/Linux-2.4/Makefile 2007-06-04 13:22:58.209006168 +0200
@@ -1,3 +1,13 @@
+#
+# the original Makefile was trashed and replaced by this one
+# The main reason is that loadable modules should be built with
+# the same compile flags the kernel was built with, so we'd better
+# let the kernel tree build the module for us, like that :
+#
+# make -C $(KERNEL_DIR) SUBDIRS="$(shell pwd)" modules
+# make -C $(KERNEL_DIR) SUBDIRS="$(shell pwd)" modules_install
+#
+
ifndef KERNEL
KERNEL=$(shell uname -r)
endif
@@ -10,67 +20,29 @@
KERNEL_SOURCES=${MODULESDIR}/build
endif
-ifeq (${MODVERSIONS},detect)
- ifeq ($(shell test -e ${KERNEL_SOURCES}/include/linux/modversions.h; echo $$?),0)
- MODVERSIONS=yes
- endif
-endif
-
-ifeq (${MODVERSIONS},yes)
-MVER=-DMODVERSIONS -DEXPORT_SYMTAB
-endif
-
-LINVER=linux-${KERNEL}
-
-ALL_TARGETS := shfs.o
-
-SEARCHDIRS := -I- -I. -I${KERNEL_SOURCES}/include #-I/usr/src/linux/include/
+all: all-y
-CC := gcc
-CFLAGS = -O2 -fomit-frame-pointer -fno-strict-aliasing -pipe -Wall ${SEARCHDIRS} -DMODULE ${MVER} -D__KERNEL__ -DLINUX
-LINKER := ld
-LDFLAGS = -r
-LOADLIBES :=
+O_TARGET := shfs.o
-all: ${ALL_TARGETS}
+shfs-objs := dcache.o dir.o fcache.o file.o inode.o ioctl.o proc.o shell.o symlink.o
-%.o: %.c $(wildcard *.h)
- ${CC} ${CFLAGS} -c $< -o $@
+obj-y := $(shfs-objs)
+obj-m := $(O_TARGET)
-shfs.o: dcache.o dir.o fcache.o file.o inode.o ioctl.o proc.o shell.o symlink.o
- ${LINKER} ${LDFLAGS} -o $@ ${filter-out %.a %.so, $^} ${LOADLIBES}
-
-tidy:
- ${RM} core dcache.o dir.o fcache.o file.o inode.o ioctl.o proc.o shell.o symlink.o
-
-clean: tidy patch-clean
- ${RM} shfs.o
+-include $(TOPDIR)/Rules.make
+all-y:
+ make -C ${KERNEL_SOURCES} TOPDIR="${KERNEL_SOURCES}" SUBDIRS="$(shell pwd)" modules
+
install: shfs.o
rm -f ${MODULESDIR}/kernel/fs/shfs/shfs.o
install -m644 -b -D shfs.o ${MODULESDIR}/kernel/fs/shfs/shfs.o
- if [ -x /sbin/depmod -a "${ROOT}" = "/" ]; then /sbin/depmod -aq; fi
uninstall:
rm -rf ${MODULESDIR}/kernel/fs/shfs
- if [ -x /sbin/depmod -a "${ROOT}" = "/" ]; then /sbin/depmod -aq; fi
-patch:
- rm -rf ${LINVER} ${LINVER}.orig; mkdir ${LINVER};
- for i in Documentation fs/shfs include/linux; do \
- mkdir -p ${LINVER}/$$i; \
- done
- cp ${KERNEL_SOURCES}/Documentation/Configure.help ${LINVER}/Documentation
- cp ${KERNEL_SOURCES}/fs/{Makefile,Config.in} ${LINVER}/fs
- cp -r ${LINVER} ${LINVER}.orig
- cp ../../Changelog *.c shfs_debug.h proc.h ${LINVER}/fs/shfs/
- cp shfs.h shfs_fs* ${LINVER}/include/linux/
- (cd ${LINVER}; patch -p1 <../kernel-config.diff)
- find . -type f -name "*.orig" -print | xargs rm -f
- diff -urN ${LINVER}.orig ${LINVER} >${LINVER}.diff; true
-
-patch-clean:
- rm -rf ${LINVER} ${LINVER}.orig;
- rm -f ${LINVER}.diff
-
-.PHONY : all tidy clean install uninstall patch patch-clean
+clean:
+ rm -f core *.o *.a *.s
+
+shfs.o: $(shfs-objs)
+

166
package/shfs/patches/101-shfs_0.35_2.6.18_dentry.patch
View File

@ -1,166 +0,0 @@
Index: shfs-0.35/shfs/Linux-2.6/inode.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.091024104 +0200
+++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.397977440 +0200
@@ -337,12 +337,21 @@
return -EINVAL;
}
+#ifdef NEW_VFS_DENTRY_API
+static int
+shfs_get_sb(struct file_system_type *fs_type,
+ int flags, const char *dev_name, void *data, struct vfsmount *mnt)
+{
+ return get_sb_nodev(fs_type, flags, data, shfs_read_super, mnt);
+}
+#else
static struct super_block *
shfs_get_sb(struct file_system_type *fs_type,
int flags, const char *dev_name, void *data)
{
return get_sb_nodev(fs_type, flags, data, shfs_read_super);
}
+#endif
static struct file_system_type sh_fs_type = {
.owner = THIS_MODULE,
Index: shfs-0.35/shfs/Linux-2.6/file.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/file.c 2007-06-04 13:22:58.096023344 +0200
+++ shfs-0.35/shfs/Linux-2.6/file.c 2007-06-04 13:22:58.397977440 +0200
@@ -199,7 +199,7 @@
}
static int
-shfs_file_flush(struct file *f)
+do_file_flush(struct file *f)
{
struct dentry *dentry = f->f_dentry;
struct shfs_sb_info *info = info_from_dentry(dentry);
@@ -222,6 +222,16 @@
}
static int
+#ifdef FLUSH_HAS_LOCK_OWNER
+shfs_file_flush(struct file *f, fl_owner_t id)
+#else
+shfs_file_flush(struct file *f)
+#endif
+{
+ return do_file_flush(f);
+}
+
+static int
shfs_file_release(struct inode *inode, struct file *f)
{
struct dentry *dentry = f->f_dentry;
@@ -311,7 +321,7 @@
DEBUG("\n");
written = generic_file_write(f, buf, count, offset);
if (written > 0) {
- result = shfs_file_flush(f);
+ result = do_file_flush(f);
written = result < 0 ? result: written;
}
Index: shfs-0.35/shfs/Linux-2.6/proc.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/proc.c 2007-06-04 13:22:58.102022432 +0200
+++ shfs-0.35/shfs/Linux-2.6/proc.c 2007-06-04 13:22:58.398977288 +0200
@@ -570,6 +570,16 @@
return result;
}
+#ifdef NEW_VFS_DENTRY_API
+int
+shfs_statfs(struct dentry *dentry, struct kstatfs *attr)
+{
+ struct shfs_sb_info *info = info_from_sb(dentry->d_sb);
+
+ DEBUG("\n");
+ return info->fops.statfs(info, attr);
+}
+#else
int
shfs_statfs(struct super_block *sb, struct kstatfs *attr)
{
@@ -578,4 +588,5 @@
DEBUG("\n");
return info->fops.statfs(info, attr);
}
+#endif
Index: shfs-0.35/shfs/Linux-2.6/shfs_fs.h
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.107021672 +0200
+++ shfs-0.35/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.398977288 +0200
@@ -9,6 +9,12 @@
#include <linux/ioctl.h>
#include <linux/pagemap.h>
+#include <linux/version.h>
+
+#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,17)
+#define NEW_VFS_DENTRY_API
+#define FLUSH_HAS_LOCK_OWNER
+#endif
#define SHFS_MAX_AGE(info) (((info)->ttl * HZ) / 1000)
#define SOCKBUF_SIZE (SHFS_PATH_MAX * 10)
@@ -101,7 +107,12 @@
void set_garbage(struct shfs_sb_info *info, int write, int count);
int get_name(struct dentry *d, char *name);
int shfs_notify_change(struct dentry *dentry, struct iattr *attr);
+
+#ifdef NEW_VFS_DENTRY_API
+int shfs_statfs(struct dentry *dentry, struct kstatfs *attr);
+#else
int shfs_statfs(struct super_block *sb, struct kstatfs *attr);
+#endif
/* shfs/inode.c */
void shfs_set_inode_attr(struct inode *inode, struct shfs_fattr *fattr);
Index: shfs-0.35/shfs/Linux-2.6/symlink.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/symlink.c 2007-06-04 13:22:58.113020760 +0200
+++ shfs-0.35/shfs/Linux-2.6/symlink.c 2007-06-04 13:22:58.398977288 +0200
@@ -41,7 +41,7 @@
return result;
}
-static int
+static void *
shfs_follow_link(struct dentry *dentry, struct nameidata *nd)
{
struct shfs_sb_info *info = info_from_dentry(dentry);
@@ -61,7 +61,7 @@
DEBUG("%s\n", real_name);
result = vfs_follow_link(nd, real_name);
error:
- return result;
+ return NULL;
}
struct inode_operations shfs_symlink_inode_operations = {
Index: shfs-0.35/shfs/Linux-2.6/dcache.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/dcache.c 2007-06-04 13:22:58.121019544 +0200
+++ shfs-0.35/shfs/Linux-2.6/dcache.c 2007-06-04 13:22:58.398977288 +0200
@@ -68,7 +68,7 @@
spin_lock(&dcache_lock);
next = parent->d_subdirs.next;
while (next != &parent->d_subdirs) {
- dentry = list_entry(next, struct dentry, d_child);
+ dentry = list_entry(next, struct dentry, d_u.d_child);
dentry->d_fsdata = NULL;
shfs_age_dentry(info, dentry);
next = next->next;
@@ -101,7 +101,7 @@
spin_lock(&dcache_lock);
next = parent->d_subdirs.next;
while (next != &parent->d_subdirs) {
- dent = list_entry(next, struct dentry, d_child);
+ dent = list_entry(next, struct dentry, d_u.d_child);
if ((unsigned long)dent->d_fsdata == fpos) {
if (dent->d_inode)
dget_locked(dent);

