+++ /dev/null
-diff -Nur openswan-2.4.5rc5/programs/loggerfix openswan-2.4.5rc5.patched/programs/loggerfix
---- openswan-2.4.5rc5/programs/loggerfix 1970-01-01 01:00:00.000000000 +0100
-+++ openswan-2.4.5rc5.patched/programs/loggerfix 2006-03-29 01:20:44.000000000 +0200
-@@ -0,0 +1,5 @@
-+#!/bin/sh
-+# use filename instead of /dev/null to log, but dont log to flash or ram
-+# pref. log to nfs mount
-+echo "$*" >> /dev/null
-+exit 0
-diff -Nur openswan-2.4.5rc5/programs/look/look.in openswan-2.4.5rc5.patched/programs/look/look.in
---- openswan-2.4.5rc5/programs/look/look.in 2005-08-18 16:10:09.000000000 +0200
-+++ openswan-2.4.5rc5.patched/programs/look/look.in 2006-03-29 01:20:44.000000000 +0200
-@@ -84,7 +84,7 @@
- then
- pat="$pat|$defaultroutephys\$|$defaultroutevirt\$"
- else
-- for i in `echo "$IPSECinterfaces" | sed 's/=/ /'`
-+ for i in `echo "$IPSECinterfaces" | tr '=' ' '`
- do
- pat="$pat|$i\$"
- done
-diff -Nur openswan-2.4.5rc5/programs/_plutorun/_plutorun.in openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in
---- openswan-2.4.5rc5/programs/_plutorun/_plutorun.in 2006-01-06 00:45:00.000000000 +0100
-+++ openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in 2006-03-29 01:20:44.000000000 +0200
-@@ -147,7 +147,7 @@
- exit 1
- fi
- else
-- if test ! -w "`dirname $stderrlog`"
-+ if test ! -w "`echo $stderrlog | sed -r 's/(^.*\/)(.*$)/\1/'`"
- then
- echo Cannot write to directory to create \"$stderrlog\".
- exit 1
-diff -Nur openswan-2.4.5rc5/programs/_realsetup/_realsetup.in openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in
---- openswan-2.4.5rc5/programs/_realsetup/_realsetup.in 2005-07-28 02:23:48.000000000 +0200
-+++ openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in 2006-03-29 01:20:44.000000000 +0200
-@@ -235,7 +235,7 @@
-
- # misc pre-Pluto setup
-
-- perform test -d `dirname $subsyslock` "&&" touch $subsyslock
-+ perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock
-
- if test " $IPSECforwardcontrol" = " yes"
- then
-@@ -347,7 +347,7 @@
- lsmod 2>&1 | grep "^xfrm_user" > /dev/null && rmmod -s xfrm_user
- fi
-
-- perform test -d `dirname $subsyslock` "&&" rm -f $subsyslock
-+ perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock
-
- perform rm -f $info $lock $plutopid
- perform echo "...Openswan IPsec stopped" "|" $LOGONLY
-diff -Nur openswan-2.4.5rc5/programs/send-pr/send-pr.in openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in
---- openswan-2.4.5rc5/programs/send-pr/send-pr.in 2005-04-18 01:04:46.000000000 +0200
-+++ openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in 2006-03-29 01:20:44.000000000 +0200
-@@ -402,7 +402,7 @@
- else
- if [ "$fieldname" != "Category" ]
- then
-- values=`${BINDIR}/query-pr --valid-values $fieldname | sed ':a;N;$!ba;s/\n/ /g' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
-+ values=`${BINDIR}/query-pr --valid-values $fieldname | tr '\n' ' ' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
- valslen=`echo "$values" | wc -c`
- else
- values="choose from a category listed above"
-@@ -414,7 +414,7 @@
- else
- desc="<${values} (one line)>";
- fi
-- dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
-+ dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
- echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
- fi
- echo "${fmtname}${desc}" >> $file
-@@ -425,7 +425,7 @@
- desc=" $default_val";
- else
- desc=" <`${BINDIR}/query-pr --field-description $fieldname` (multiple lines)>";
-- dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
-+ dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
- echo "s/^${dpat}//" >> $FIXFIL
- fi
- echo "${fmtname}" >> $file;
-@@ -437,7 +437,7 @@
- desc="${default_val}"
- else
- desc="<`${BINDIR}/query-pr --field-description $fieldname` (one line)>"
-- dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
-+ dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
- echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
