From: Waldemar Brodkorb Date: Tue, 28 Mar 2006 23:33:28 +0000 (+0000) Subject: update openswan to 2.4.5rc5 and fix compile issues X-Git-Tag: reboot~30921 X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=03d4dce2f6f162a478fcbd853e43f4de85876ed2;p=openwrt%2Fopenwrt.git update openswan to 2.4.5rc5 and fix compile issues SVN-Revision: 3535 --- diff --git a/openwrt/package/openswan/Makefile b/openwrt/package/openswan/Makefile index 2cfdc21880..69787c0c80 100644 --- a/openwrt/package/openswan/Makefile +++ b/openwrt/package/openswan/Makefile @@ -3,9 +3,9 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openswan -PKG_VERSION:=2.4.4 +PKG_VERSION:=2.4.5rc5 PKG_RELEASE:=1 -PKG_MD5SUM:=bd1a46c64727674149de61da2a32ca63 +PKG_MD5SUM:=c2547f70b2d7c33deafb2b230305cef5 PKG_SOURCE_URL:=http://www.openswan.org/download PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz diff --git a/openwrt/package/openswan/patches/scripts.patch b/openwrt/package/openswan/patches/scripts.patch index 5925f0768a..c4722940f8 100644 --- a/openwrt/package/openswan/patches/scripts.patch +++ b/openwrt/package/openswan/patches/scripts.patch @@ -1,15 +1,15 @@ -diff -Nur openswan-2.4.0.orig/programs/loggerfix openswan-2.4.0/programs/loggerfix ---- openswan-2.4.0.orig/programs/loggerfix 1970-01-01 01:00:00.000000000 +0100 -+++ openswan-2.4.0/programs/loggerfix 2005-09-29 13:44:43.325458750 +0200 +diff -Nur openswan-2.4.5rc5/programs/loggerfix openswan-2.4.5rc5.patched/programs/loggerfix +--- openswan-2.4.5rc5/programs/loggerfix 1970-01-01 01:00:00.000000000 +0100 ++++ openswan-2.4.5rc5.patched/programs/loggerfix 2006-03-29 01:20:44.000000000 +0200 @@ -0,0 +1,5 @@ +#!/bin/sh +# use filename instead of /dev/null to log, but dont log to flash or ram +# pref. log to nfs mount +echo "$*" >> /dev/null +exit 0 -diff -Nur openswan-2.4.0.orig/programs/look/look.in openswan-2.4.0/programs/look/look.in ---- openswan-2.4.0.orig/programs/look/look.in 2005-08-18 16:10:09.000000000 +0200 -+++ openswan-2.4.0/programs/look/look.in 2005-09-29 13:44:49.537847000 +0200 +diff -Nur openswan-2.4.5rc5/programs/look/look.in openswan-2.4.5rc5.patched/programs/look/look.in +--- openswan-2.4.5rc5/programs/look/look.in 2005-08-18 16:10:09.000000000 +0200 ++++ openswan-2.4.5rc5.patched/programs/look/look.in 2006-03-29 01:20:44.000000000 +0200 @@ -84,7 +84,7 @@ then pat="$pat|$defaultroutephys\$|$defaultroutevirt\$" @@ -19,9 +19,9 @@ diff -Nur openswan-2.4.0.orig/programs/look/look.in openswan-2.4.0/programs/look do pat="$pat|$i\$" done -diff -Nur openswan-2.4.0.orig/programs/manual/manual.in openswan-2.4.0/programs/manual/manual.in ---- openswan-2.4.0.orig/programs/manual/manual.in 2005-04-18 00:57:12.000000000 +0200 -+++ openswan-2.4.0/programs/manual/manual.in 2005-09-29 13:44:52.446028750 +0200 +diff -Nur openswan-2.4.5rc5/programs/manual/manual.in openswan-2.4.5rc5.patched/programs/manual/manual.in +--- openswan-2.4.5rc5/programs/manual/manual.in 2005-11-18 06:18:33.000000000 +0100 ++++ openswan-2.4.5rc5.patched/programs/manual/manual.in 2006-03-29 01:20:44.000000000 +0200 @@ -104,7 +104,7 @@ sub(/:/, " ", $0) if (interf != "") @@ -31,9 +31,9 @@ diff -Nur openswan-2.4.0.orig/programs/manual/manual.in openswan-2.4.0/programs/ ;; esac -diff -Nur openswan-2.4.0.orig/programs/_plutorun/_plutorun.in