22
package/shfs/patches/102-shfs_0.35_clean_inode_clear.patch
View File

@ -1,22 +0,0 @@
Index: shfs-0.35/shfs/Linux-2.6/inode.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.397977440 +0200
+++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.637940960 +0200
@@ -8,6 +8,7 @@
#include <linux/modversions.h>
#endif
+#include <linux/version.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/init.h>
@@ -118,6 +119,9 @@
}
KMEM_FREE("inode", inode_cache, i);
out:
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,13))
+ truncate_inode_pages(&inode->i_data, 0);
+#endif
clear_inode(inode);
}

25
package/shfs/patches/103-shfs_0.35_gcc4.patch
View File

@ -1,25 +0,0 @@
Index: shfs-0.35/shfs/Linux-2.6/dir.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/dir.c 2007-06-04 13:22:58.041031704 +0200
+++ shfs-0.35/shfs/Linux-2.6/dir.c 2007-06-04 13:22:58.822912840 +0200
@@ -19,6 +19,8 @@
#include "shfs_debug.h"
#include "proc.h"
+static struct dentry_operations shfs_dentry_operations;
+
static int
shfs_dir_open(struct inode *inode, struct file *filp)
{
Index: shfs-0.35/shfs/Linux-2.6/shfs_fs.h
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.398977288 +0200
+++ shfs-0.35/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.823912688 +0200
@@ -56,7 +56,6 @@
#define ROUND_TO_MINS(x) do { (x).tv_sec = ((x).tv_sec / 60) * 60; (x).tv_nsec = 0; } while (0)
/* shfs/dir.c */
-extern struct dentry_operations shfs_dentry_operations;
extern struct file_operations shfs_dir_operations;
extern struct inode_operations shfs_dir_inode_operations;
extern void shfs_new_dentry(struct dentry *dentry);

377
package/shfs/patches/104-shfs_0.35_inode_and_fs.patch
View File

@ -1,377 +0,0 @@
Index: shfs-0.35/shfs/Linux-2.6/fcache.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/fcache.c 2007-06-04 13:22:57.997038392 +0200
+++ shfs-0.35/shfs/Linux-2.6/fcache.c 2007-06-04 13:22:59.019882896 +0200
@@ -100,7 +100,11 @@
VERBOSE("dir in file cache?\n");
return -EINVAL;
}
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ p = (struct shfs_inode_info *)inode->i_private;
+#else
p = (struct shfs_inode_info *)inode->u.generic_ip;
+#endif
if (!p) {
VERBOSE("inode without info\n");
return -EINVAL;
@@ -127,7 +131,11 @@
VERBOSE("dir in file cache?\n");
return -EINVAL;
}
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ p = (struct shfs_inode_info *)inode->i_private;
+#else
p = (struct shfs_inode_info *)inode->u.generic_ip;
+#endif
if (!p) {
VERBOSE("inode without info\n");
return -EINVAL;
@@ -160,7 +168,11 @@
if (result == 0) {
struct shfs_inode_info *p;
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ p = (struct shfs_inode_info *)f->f_dentry->d_inode->i_private;
+#else
p = (struct shfs_inode_info *)f->f_dentry->d_inode->u.generic_ip;
+#endif
if (!p) {
VERBOSE("inode without info\n");
return -EINVAL;
@@ -184,7 +196,11 @@
return -EINVAL;
}
DEBUG("ino: %lu\n", inode->i_ino);
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ p = (struct shfs_inode_info *)inode->i_private;
+#else
p = (struct shfs_inode_info *)inode->u.generic_ip;
+#endif
if (!p) {
VERBOSE("inode without info\n");
return -EINVAL;
@@ -226,7 +242,11 @@
VERBOSE("dir in file cache?\n");
return -EINVAL;
}
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ p = (struct shfs_inode_info *)inode->i_private;
+#else
p = (struct shfs_inode_info *)inode->u.generic_ip;
+#endif
if (!p) {
VERBOSE("inode without info\n");
return -EINVAL;
@@ -327,7 +347,11 @@
VERBOSE("dir in file cache?\n");
return -EINVAL;
}
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ p = (struct shfs_inode_info *)inode->i_private;
+#else
p = (struct shfs_inode_info *)inode->u.generic_ip;
+#endif
if (!p) {
VERBOSE("inode without info\n");
return -EINVAL;
Index: shfs-0.35/shfs/Linux-2.6/inode.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.637940960 +0200
+++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-04 13:22:59.020882744 +0200
@@ -36,7 +36,11 @@
shfs_set_inode_attr(struct inode *inode, struct shfs_fattr *fattr)
{
struct shfs_sb_info *info = info_from_inode(inode);
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ struct shfs_inode_info *i = inode->i_private;
+#else
struct shfs_inode_info *i = inode->u.generic_ip;
+#endif
struct timespec last_time = inode->i_mtime;
loff_t last_size = inode->i_size;
@@ -53,7 +57,9 @@
inode->i_ctime = fattr->f_ctime;
inode->i_atime = fattr->f_atime;
inode->i_mtime = fattr->f_mtime;
+#ifdef STRUCT_INODE_HAS_I_BLKSIZE
inode->i_blksize= fattr->f_blksize;
+#endif
inode->i_blocks = fattr->f_blocks;
inode->i_size = fattr->f_size;
@@ -76,7 +82,11 @@
if (!inode)
return NULL;
inode->i_ino = fattr->f_ino;
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ i = inode->i_private = (struct shfs_inode_info *)KMEM_ALLOC("inode", inode_cache, GFP_KERNEL);
+#else
i = inode->u.generic_ip = (struct shfs_inode_info *)KMEM_ALLOC("inode", inode_cache, GFP_KERNEL);
+#endif
if (!i)
return NULL;
i->cache = NULL;
@@ -108,7 +118,11 @@
struct shfs_inode_info *i;
DEBUG("ino: %lu\n", inode->i_ino);
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ i = (struct shfs_inode_info *)inode->i_private;
+#else
i = (struct shfs_inode_info *)inode->u.generic_ip;
+#endif
if (!i) {
VERBOSE("invalid inode\n");
goto out;
@@ -176,7 +190,11 @@
{
struct shfs_sb_info *info = info_from_dentry(dentry);
struct inode *inode = dentry->d_inode;
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ struct shfs_inode_info *i = (struct shfs_inode_info *)inode->i_private;
+#else
struct shfs_inode_info *i = (struct shfs_inode_info *)inode->u.generic_ip;
+#endif
int result;
DEBUG("%s\n", dentry->d_name.name);
Index: shfs-0.35/shfs/Linux-2.6/dir.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/dir.c 2007-06-04 13:22:58.822912840 +0200
+++ shfs-0.35/shfs/Linux-2.6/dir.c 2007-06-04 13:22:59.020882744 +0200
@@ -302,8 +302,13 @@
shfs_invalid_dir_cache(dir);
result = shfs_instantiate(dentry);
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ if (forced_write && dentry->d_inode && dentry->d_inode->i_private)
+ ((struct shfs_inode_info *)dentry->d_inode->i_private)->unset_write_on_close = 1;
+#else
if (forced_write && dentry->d_inode && dentry->d_inode->u.generic_ip)
((struct shfs_inode_info *)dentry->d_inode->u.generic_ip)->unset_write_on_close = 1;
+#endif
return result;
}
Index: shfs-0.35/shfs/Linux-2.6/file.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/file.c 2007-06-04 13:22:58.397977440 +0200
+++ shfs-0.35/shfs/Linux-2.6/file.c 2007-06-04 13:22:59.020882744 +0200
@@ -90,7 +90,11 @@
struct dentry *dentry = f->f_dentry;
struct shfs_sb_info *info = info_from_dentry(dentry);
struct inode *inode = p->mapping->host;
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ struct shfs_inode_info *i = (struct shfs_inode_info *)inode->i_private;
+#else
struct shfs_inode_info *i = (struct shfs_inode_info *)inode->u.generic_ip;
+#endif
char *buffer = kmap(p) + offset;
int written = 0, result;
unsigned count = to - offset;
@@ -252,8 +256,13 @@
}
}
/* if file was forced to be writeable, change attrs back on close */
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ if (dentry->d_inode && dentry->d_inode->i_private) {
+ if (((struct shfs_inode_info *)dentry->d_inode->i_private)->unset_write_on_close) {
+#else
if (dentry->d_inode && dentry->d_inode->u.generic_ip) {
if (((struct shfs_inode_info *)dentry->d_inode->u.generic_ip)->unset_write_on_close) {
+#endif
char name[SHFS_PATH_MAX];
if (get_name(dentry, name) < 0)
@@ -302,7 +311,8 @@
goto error;
}
if (result != 0) {
- copy_to_user(buf, (char *)page, result);
+ if (copy_to_user(buf, (char *)page, result))
+ goto error;
*ppos += result;
}
error:
@@ -315,11 +325,15 @@
static ssize_t
shfs_slow_write(struct file *f, const char *buf, size_t count, loff_t *offset)
{
- int written = 0;
+ ssize_t written = 0;
int result;
DEBUG("\n");
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ written = do_sync_write(f, buf, count, offset);
+#else
written = generic_file_write(f, buf, count, offset);
+#endif
if (written > 0) {
result = do_file_flush(f);
written = result < 0 ? result: written;
@@ -330,14 +344,23 @@
struct file_operations shfs_file_operations = {
.llseek = generic_file_llseek,
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ .read = do_sync_read,
+ .write = do_sync_write,
+#else
.read = generic_file_read,
.write = generic_file_write,
+#endif
.ioctl = shfs_ioctl,
.mmap = generic_file_mmap,
.open = shfs_file_open,
.flush = shfs_file_flush,
.release = shfs_file_release,
.fsync = shfs_file_sync,
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ .aio_read = generic_file_aio_read,
+ .aio_write = generic_file_aio_write,
+#endif
};
struct file_operations shfs_slow_operations = {
Index: shfs-0.35/shfs/Linux-2.6/proc.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/proc.c 2007-06-04 13:22:58.398977288 +0200
+++ shfs-0.35/shfs/Linux-2.6/proc.c 2007-06-04 13:22:59.021882592 +0200
@@ -149,7 +149,12 @@
{
struct file *f = info->sock;
mm_segment_t fs;
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ ssize_t result = 0;
+ loff_t begin;
+#else
int c, result = 0;
+#endif
unsigned long flags, sigpipe;
sigset_t old_set;
@@ -161,7 +166,9 @@
return result;
}
+#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19))
c = count;
+#endif
fs = get_fs();
set_fs(get_ds());
@@ -173,6 +180,16 @@
SIGRECALC;
SIGUNLOCK(flags);
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ begin = f->f_pos;
+ result = do_sync_write(f, buffer, count, &f->f_pos);
+
+ if (result < 0) {
+ DEBUG("error: %d\n", result);
+ fput(f);
+ info->sock = NULL;
+ }
+#else
do {
struct iovec vec[1];
@@ -190,6 +207,7 @@
buffer += result;
c -= result;
} while (c > 0);
+#endif
SIGLOCK(flags);
if (result == -EPIPE && !sigpipe) {
@@ -204,7 +222,11 @@
DEBUG(">%d\n", result);
if (result < 0)
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ set_garbage(info, 1, count - (f->f_pos - begin));
+#else
set_garbage(info, 1, c);
+#endif
else
result = count;
return result;
@@ -222,6 +244,9 @@
int c, result = 0;
unsigned long flags, sigpipe;
sigset_t old_set;
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ loff_t begin;
+#endif
if (!f)
return -EIO;
@@ -256,6 +281,20 @@
fs = get_fs();
set_fs(get_ds());
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ begin = f->f_pos;
+ result = do_sync_read(f, buffer, c, &f->f_pos);
+
+ if (!result) {
+ /* peer has closed socket */
+ result = -EIO;
+ }
+ if (result < 0) {
+ DEBUG("error: %d\n", result);
+ fput(f);
+ info->sock = NULL;
+ }
+#else
do {
struct iovec vec[1];
@@ -277,6 +316,7 @@
buffer += result;
c -= result;
} while (c > 0);
+#endif
SIGLOCK(flags);
if (result == -EPIPE && !sigpipe) {
@@ -291,7 +331,11 @@
DEBUG("<%d\n", result);
if (result < 0)
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ set_garbage(info, 0, count - (f->f_pos - begin));
+#else
set_garbage(info, 0, c);
+#endif
else
result = count;
return result;
@@ -316,8 +360,10 @@
return result;
}
while (1) {
+#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19))
struct iovec vec[1];
+#endif
nl = memchr(BUFFER, '\n', LEN);
if (nl) {
*nl = '\0';
@@ -348,9 +394,13 @@
fs = get_fs();
set_fs(get_ds());
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ result = do_sync_read(f, BUFFER+LEN, c, &f->f_pos);
+#else
vec[0].iov_base = BUFFER+LEN;
vec[0].iov_len = c;
result = f->f_op->readv(f, (const struct iovec *)&vec, 1, &f->f_pos);
+#endif
SIGLOCK(flags);
if (result == -EPIPE && !sigpipe) {
sigdelset(&current->pending.signal, SIGPIPE);