- fi
- echo "${fmtname}${desc}" >> $file
-diff -Nur openswan-2.4.5rc5/programs/setup/setup.in openswan-2.4.5rc5.patched/programs/setup/setup.in
---- openswan-2.4.5rc5/programs/setup/setup.in 2005-07-25 21:17:03.000000000 +0200
-+++ openswan-2.4.5rc5.patched/programs/setup/setup.in 2006-03-29 01:20:44.000000000 +0200
-@@ -117,12 +117,22 @@
- # do it
- case "$1" in
- start|--start|stop|--stop|_autostop|_autostart)
-- if test " `id -u`" != " 0"
-+ if [ "x${USER}" != "xroot" ]
- then
- echo "permission denied (must be superuser)" |
- logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
- exit 1
- fi
-+
-+ # make sure all required directories exist
-+ if [ ! -d /var/run/pluto ]
-+ then
-+ mkdir -p /var/run/pluto
-+ fi
-+ if [ ! -d /var/lock/subsys ]
-+ then
-+ mkdir -p /var/lock/subsys
-+ fi
- tmp=/var/run/pluto/ipsec_setup.st
- outtmp=/var/run/pluto/ipsec_setup.out
- (
-diff -Nur openswan-2.4.5rc5/programs/showhostkey/showhostkey.in openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in
---- openswan-2.4.5rc5/programs/showhostkey/showhostkey.in 2004-11-14 14:40:41.000000000 +0100
-+++ openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in 2006-03-29 01:20:44.000000000 +0200
-@@ -63,7 +63,7 @@
- exit 1
- fi
-
--host="`hostname --fqdn`"
-+host="`cat /proc/sys/kernel/hostname`"
-
- awk ' BEGIN {
- inkey = 0
-diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in
---- openswan-2.4.5rc5/programs/_startklips/_startklips.in 2005-11-25 00:08:05.000000000 +0100
-+++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in 2006-03-29 01:23:54.000000000 +0200
-@@ -262,15 +262,15 @@
- echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
- exit
- fi
--if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
-+if test ! -f $ipsecversion && test ! -f $netkey && insmod ipsec
- then
- # statically compiled KLIPS/NETKEY not found; try to load the module
-- modprobe ipsec
-+ insmod ipsec
- fi
-
- if test ! -f $ipsecversion && test ! -f $netkey
- then
-- modprobe -v af_key
-+ insmod -v af_key
- fi
-
- if test -f $netkey
-@@ -278,21 +278,21 @@
- klips=false
- if test -f $modules
- then
-- modprobe -qv ah4
-- modprobe -qv esp4
-- modprobe -qv ipcomp
-+ insmod -qv ah4
-+ insmod -qv esp4
-+ insmod -qv ipcomp
- # xfrm4_tunnel is needed by ipip and ipcomp
-- modprobe -qv xfrm4_tunnel
-+ insmod -qv xfrm4_tunnel
- # xfrm_user contains netlink support for IPsec
-- modprobe -qv xfrm_user
-- modprobe -qv hw_random
-+ insmod -qv xfrm_user
-+ insmod -qv hw_random
- # padlock must load before aes module
-- modprobe -qv padlock
-+ insmod -qv padlock
- # load the most common ciphers/algo's
-- modprobe -qv sha1
-- modprobe -qv md5
-- modprobe -qv des
-- modprobe -qv aes
-+ insmod -qv sha1
-+ insmod -qv md5
-+ insmod -qv des
-+ insmod -qv aes
- fi
- fi
-
-@@ -308,10 +308,10 @@
- fi
- unset MODPATH MODULECONF # no user overrides!
- depmod -a >/dev/null 2>&1
-- modprobe -qv hw_random
-+ insmod -qv hw_random
- # padlock must load before aes module
-- modprobe -qv padlock
-- modprobe -v ipsec
-+ insmod -qv padlock
-+ insmod -v ipsec
- fi
- if test ! -f $ipsecversion
- then
-diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig
---- openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig 1970-01-01 01:00:00.000000000 +0100
-+++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig 2005-11-25 00:08:05.000000000 +0100
-@@ -0,0 +1,407 @@
-+#!/bin/sh
-+# KLIPS startup script
-+# Copyright (C) 1998, 1999, 2001, 2002 Henry Spencer.
-+#
-+# This program is free software; you can redistribute it and/or modify it
-+# under the terms of the GNU General Public License as published by the
-+# Free Software Foundation; either version 2 of the License, or (at your
-+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+#
-+# This program is distributed in the hope that it will be useful, but
-+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+# for more details.
