diff options
author | nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2006-10-07 11:57:20 +0000 |
---|---|---|
committer | nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2006-10-07 11:57:20 +0000 |
commit | 725611a466f2edf12f809d22339b22223af4afe7 (patch) | |
tree | 4b825dc642cb6eb9a060e54bf8d69288fbee4904 /openwrt/package/openswan | |
parent | f4dd5a6d7c4ebea48cd6292744cb9def6037de80 (diff) |
move old kamikaze out of trunk - will put buildroot-ng in there as soon as all the developers are ready
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@4944 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'openwrt/package/openswan')
-rw-r--r-- | openwrt/package/openswan/Config.in | 12 | ||||
-rw-r--r-- | openwrt/package/openswan/Makefile | 57 | ||||
-rw-r--r-- | openwrt/package/openswan/ipkg/openswan.conffiles | 1 | ||||
-rw-r--r-- | openwrt/package/openswan/ipkg/openswan.control | 5 | ||||
-rw-r--r-- | openwrt/package/openswan/patches/pluto-includes.patch | 12 | ||||
-rw-r--r-- | openwrt/package/openswan/patches/scripts.patch | 612 | ||||
-rw-r--r-- | openwrt/package/openswan/patches/use-dev-urandom.patch | 36 |
7 files changed, 0 insertions, 735 deletions
diff --git a/openwrt/package/openswan/Config.in b/openwrt/package/openswan/Config.in deleted file mode 100644 index 109e56d8e..000000000 --- a/openwrt/package/openswan/Config.in +++ /dev/null @@ -1,12 +0,0 @@ -config BR2_PACKAGE_OPENSWAN - prompt "openswan.......................... VPN solution using IPsec" - tristate - default m if CONFIG_DEVEL - select BR2_PACKAGE_IP - select BR2_PACKAGE_LIBGMP - select BR2_PACKAGE_KMOD_OPENSWAN - help - Openswan is an implementation of IPsec for Linux. - - http://www.openswan.org/ - diff --git a/openwrt/package/openswan/Makefile b/openwrt/package/openswan/Makefile deleted file mode 100644 index b4b475d28..000000000 --- a/openwrt/package/openswan/Makefile +++ /dev/null @@ -1,57 +0,0 @@ -# $Id$ - -include $(TOPDIR)/rules.mk - -PKG_NAME:=openswan -PKG_VERSION:=2.4.5 -PKG_RELEASE:=1 -PKG_MD5SUM:=a9a8e88313faceebfc5ceb1a9da9a3c4 - -PKG_SOURCE_URL:=http://www.openswan.org/download -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) -PKG_CAT:=zcat - -include $(TOPDIR)/package/rules.mk - -$(eval $(call PKG_template,OPENSWAN,openswan,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) - -FLAGS := $(TARGET_CFLAGS) -I$(PKG_BUILD_DIR)/linux/include -L$(STAGING_DIR)/usr/lib -I$(STAGING_DIR)/usr/include - -$(PKG_BUILD_DIR)/.configured: - touch $@ - -$(PKG_BUILD_DIR)/.built: - $(MAKE) -C $(PKG_BUILD_DIR) \ - $(TARGET_CONFIGURE_OPTS) \ - KERNELSRC="$(LINUX_DIR)" \ - ARCH="mips" \ - USERCOMPILE="$(FLAGS)" \ - EXTRA_INCLUDE="-I$(STAGING_DIR)/usr/include" \ - EXTRA_LIBS="-L$(STAGING_DIR)/usr/lib" \ - IPSECDIR="/usr/lib/ipsec" \ - INC_USRLOCAL="/usr" \ - programs - touch $@ - -$(IPKG_OPENSWAN): - $(MAKE) -C $(PKG_BUILD_DIR) \ - $(TARGET_CONFIGURE_OPTS) \ - DESTDIR="$(IDIR_OPENSWAN)" \ - KERNELSRC="$(LINUX_DIR)" \ - ARCH="mips" \ - USERCOMPILE="$(FLAGS)" \ - IPSECDIR="/usr/lib/ipsec" \ - INC_USRLOCAL="/usr" \ - install - -$(STRIP) $(IDIR_OPENSWAN)/usr/lib/ipsec/* - -$(STRIP) $(IDIR_OPENSWAN)/usr/libexec/ipsec/* - rm -rf $(IDIR_OPENSWAN)/usr/share - rm -rf $(IDIR_OPENSWAN)/usr/man - rm -rf $(IDIR_OPENSWAN)/var - rm -rf $(IDIR_OPENSWAN)/etc/rc.d/rc*.d - mkdir -p $(IDIR_OPENSWAN)/etc/init.d - ln -sf ../rc.d/init.d/ipsec $(IDIR_OPENSWAN)/etc/init.d/S60ipsec - find $(PKG_BUILD_DIR) -name \*.old | xargs rm -rf - mkdir -p $(PACKAGE_DIR) - $(IPKG_BUILD) $(IDIR_OPENSWAN) $(PACKAGE_DIR) diff --git a/openwrt/package/openswan/ipkg/openswan.conffiles b/openwrt/package/openswan/ipkg/openswan.conffiles deleted file mode 100644 index ff0851c29..000000000 --- a/openwrt/package/openswan/ipkg/openswan.conffiles +++ /dev/null @@ -1 +0,0 @@ -/etc/ipsec.conf diff --git a/openwrt/package/openswan/ipkg/openswan.control b/openwrt/package/openswan/ipkg/openswan.control deleted file mode 100644 index 137491e84..000000000 --- a/openwrt/package/openswan/ipkg/openswan.control +++ /dev/null @@ -1,5 +0,0 @@ -Package: openswan -Section: base -Priority: optional -Depends: kmod-openswan, libgmp, ip -Description: Openswan IPSec software diff --git a/openwrt/package/openswan/patches/pluto-includes.patch b/openwrt/package/openswan/patches/pluto-includes.patch deleted file mode 100644 index 8cd1398d4..000000000 --- a/openwrt/package/openswan/patches/pluto-includes.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Nur openswan-2.4.0.orig/programs/pluto/Makefile openswan-2.4.0/programs/pluto/Makefile ---- openswan-2.4.0.orig/programs/pluto/Makefile 2005-08-12 03:12:38.000000000 +0200 -+++ openswan-2.4.0/programs/pluto/Makefile 2005-09-29 13:41:14.016377750 +0200 -@@ -271,7 +271,7 @@ - LIBSPLUTO+=$(HAVE_THREADS_LIBS) ${XAUTHPAM_LIBS} - LIBSPLUTO+=${CURL_LIBS} - LIBSPLUTO+=${EXTRA_CRYPTO_LIBS} --LIBSPLUTO+= -lgmp -lresolv # -lefence -+LIBSPLUTO+=$(EXTRA_LIBS) -lgmp -lresolv # -lefence - - ifneq ($(LD_LIBRARY_PATH),) - LDFLAGS=-L$(LD_LIBRARY_PATH) diff --git a/openwrt/package/openswan/patches/scripts.patch b/openwrt/package/openswan/patches/scripts.patch deleted file mode 100644 index 6d571ef3f..000000000 --- a/openwrt/package/openswan/patches/scripts.patch +++ /dev/null @@ -1,612 +0,0 @@ -diff -Nur openswan-2.4.5rc5/programs/loggerfix openswan-2.4.5rc5.patched/programs/loggerfix ---- openswan-2.4.5rc5/programs/loggerfix 1970-01-01 01:00:00.000000000 +0100 -+++ openswan-2.4.5rc5.patched/programs/loggerfix 2006-03-29 01:20:44.000000000 +0200 -@@ -0,0 +1,5 @@ -+#!/bin/sh -+# use filename instead of /dev/null to log, but dont log to flash or ram -+# pref. log to nfs mount -+echo "$*" >> /dev/null -+exit 0 -diff -Nur openswan-2.4.5rc5/programs/look/look.in openswan-2.4.5rc5.patched/programs/look/look.in ---- openswan-2.4.5rc5/programs/look/look.in 2005-08-18 16:10:09.000000000 +0200 -+++ openswan-2.4.5rc5.patched/programs/look/look.in 2006-03-29 01:20:44.000000000 +0200 -@@ -84,7 +84,7 @@ - then - pat="$pat|$defaultroutephys\$|$defaultroutevirt\$" - else -- for i in `echo "$IPSECinterfaces" | sed 's/=/ /'` -+ for i in `echo "$IPSECinterfaces" | tr '=' ' '` - do - pat="$pat|$i\$" - done -diff -Nur openswan-2.4.5rc5/programs/_plutorun/_plutorun.in openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in ---- openswan-2.4.5rc5/programs/_plutorun/_plutorun.in 2006-01-06 00:45:00.000000000 +0100 -+++ openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in 2006-03-29 01:20:44.000000000 +0200 -@@ -147,7 +147,7 @@ - exit 1 - fi - else -- if test ! -w "`dirname $stderrlog`" -+ if test ! -w "`echo $stderrlog | sed -r 's/(^.*\/)(.