70
package/shfs/patches/105-space_chars.patch
View File

@ -1,70 +0,0 @@
Index: shfs-0.35/shfs/Linux-2.4/shell.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.4/shell.c 2007-06-04 13:22:57.970042496 +0200
+++ shfs-0.35/shfs/Linux-2.4/shell.c 2007-06-04 13:22:59.249847936 +0200
@@ -213,6 +213,7 @@
int c = 0;
int is_space = 1;
int device = 0;
+ char *start = s;
while (*s) {
if (c == DIR_COLS)
@@ -227,17 +228,20 @@
s++;
}
*s = '\0';
+ start = s+1;
is_space = 1;
+ } else {
+ if (c != DIR_NAME)
+ start = s+1;
}
} else {
if (is_space) {
/* (b)lock/(c)haracter device hack */
- col[c++] = s;
+ col[c++] = start;
is_space = 0;
if ((c-1 == DIR_PERM) && ((*s == 'b')||(*s == 'c'))) {
device = 1;
}
-
}
}
s++;
Index: shfs-0.35/shfs/Linux-2.6/shell.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/shell.c 2007-06-04 13:22:57.977041432 +0200
+++ shfs-0.35/shfs/Linux-2.6/shell.c 2007-06-04 13:22:59.249847936 +0200
@@ -225,6 +225,7 @@
int c = 0;
int is_space = 1;
int device = 0;
+ char *start = s;
while (*s) {
if (c == DIR_COLS)
@@ -239,17 +240,20 @@
s++;
}
*s = '\0';
+ start = s+1;
is_space = 1;
+ } else {
+ if (c != DIR_NAME)
+ start = s+1;
}
} else {
if (is_space) {
/* (b)lock/(c)haracter device hack */
- col[c++] = s;
+ col[c++] = start;
is_space = 0;
if ((c-1 == DIR_PERM) && ((*s == 'b')||(*s == 'c'))) {
device = 1;
}
-
}
}
s++;

38
package/shfs/patches/106-uidgid32.patch
View File

@ -1,38 +0,0 @@
Index: shfs-0.35/shfs/Linux-2.4/shfs_fs_sb.h
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.4/shfs_fs_sb.h 2007-06-04 13:22:57.941046904 +0200
+++ shfs-0.35/shfs/Linux-2.4/shfs_fs_sb.h 2007-06-04 13:22:59.448817688 +0200
@@ -38,10 +38,10 @@
struct shfs_fileops fops;
int version;
int ttl;
- __kernel_uid_t uid;
- __kernel_gid_t gid;
- __kernel_mode_t root_mode;
- __kernel_mode_t fmask;
+ uid_t uid;
+ gid_t gid;
+ mode_t root_mode;
+ mode_t fmask;
char mount_point[SHFS_PATH_MAX];
struct semaphore sock_sem; /* next 4 vars are guarded */
struct file *sock;
Index: shfs-0.35/shfs/Linux-2.6/shfs_fs_sb.h
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/shfs_fs_sb.h 2007-06-04 13:22:57.949045688 +0200
+++ shfs-0.35/shfs/Linux-2.6/shfs_fs_sb.h 2007-06-04 13:22:59.449817536 +0200
@@ -38,10 +38,10 @@
struct shfs_fileops fops;
int version;
int ttl;
- __kernel_uid_t uid;
- __kernel_gid_t gid;
- __kernel_mode_t root_mode;
- __kernel_mode_t fmask;
+ uid_t uid;
+ gid_t gid;
+ mode_t root_mode;
+ mode_t fmask;
char mount_point[SHFS_PATH_MAX];
struct semaphore sock_sem; /* next 4 vars are guarded */
struct file *sock;

38
package/shfs/patches/107-df.patch
View File

@ -1,38 +0,0 @@
Index: shfs-0.35/shfs/Linux-2.4/shell.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.4/shell.c 2007-06-04 13:22:59.249847936 +0200
+++ shfs-0.35/shfs/Linux-2.4/shell.c 2007-06-04 13:22:59.643788048 +0200
@@ -961,11 +961,11 @@
s = info->sockbuf;
if ((p = strsep(&s, " ")))
- attr->f_blocks = simple_strtoull(p, NULL, 10);
+ attr->f_blocks = simple_strtoull(p, NULL, 10) >> 2;
if ((p = strsep(&s, " ")))
- attr->f_bfree = attr->f_blocks - simple_strtoull(p, NULL, 10);
+ attr->f_bfree = attr->f_blocks - (simple_strtoull(p, NULL, 10) >> 2);
if ((p = strsep(&s, " ")))
- attr->f_bavail = simple_strtoull(p, NULL, 10);
+ attr->f_bavail = simple_strtoull(p, NULL, 10) >> 2;
result = sock_readln(info, info->sockbuf, SOCKBUF_SIZE);
if (result < 0)
Index: shfs-0.35/shfs/Linux-2.6/shell.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/shell.c 2007-06-04 13:22:59.249847936 +0200
+++ shfs-0.35/shfs/Linux-2.6/shell.c 2007-06-04 13:22:59.643788048 +0200
@@ -974,11 +974,11 @@
s = info->sockbuf;
if ((p = strsep(&s, " ")))
- attr->f_blocks = simple_strtoull(p, NULL, 10);
+ attr->f_blocks = simple_strtoull(p, NULL, 10) >> 2;
if ((p = strsep(&s, " ")))
- attr->f_bfree = attr->f_blocks - simple_strtoull(p, NULL, 10);
+ attr->f_bfree = attr->f_blocks - (simple_strtoull(p, NULL, 10) >> 2);
if ((p = strsep(&s, " ")))
- attr->f_bavail = simple_strtoull(p, NULL, 10);
+ attr->f_bavail = simple_strtoull(p, NULL, 10) >> 2;
result = sock_readln(info, info->sockbuf, SOCKBUF_SIZE);
if (result < 0)

28
package/shfs/patches/108-no_update_mtab.patch
View File

@ -1,28 +0,0 @@
Index: shfs-0.35/shfsmount/shfsmount.c
===================================================================
--- shfs-0.35.orig/shfsmount/shfsmount.c 2007-06-04 13:22:57.883055720 +0200
+++ shfs-0.35/shfsmount/shfsmount.c 2007-06-04 13:22:59.838758408 +0200
@@ -74,7 +74,7 @@
static int have_uid = 0;
/* do not update /etc/mtab */
-static int nomtab = 0;
+static int nomtab = 1;
/* preserve owner of files */
static int preserve = 0;
Index: shfs-0.35/shfsmount/shfsumount.c
===================================================================
--- shfs-0.35.orig/shfsmount/shfsumount.c 2007-06-04 13:22:57.890054656 +0200
+++ shfs-0.35/shfsmount/shfsumount.c 2007-06-04 13:22:59.838758408 +0200
@@ -67,10 +67,6 @@
FILE *new_mtab;
struct mntent *ment;
- if ((fd = open(MOUNTED"~", O_RDWR|O_CREAT|O_EXCL, 0600)) == -1) {
- fprintf(stderr, "Can't get "MOUNTED"~ lock file");
- return 0;
- }
close(fd);
if ((mtab = setmntent(MOUNTED, "r")) == NULL) {
fprintf(stderr, "Can't open " MOUNTED ": %s\n", strerror(errno));