-+#
-+# RCSID $Id$
-+
-+me='ipsec _startklips' # for messages
-+
-+# KLIPS-related paths
-+sysflags=/proc/sys/net/ipsec
-+modules=/proc/modules
-+# full rp_filter path is $rpfilter1/interface/$rpfilter2
-+rpfilter1=/proc/sys/net/ipv4/conf
-+rpfilter2=rp_filter
-+# %unchanged or setting (0, 1, or 2)
-+rpfiltercontrol=0
-+ipsecversion=/proc/net/ipsec_version
-+moduleplace=/lib/modules/`uname -r`/kernel/net/ipsec
-+bareversion=`uname -r | sed -e 's/\.nptl//' | sed -e 's/^\(2\.[0-9]\.[1-9][0-9]*-[1-9][0-9]*\(\.[0-9][0-9]*\)*\(\.x\)*\).*$/\1/'`
-+moduleinstplace=/lib/modules/$bareversion/kernel/net/ipsec
-+case $bareversion in
-+ 2.6*)
-+ modulename=ipsec.ko
-+ ;;
-+ *)
-+ modulename=ipsec.o
-+ ;;
-+esac
-+
-+klips=true
-+netkey=/proc/net/pfkey
-+
-+info=/dev/null
-+log=daemon.error
-+for dummy
-+do
-+ case "$1" in
-+ --log) log="$2" ; shift ;;
-+ --info) info="$2" ; shift ;;
-+ --debug) debug="$2" ; shift ;;
-+ --omtu) omtu="$2" ; shift ;;
-+ --fragicmp) fragicmp="$2" ; shift ;;
-+ --hidetos) hidetos="$2" ; shift ;;
-+ --rpfilter) rpfiltercontrol="$2" ; shift ;;
-+ --) shift ; break ;;
-+ -*) echo "$me: unknown option \`$1'" >&2 ; exit 2 ;;
-+ *) break ;;
-+ esac
-+ shift
-+done
-+
-+
-+
-+# some shell functions, to clarify the actual code
-+
-+# set up a system flag based on a variable
-+# sysflag value shortname default flagname
-+sysflag() {
-+ case "$1" in
-+ '') v="$3" ;;
-+ *) v="$1" ;;
-+ esac
-+ if test ! -f $sysflags/$4
-+ then
-+ if test " $v" != " $3"
-+ then
-+ echo "cannot do $2=$v, $sysflags/$4 does not exist"
-+ exit 1
-+ else
-+ return # can't set, but it's the default anyway
-+ fi
-+ fi
-+ case "$v" in
-+ yes|no) ;;
-+ *) echo "unknown (not yes/no) $2 value \`$1'"
-+ exit 1
-+ ;;
-+ esac
-+ case "$v" in
-+ yes) echo 1 >$sysflags/$4 ;;
-+ no) echo 0 >$sysflags/$4 ;;
-+ esac
-+}
-+
-+# set up a Klips interface
-+klipsinterface() {
-+ # pull apart the interface spec
-+ virt=`expr $1 : '\([^=]*\)=.*'`
-+ phys=`expr $1 : '[^=]*=\(.*\)'`
-+ case "$virt" in
-+ ipsec[0-9]) ;;
-+ *) echo "invalid interface \`$virt' in \`$1'" ; exit 1 ;;
-+ esac
-+
-+ # figure out ifconfig for interface
-+ addr=
-+ eval `ifconfig $phys |
-+ awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ {
-+ gsub(/:/, " ", $0)
-+ print "addr=" $3
-+ other = $5
-+ if ($4 == "Bcast")
-+ print "type=broadcast"
-+ else if ($4 == "P-t-P")
-+ print "type=pointopoint"
-+ else if (NF == 5) {
-+ print "type="
-+ other = ""
-+ } else
-+ print "type=unknown"
-+ print "otheraddr=" other
-+ print "mask=" $NF
-+ }'`
-+ if test " $addr" = " "
-+ then
-+ echo "unable to determine address of \`$phys'"
-+ exit 1
-+ fi
-+ if test " $type" = " unknown"
-+ then
-+ echo "\`$phys' is of an unknown type"
-+ exit 1
-+ fi
-+ if test " $omtu" != " "