openswan-2.4.0/programs/_plutorun/_plutorun.in ---- openswan-2.4.0.orig/programs/_plutorun/_plutorun.in 2005-04-21 23:57:16.000000000 +0200 -+++ openswan-2.4.0/programs/_plutorun/_plutorun.in 2005-09-29 13:44:53.442091000 +0200 +diff -Nur openswan-2.4.5rc5/programs/_plutorun/_plutorun.in openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in +--- openswan-2.4.5rc5/programs/_plutorun/_plutorun.in 2006-01-06 00:45:00.000000000 +0100 ++++ openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in 2006-03-29 01:20:44.000000000 +0200 @@ -147,7 +147,7 @@ exit 1 fi @@ -43,9 +43,9 @@ diff -Nur openswan-2.4.0.orig/programs/_plutorun/_plutorun.in openswan-2.4.0/pro then echo Cannot write to directory to create \"$stderrlog\". exit 1 -diff -Nur openswan-2.4.0.orig/programs/_realsetup/_realsetup.in openswan-2.4.0/programs/_realsetup/_realsetup.in ---- openswan-2.4.0.orig/programs/_realsetup/_realsetup.in 2005-07-28 02:23:48.000000000 +0200 -+++ openswan-2.4.0/programs/_realsetup/_realsetup.in 2005-09-29 13:44:53.442091000 +0200 +diff -Nur openswan-2.4.5rc5/programs/_realsetup/_realsetup.in openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in +--- openswan-2.4.5rc5/programs/_realsetup/_realsetup.in 2005-07-28 02:23:48.000000000 +0200 ++++ openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in 2006-03-29 01:20:44.000000000 +0200 @@ -235,7 +235,7 @@ # misc pre-Pluto setup @@ -64,9 +64,9 @@ diff -Nur openswan-2.4.0.orig/programs/_realsetup/_realsetup.in openswan-2.4.0/p perform rm -f $info $lock $plutopid perform echo "...Openswan IPsec stopped" "|" $LOGONLY -diff -Nur openswan-2.4.0.orig/programs/send-pr/send-pr.in openswan-2.4.0/programs/send-pr/send-pr.in ---- openswan-2.4.0.orig/programs/send-pr/send-pr.in 2005-04-18 01:04:46.000000000 +0200 -+++ openswan-2.4.0/programs/send-pr/send-pr.in 2005-09-29 13:44:53.442091000 +0200 +diff -Nur openswan-2.4.5rc5/programs/send-pr/send-pr.in openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in +--- openswan-2.4.5rc5/programs/send-pr/send-pr.in 2005-04-18 01:04:46.000000000 +0200 ++++ openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in 2006-03-29 01:20:44.000000000 +0200 @@ -402,7 +402,7 @@ else if [ "$fieldname" != "Category" ] @@ -103,9 +103,9 @@ diff -Nur openswan-2.4.0.orig/programs/send-pr/send-pr.in openswan-2.4.0/program echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL fi echo "${fmtname}${desc}" >> $file -diff -Nur openswan-2.4.0.orig/programs/setup/setup.in openswan-2.4.0/programs/setup/setup.in ---- openswan-2.4.0.orig/programs/setup/setup.in 2005-07-25 21:17:03.000000000 +0200 -+++ openswan-2.4.0/programs/setup/setup.in 2005-09-29 13:44:52.446028750 +0200 +diff -Nur openswan-2.4.5rc5/programs/setup/setup.in openswan-2.4.5rc5.patched/programs/setup/setup.in +--- openswan-2.4.5rc5/programs/setup/setup.in 2005-07-25 21:17:03.000000000 +0200 ++++ openswan-2.4.5rc5.patched/programs/setup/setup.in 2006-03-29 01:20:44.000000000 +0200 @@ -117,12 +117,22 @@ # do it case "$1" in @@ -130,9 +130,9 @@ diff -Nur openswan-2.4.0.orig/programs/setup/setup.in openswan-2.4.0/programs/se tmp=/var/run/pluto/ipsec_setup.st outtmp=/var/run/pluto/ipsec_setup.out ( -diff -Nur openswan-2.4.0.orig/programs/showhostkey/showhostkey.in openswan-2.4.0/programs/showhostkey/showhostkey.in ---- openswan-2.4.0.orig/programs/showhostkey/showhostkey.in 2004-11-14 14:40:41.000000000 +0100 -+++ openswan-2.4.0/programs/showhostkey/showhostkey.in 2005-09-29 13:44:52.446028750 +0200 +diff -Nur openswan-2.4.5rc5/programs/showhostkey/showhostkey.in openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in +--- openswan-2.4.5rc5/programs/showhostkey/showhostkey.in 2004-11-14 14:40:41.000000000 +0100 ++++ openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in 2006-03-29 01:20:44.000000000 +0200 @@ -63,7 +63,7 @@ exit 1 fi @@ -142,9 +142,9 @@ diff -Nur openswan-2.4.0.orig/programs/showhostkey/showhostkey.in openswan-2.4.0 awk ' BEGIN { inkey = 0 -diff -Nur openswan-2.4.0.orig/programs/_startklips/_startklips.in openswan-2.4.0/programs/_startklips/_startklips.in ---- openswan-2.4.0.orig/programs/_startklips/_startklips.in 2005-03-31 23:07:27.000000000 +0200 -+++ openswan-2.4.0/programs/_startklips/_startklips.in 2005-09-29 13:44:53.442091000 +0200 +diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in +--- openswan-2.4.5rc5/programs/_startklips/_startklips.in 2005-11-25 00:08:05.000000000 +0100 ++++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in 2006-03-29 01:23:54.000000000 +0200 @@ -262,15 +262,15 @@ echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel" exit @@ -164,7 +164,7 @@ diff -Nur openswan-2.4.0.orig/programs/_startklips/_startklips.in openswan-2.4.0 fi if test -f $netkey -@@ -278,18 +278,18 @@ +@@ -278,21 +278,21 @@ klips=false if test -f $modules then @@ -179,7 +179,12 @@ diff -Nur openswan-2.4.0.orig/programs/_startklips/_startklips.in openswan-2.4.0 + insmod -qv xfrm4_tunnel # xfrm_user contains netlink support for IPsec - modprobe -qv xfrm_user +- modprobe -qv hw_random + insmod -qv xfrm_user ++ insmod -qv hw_random + # padlock must load before aes module +- modprobe -qv padlock ++ insmod -qv padlock # load the most common ciphers/algo's - modprobe -qv sha1 - modprobe -qv md5 @@ -192,17 +197,428 @@ diff -Nur openswan-2.4.0.orig/programs/_startklips/_startklips.in openswan-2.4.0 fi fi -@@ -305,7 +305,12 @@ +@@ -308,10 +308,10 @@ fi unset MODPATH MODULECONF # no user overrides! depmod -a >/dev/null 2>&1 +- modprobe -qv hw_random ++ insmod -qv hw_random + # padlock must load before aes module +- modprobe -qv padlock - modprobe -v ipsec -+ if [ -f modprobe ] -+ then modprobe -v ipsec -+ elif [ -f insmod ] -+ then insmod ipsec -+ fi -+ ++ insmod -qv padlock ++ insmod -v ipsec fi if test ! -f $ipsecversion then +diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig +--- openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig 1970-01-01 01:00:00.000000000 +0100 ++++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig 2005-11-25 00:08:05.000000000 +0100 +@@ -0,0 +1,407 @@ ++#!/bin/sh ++# KLIPS startup script ++# Copyright (C) 1998, 1999, 2001, 2002 Henry Spencer. ++# ++# This program is free software; you can redistribute it and/or modify it ++# under the terms of the GNU General Public License as published by the ++# Free Software Foundation; either version 2 of the License, or (at your ++# option) any later version. See . ++# ++# This program is distributed in the hope that it will be useful, but ++# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ++# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++# for