strongswan: introduce /etc/ipsec.user file
authorLuka Perkov <luka@openwrt.org>
Fri, 26 Apr 2013 23:53:56 +0000 (23:53 +0000)
committerLuka Perkov <luka@openwrt.org>
Fri, 26 Apr 2013 23:53:56 +0000 (23:53 +0000)
enable user to add their own ip (or other) rules using
/etc/ipsec.user file on events like IPsec tunnel state change

Signed-off-by: Luka Perkov <luka@openwrt.org>
SVN-Revision: 36462

net/strongswan/Makefile
net/strongswan/files/ipsec.user [new file with mode: 0644]
net/strongswan/patches/300-include-ipsec-user-script.patch [new file with mode: 0644]

index 610d77c2f8c57d9f7960bc071d81f2967c10ab9e..8d1d3bc4a0aab5ef21947aea42de84781f0a6884 100644 (file)
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=strongswan
 PKG_VERSION:=5.0.2
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=http://download.strongswan.org/
@@ -346,6 +346,7 @@ EXTRA_LDFLAGS+= -Wl,-rpath-link,$(STAGING_DIR)/usr/lib
 define Package/strongswan/conffiles
 /etc/ipsec.conf
 /etc/ipsec.secrets
+/etc/ipsec.user
 /etc/strongswan.conf
 endef
 
@@ -427,6 +428,8 @@ define Plugin/updown/install
        $(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins
        $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{_updown,_updown_espmark} $(1)/usr/lib/ipsec/
        $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-updown.so $(1)/usr/lib/ipsec/plugins/
+       $(INSTALL_DIR) $(1)/etc
+       $(INSTALL_CONF) ./files/ipsec.user $(1)/etc/
 endef
 
 define Plugin/whitelist/install
diff --git a/net/strongswan/files/ipsec.user b/net/strongswan/files/ipsec.user
new file mode 100644 (file)
index 0000000..4351ace
--- /dev/null
@@ -0,0 +1,6 @@
+# This file is interpreted as shell script.
+# Put your custom ip rules here, they will
+# be executed with each call to the script
+# /usr/lib/ipsec/_updown which by default
+# strongswan executes.
+
diff --git a/net/strongswan/patches/300-include-ipsec-user-script.patch b/net/strongswan/patches/300-include-ipsec-user-script.patch
new file mode 100644 (file)
index 0000000..d96e844
--- /dev/null
@@ -0,0 +1,17 @@
+--- a/src/_updown/_updown.in
++++ b/src/_updown/_updown.in
+@@ -16,11 +16,9 @@
+ # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ # for more details.
+-# CAUTION:  Installing a new version of strongSwan will install a new
+-# copy of this script, wiping out any custom changes you make.  If
+-# you need changes, make a copy of this under another name, and customize
+-# that, and use the (left/right)updown parameters in ipsec.conf to make
+-# strongSwan use yours instead of this default one.
++# Add your custom ip rules to the /etc/ipsec.user file if you need that functionality.
++
++[ -e /etc/ipsec.user ] && . /etc/ipsec.user "$1"
+ # things that this script gets (from ipsec_pluto(8) man page)
+ #