-+ then
-+ mtu="mtu $omtu"
-+ else
-+ mtu=
-+ fi
-+ echo "KLIPS $virt on $phys $addr/$mask $type $otheraddr $mtu" | logonly
-+
-+ if $klips
-+ then
-+ # attach the interface and bring it up
-+ ipsec tncfg --attach --virtual $virt --physical $phys
-+ ifconfig $virt inet $addr $type $otheraddr netmask $mask $mtu
-+ fi
-+
-+ # if %defaultroute, note the facts
-+ if test " $2" != " "
-+ then
-+ (
-+ echo "defaultroutephys=$phys"
-+ echo "defaultroutevirt=$virt"
-+ echo "defaultrouteaddr=$addr"
-+ if test " $2" != " 0.0.0.0"
-+ then
-+ echo "defaultroutenexthop=$2"
-+ fi
-+ ) >>$info
-+ else
-+ echo '#dr: no default route' >>$info
-+ fi
-+
-+ # check for rp_filter trouble
-+ checkif $phys # thought to be a problem only on phys
-+}
-+
-+# check an interface for problems
-+checkif() {
-+ $klips || return 0
-+ rpf=$rpfilter1/$1/$rpfilter2
-+ if test -f $rpf
-+ then
-+ r="`cat $rpf`"
-+ if test " $r" != " 0"
-+ then
-+ case "$r-$rpfiltercontrol" in
-+ 0-%unchanged|0-0|1-1|2-2)
-+ # happy state
-+ ;;
-+ *-%unchanged)
-+ echo "WARNING: $1 has route filtering turned on; KLIPS may not work ($rpf is $r)"
-+ ;;
-+ [012]-[012])
-+ echo "WARNING: changing route filtering on $1 (changing $rpf from $r to $rpfiltercontrol)"
-+ echo "$rpfiltercontrol" >$rpf
-+ ;;
-+ [012]-*)
-+ echo "ERROR: unknown rpfilter setting: $rpfiltercontrol"
-+ ;;
-+ *)
-+ echo "ERROR: unknown $rpf value $r"
-+ ;;
-+ esac
-+ fi
-+ fi
-+}
-+
-+# interfaces=%defaultroute: put ipsec0 on top of default route's interface
-+defaultinterface() {
-+ phys=`netstat -nr |
-+ awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'`
-+ if test " $phys" = " "
-+ then
-+ echo "no default route, %defaultroute cannot cope!!!"
-+ exit 1
-+ fi
-+ if test `echo " $phys" | wc -l` -gt 1
-+ then
-+ echo "multiple default routes, %defaultroute cannot cope!!!"
-+ exit 1
-+ fi
-+ next=`netstat -nr |
-+ awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'`
-+ klipsinterface "ipsec0=$phys" $next
-+}
-+
-+# log only to syslog, not to stdout/stderr
-+logonly() {
-+ logger -p $log -t ipsec_setup
-+}
-+
-+# sort out which module is appropriate, changing it if necessary
-+setmodule() {
-+ if [ -e /proc/kallsyms ]
-+ then
-+ kernelsymbols="/proc/kallsyms";
-+ echo "calcgoo: warning: 2.6 kernel with kallsyms not supported yet"
-+ else
-+ kernelsymbols="/proc/ksyms";
-+ fi
-+ wantgoo="`ipsec calcgoo $kernelsymbols`"
-+ module=$moduleplace/$modulename
-+ if test -f $module
-+ then
-+ goo="`nm -ao $module | ipsec calcgoo`"
-+ if test " $wantgoo" = " $goo"
-+ then
-+ return # looks right
-+ fi
-+ fi
-+ if test -f $moduleinstplace/$wantgoo
-+ then
-+ echo "modprobe failed, but found matching template module $wantgoo."
-+ echo "Copying $moduleinstplace/$wantgoo to $module."