more details. ++# ++# RCSID $Id$ ++ ++me='ipsec _startklips' # for messages ++ ++# KLIPS-related paths ++sysflags=/proc/sys/net/ipsec ++modules=/proc/modules ++# full rp_filter path is $rpfilter1/interface/$rpfilter2 ++rpfilter1=/proc/sys/net/ipv4/conf ++rpfilter2=rp_filter ++# %unchanged or setting (0, 1, or 2) ++rpfiltercontrol=0 ++ipsecversion=/proc/net/ipsec_version ++moduleplace=/lib/modules/`uname -r`/kernel/net/ipsec ++bareversion=`uname -r | sed -e 's/\.nptl//' | sed -e 's/^\(2\.[0-9]\.[1-9][0-9]*-[1-9][0-9]*\(\.[0-9][0-9]*\)*\(\.x\)*\).*$/\1/'` ++moduleinstplace=/lib/modules/$bareversion/kernel/net/ipsec ++case $bareversion in ++ 2.6*) ++ modulename=ipsec.ko ++ ;; ++ *) ++ modulename=ipsec.o ++ ;; ++esac ++ ++klips=true ++netkey=/proc/net/pfkey ++ ++info=/dev/null ++log=daemon.error ++for dummy ++do ++ case "$1" in ++ --log) log="$2" ; shift ;; ++ --info) info="$2" ; shift ;; ++ --debug) debug="$2" ; shift ;; ++ --omtu) omtu="$2" ; shift ;; ++ --fragicmp) fragicmp="$2" ; shift ;; ++ --hidetos) hidetos="$2" ; shift ;; ++ --rpfilter) rpfiltercontrol="$2" ; shift ;; ++ --) shift ; break ;; ++ -*) echo "$me: unknown option \`$1'" >&2 ; exit 2 ;; ++ *) break ;; ++ esac ++ shift ++done ++ ++ ++ ++# some shell functions, to clarify the actual code ++ ++# set up a system flag based on a variable ++# sysflag value shortname default flagname ++sysflag() { ++ case "$1" in ++ '') v="$3" ;; ++ *) v="$1" ;; ++ esac ++ if test ! -f $sysflags/$4 ++ then ++ if test " $v" != " $3" ++ then ++ echo "cannot do $2=$v, $sysflags/$4 does not exist" ++ exit 1 ++ else ++ return # can't set, but it's the default anyway ++ fi ++ fi ++ case "$v" in ++ yes|no) ;; ++ *) echo "unknown (not yes/no) $2 value \`$1'" ++ exit 1 ++ ;; ++ esac ++ case "$v" in ++ yes) echo 1 >$sysflags/$4 ;; ++ no) echo 0 >$sysflags/$4 ;; ++ esac ++} ++ ++# set up a Klips interface ++klipsinterface() { ++ # pull apart the interface spec ++ virt=`expr $1 : '\([^=]*\)=.*'` ++ phys=`expr $1 : '[^=]*=\(.*\)'` ++ case "$virt" in ++ ipsec[0-9]) ;; ++ *) echo "invalid interface \`$virt' in \`$1'" ; exit 1 ;; ++ esac ++ ++ # figure out ifconfig for interface ++ addr= ++ eval `ifconfig $phys | ++ awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ { ++ gsub(/:/, " ", $0) ++ print "addr=" $3 ++ other = $5 ++ if ($4 == "Bcast") ++ print "type=broadcast" ++ else if ($4 == "P-t-P") ++ print "type=pointopoint" ++ else if (NF == 5) { ++ print "type=" ++ other = "" ++ } else ++ print "type=unknown" ++ print "otheraddr=" other ++ print "mask=" $NF ++ }'` ++ if test " $addr" = " " ++ then ++ echo "unable to determine address of \`$phys'" ++ exit 1 ++ fi ++ if test " $type" = " unknown" ++ then ++ echo "\`$phys' is of an unknown type" ++ exit 1 ++ fi ++ if test " $omtu" != " " ++ then ++ mtu="mtu $omtu" ++ else ++ mtu= ++ fi ++ echo "KLIPS $virt on $phys $addr/$mask $type $otheraddr $mtu" | logonly ++ ++ if $klips ++ then ++ # attach the interface and bring it up ++ ipsec tncfg --attach --virtual $virt --physical $phys ++ ifconfig $virt inet $addr $type $otheraddr netmask $mask $mtu ++ fi ++ ++ # if %defaultroute, note the facts ++ if test " $2" != " " ++ then ++ ( ++ echo "defaultroutephys=$phys" ++ echo "defaultroutevirt=$virt" ++ echo "defaultrouteaddr=$addr" ++ if test " $2" != " 0.0.0.0" ++ then ++ echo "defaultroutenexthop=$2" ++ fi ++ ) >>$info ++ else ++ echo '#dr: no default route' >>$info ++ fi ++ ++ # check for rp_filter trouble ++ checkif $phys # thought to be a problem only on phys ++} ++ ++# check an interface for problems ++checkif() { ++ $klips || return 0 ++ rpf=$rpfilter1/$1/$rpfilter2 ++ if test -f $rpf ++ then ++ r="`cat $rpf`" ++ if test " $r" != " 0" ++ then ++ case "$r-$rpfiltercontrol" in ++ 0-%unchanged|0-0|1-1|2-2) ++ # happy state ++ ;; ++ *-%unchanged) ++ echo "WARNING: $1 has route filtering turned on; KLIPS may not work ($rpf is $r)" ++ ;; ++ [012]-[012]) ++ echo "WARNING: changing route filtering on $1 (changing $rpf from $r to $rpfiltercontrol)" ++ echo "$rpfiltercontrol" >$rpf ++ ;; ++ [012]-*) ++ echo "ERROR: unknown rpfilter setting: $rpfiltercontrol" ++ ;; ++ *) ++ echo "ERROR: unknown $rpf value $r" ++ ;; ++ esac ++ fi ++ fi ++} ++ ++# interfaces=%defaultroute: put ipsec0 on top of default route's interface ++defaultinterface() { ++ phys=`netstat -nr | ++ awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'` ++ if test " $phys" = " " ++ then ++ echo "no default route, %defaultroute cannot cope!!!" ++ exit 1 ++ fi ++ if test `echo " $phys" | wc -l` -gt 1 ++ then ++ echo "multiple default routes, %defaultroute cannot cope!!!" ++ exit 1 ++ fi ++ next=`netstat -nr | ++ awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'` ++ klipsinterface "ipsec0=$phys" $next ++} ++ ++# log only to syslog, not to stdout/stderr ++logonly() { ++ logger -p $log -t ipsec_setup ++} ++ ++# sort out which module is appropriate, changing it if necessary ++setmodule() { ++ if [ -e /proc/kallsyms ] ++ then ++ kernelsymbols="/proc/kallsyms"; ++ echo "calcgoo: warning: 2.6 kernel with kallsyms not supported yet" ++ else ++ kernelsymbols="/proc/ksyms"; ++ fi ++ wantgoo="`ipsec calcgoo $kernelsymbols`" ++ module=$moduleplace/$modulename ++ if test -f $module ++ then ++ goo="`nm -ao $module | ipsec calcgoo`" ++ if test " $wantgoo" = " $goo" ++ then ++ return # looks right ++ fi ++ fi ++ if test -f $moduleinstplace/$wantgoo ++ then ++ echo "modprobe failed, but found matching template module $wantgoo." ++ echo "Copying $moduleinstplace/$wantgoo to $module." ++ rm -f $module ++ mkdir -p $moduleplace ++ cp -p $moduleinstplace/$wantgoo $module ++ # "depmod -a" gets done by caller ++ fi ++} ++ ++ ++ ++# main line ++ ++# load module if possible ++if test -f $ipsecversion && test -f $netkey ++then ++ # both KLIPS and NETKEY code detected, bail out ++ echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel" ++ exit ++fi ++if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec ++then ++ # statically compiled KLIPS/NETKEY not found; try to load the module ++ modprobe ipsec ++fi ++ ++if test ! -f $ipsecversion && test ! -f $netkey ++then ++ modprobe -v af_key ++fi ++ ++if test -f $netkey ++then ++ klips=false ++ if test -f $modules ++ then ++ modprobe -qv ah4 ++ modprobe -qv esp4 ++ modprobe -qv ipcomp ++ # xfrm4_tunnel is needed by ipip and ipcomp ++ modprobe -qv xfrm4_tunnel ++ # xfrm_user contains netlink support for IPsec ++ modprobe -qv xfrm_user ++ modprobe -qv hw_random ++ # padlock must load before aes module ++ modprobe -qv padlock ++ # load the most common