26
package/shfs/patches/109-linux_2.6.22.patch
View File

@ -1,26 +0,0 @@
Index: shfs-0.35/shfs/Linux-2.6/dir.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/dir.c 2007-06-17 04:08:32.449815896 +0200
+++ shfs-0.35/shfs/Linux-2.6/dir.c 2007-06-17 04:08:41.766399560 +0200
@@ -13,6 +13,7 @@
#include <asm/uaccess.h>
#include <linux/smp_lock.h>
#include <linux/stat.h>
+#include <linux/jiffies.h>
#include "shfs_fs.h"
#include "shfs_fs_i.h"
Index: shfs-0.35/shfs/Linux-2.6/inode.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-17 04:09:01.961329464 +0200
+++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-17 04:13:08.501849608 +0200
@@ -15,6 +15,9 @@
#include <asm/uaccess.h>
#include <linux/file.h>
#include <linux/smp_lock.h>
+#include <linux/jiffies.h>
+#include <linux/sched.h>
+#include <asm/current.h>
#include "shfs_fs.h"
#include "shfs_fs_sb.h"

98
package/strongswan/Makefile
View File

@ -1,98 +0,0 @@
#
# Copyright (C) 2006 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
# $Id$
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=strongswan
PKG_VERSION:=2.8.2
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://download.strongswan.org/
PKG_MD5SUM:=57427f5b48123851a73b10d78dd4f8d6
include $(INCLUDE_DIR)/package.mk
define Package/strongswan/Default
TITLE:=strongSwan
DEPENDS:=@LINUX_2_4
URL:=http://www.strongswan.org/
endef
define Package/strongswan/Default/description
strongSwan is an IPsec implementation for Linux.
endef
define Package/strongswan
$(call Package/strongswan/Default)
SECTION:=net
CATEGORY:=Network
DEPENDS:=+kmod-strongswan +libgmp @LINUX_2_4
TITLE+= (daemon)
endef
define Package/strongswan/description
$(call Package/strongswan/Default/description)
This package contains the strongSwan user-land daemon.
endef
define KernelPackage/strongswan
$(call Package/strongswan/Default)
SUBMENU:=Network Support
TITLE+= (kernel module)
DEPENDS:=@LINUX_2_4
FILES:=$(PKG_BUILD_DIR)/linux/net/ipsec/ipsec.$(LINUX_KMOD_SUFFIX)
AUTOLOAD:=$(call AutoLoad,50,ipsec)
endef
define KernelPackage/strongswan/description
$(call Package/strongswan/Default/description)
This package contains the strongSwan kernel module.
endef
PKG_MAKE_OPTS:= \
LINUX_RELEASE="$(LINUX_RELEASE)" \
KERNELSRC="$(LINUX_DIR)" \
ARCH="$(LINUX_KARCH)" \
CROSS_COMPILE="$(TARGET_CROSS)" \
USERCOMPILE="$(TARGET_CFLAGS) -I./linux/include $(TARGET_CPPFLAGS) $(TARGET_LDFLAGS)" \
IPSECDIR="/usr/lib/ipsec" \
INC_USRLOCAL="/usr" \
define Build/Compile
$(MAKE) -C $(PKG_BUILD_DIR) \
$(TARGET_CONFIGURE_OPTS) \
$(PKG_MAKE_OPTS) \
LDFLAGS="$(TARGET_LDFLAGS)" \
DESTDIR="$(PKG_INSTALL_DIR)" \
programs module install
endef
define Package/strongswan/install
$(CP) $(PKG_INSTALL_DIR)/* $(1)
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_DIR) $(1)/etc/cron.tick
$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
$(INSTALL_DIR) $(1)/etc/hotplug.d/button
$(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec
$(INSTALL_BIN) ./files/ipsec.cron $(1)/etc/cron.tick/ipsec-wakeup
$(INSTALL_BIN) ./files/ipsec.iface $(1)/etc/hotplug.d/iface/65-ipsec
$(INSTALL_BIN) ./files/ipsec.button $(1)/etc/hotplug.d/button/65-ipsec
$(INSTALL_DATA) ./files/ipsec.config $(1)/etc/config/ipsec
$(INSTALL_DATA) ./files/ipsec.conf $(1)/etc/ipsec.conf
rm -rf $(1)/usr/share
rm -rf $(1)/usr/man
rm -rf $(1)/var
rm -rf $(1)/etc/rc.d
find $(1) -name \*.old | xargs rm -rf
endef
$(eval $(call BuildPackage,strongswan))
$(eval $(call KernelPackage,strongswan))

34
package/strongswan/files/ipsec.button
View File

@ -1,34 +0,0 @@
#!/bin/sh
# snarf the code that loads the config values
# since we also load the functions, might as well save the shell calls
. /etc/init.d/ipsec
[ -n "$IPSEC_RESET_BUTTON" -a "$BUTTON" = "$IPSEC_RESET_BUTTON" ] || exit
if [ ! -e /var/run/pluto.pid ] ; then
[ "$ACTION" = "pressed" ] && start
else
if [ "$ACTION" = "pressed" ] ; then
stop
elif [ "$ACTION" = "released" ] ; then
while [ -e /var/run/pluto.pid ] ; do
sleep 1
done
while ps auxww | grep ipsec | grep -v grep ; do
sleep 1
done
start
fi
fi

34
package/strongswan/files/ipsec.conf
View File

@ -1,34 +0,0 @@
version 2.0
config setup
interfaces=%defaultroute
nat_traversal=yes # required on both ends
uniqueids=yes # makes sense on client, not server
hidetos=no
conn %default
authby=rsasig
keyingtries=3
keyexchange=ike
left=%defaultroute
leftrsasigkey=%cert
rightrsasigkey=%cert
dpdtimeout=30 # keepalive must arrive within
dpddelay=5 # secs before keepalives start
compress=no # breaks double nat installations
pfs=yes
conn sample
leftca=%same
leftcert=my.certificate.crt
leftsourceip=192.168.10.1
leftsubnet=192.168.10.0/24
right=my.vpn.concentrator.net.
rightca=%same
rightid="C=??, ST=??, O=??, OU=??, CN=my.vpn.concentrator.net, E=root@concentrator.net"
rightsourceip=192.168.11.1
rightsubnet=192.168.11.0/24
dpdaction=hold
auto=start

21
package/strongswan/files/ipsec.config
View File

@ -1,21 +0,0 @@
# Configure button/light behavior here.
config device
option reset_button ses
option status_start ses_orange
option status_valid ses_white
# iptables setup for traffic to/from this host
config filter
option rule_in input_rule
option dest_in ACCEPT
option rule_out output_rule
option dest_out ACCEPT
# iptables setup for traffic to/from another host
config forward
option rule_in forwarding_rule
option dest_in forwarding_vpn_in
option rule_out forwarding_rule
option dest_out forwarding_vpn_out

2
package/strongswan/files/ipsec.cron
View File

@ -1,2 +0,0 @@
#!/bin/sh
/usr/sbin/ipsec wakeup

8
package/strongswan/files/ipsec.iface
View File

@ -1,8 +0,0 @@
NAME=ipsec
CTLFILE="/var/run/pluto.ctl"
[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] || exit
[ -e "$CTLFILE" ] || exit
/etc/init.d/ipsec update

101
package/strongswan/files/ipsec.init
View File

@ -1,101 +0,0 @@
#!/bin/sh /etc/rc.common
START=65
config_cb() {
local cfg="$CONFIG_SECTION"
local cfgt
config_get cfgt "$cfg" TYPE
case "$cfgt" in
device)
config_get IPSEC_RESET_BUTTON $cfg reset_button
config_get IPSEC_STATUS_LED_START $cfg status_start
config_get IPSEC_STATUS_LED_VALID $cfg status_valid
;;
filter)
config_get IPSEC_UPDOWN_RULE_IN $cfg rule_in
config_get IPSEC_UPDOWN_DEST_IN $cfg dest_in
config_get IPSEC_UPDOWN_RULE_OUT $cfg rule_out
config_get IPSEC_UPDOWN_DEST_OUT $cfg dest_out
;;
forward)
config_get IPSEC_UPDOWN_FWD_RULE_IN $cfg rule_in
config_get IPSEC_UPDOWN_FWD_DEST_IN $cfg dest_in
config_get IPSEC_UPDOWN_FWD_RULE_OUT $cfg rule_out
config_get IPSEC_UPDOWN_FWD_DEST_OUT $cfg dest_out
;;
*)
;;
esac
}
config_load ipsec
export IPSEC_RESET_BUTTON
export IPSEC_STATUS_LED_START
export IPSEC_STATUS_LED_VALID
export IPSEC_UPDOWN_RULE_IN
export IPSEC_UPDOWN_DEST_IN
export IPSEC_UPDOWN_RULE_OUT
export IPSEC_UPDOWN_DEST_OUT
export IPSEC_UPDOWN_FWD_RULE_IN
export IPSEC_UPDOWN_FWD_DEST_IN
export IPSEC_UPDOWN_FWD_RULE_OUT
export IPSEC_UPDOWN_FWD_DEST_OUT
start() {
[ -f /etc/ipsec.conf ] || exit
[ -e /var/run/starter.pid ] && exit
/usr/sbin/ipsec _showstatus start
# stuff the dnsmasq cache in case dns is on our own subnet
for peer in `grep left= /etc/ipsec.conf | \
cut -f 1 -d% | cut -f 2 -d=` ; do
ping -c 1 $peer > /dev/null 2>&1
done
/usr/sbin/ipsec start || exit
# work around broken routing behavior:
# a route to the local wan segment will appear
# the need was removed in the patched _updown script
while ! route -n | grep -q ipsec ; do sleep 1 ; done
defint=`route -n | awk '/^0.0.0.0/{print $8}'`
defnet=`route -n | grep $defint | awk '!/^0.0.0.0/{print $1}'`
dnmask=`route -n | grep $defint | awk '!/^0.0.0.0/{print $3}'`
tundev=`route -n | grep $defnet | awk '/ipsec/{print $8}'`
route del -net $defnet netmask $dnmask dev $tundev
}
stop() {
/usr/sbin/ipsec stop 2> /dev/null
# wait until the shutdown actually happens
while [ -e /var/run/starter.pid ] ; do
if [ -d /proc/`cat /var/run/starter.pid` ] ; then
sleep 1
else
rm /var/run/starter.pid
fi
done
# kill any lingering processes
while ps auxww | grep -q ipsec | grep -v init.d; do
kill `ps auxww | grep -v init.d | awk '/\/ipsec\//{print $1}'` 2> /dev/null
sleep 1
done
ipsec _showstatus stop
}