*$)/\1/'`" - then - echo Cannot write to directory to create \"$stderrlog\". - exit 1 -diff -Nur openswan-2.4.5rc5/programs/_realsetup/_realsetup.in openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in ---- openswan-2.4.5rc5/programs/_realsetup/_realsetup.in 2005-07-28 02:23:48.000000000 +0200 -+++ openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in 2006-03-29 01:20:44.000000000 +0200 -@@ -235,7 +235,7 @@ - - # misc pre-Pluto setup - -- perform test -d `dirname $subsyslock` "&&" touch $subsyslock -+ perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock - - if test " $IPSECforwardcontrol" = " yes" - then -@@ -347,7 +347,7 @@ - lsmod 2>&1 | grep "^xfrm_user" > /dev/null && rmmod -s xfrm_user - fi - -- perform test -d `dirname $subsyslock` "&&" rm -f $subsyslock -+ perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock - - perform rm -f $info $lock $plutopid - perform echo "...Openswan IPsec stopped" "|" $LOGONLY -diff -Nur openswan-2.4.5rc5/programs/send-pr/send-pr.in openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in ---- openswan-2.4.5rc5/programs/send-pr/send-pr.in 2005-04-18 01:04:46.000000000 +0200 -+++ openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in 2006-03-29 01:20:44.000000000 +0200 -@@ -402,7 +402,7 @@ - else - if [ "$fieldname" != "Category" ] - then -- values=`${BINDIR}/query-pr --valid-values $fieldname | sed ':a;N;$!ba;s/\n/ /g' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'` -+ values=`${BINDIR}/query-pr --valid-values $fieldname | tr '\n' ' ' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'` - valslen=`echo "$values" | wc -c` - else - values="choose from a category listed above" -@@ -414,7 +414,7 @@ - else - desc="<${values} (one line)>"; - fi -- dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'` -+ dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'` - echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL - fi - echo "${fmtname}${desc}" >> $file -@@ -425,7 +425,7 @@ - desc=" $default_val"; - else - desc=" <`${BINDIR}/query-pr --field-description $fieldname` (multiple lines)>"; -- dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'` -+ dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'` - echo "s/^${dpat}//" >> $FIXFIL - fi - echo "${fmtname}" >> $file; -@@ -437,7 +437,7 @@ - desc="${default_val}" - else - desc="<`${BINDIR}/query-pr --field-description $fieldname` (one line)>" -- dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'` -+ dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'` - echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL - fi - echo "${fmtname}${desc}" >> $file -diff -Nur openswan-2.4.5rc5/programs/setup/setup.in openswan-2.4.5rc5.patched/programs/setup/setup.in ---- openswan-2.4.5rc5/programs/setup/setup.in 2005-07-25 21:17:03.000000000 +0200 -+++ openswan-2.4.5rc5.patched/programs/setup/setup.in 2006-03-29 01:20:44.000000000 +0200 -@@ -117,12 +117,22 @@ - # do it - case "$1" in - start|--start|stop|--stop|_autostop|_autostart) -- if test " `id -u`" != " 0" -+ if [ "x${USER}" != "xroot" ] - then - echo "permission denied (must be superuser)" | - logger -s -p $IPSECsyslog -t ipsec_setup 2>&1 - exit 1 - fi -+ -+ # make sure all required directories exist -+ if [ ! -d /var/run/pluto ] -+ then -+ mkdir -p /var/run/pluto -+ fi -+ if [ ! -d /var/lock/subsys ] -+ then -+ mkdir -p /var/lock/subsys -+ fi - tmp=/var/run/pluto/ipsec_setup.st - outtmp=/var/run/pluto/ipsec_setup.out - ( -diff -Nur openswan-2.4.5rc5/programs/showhostkey/showhostkey.in openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in ---- openswan-2.4.5rc5/programs/showhostkey/showhostkey.in 2004-11-14 14:40:41.000000000 +0100 -+++ openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in 