-+ rm -f $module
-+ mkdir -p $moduleplace
-+ cp -p $moduleinstplace/$wantgoo $module
-+ # "depmod -a" gets done by caller
-+ fi
-+}
-+
-+
-+
-+# main line
-+
-+# load module if possible
-+if test -f $ipsecversion && test -f $netkey
-+then
-+ # both KLIPS and NETKEY code detected, bail out
-+ echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
-+ exit
-+fi
-+if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
-+then
-+ # statically compiled KLIPS/NETKEY not found; try to load the module
-+ modprobe ipsec
-+fi
-+
-+if test ! -f $ipsecversion && test ! -f $netkey
-+then
-+ modprobe -v af_key
-+fi
-+
-+if test -f $netkey
-+then
-+ klips=false
-+ if test -f $modules
-+ then
-+ modprobe -qv ah4
-+ modprobe -qv esp4
-+ modprobe -qv ipcomp
-+ # xfrm4_tunnel is needed by ipip and ipcomp
-+ modprobe -qv xfrm4_tunnel
-+ # xfrm_user contains netlink support for IPsec
-+ modprobe -qv xfrm_user
-+ modprobe -qv hw_random
-+ # padlock must load before aes module
-+ modprobe -qv padlock
-+ # load the most common ciphers/algo's
-+ modprobe -qv sha1
-+ modprobe -qv md5
-+ modprobe -qv des
-+ modprobe -qv aes
-+ fi
-+fi
-+
-+if test ! -f $ipsecversion && $klips
-+then
-+ if test -r $modules # kernel does have modules
-+ then
-+ if [ ! -e /proc/ksyms -a ! -e /proc/kallsyms ]
-+ then
-+ echo "Broken 2.6 kernel without kallsyms, skipping calcgoo (Fedora rpm?)"
-+ else
-+ setmodule
-+ fi
-+ unset MODPATH MODULECONF # no user overrides!
-+ depmod -a >/dev/null 2>&1
-+ modprobe -qv hw_random
-+ # padlock must load before aes module
-+ modprobe -qv padlock
-+ modprobe -v ipsec
-+ fi
-+ if test ! -f $ipsecversion
-+ then
-+ echo "kernel appears to lack IPsec support (neither CONFIG_KLIPS or CONFIG_NET_KEY are set)"
-+ exit 1
-+ fi
-+fi
-+
-+# figure out debugging flags
-+case "$debug" in
-+'') debug=none ;;
-+esac
-+if test -r /proc/net/ipsec_klipsdebug
-+then
-+ echo "KLIPS debug \`$debug'" | logonly
-+ case "$debug" in
-+ none) ipsec klipsdebug --none ;;
-+ all) ipsec klipsdebug --all ;;
-+ *) ipsec klipsdebug --none
-+ for d in $debug
-+ do
-+ ipsec klipsdebug --set $d
-+ done
-+ ;;
-+ esac
-+elif $klips
-+then
-+ if test " $debug" != " none"
-+ then
-+ echo "klipsdebug=\`$debug' ignored, KLIPS lacks debug facilities"
-+ fi
-+fi
-+
-+# figure out misc. kernel config
-+if test -d $sysflags
-+then
-+ sysflag "$fragicmp" "fragicmp" yes icmp
-+ echo 1 >$sysflags/inbound_policy_check # no debate
-+ sysflag no "no_eroute_pass" no no_eroute_pass # obsolete parm
-+ sysflag no "opportunistic" no opportunistic # obsolete parm
-+ sysflag "$hidetos" "hidetos" yes tos
-+elif $klips
-+then
-+ echo "WARNING: cannot adjust KLIPS flags, no $sysflags directory!"
-+ # carry on
-+fi
-+
-+if $klips
-+then
-+ # clear tables out in case dregs have been left over
-+ ipsec eroute --clear
-+ ipsec spi --clear
-+elif test $netkey
-+then
-+ if ip xfrm state > /dev/null 2>&1
-+ then
-+ ip xfrm state flush
-+ ip xfrm policy flush
-+ elif type setkey > /dev/null 2>&1
-+ then
-+ # Check that the setkey command is available.
-+ setkeycmd=
-+ PATH=$PATH:/usr/local/sbin
-+ for dir in `echo $PATH | tr ':' ' '`
-+ do
-+ if test -f $dir/setkey -a -x $dir/setkey
-+ then
-+ setkeycmd=$dir/setkey
-+ break # NOTE BREAK OUT
-+ fi
-+ done
-+ $setkeycmd -F
-+ $setkeycmd -FP
-+ else
-+
-+ echo "WARNING: cannot flush state/policy database -- \`$1'. Install a newer version of iproute/iproute2 or install the ipsec-tools package to obtain the setkey command." |
-+ logger -s -p daemon.error -t ipsec_setup
-+ fi
-+fi
-+
-+# figure out interfaces
-+for i
-+do
-+ case "$i" in
-+ ipsec*=?*) klipsinterface "$i" ;;
-+ %defaultroute) defaultinterface ;;
-+ *) echo "interface \`$i' not understood"
-+ exit 1
-+ ;;
-+ esac
-+done
-+
-+exit 0
projects / openwrt / staging / dedeckeh.git / blobdiff