81
package/strongswan/patches/100-ar-fixes.patch
View File

@ -1,81 +0,0 @@
Index: strongswan-2.8.2/lib/libcrypto/libaes/Makefile
===================================================================
--- strongswan-2.8.2.orig/lib/libcrypto/libaes/Makefile 2007-06-04 13:23:04.777007680 +0200
+++ strongswan-2.8.2/lib/libcrypto/libaes/Makefile 2007-06-04 13:23:04.873992936 +0200
@@ -25,10 +25,8 @@
$(BLIB): $(LIBOBJ)
/bin/rm -f $(BLIB)
- ar cr $(BLIB) $(LIBOBJ)
- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
- else exit 0; fi; fi
+ $(AR) cr $(BLIB) $(LIBOBJ)
+ $(RANLIB) $(BLIB)
testx: test_main_mac.o $(BLIB)
$(CC) -o $@ $^
Index: strongswan-2.8.2/lib/libcrypto/libblowfish/Makefile
===================================================================
--- strongswan-2.8.2.orig/lib/libcrypto/libblowfish/Makefile 2007-06-04 13:23:04.783006768 +0200
+++ strongswan-2.8.2/lib/libcrypto/libblowfish/Makefile 2007-06-04 13:23:04.873992936 +0200
@@ -58,7 +58,7 @@
lib: $(LIB)
$(LIB): $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
+ $(AR) -r $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
# elf
Index: strongswan-2.8.2/lib/libcrypto/libserpent/Makefile
===================================================================
--- strongswan-2.8.2.orig/lib/libcrypto/libserpent/Makefile 2007-06-04 13:23:04.790005704 +0200
+++ strongswan-2.8.2/lib/libcrypto/libserpent/Makefile 2007-06-04 13:23:04.873992936 +0200
@@ -8,10 +8,8 @@
$(BLIB): $(LIBOBJ)
/bin/rm -f $(BLIB)
- ar cr $(BLIB) $(LIBOBJ)
- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
- else exit 0; fi; fi
+ $(AR) cr $(BLIB) $(LIBOBJ)
+ $(RANLIB) $(BLIB)
test: test_main.o $(BLIB)
$(CC) -o $@ $^
Index: strongswan-2.8.2/lib/libcrypto/libsha2/Makefile
===================================================================
--- strongswan-2.8.2.orig/lib/libcrypto/libsha2/Makefile 2007-06-04 13:23:04.796004792 +0200
+++ strongswan-2.8.2/lib/libcrypto/libsha2/Makefile 2007-06-04 13:23:04.874992784 +0200
@@ -9,10 +9,8 @@
$(BLIB): $(LIBOBJ)
/bin/rm -f $(BLIB)
- ar cr $(BLIB) $(LIBOBJ)
- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
- else exit 0; fi; fi
+ $(AR) cr $(BLIB) $(LIBOBJ)
+ $(RANLIB) $(BLIB)
test: test_main.o $(BLIB)
$(CC) -o $@ $^
Index: strongswan-2.8.2/lib/libcrypto/libtwofish/Makefile
===================================================================
--- strongswan-2.8.2.orig/lib/libcrypto/libtwofish/Makefile 2007-06-04 13:23:04.804003576 +0200
+++ strongswan-2.8.2/lib/libcrypto/libtwofish/Makefile 2007-06-04 13:23:04.874992784 +0200
@@ -9,10 +9,8 @@
$(BLIB): $(LIBOBJ)
/bin/rm -f $(BLIB)
- ar cr $(BLIB) $(LIBOBJ)
- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
- else exit 0; fi; fi
+ $(AR) cr $(BLIB) $(LIBOBJ)
+ $(RANLIB) $(BLIB)
test: test_main.o $(BLIB)
$(CC) -o $@ $^

11
package/strongswan/patches/110-make-ipsec.patch
View File

@ -1,11 +0,0 @@
Index: strongswan-2.8.2/programs/ipsec/Makefile
===================================================================
--- strongswan-2.8.2.orig/programs/ipsec/Makefile 2007-06-04 13:23:04.756010872 +0200
+++ strongswan-2.8.2/programs/ipsec/Makefile 2007-06-04 13:23:05.227939128 +0200
@@ -24,5 +24,5 @@
include ../Makefile.program
install:: ipsec
- @$(INSTALL) $(INSTBINFLAGS) ipsec $(RCDIR)/ipsec
+ @$(INSTALL) $(INSTBINFLAGS) -D ipsec $(RCDIR)/ipsec

13
package/strongswan/patches/120-make-pluto.patch
View File

@ -1,13 +0,0 @@
Index: strongswan-2.8.2/programs/pluto/alg/Makefile
===================================================================
--- strongswan-2.8.2.orig/programs/pluto/alg/Makefile 2007-06-04 13:23:04.734014216 +0200
+++ strongswan-2.8.2/programs/pluto/alg/Makefile 2007-06-04 13:23:05.416910400 +0200
@@ -20,7 +20,7 @@
include Config.ike_alg
LIBCRYPTO:=../../../lib/libcrypto
-ALLFLAGS=$(CPPFLAGS) $(CFLAGS) -I .. -I- -I ../../../linux/include -I $(LIBCRYPTO)
+ALLFLAGS=$(CPPFLAGS) $(CFLAGS) -I .. -I- -I ../../../linux/include -I $(LIBCRYPTO) $(USERCOMPILE)
LIBALG := libalg.o
all : $(LIBALG)

21
package/strongswan/patches/130-make-starter.patch
View File

@ -1,21 +0,0 @@
Index: strongswan-2.8.2/programs/starter/Makefile
===================================================================
--- strongswan-2.8.2.orig/programs/starter/Makefile 2007-06-04 13:23:04.711017712 +0200
+++ strongswan-2.8.2/programs/starter/Makefile 2007-06-04 13:23:06.227787128 +0200
@@ -16,7 +16,6 @@
FREESWANSRCDIR?=$(shell cd ../..; pwd)
include ${FREESWANSRCDIR}/Makefile.inc
-LD=$(CC)
RM=rm
LEX=flex
BISON=bison
@@ -59,7 +58,7 @@
all: starter
starter: $(OBJS) $(FREESWANLIB)
- $(LD) $(LDFLAGS) -o starter $(OBJS) $(LIBS)
+ $(CC) $(LDFLAGS) -o starter $(OBJS) $(LIBS)
lex.yy.c: parser.tab.c parser.l parser.y parser.h
$(LEX) parser.l

234
package/strongswan/patches/200-wakeup-showstatus.patch
View File

@ -1,234 +0,0 @@
Index: strongswan-2.8.2/programs/Makefile
===================================================================
--- strongswan-2.8.2.orig/programs/Makefile 2007-06-04 13:23:04.661025312 +0200
+++ strongswan-2.8.2/programs/Makefile 2007-06-04 13:23:06.414758704 +0200
@@ -22,7 +22,7 @@
SUBDIRS+=_realsetup _secretcensor _startklips _updown _updown_espmark
SUBDIRS+=auto barf ipsec look manual ranbits secrets starter
SUBDIRS+=rsasigkey send-pr setup showdefaults showhostkey calcgoo mailkey
-SUBDIRS+=ikeping examples openac scepclient
+SUBDIRS+=ikeping examples openac scepclient _showstatus wakeup
ifeq ($(USE_LWRES),true)
SUBDIRS+=lwdnsq
Index: strongswan-2.8.2/programs/_showstatus/Makefile
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ strongswan-2.8.2/programs/_showstatus/Makefile 2007-06-04 13:23:06.414758704 +0200
@@ -0,0 +1,22 @@
+# Makefile for miscelaneous programs
+# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# for more details.
+#
+# RCSID $Id: Makefile,v 1.3 2006/04/17 06:48:49 as Exp $
+
+FREESWANSRCDIR=../..
+include ${FREESWANSRCDIR}/Makefile.inc
+
+PROGRAM=_showstatus
+PROGRAMDIR=${LIBDIR}
+
+include ../Makefile.program
Index: strongswan-2.8.2/programs/_showstatus/_showstatus.8
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ strongswan-2.8.2/programs/_showstatus/_showstatus.8 2007-06-04 13:23:06.414758704 +0200
@@ -0,0 +1,23 @@
+.TH _showstatus 8 "03 Feb 2007"
+.\"
+.\" RCSID $Id: _showstatus.8
+.\"
+.SH NAME
+ipsec _showstatus \- give state feedback via led or other method
+.SH SYNOPSIS
+.I _showstatus
+is invoked by _updown to trigger led's, or other distribution
+or platform specific behavior. Presently, the SES button is
+supported as a status light on OpenWRT platforms. The button
+is configurable by environment variable:
+-B IPSEC_STATUS_LED_START
+defaults to ses_orange, and
+-B IPSEC_STATUS_LED_VALID
+defaults to ses_white.
+.SH "SEE ALSO"
+ipsec(8), ipsec_updown(8).
+.SH HISTORY
+Man page written for the Linux strongSwan project <http://www.strongswan.org/>
+by Kevin Cody Jr. Original manpage for _updown by Michael Richardson.
+Original program written by Henry Spencer. Extended for the Linux strongSwan
+project <http://www.strongswan.org/> by Andreas Steffen.
Index: strongswan-2.8.2/programs/_showstatus/_showstatus.in
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ strongswan-2.8.2/programs/_showstatus/_showstatus.in 2007-06-04 13:23:06.414758704 +0200
@@ -0,0 +1,70 @@
+#! /bin/sh
+#
+# Copyright (C) 2007 Kevin Cody Jr. <kcody@vegaresearch.com>
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# for more details.
+#
+# RCSID $Id: _showstatus.in
+
+
+LED_START=$IPSEC_STATUS_LED_START
+LED_VALID=$IPSEC_STATUS_LED_VALID
+
+[ -z "$LED_START" ] && LED_START="ses_orange"
+[ -z "$LED_VALID" ] && LED_VALID="ses_white"
+
+
+setled() {
+ led=$1
+ st=$2
+
+ [ -n "$led" -a -n "$st" ] || return
+
+ if [ -w "/proc/diag/led/$led" ] ; then
+ echo "$st" > "/proc/diag/led/$led"
+ fi
+
+ # integrate other led control methods here
+
+}
+
+
+case "$1" in
+ 'start')
+ [ -n "$LED_VALID" ] && setled "$LED_START" 1
+ [ -z "$LED_VALID" ] && setled "$LED_START" f
+ setled "$LED_VALID" 0
+ ;;
+ 'stop')
+ setled "$LED_START" 0
+ setled "$LED_VALID" 0
+ ;;
+ 'valid')
+ setled "$LED_VALID" 1
+ ;;
+ 'invalid')
+ setled "$LED_VALID" 0
+ ;;
+ 'up')
+ [ -n "$LED_VALID" ] && setled "$LED_START" 0
+ [ -z "$LED_VALID" ] && setled "$LED_START" 1
+ setled "$LED_VALID" 1
+ ;;
+ 'down')
+ [ -n "$LED_VALID" ] && setled "$LED_START" 1
+ [ -z "$LED_VALID" ] && setled "$LED_START" f
+ setled "$LED_VALID" f
+ ;;
+ *)
+ echo "$0: unknown status $status" >&2
+ ;;
+esac
+
Index: strongswan-2.8.2/programs/wakeup/Makefile
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ strongswan-2.8.2/programs/wakeup/Makefile 2007-06-04 13:23:06.415758552 +0200
@@ -0,0 +1,22 @@
+# Makefile for miscelaneous programs
+# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# for more details.
+#
+# RCSID $Id: Makefile,v 1.3 2006/04/17 06:48:49 as Exp $
+
+FREESWANSRCDIR=../..
+include ${FREESWANSRCDIR}/Makefile.inc
+
+PROGRAM=wakeup
+PROGRAMDIR=${LIBDIR}
+
+include ../Makefile.program
Index: strongswan-2.8.2/programs/wakeup/wakeup.8
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ strongswan-2.8.2/programs/wakeup/wakeup.8 2007-06-04 13:23:06.415758552 +0200
@@ -0,0 +1,16 @@
+.TH wakeup 8 "03 Feb 2007"
+.\"
+.\" RCSID $Id: wakeup.8
+.\"
+.SH NAME
+ipsec wakeup \- stalled and down connection detection
+.SH SYNOPSIS
+.I wakeup
+is invoked by cron and checks ipsec status, whacking as necessary.
+.SH "SEE ALSO"
+ipsec(8), ipsec_whack(8).
+.SH HISTORY
+Man page written for the Linux strongSwan project <http://www.strongswan.org/>
+by Kevin Cody Jr. Original manpage for _updown by Michael Richardson.
+Original program written by Henry Spencer. Extended for the Linux strongSwan
+project <http://www.strongswan.org/> by Andreas Steffen.
Index: strongswan-2.8.2/programs/wakeup/wakeup.in
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ strongswan-2.8.2/programs/wakeup/wakeup.in 2007-06-04 13:23:06.415758552 +0200
@@ -0,0 +1,38 @@
+#! /bin/sh
+# wakeup script
+#
+# Copyright (C) 2007 Kevin Cody Jr. <kcody@vegaresearch.com>
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# for more details.
+#
+
+# only applicable when ipsec is running
+[ -e /var/run/pluto.pid ] || exit
+
+# loop through any erouted tunnels in the HOLD state
+for f in `ipsec status | awk '/erouted HOLD/{ print $2 }' | cut -f1 -d\: | cut -f2 -d\"` ; do
+
+ # only whack if no pending events at all exists
+ ipsec status | grep STATE | grep -q $f ||
+ ipsec whack --name $f --initiate --asynchronous
+
+done
+
+# loop through any tunnels that don't quite exist
+for f in `ipsec status | awk '/prospective erouted/{ print $2 }' | cut -f1 -d: | grep -v \# | cut -f2 -d\"` ; do
+
+ ipsec status | grep STATE_QUICK | grep -q $f || {
+ ipsec status | grep STATE_MAIN | grep -q $f && ipsec down $f
+ ipsec up $f
+ }
+
+done
+