2006-03-29 01:20:44.000000000 +0200 -@@ -63,7 +63,7 @@ - exit 1 - fi - --host="`hostname --fqdn`" -+host="`cat /proc/sys/kernel/hostname`" - - awk ' BEGIN { - inkey = 0 -diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in ---- openswan-2.4.5rc5/programs/_startklips/_startklips.in 2005-11-25 00:08:05.000000000 +0100 -+++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in 2006-03-29 01:23:54.000000000 +0200 -@@ -262,15 +262,15 @@ - echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel" - exit - fi --if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec -+if test ! -f $ipsecversion && test ! -f $netkey && insmod ipsec - then - # statically compiled KLIPS/NETKEY not found; try to load the module -- modprobe ipsec -+ insmod ipsec - fi - - if test ! -f $ipsecversion && test ! -f $netkey - then -- modprobe -v af_key -+ insmod -v af_key - fi - - if test -f $netkey -@@ -278,21 +278,21 @@ - klips=false - if test -f $modules - then -- modprobe -qv ah4 -- modprobe -qv esp4 -- modprobe -qv ipcomp -+ insmod -qv ah4 -+ insmod -qv esp4 -+ insmod -qv ipcomp - # xfrm4_tunnel is needed by ipip and ipcomp -- modprobe -qv xfrm4_tunnel -+ insmod -qv xfrm4_tunnel - # xfrm_user contains netlink support for IPsec -- modprobe -qv xfrm_user -- modprobe -qv hw_random -+ insmod -qv xfrm_user -+ insmod -qv hw_random - # padlock must load before aes module -- modprobe -qv padlock -+ insmod -qv padlock - # load the most common ciphers/algo's -- modprobe -qv sha1 -- modprobe -qv md5 -- modprobe -qv des -- modprobe -qv aes -+ insmod -qv sha1 -+ insmod -qv md5 -+ insmod -qv des -+ insmod -qv aes - fi - fi - -@@ -308,10 +308,10 @@ - fi - unset MODPATH MODULECONF # no user overrides! - depmod -a >/dev/null 2>&1 -- modprobe -qv hw_random -+ insmod -qv hw_random - # padlock must load before aes module -- modprobe -qv padlock -- modprobe -v ipsec -+ insmod -qv padlock -+ insmod -v ipsec - fi - if test ! -f $ipsecversion - then -diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig ---- openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig 1970-01-01 01:00:00.000000000 +0100 -+++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig 2005-11-25 00:08:05.000000000 +0100 -@@ -0,0 +1,407 @@ -+#!/bin/sh -+# KLIPS startup script -+# Copyright (C) 1998, 1999, 2001, 2002 Henry Spencer. -+# -+# This program is free software; you can redistribute it and/or modify it -+# under the terms of the GNU General Public License as published by the -+# Free Software Foundation; either version 2 of the License, or (at your -+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. -+# -+# This program is distributed in the hope that it will be useful, but -+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+# for more details. -+# -+# RCSID $Id$ -+ -+me='ipsec _startklips' # for messages -+ -+# KLIPS-related paths -+sysflags=/proc/sys/net/ipsec -+modules=/proc/modules -+# full rp_filter path is $rpfilter1/interface/$rpfilter2 -+rpfilter1=/proc/sys/net/ipv4/conf -+rpfilter2=rp_filter -+# %unchanged or setting (0, 1, or 2) -+rpfiltercontrol=0 -+ipsecversion=/proc/net/ipsec_version -+moduleplace=/lib/modules/`uname -r`/kernel/net/ipsec -+bareversion=`uname -r | sed -e 's/\.nptl//' | sed -e 's/^\(2\.[0-9]\.[1-9][0-9]*-[1-9][0-9]*\(\.[0-9][0-9]*\)*\(\.x\)*\).