ciphers/algo's ++ modprobe -qv sha1 ++ modprobe -qv md5 ++ modprobe -qv des ++ modprobe -qv aes ++ fi ++fi ++ ++if test ! -f $ipsecversion && $klips ++then ++ if test -r $modules # kernel does have modules ++ then ++ if [ ! -e /proc/ksyms -a ! -e /proc/kallsyms ] ++ then ++ echo "Broken 2.6 kernel without kallsyms, skipping calcgoo (Fedora rpm?)" ++ else ++ setmodule ++ fi ++ unset MODPATH MODULECONF # no user overrides! ++ depmod -a >/dev/null 2>&1 ++ modprobe -qv hw_random ++ # padlock must load before aes module ++ modprobe -qv padlock ++ modprobe -v ipsec ++ fi ++ if test ! -f $ipsecversion ++ then ++ echo "kernel appears to lack IPsec support (neither CONFIG_KLIPS or CONFIG_NET_KEY are set)" ++ exit 1 ++ fi ++fi ++ ++# figure out debugging flags ++case "$debug" in ++'') debug=none ;; ++esac ++if test -r /proc/net/ipsec_klipsdebug ++then ++ echo "KLIPS debug \`$debug'" | logonly ++ case "$debug" in ++ none) ipsec klipsdebug --none ;; ++ all) ipsec klipsdebug --all ;; ++ *) ipsec klipsdebug --none ++ for d in $debug ++ do ++ ipsec klipsdebug --set $d ++ done ++ ;; ++ esac ++elif $klips ++then ++ if test " $debug" != " none" ++ then ++ echo "klipsdebug=\`$debug' ignored, KLIPS lacks debug facilities" ++ fi ++fi ++ ++# figure out misc. kernel config ++if test -d $sysflags ++then ++ sysflag "$fragicmp" "fragicmp" yes icmp ++ echo 1 >$sysflags/inbound_policy_check # no debate ++ sysflag no "no_eroute_pass" no no_eroute_pass # obsolete parm ++ sysflag no "opportunistic" no opportunistic # obsolete parm ++ sysflag "$hidetos" "hidetos" yes tos ++elif $klips ++then ++ echo "WARNING: cannot adjust KLIPS flags, no $sysflags directory!" ++ # carry on ++fi ++ ++if $klips ++then ++ # clear tables out in case dregs have been left over ++ ipsec eroute --clear ++ ipsec spi --clear ++elif test $netkey ++then ++ if ip xfrm state > /dev/null 2>&1 ++ then ++ ip xfrm state flush ++ ip xfrm policy flush ++ elif type setkey > /dev/null 2>&1 ++ then ++ # Check that the setkey command is available. ++ setkeycmd= ++ PATH=$PATH:/usr/local/sbin ++ for dir in `echo $PATH | tr ':' ' '` ++ do ++ if test -f $dir/setkey -a -x $dir/setkey ++ then ++ setkeycmd=$dir/setkey ++ break # NOTE BREAK OUT ++ fi ++ done ++ $setkeycmd -F ++ $setkeycmd -FP ++ else ++ ++ echo "WARNING: cannot flush state/policy database -- \`$1'. Install a newer version of iproute/iproute2 or install the ipsec-tools package to obtain the setkey command." | ++ logger -s -p daemon.error -t ipsec_setup ++ fi ++fi ++ ++# figure out interfaces ++for i ++do ++ case "$i" in ++ ipsec*=?*) klipsinterface "$i" ;; ++ %defaultroute) defaultinterface ;; ++ *) echo "interface \`$i' not understood" ++ exit 1 ++ ;; ++ esac ++done ++ ++exit 0 diff --git a/openwrt/target/linux/package/openswan/Makefile b/openwrt/target/linux/package/openswan/Makefile index 9c1b1829f8..bedd543fbc 100644 --- a/openwrt/target/linux/package/openswan/Makefile +++ b/openwrt/target/linux/package/openswan/Makefile @@ -4,9 +4,9 @@ include $(TOPDIR)/rules.mk include ../../rules.mk PKG_NAME:=openswan -PKG_VERSION:=2.4.4 -PKG_RELEASE:=2 -PKG_MD5SUM:=bd1a46c64727674149de61da2a32ca63 +PKG_VERSION:=2.4.5rc5 +PKG_RELEASE:=1 +PKG_MD5SUM:=c2547f70b2d7c33deafb2b230305cef5 PKG_SOURCE_URL:=http://www.openswan.org/download PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz diff --git a/openwrt/target/linux/package/openswan/patches/100-fix-oops-on-24.patch b/openwrt/target/linux/package/openswan/patches/100-fix-oops-on-24.patch new file mode 100644 index 0000000000..0861b0489e --- /dev/null +++ b/openwrt/target/linux/package/openswan/patches/100-fix-oops-on-24.patch @@ -0,0 +1,23 @@ +diff -Nur openswan-2.4.4/linux/net/ipsec/pfkey_v2.c openswan-2.4.4.patched/linux/net/ipsec/pfkey_v2.c +--- openswan-2.4.4/linux/net/ipsec/pfkey_v2.c 2005-09-14 18:40:45.000000000 +0200 ++++ openswan-2.4.4.patched/linux/net/ipsec/pfkey_v2.c 2005-12-25 04:35:57.674968000 +0100 +@@ -820,7 +820,9 @@ + return 0; /* -EINVAL; */ + } + ++#ifdef NET_26 + write_lock_bh(&pfkey_sock_lock); ++#endif + + KLIPS_PRINT(debug_pfkey, + "klips_debug:pfkey_release: " +@@ -851,7 +853,9 @@ + "klips_debug:pfkey_release: " + "succeeded.\n"); + ++#ifdef NET_26 + write_unlock_bh(&pfkey_sock_lock); ++#endif + + return 0; + } diff --git a/openwrt/target/linux/package/openswan/patches/101-arp_header.patch b/openwrt/target/linux/package/openswan/patches/101-arp_header.patch new file mode 100644 index 0000000000..7375f65a48 --- /dev/null +++ b/openwrt/target/linux/package/openswan/patches/101-arp_header.patch @@ -0,0 +1,11 @@ +diff -Nur openswan-2.4.5rc5/linux/net/ipsec/ipsec_tunnel.c openswan-2.4.5rc5.patched/linux/net/ipsec/ipsec_tunnel.c +--- openswan-2.4.5rc5/linux/net/ipsec/ipsec_tunnel.c 2005-11-22 05:11:52.000000000 +0100 ++++ openswan-2.4.5rc5.patched/linux/net/ipsec/ipsec_tunnel.c 2006-03-29 01:13:35.000000000 +0200 +@@ -33,6 +33,7 @@ + #include /* size_t */ + #include /* mark_bh */ + ++#include + #include + #include + #include diff --git a/openwrt/target/linux/package/openswan/patches/fix-compile-2.4.14-changes.patch b/openwrt/target/linux/package/openswan/patches/fix-compile-2.4.14-changes.patch deleted file mode 100644 index 7f2252a3d8..0000000000 --- a/openwrt/target/linux/package/openswan/patches/fix-compile-2.4.14-changes.patch +++ /dev/null @@ -1,119 +0,0 @@ -diff -Nur openswan-2.4.4/linux/include/openswan.h openswan-2.4.4.patched/linux/include/openswan.h ---- openswan-2.4.4/linux/include/openswan.h 2005-04-14 22:21:51.000000000 +0200 -+++ openswan-2.4.4.patched/linux/include/openswan.h 2005-12-23 20:31:58.248159750 +0100 -@@ -78,6 +78,10 @@ - #define NET_21 - #endif - -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,15) -+#define KERNEL_2615 -+#endif -+ - #ifndef IPPROTO_COMP - # define IPPROTO_COMP 108 - #endif /* !IPPROTO_COMP */ -diff -Nur openswan-2.4.4/linux/net/ipsec/ipcomp.c openswan-2.4.4.patched/linux/net/ipsec/ipcomp.c ---- openswan-2.4.4/linux/net/ipsec/ipcomp.c 2005-08-28 01:40:00.000000000 +0200 -+++ openswan-2.4.4.patched/linux/net/ipsec/ipcomp.c 2005-12-23 20:35:02.482256250 +0100 -@@ -600,7 +600,9 @@ - memcpy(n->head, - skb->head, - ((char *)iph - (char *)skb->head) + iphlen); -- n->list=NULL; -+#ifndef KERNEL_2615 -+ n->list=NULL; -+#endif - n->next=NULL; - n->prev=NULL; - n->sk=NULL; -@@ -657,7 +659,11 @@ - n->pkt_bridged=skb->pkt_bridged; - #endif /* NETDEV_23 */ - n->ip_summed=0; -- n->stamp=skb->stamp; -+#ifdef KERNEL_2615 -+ n->tstamp=skb->tstamp; -+#else -+ n->stamp=skb->stamp; -+#endif - #ifndef NETDEV_23 /* this seems to have been removed in 2.4 */ - #if