662
package/strongswan/patches/210-updown.patch
View File

@ -1,662 +0,0 @@
Index: strongswan-2.8.2/programs/_updown/_updown.8
===================================================================
--- strongswan-2.8.2.orig/programs/_updown/_updown.8 2007-06-04 13:23:04.632029720 +0200
+++ strongswan-2.8.2/programs/_updown/_updown.8 2007-06-04 13:23:06.656721920 +0200
@@ -8,8 +8,23 @@
.I _updown
is invoked by pluto when it has brought up a new connection. This script
is used to insert the appropriate routing entries for IPsec operation.
-It can also be used to insert and delete dynamic iptables firewall rules.
-The interface to the script is documented in the pluto man page.
+It also inserts and deletes dynamic iptables firewall rules. IMPORTANT!
+By default, it will ACCEPT as appropriate on the INPUT, OUTPUT, FORWARD
+tables. Most distributions will want to change that to provide more
+flexibility in their firewall configuration.
+The script looks for the environment variables
+.B IPSEC_UPDOWN_RULE_IN
+for the iptables table it should insert into,
+.B IPSEC_UPDOWN_DEST_IN
+for where the rule should -j jump to,
+.B IPSEC_UPDOWN_RULE_OUT
+.B IPSEC_UPDOWN_DEST_OUT
+for the same on outgoing packets, and
+.B IPSEC_UPDOWN_FWD_RULE_IN
+.B IPSEC_UPDOWN_FWD_DEST_IN
+.B IPSEC_UPDOWN_FWD_RULE_OUT
+.B IPSEC_UPDOWN_FWD_DEST_OUT
+respectively for packets being forwarded to/from the local networks.
.SH "SEE ALSO"
ipsec(8), ipsec_pluto(8).
.SH HISTORY
Index: strongswan-2.8.2/programs/_updown/_updown.in
===================================================================
--- strongswan-2.8.2.orig/programs/_updown/_updown.in 2007-06-04 13:23:04.642028200 +0200
+++ strongswan-2.8.2/programs/_updown/_updown.in 2007-06-04 13:23:06.657721768 +0200
@@ -5,6 +5,7 @@
# Copyright (C) 2003-2004 Tuomo Soini
# Copyright (C) 2002-2004 Michael Richardson
# Copyright (C) 2005-2006 Andreas Steffen <andreas.steffen@strongswan.org>
+# Copyright (C) 2007 Kevin Cody Jr <kcody@vegaresearch.com>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
@@ -118,20 +119,61 @@
# restricted on the peer side.
#
-# uncomment to log VPN connections
-VPN_LOGGING=1
-#
+# set to /bin/true to silence log messages
+LOGGER=logger
+
# tag put in front of each log entry:
TAG=vpn
-#
+
# syslog facility and priority used:
-FAC_PRIO=local0.notice
-#
-# to create a special vpn logging file, put the following line into
-# the syslog configuration file /etc/syslog.conf:
-#
-# local0.notice -/var/log/vpn
-#
+FAC_PRIO=authpriv.info
+
+
+# in the presence of KLIPS and ipsecN interfaces do not use IPSEC_POLICY
+if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ] ; then
+ IPSEC_POLICY_IN=""
+ IPSEC_POLICY_OUT=""
+else
+ IPSEC_POLICY="-m policy --pol ipsec --proto esp --reqid $PLUTO_REQID"
+ IPSEC_POLICY_IN="$IPSEC_POLICY --dir in"
+ IPSEC_POLICY_OUT="$IPSEC_POLICY --dir out"
+fi
+
+# are there port numbers?
+if [ "$PLUTO_MY_PORT" != 0 ] ; then
+ S_MY_PORT="--sport $PLUTO_MY_PORT"
+ D_MY_PORT="--dport $PLUTO_MY_PORT"
+fi
+
+if [ "$PLUTO_PEER_PORT" != 0 ] ; then
+ S_PEER_PORT="--sport $PLUTO_PEER_PORT"
+ D_PEER_PORT="--dport $PLUTO_PEER_PORT"
+fi
+
+# import firewall behavior
+IPT_RULE_IN=$IPSEC_UPDOWN_RULE_IN
+IPT_DEST_IN=$IPSEC_UPDOWN_DEST_IN
+IPT_RULE_OUT=$IPSEC_UPDOWN_RULE_OUT
+IPT_DEST_OUT=$IPSEC_UPDOWN_DEST_OUT
+
+# import forwarding behavior
+FWD_RULE_IN=$IPSEC_UPDOWN_FWD_RULE_IN
+FWD_DEST_IN=$IPSEC_UPDOWN_FWD_DEST_IN
+FWD_RULE_OUT=$IPSEC_UPDOWN_FWD_RULE_OUT
+FWD_DEST_OUT=$IPSEC_UPDOWN_FWD_DEST_OUT
+
+# default firewall behavior
+[ -z "$IPT_RULE_IN" ] && IPT_RULE_IN=INPUT
+[ -z "$IPT_DEST_IN" ] && IPT_DEST_IN=ACCEPT
+[ -z "$IPT_RULE_OUT" ] && IPT_RULE_OUT=OUTPUT
+[ -z "$IPT_DEST_OUT" ] && IPT_DEST_OUT=ACCEPT
+
+# default forwarding behavior
+[ -z "$FWD_RULE_IN" ] && FWD_RULE_IN=FORWARD
+[ -z "$FWD_DEST_IN" ] && FWD_DEST_IN=ACCEPT
+[ -z "$FWD_RULE_OUT" ] && FWD_RULE_OUT=FORWARD
+[ -z "$FWD_DEST_OUT" ] && FWD_DEST_OUT=ACCEPT
+
# check interface version
case "$PLUTO_VERSION" in
@@ -150,8 +192,6 @@
case "$1:$*" in
':') # no parameters
;;
-iptables:iptables) # due to (left/right)firewall; for default script only
- ;;
custom:*) # custom parameters (see above CAUTION comment)
;;
*) echo "$0: unknown parameters \`$*'" >&2
@@ -159,345 +199,307 @@
;;
esac
+
# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
+
uproute() {
doroute add
ip route flush cache
}
+
downroute() {
doroute delete
ip route flush cache
}
+upfirewall() {
+ in_rule=$1
+ in_dest=$2
+ out_rule=$3
+ out_dest=$4
+
+ [ -n "$in_rule" -a -n "$in_dest" ] && \
+ iptables -I $in_rule 1 \
+ -i $PLUTO_INTERFACE \
+ -p $PLUTO_MY_PROTOCOL \
+ -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
+ -d $PLUTO_MY_CLIENT $D_MY_PORT \
+ $IPSEC_POLICY_IN \
+ -j $in_dest
+
+ [ -n "$out_rule" -a -n "$out_dest" ] && \
+ iptables -I $out_rule 1 \
+ -o $PLUTO_INTERFACE \
+ -p $PLUTO_PEER_PROTOCOL \
+ -s $PLUTO_MY_CLIENT $S_MY_PORT \
+ -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
+ $IPSEC_POLICY_OUT \
+ -j $out_dest
+
+}
+
+downfirewall() {
+ in_rule=$1
+ in_dest=$2
+ out_rule=$3
+ out_dest=$4
+
+ [ -n "$in_rule" -a -n "$in_dest" ] && \
+ iptables -D $in_rule \
+ -i $PLUTO_INTERFACE \
+ -p $PLUTO_MY_PROTOCOL \
+ -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
+ -d $PLUTO_MY_CLIENT $D_MY_PORT \
+ $IPSEC_POLICY_IN \
+ -j $in_dest
+
+ [ -n "$out_rule" -a -n "$out_dest" ] && \
+ iptables -D $out_rule \
+ -o $PLUTO_INTERFACE \
+ -p $PLUTO_PEER_PROTOCOL \
+ -s $PLUTO_MY_CLIENT $S_MY_PORT \
+ -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
+ $IPSEC_POLICY_OUT \
+ -j $out_dest
+
+}
+
addsource() {
st=0
- if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local
- then
+
+ if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local ; then
+
it="ip addr add ${PLUTO_MY_SOURCEIP%/*}/32 dev $PLUTO_INTERFACE"
oops="`eval $it 2>&1`"
st=$?
- if test " $oops" = " " -a " $st" != " 0"
- then
+
+ if [ " $oops" = " " -a " $st" != " 0" ] ; then
oops="silent error, exit status $st"
fi
- if test " $oops" != " " -o " $st" != " 0"
- then
+
+ if [ " $oops" != " " -o " $st" != " 0" ] ; then
echo "$0: addsource \`$it' failed ($oops)" >&2
fi
fi
+
return $st
}
doroute() {
st=0
parms="$PLUTO_PEER_CLIENT"
+ parms2="dev $PLUTO_INTERFACE"
- parms2=
- if [ -n "$PLUTO_NEXT_HOP" ]
- then
- parms2="via $PLUTO_NEXT_HOP"
- fi
- parms2="$parms2 dev $PLUTO_INTERFACE"
-
- if [ -z "$PLUTO_MY_SOURCEIP" ]
- then
- if [ -f /etc/sysconfig/defaultsource ]
- then
- . /etc/sysconfig/defaultsource
- fi
+ if [ -z "$PLUTO_MY_SOURCEIP" ] ; then
- if [ -f /etc/conf.d/defaultsource ]
- then
- . /etc/conf.d/defaultsource
- fi
+ [ -f /etc/sysconfig/defaultsource ] && \
+ . /etc/sysconfig/defaultsource
+
+ [ -f /etc/conf.d/defaultsource ] && \
+ . /etc/conf.d/defaultsource
+
+ [ -n "$DEFAULTSOURCE" ] && \
+ PLUTO_MY_SOURCEIP=$DEFAULTSOURCE
- if [ -n "$DEFAULTSOURCE" ]
- then
- PLUTO_MY_SOURCEIP=$DEFAULTSOURCE
- fi
fi
parms3=
- if test "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP"
- then
+ if [ "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP" ] ; then
addsource
parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*}"
fi
- case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
- "0.0.0.0/0.0.0.0")
+ if [ "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" = \
+ "0.0.0.0/0.0.0.0" ] ; then
# opportunistic encryption work around
# need to provide route that eclipses default, without
# replacing it.
- it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
- ip route $1 128.0.0.0/1 $parms2 $parms3"
- ;;
- *) it="ip route $1 $parms $parms2 $parms3"
- ;;
- esac
+ it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
+ ip route $1 128.0.0.0/1 $parms2 $parms3"
+ else
+ it="ip route $1 $parms $parms2 $parms3"
+ fi
+
oops="`eval $it 2>&1`"
st=$?
- if test " $oops" = " " -a " $st" != " 0"
- then
- oops="silent error, exit status $st"
- fi
- if test " $oops" != " " -o " $st" != " 0"
- then
- echo "$0: doroute \`$it' failed ($oops)" >&2