*$/\1/'` -+moduleinstplace=/lib/modules/$bareversion/kernel/net/ipsec -+case $bareversion in -+ 2.6*) -+ modulename=ipsec.ko -+ ;; -+ *) -+ modulename=ipsec.o -+ ;; -+esac -+ -+klips=true -+netkey=/proc/net/pfkey -+ -+info=/dev/null -+log=daemon.error -+for dummy -+do -+ case "$1" in -+ --log) log="$2" ; shift ;; -+ --info) info="$2" ; shift ;; -+ --debug) debug="$2" ; shift ;; -+ --omtu) omtu="$2" ; shift ;; -+ --fragicmp) fragicmp="$2" ; shift ;; -+ --hidetos) hidetos="$2" ; shift ;; -+ --rpfilter) rpfiltercontrol="$2" ; shift ;; -+ --) shift ; break ;; -+ -*) echo "$me: unknown option \`$1'" >&2 ; exit 2 ;; -+ *) break ;; -+ esac -+ shift -+done -+ -+ -+ -+# some shell functions, to clarify the actual code -+ -+# set up a system flag based on a variable -+# sysflag value shortname default flagname -+sysflag() { -+ case "$1" in -+ '') v="$3" ;; -+ *) v="$1" ;; -+ esac -+ if test ! -f $sysflags/$4 -+ then -+ if test " $v" != " $3" -+ then -+ echo "cannot do $2=$v, $sysflags/$4 does not exist" -+ exit 1 -+ else -+ return # can't set, but it's the default anyway -+ fi -+ fi -+ case "$v" in -+ yes|no) ;; -+ *) echo "unknown (not yes/no) $2 value \`$1'" -+ exit 1 -+ ;; -+ esac -+ case "$v" in -+ yes) echo 1 >$sysflags/$4 ;; -+ no) echo 0 >$sysflags/$4 ;; -+ esac -+} -+ -+# set up a Klips interface -+klipsinterface() { -+ # pull apart the interface spec -+ virt=`expr $1 : '\([^=]*\)=.*'` -+ phys=`expr $1 : '[^=]*=\(.*\)'` -+ case "$virt" in -+ ipsec[0-9]) ;; -+ *) echo "invalid interface \`$virt' in \`$1'" ; exit 1 ;; -+ esac -+ -+ # figure out ifconfig for interface -+ addr= -+ eval `ifconfig $phys | -+ awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ { -+ gsub(/:/, " ", $0) -+ print "addr=" $3 -+ other = $5 -+ if ($4 == "Bcast") -+ print "type=broadcast" -+ else if ($4 == "P-t-P") -+ print "type=pointopoint" -+ else if (NF == 5) { -+ print "type=" -+ other = "" -+ } else -+ print "type=unknown" -+ print "otheraddr=" other -+ print "mask=" $NF -+ }'` -+ if test " $addr" = " " -+ then -+ echo "unable to determine address of \`$phys'" -+ exit 1 -+ fi -+ if test " $type" = " unknown" -+ then -+ echo "\`$phys' is of an unknown type" -+ exit 1 -+ fi -+ if test " $omtu" != " " -+ then -+ mtu="mtu $omtu" -+ else -+ mtu= -+ fi -+ echo "KLIPS $virt on $phys $addr/$mask $type $otheraddr $mtu" | logonly -+ -+ if $klips -+ then -+ # attach the interface and bring it up -+ ipsec tncfg --attach --virtual $virt --physical $phys -+ ifconfig $virt inet $addr $type $otheraddr netmask $mask $mtu -+ fi -+ -+ # if %defaultroute, note the facts -+ if test " $2" != " " -+ then -+ ( -+ echo "defaultroutephys=$phys" -+ echo "defaultroutevirt=$virt" -+ echo "defaultrouteaddr=$addr" -+ if test " $2" != " 0.0.0.0" -+ then -+ echo "defaultroutenexthop=$2" -+ fi -+ ) >>$info -+ else -+ echo '#dr: no default route' >>$info -+ fi -+ -+ # check for rp_filter trouble -+ checkif $phys # thought to be a problem only on phys -+} -+ -+# check an interface for problems -+checkif() { -+ $klips || return 0 -+ rpf=$rpfilter1/$1/$rpfilter2 -+ if test -f $rpf -+ then -+ r="`cat $rpf`" -+ if test " $r" != " 0" -+ then -+ case "$r-$rpfiltercontrol" in -+ 0-%unchanged|0-0|1-1|2-2) -+ # happy state -+ ;; -+ *-%unchanged) -+ echo "WARNING: $1 has route filtering turned on; KLIPS may not work ($rpf is $r)" -+ ;; -+ [012]-[012]) -+ echo "WARNING: changing route filtering on $1 (changing $rpf from $r to $rpfiltercontrol)" -+ echo "$rpfiltercontrol" >$rpf -+ ;; -+ [012]-*) -+ echo "ERROR: unknown rpfilter setting: $rpfiltercontrol" -+ ;; -+ *) -+ echo "ERROR: unknown $rpf value $r" -+ ;; -+ esac -+ fi -+ fi -+} -+ -+# interfaces=%defaultroute: put ipsec0 on top of default route's interface -+defaultinterface() { -+ phys=`netstat -nr | -+ awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'` -+ if test " $phys" = " " -+ then -+ echo "no default route, %defaultroute cannot cope!!!" -+ exit 1 -+ fi -+ if test `echo " $phys" | wc -l` -gt 1 -+ then -+ echo "multiple default routes, %defaultroute cannot cope!!!" -+ exit 1 -+ fi -+ next=`netstat -nr | -+ awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'` -+ klipsinterface "ipsec0=$phys" $next -+} -+ -+# log only to syslog, not to stdout/stderr -+logonly() { -+ logger -p $log -t ipsec_setup -+} -+ -+# sort out which module is appropriate, changing it if necessary -+setmodule() { -+ if [ -e /proc/kallsyms ] -+ then -+ kernelsymbols="/proc/kallsyms"; -+ echo "calcgoo: warning: 2.6 kernel with kallsyms not supported yet" -+ else -+ kernelsymbols="/proc/ksyms"; -+ fi -+ wantgoo="`ipsec calcgoo $kernelsymbols`" -+ module=$moduleplace/$modulename -+ if test -f $module -+ then -+ goo="`nm -ao $module | ipsec calcgoo`" -+ if test " $wantgoo" = " $goo" -+ then -+ return # looks right -+ fi -+ fi -+ if test -f $moduleinstplace/$wantgoo -+ then -+ echo "modprobe failed, but found matching template module $wantgoo." -+ echo "Copying $moduleinstplace/$wantgoo to $module." -+ rm -f $module -+ mkdir -p $moduleplace -+ cp -p $moduleinstplace/$wantgoo $module -+ # "depmod -a" gets done by caller -+ fi -+} -+ -+ -+ -+# main line -+ -+# load module if possible -+if test -f $ipsecversion && test -f $netkey -+then -+ # both KLIPS and NETKEY code detected, bail out -+ echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel" -+ exit -+fi -+if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec -+then -+ # statically compiled KLIPS/NETKEY not found; try to load the module -+ modprobe ipsec -+fi -+ -+if test ! -f $ipsecversion && test ! -f $netkey -+then -+ modprobe -v af_key -+fi -+ -+if test -f $netkey -+then -+ klips=false -+ if test -f $modules -+ then -+ modprobe -qv ah4 -+ modprobe -qv esp4 -+ modprobe -qv ipcomp -+ # xfrm4_tunnel is needed by ipip and ipcomp -+ modprobe -qv xfrm4_tunnel -+ # xfrm_user contains netlink support for IPsec -+ modprobe -qv xfrm_user -+ modprobe -qv hw_random -+ # padlock must load before aes module -+ modprobe -qv padlock -+ # load the most common ciphers/algo's -+ modprobe -qv sha1 -+ modprobe -qv md5 -+ modprobe -qv des -+ modprobe -qv aes -+ fi -+fi -+ -+if test ! -f $ipsecversion && $klips -+then -+ if test -r $modules # kernel does have modules -+ then -+ if [ ! -e /proc/ksyms -a ! -e /proc/kallsyms ] -+ then -+ echo "Broken 2.6 kernel without kallsyms, skipping calcgoo (Fedora rpm?)" -+ else -+ setmodule -+ fi -+ unset MODPATH MODULECONF # no user overrides! -+ depmod -a >/dev/null 2>&1 -+ modprobe -qv hw_random -+ # padlock must load before aes module -+ modprobe -qv padlock -+ modprobe -v ipsec -+ fi -+ if test ! -f $ipsecversion -+ then -+ echo "kernel appears to lack IPsec support (neither CONFIG_KLIPS or CONFIG_NET_KEY are set)" -+ exit 1 -+ fi -+fi -+ -+# figure out debugging flags -+case "$debug" in -+'') debug=none ;; -+esac -+if test -r /proc/net/ipsec_klipsdebug -+then -+ echo "KLIPS debug \`$debug'" | logonly -+ case "$debug" in -+ none) ipsec klipsdebug --none ;; -+ all) ipsec klipsdebug --all ;; -+ *) ipsec klipsdebug --none -+ for d in $debug -+ do -+ ipsec klipsdebug --set $d -+ done -+ ;; -+ esac -+elif $klips -+then -+ if test " $debug" != " none" -+ then -+ echo "klipsdebug=\`$debug' ignored, KLIPS lacks debug facilities" -+ fi -+fi -+ -+# figure out misc. kernel config -+if test -d $sysflags -+then -+ sysflag "$fragicmp" "fragicmp" yes icmp -+ echo 1 >$sysflags/inbound_policy_check # no debate -+ sysflag no "no_eroute_pass" no no_eroute_pass # obsolete parm -+ sysflag no "opportunistic" no opportunistic # obsolete parm -+ sysflag "$hidetos" "hidetos" yes tos -+elif $klips -+then -+ echo "WARNING: cannot adjust KLIPS flags, no $sysflags directory!" -+ # carry on -+fi -+ -+if $klips -+then -+ # clear tables out in case dregs have been left over -+ ipsec eroute --clear -+ ipsec spi --clear -+elif test $netkey -+then -+ if ip xfrm state > /dev/null 2>&1 -+ then -+ ip xfrm state flush -+ ip xfrm policy flush -+ elif type setkey > /dev/null 2>&1 -+ then -+ # Check that the setkey command is available. -+ setkeycmd= -+ PATH=$PATH:/usr/local/sbin -+ for dir in `echo $PATH | tr ':' ' '` -+ do -+ if test -f $dir/setkey -a -x $dir/setkey -+ then -+ setkeycmd=$dir/setkey -+ break # NOTE BREAK OUT -+ fi -+ done -+ $setkeycmd -F -+ $setkeycmd -FP -+ else -+ -+ echo "WARNING: cannot flush state/policy database -- \`$1'. Install a newer version of iproute/iproute2 or install the ipsec-tools package to obtain the setkey command." | -+ logger -s -p daemon.error -t ipsec_setup -+ fi -+fi -+ -+# figure out interfaces -+for i -+do -+ case "$i" in -+ ipsec*=?*) klipsinterface "$i" ;; -+ %defaultroute) defaultinterface ;; -+ *) echo "interface \`$i' not understood" -+ exit 1 -+ ;; -+ esac -+done -+ -+exit 0 diff --git a/openwrt/package/openswan/patches/use-dev-urandom.patch b/openwrt/package/openswan/patches/use-dev-urandom.patch deleted file mode 100644 index 1a1988458..000000000 --- a/openwrt/package/openswan/patches/use-dev-urandom.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -urN openswan-2.3.1dr6.old/programs/ranbits/ranbits.c openswan-2.3.1dr6.dev/programs/ranbits/ranbits.c ---- openswan-2.3.1dr6.old/programs/ranbits/ranbits.c 2004-04-04 03:50:56.000000000 +0200 -+++ openswan-2.3.1dr6.dev/programs/ranbits/ranbits.c 2005-04-05 17:37:16.000000000 +0200 -@@ -29,7 +29,7 @@ - #include <openswan.h> - - #ifndef DEVICE --#define DEVICE "/dev/random" -+#define DEVICE "/dev/urandom" - #endif - #ifndef QDEVICE - #define QDEVICE "/dev/urandom" -diff -urN openswan-2.3.1dr6.old/programs/rsasigkey/rsasigkey.c openswan-2.3.1dr6.dev/programs/rsasigkey/rsasigkey.c ---- openswan-2.3.1dr6.old/programs/rsasigkey/rsasigkey.c 2004-05-23 23:32:03.000000000 +0200 -+++ openswan-2.3.1dr6.dev/programs/rsasigkey/rsasigkey.c 2005-04-05 17:38:00.000000000 +0200 -@@ -31,7 +31,7 @@ - #include <gmp.h> - - #ifndef DEVICE --#define DEVICE "/dev/random" -+#define DEVICE "/dev/urandom" - #endif - #ifndef MAXBITS - #define MAXBITS 20000 -diff -urN openswan-2.3.1dr6.old/programs/starter/files.h openswan-2.3.1dr6.dev/programs/starter/files.h ---- openswan-2.3.1dr6.old/programs/starter/files.h 2005-01-11 18:52:51.000000000 +0100 -+++ openswan-2.3.1dr6.dev/programs/starter/files.h 2005-04-05 17:38:16.000000000 +0200 -@@ -36,7 +36,7 @@ - - #define MY_PID_FILE "/var/run/pluto/ipsec-starter.pid" - --#define DEV_RANDOM "/dev/random" -+#define DEV_RANDOM "/dev/urandom" - #define DEV_URANDOM "/dev/urandom" - - #define PROC_IPSECVERSION "/proc/net/ipsec_version" |