defined(CONFIG_SHAPER) || defined(CONFIG_SHAPER_MODULE) - n->shapelatency=skb->shapelatency; /* Latency on frame */ -diff -Nur openswan-2.4.4/linux/net/ipsec/ipsec_tunnel.c openswan-2.4.4.patched/linux/net/ipsec/ipsec_tunnel.c ---- openswan-2.4.4/linux/net/ipsec/ipsec_tunnel.c 2005-09-22 00:57:43.000000000 +0200 -+++ openswan-2.4.4.patched/linux/net/ipsec/ipsec_tunnel.c 2005-12-23 20:38:17.666454500 +0100 -@@ -34,6 +34,9 @@ - #include /* mark_bh */ - - #include -+#ifdef KERNEL_2615 -+#include -+#endif - #include - #include - -@@ -272,9 +275,13 @@ - - if(ixs->skb->sk) { - #ifdef NET_26 -+#ifdef KERNEL_2615 -+ struct inet_timewait_sock *tw; -+ tw = (struct inet_timewait_sock *)ixs->skb->sk; -+#else - struct tcp_tw_bucket *tw; -- - tw = (struct tcp_tw_bucket *)ixs->skb->sk; -+#endif - - ixs->sport = ntohs(tw->tw_sport); - ixs->dport = ntohs(tw->tw_dport); -diff -Nur openswan-2.4.4/linux/net/ipsec/pfkey_v2.c openswan-2.4.4.patched/linux/net/ipsec/pfkey_v2.c ---- openswan-2.4.4/linux/net/ipsec/pfkey_v2.c 2005-09-14 18:40:45.000000000 +0200 -+++ openswan-2.4.4.patched/linux/net/ipsec/pfkey_v2.c 2005-12-23 20:43:21.481441750 +0100 -@@ -459,11 +459,17 @@ - "skb=0p%p dequeued.\n", skb); - printk(KERN_INFO "klips_debug:pfkey_destroy_socket: " - "pfkey_skb contents:"); -+#ifndef KERNEL_2615 -+ printk(" list:0p%p", skb->list); -+#endif - printk(" next:0p%p", skb->next); - printk(" prev:0p%p", skb->prev); -- printk(" list:0p%p", skb->list); - printk(" sk:0p%p", skb->sk); -+#ifdef KERNEL_2615 -+ printk(" tstamp:%d.%d", skb->tstamp.off_sec, skb->tstamp.off_usec); -+#else - printk(" stamp:%ld.%ld", skb->stamp.tv_sec, skb->stamp.tv_usec); -+#endif - printk(" dev:0p%p", skb->dev); - if(skb->dev) { - if(skb->dev->name) { -@@ -1376,7 +1382,12 @@ - #endif /* NET_21 */ - - skb_copy_datagram_iovec(skb, 0, msg->msg_iov, size); -- sk->sk_stamp=skb->stamp; -+#ifdef KERNEL_2615 -+ sk->sk_stamp.tv_sec=skb->tstamp.off_sec; -+ sk->sk_stamp.tv_usec=skb->tstamp.off_usec; -+#else -+ sk->sk_stamp=skb->stamp; -+#endif - - skb_free_datagram(sk, skb); - return size; -@@ -1495,8 +1506,13 @@ - #endif - sk->sk_protocol, - sk->sk_sndbuf, -+#ifdef KERNEL_2615 -+ sk->sk_stamp.tv_sec, -+ sk->sk_stamp.tv_usec, -+#else - (unsigned int)sk->sk_stamp.tv_sec, - (unsigned int)sk->sk_stamp.tv_usec, -+#endif - sk->sk_socket->flags, - sk->sk_socket->type, - sk->sk_socket->state); diff --git a/openwrt/target/linux/package/openswan/patches/fix-oops-on-24.patch b/openwrt/target/linux/package/openswan/patches/fix-oops-on-24.patch deleted file mode 100644 index 0861b0489e..0000000000 --- a/openwrt/target/linux/package/openswan/patches/fix-oops-on-24.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff -Nur openswan-2.4.4/linux/net/ipsec/pfkey_v2.c openswan-2.4.4.patched/linux/net/ipsec/pfkey_v2.c ---- openswan-2.4.4/linux/net/ipsec/pfkey_v2.c 2005-09-14 18:40:45.000000000 +0200 -+++ openswan-2.4.4.patched/linux/net/ipsec/pfkey_v2.c 2005-12-25 04:35:57.674968000 +0100 -@@ -820,7 +820,9 @@ - return 0; /* -EINVAL; */ - } - -+#ifdef NET_26 - write_lock_bh(&pfkey_sock_lock); -+#endif - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_release: " -@@ -851,7 +853,9 @@ - "klips_debug:pfkey_release: " - "succeeded.\n"); - -+#ifdef NET_26 - write_unlock_bh(&pfkey_sock_lock); -+#endif - - return 0; - }