+
+ if [ " $oops" = " " -a " $st" != " 0" ] ; then
+ oops="silent error, exit status $st"
fi
+
+ if [ " $oops" != " " -o " $st" != " 0" ] ; then
+ echo "$0: doroute \`$it' failed ($oops)" >&2
+ fi
+
return $st
}
-
-# in the presence of KLIPS and ipsecN interfaces do not use IPSEC_POLICY
-if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ]
-then
- IPSEC_POLICY_IN=""
- IPSEC_POLICY_OUT=""
-else
- IPSEC_POLICY="-m policy --pol ipsec --proto esp --reqid $PLUTO_REQID"
- IPSEC_POLICY_IN="$IPSEC_POLICY --dir in"
- IPSEC_POLICY_OUT="$IPSEC_POLICY --dir out"
-fi
-# are there port numbers?
-if [ "$PLUTO_MY_PORT" != 0 ]
-then
- S_MY_PORT="--sport $PLUTO_MY_PORT"
- D_MY_PORT="--dport $PLUTO_MY_PORT"
-fi
-if [ "$PLUTO_PEER_PORT" != 0 ]
-then
- S_PEER_PORT="--sport $PLUTO_PEER_PORT"
- D_PEER_PORT="--dport $PLUTO_PEER_PORT"
-fi
+dologentry() {
+ action=$1
+
+ if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] ; then
+ rem="$PLUTO_PEER"
+ else
+ rem="$PLUTO_PEER_CLIENT == $PLUTO_PEER"
+ fi
+
+ if [ "$PLUTO_MY_CLIENT" == "$PLUTO_ME/32" ] ; then
+ loc="$PLUTO_ME"
+ else
+ loc="$PLUTO_ME == $PLUTO_MY_CLIENT"
+ fi
+
+ $LOGGER -t $TAG -p $FAC_PRIO "$action $rem -- $loc ($PLUTO_PEER_ID)"
+}
+
# the big choice
+
case "$PLUTO_VERB:$1" in
prepare-host:*|prepare-client:*)
# delete possibly-existing route (preliminary to adding a route)
- case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
- "0.0.0.0/0.0.0.0")
- # need to provide route that eclipses default, without
+
+ if [ "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" = \
+ "0.0.0.0/0.0.0.0" ] ; then
+ # need to remove the route that eclipses default, without
# replacing it.
- parms1="0.0.0.0/1"
- parms2="128.0.0.0/1"
- it="ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1"
- oops="`ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1`"
- ;;
- *)
- parms="$PLUTO_PEER_CLIENT"
- it="ip route delete $parms 2>&1"
- oops="`ip route delete $parms 2>&1`"
- ;;
- esac
- status="$?"
- if test " $oops" = " " -a " $status" != " 0"
- then
- oops="silent error, exit status $status"
+ it="( ip route delete 0.0.0.0/1 ;
+ ip route delete 128.0.0.0/1 )"
+ else
+ it="ip route delete $PLUTO_PEER_CLIENT"
+ fi
+
+ oops="`$it 2>&1`"
+ st="$?"
+
+ if [ " $oops" = " " -a " $st" != " 0" ] ; then
+ oops="silent error, exit status $st"
fi
+
case "$oops" in
*'RTNETLINK answers: No such process'*)
# This is what route (currently -- not documented!) gives
# for "could not find such a route".
oops=
- status=0
+ st=0
;;
esac
- if test " $oops" != " " -o " $status" != " 0"
- then
+
+ if [ " $oops" != " " -o " $st" != " 0" ] ; then
echo "$0: \`$it' failed ($oops)" >&2
fi
- exit $status
+
+ exit $st
+
;;
route-host:*|route-client:*)
# connection to me or my client subnet being routed
+
+ ipsec _showstatus valid
uproute
+
;;
unroute-host:*|unroute-client:*)
# connection to me or my client subnet being unrouted
+
+ ipsec _showstatus invalid
downroute
+
;;
-up-host:)
+up-host:*)
# connection to me coming up
- # If you are doing a custom version, firewall commands go here.
+
+ ipsec _showstatus up
+ upfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT
+ dologentry "VPN-UP"
+
;;
-down-host:)
+down-host:*)
# connection to me going down
- # If you are doing a custom version, firewall commands go here.
- ;;
-up-client:)
- # connection to my client subnet coming up
- # If you are doing a custom version, firewall commands go here.
- ;;
-down-client:)
- # connection to my client subnet going down
- # If you are doing a custom version, firewall commands go here.
+
+ ipsec _showstatus down
+ downfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT
+ dologentry "VPN-DN"
+
;;
-up-host:iptables)
- # connection to me, with (left/right)firewall=yes, coming up
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT
- #
- # log IPsec host connection setup
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
- then
- logger -t $TAG -p $FAC_PRIO \
- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME"
- else
- logger -t $TAG -p $FAC_PRIO \
- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
- fi
- fi
- ;;
-down-host:iptables)
- # connection to me, with (left/right)firewall=yes, going down
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT
- #
- # log IPsec host connection teardown
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
- then
- logger -t $TAG -p $FAC_PRIO -- \
- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME"
- else
- logger -t $TAG -p $FAC_PRIO -- \
- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
- fi
- fi
- ;;
-up-client:iptables)
- # connection to client subnet, with (left/right)firewall=yes, coming up
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
- then
- iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \
- $IPSEC_POLICY_OUT -j ACCEPT
- iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
- $IPSEC_POLICY_IN -j ACCEPT
+up-client:*)
+ # connection to client subnet coming up
+
+ ipsec _showstatus up
+
+ if [ "$PLUTO_MY_CLIENT" != "$PLUTO_ME/32" -a \
+ "$PLUTO_MY_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] ; then
+ upfirewall $FWD_RULE_IN $FWD_DEST_IN $FWD_RULE_OUT $FWD_DEST_OUT
fi
- #
+
# a virtual IP requires an INPUT and OUTPUT rule on the host
# or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
- $IPSEC_POLICY_IN -j ACCEPT
- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \
- $IPSEC_POLICY_OUT -j ACCEPT
- fi
- #
- # log IPsec client connection setup
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
- then
- logger -t $TAG -p $FAC_PRIO \
- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- else
- logger -t $TAG -p $FAC_PRIO \
- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- fi
- fi
- ;;
-down-client:iptables)
- # connection to client subnet, with (left/right)firewall=yes, going down
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
- then
- iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \
- $IPSEC_POLICY_OUT -j ACCEPT
- iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
- $IPSEC_POLICY_IN -j ACCEPT
+ if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] ; then
+ upfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT
+ fi
+
+ dologentry "VPN-UP"
+
+ ;;
+down-client:*)
+ # connection to client subnet going down
+
+ ipsec _showstatus down
+
+ if [ "$PLUTO_MY_CLIENT" != "$PLUTO_ME/32" -a \
+ "$PLUTO_MY_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] ; then
+ downfirewall $FWD_RULE_IN $FWD_DEST_IN $FWD_RULE_OUT $FWD_DEST_OUT
fi
- #
+
# a virtual IP requires an INPUT and OUTPUT rule on the host
# or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
- $IPSEC_POLICY_IN -j ACCEPT
- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \
- $IPSEC_POLICY_OUT -j ACCEPT
- fi
- #
- # log IPsec client connection teardown
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
- then
- logger -t $TAG -p $FAC_PRIO -- \
- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- else
- logger -t $TAG -p $FAC_PRIO -- \
- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- fi
+ if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] ; then
+ downfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT
fi
+
+ dologentry "VPN-DN"
+
;;
-#
-# IPv6
-#
prepare-host-v6:*|prepare-client-v6:*)
+
;;
route-host-v6:*|route-client-v6:*)
# connection to me or my client subnet being routed
+
#uproute_v6
+
;;
unroute-host-v6:*|unroute-client-v6:*)
# connection to me or my client subnet being unrouted
+
#downroute_v6
+
;;
up-host-v6:*)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
+
;;
down-host-v6:*)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
+
;;
up-client-v6:)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
+
;;
down-client-v6:)
# connection to my client subnet going down
# If you are doing a custom version, firewall commands go here.
+
;;
-*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
+*)
+ echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
exit 1
+
;;
esac
+

26
package/strongswan/patches/300-openwrt.patch
View File

@ -1,26 +0,0 @@
Index: strongswan-2.8.2/Makefile.inc
===================================================================
--- strongswan-2.8.2.orig/Makefile.inc 2007-06-04 13:23:04.604033976 +0200
+++ strongswan-2.8.2/Makefile.inc 2007-06-04 13:23:06.855691672 +0200
@@ -123,7 +123,7 @@
# With a non-null DESTDIR, INC_RCDEFAULT will be used unless one of the
# INC_RCDIRS directories has been pre-created under DESTDIR.
INC_RCDIRS=/etc/rc.d/init.d /etc/rc.d /etc/init.d /sbin/init.d
-INC_RCDEFAULT=/etc/rc.d/init.d
+INC_RCDEFAULT=/etc/init.d
# RCDIR is where boot/shutdown scripts go; FINALRCDIR is where they think
# will finally be (so utils/Makefile can create a symlink in BINDIR to the
Index: strongswan-2.8.2/programs/showhostkey/showhostkey.in
===================================================================
--- strongswan-2.8.2.orig/programs/showhostkey/showhostkey.in 2007-06-04 13:23:04.612032760 +0200
+++ strongswan-2.8.2/programs/showhostkey/showhostkey.in 2007-06-04 13:23:06.855691672 +0200
@@ -62,7 +62,7 @@
exit 1
fi
-host="`hostname --fqdn`"
+host="`cat /proc/sys/kernel/hostname`"
awk ' BEGIN {
inkey = 0

19
package/strongswan/patches/310-make-ipsec-alg.patch
View File

@ -1,19 +0,0 @@
Index: strongswan-2.8.2/linux/net/ipsec/alg/Makefile.alg_cryptoapi
===================================================================
--- strongswan-2.8.2.orig/linux/net/ipsec/alg/Makefile.alg_cryptoapi 2007-06-04 13:23:04.583037168 +0200
+++ strongswan-2.8.2/linux/net/ipsec/alg/Makefile.alg_cryptoapi 2007-06-04 13:23:07.053661576 +0200
@@ -1,10 +1,10 @@
MOD_CRYPTOAPI := ipsec_cryptoapi.o
ifneq ($(wildcard $(TOPDIR)/include/linux/crypto.h),)
-ALG_MODULES += $(MOD_CRYPTOAPI)
-obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += $(MOD_CRYPTOAPI)
-static_init-func-$(CONFIG_IPSEC_ALG_CRYPTOAPI)+= ipsec_cryptoapi_init
-alg_obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += ipsec_alg_cryptoapi.o
+#ALG_MODULES += $(MOD_CRYPTOAPI)
+#obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += $(MOD_CRYPTOAPI)
+#static_init-func-$(CONFIG_IPSEC_ALG_CRYPTOAPI)+= ipsec_cryptoapi_init
+#alg_obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += ipsec_alg_cryptoapi.o
else
$(warning "Linux CryptoAPI (2.4.22+ or 2.6.x) not found, not building ipsec_cryptoapi.o")
endif

108
package/strongswan/patches/320-no-modprobe.patch
View File

@ -1,108 +0,0 @@
Index: strongswan-2.8.2/programs/starter/klips.c
===================================================================
--- strongswan-2.8.2.orig/programs/starter/klips.c 2007-06-04 13:23:04.544043096 +0200
+++ strongswan-2.8.2/programs/starter/klips.c 2007-06-04 13:23:07.238633456 +0200
@@ -44,7 +44,7 @@
unsetenv("MODPATH");
unsetenv("MODULECONF");
system("depmod -a >/dev/null 2>&1");
- system("modprobe -qv ipsec");
+ system("insmod -qv ipsec");
}
if (stat(PROC_IPSECVERSION, &stb) == 0)
{
@@ -62,11 +62,11 @@
/* make sure that all available crypto algorithms are loaded */
if (stat(PROC_MODULES, &stb) == 0)
{
- system("modprobe -qv ipsec_aes");
- system("modprobe -qv ipsec_serpent");
- system("modprobe -qv ipsec_twofish");
- system("modprobe -qv ipsec_blowfish");
- system("modprobe -qv ipsec_sha2");
+ system("insmod -qv ipsec_aes");
+ system("insmod -qv ipsec_serpent");
+ system("insmod -qv ipsec_twofish");
+ system("insmod -qv ipsec_blowfish");
+ system("insmod -qv ipsec_sha2");
}
starter_klips_clear();
Index: strongswan-2.8.2/programs/starter/netkey.c
===================================================================
--- strongswan-2.8.2.orig/programs/starter/netkey.c 2007-06-04 13:23:04.551042032 +0200
+++ strongswan-2.8.2/programs/starter/netkey.c 2007-06-04 13:23:07.238633456 +0200
@@ -36,7 +36,7 @@
/* af_key module makes the netkey proc interface visible */
if (stat(PROC_MODULES, &stb) == 0)
{
- system("modprobe -qv af_key");
+ system("insmod -qv af_key");
}
/* now test again */
@@ -52,11 +52,11 @@
/* make sure that all required IPsec modules are loaded */
if (stat(PROC_MODULES, &stb) == 0)
{
- system("modprobe -qv ah4");
- system("modprobe -qv esp4");
- system("modprobe -qv ipcomp");
- system("modprobe -qv xfrm4_tunnel");
- system("modprobe -qv xfrm_user");
+ system("insmod -qv ah4");
+ system("insmod -qv esp4");
+ system("insmod -qv ipcomp");
+ system("insmod -qv xfrm4_tunnel");
+ system("insmod -qv xfrm_user");
}
DBG(DBG_CONTROL,
Index: strongswan-2.8.2/programs/_startklips/_startklips.in
===================================================================
--- strongswan-2.8.2.orig/programs/_startklips/_startklips.in 2007-06-04 13:23:04.560040664 +0200
+++ strongswan-2.8.2/programs/_startklips/_startklips.in 2007-06-04 13:23:07.238633456 +0200
@@ -249,7 +249,7 @@
if test ! -f $ipsecversion && test ! -f $netkey
then
- modprobe -v af_key
+ insmod -v af_key
fi
if test -f $netkey
@@ -257,11 +257,11 @@
klips=false
if test -f $modules
then
- modprobe -qv ah4
- modprobe -qv esp4
- modprobe -qv ipcomp
- modprobe -qv xfrm4_tunnel
- modprobe -qv xfrm_user
+ insmod -qv ah4
+ insmod -qv esp4
+ insmod -qv ipcomp
+ insmod -qv xfrm4_tunnel
+ insmod -qv xfrm_user
fi
fi
@@ -272,7 +272,7 @@
setmodule
unset MODPATH MODULECONF # no user overrides!
depmod -a >/dev/null 2>&1
- modprobe -v ipsec
+ insmod -v ipsec
fi
if test ! -f $ipsecversion
then
@@ -288,7 +288,7 @@
do
if test -f $moduleinstplace/alg/ipsec_$alg.o
then
- modprobe ipsec_$alg
+ insmod ipsec_$alg
fi
done
fi

21
package/strongswan/patches/350-make-programs.patch
View File

@ -1,21 +0,0 @@
Index: strongswan-2.8.2/programs/Makefile
===================================================================
--- strongswan-2.8.2.orig/programs/Makefile 2007-06-04 13:23:06.414758704 +0200
+++ strongswan-2.8.2/programs/Makefile 2007-06-04 13:23:07.444602144 +0200
@@ -17,12 +17,10 @@
FREESWANSRCDIR=..
include ${FREESWANSRCDIR}/Makefile.inc
-SUBDIRS=spi eroute spigrp tncfg klipsdebug pf_key proc pluto
-SUBDIRS+=_confread _copyright _include _keycensor _plutoload _plutorun
-SUBDIRS+=_realsetup _secretcensor _startklips _updown _updown_espmark
-SUBDIRS+=auto barf ipsec look manual ranbits secrets starter
-SUBDIRS+=rsasigkey send-pr setup showdefaults showhostkey calcgoo mailkey
-SUBDIRS+=ikeping examples openac scepclient _showstatus wakeup
+SUBDIRS=_copyright _updown _showstatus wakeup examples
+SUBDIRS+=barf calcgoo eroute ikeping klipsdebug look mailkey manual
+SUBDIRS+=openac pf_key pluto proc ranbits rsasigkey scepclient secrets
+SUBDIRS+=showdefaults showhostkey spi spigrp starter tncfg ipsec
ifeq ($(USE_LWRES),true)
SUBDIRS+=lwdnsq