Remove unecessary control files since those kmods are packaged with the new layout

[openwrt/openwrt.git] / openwrt / package / openswan / patches / scripts.patch

diff --git a/openwrt/package/openswan/patches/scripts.patch b/openwrt/package/openswan/patches/scripts.patch
index 6d571ef3fd9205bec82487636020815d16d9c2a5..ed8eba92cf1551632d4072eaeba8f4c734cd497d 100644 (file)
--- a/openwrt/package/openswan/patches/scripts.patch
+++ b/openwrt/package/openswan/patches/scripts.patch
@@ -1,15 +1,15 @@
-diff -Nur openswan-2.4.5rc5/programs/loggerfix openswan-2.4.5rc5.patched/programs/loggerfix
---- openswan-2.4.5rc5/programs/loggerfix       1970-01-01 01:00:00.000000000 +0100
-+++ openswan-2.4.5rc5.patched/programs/loggerfix       2006-03-29 01:20:44.000000000 +0200
+diff -urN openswan.old/programs/loggerfix openswan.dev/programs/loggerfix
+--- openswan.old/programs/loggerfix    1970-01-01 01:00:00.000000000 +0100
++++ openswan.dev/programs/loggerfix    2006-10-08 20:41:08.000000000 +0200

 @@ -0,0 +1,5 @@
 +#!/bin/sh
 +# use filename instead of /dev/null to log, but dont log to flash or ram
 +# pref. log to nfs mount
 +echo "$*" >> /dev/null
 +exit 0
 @@ -0,0 +1,5 @@
 +#!/bin/sh
 +# use filename instead of /dev/null to log, but dont log to flash or ram
 +# pref. log to nfs mount
 +echo "$*" >> /dev/null
 +exit 0

-diff -Nur openswan-2.4.5rc5/programs/look/look.in openswan-2.4.5rc5.patched/programs/look/look.in
---- openswan-2.4.5rc5/programs/look/look.in    2005-08-18 16:10:09.000000000 +0200
-+++ openswan-2.4.5rc5.patched/programs/look/look.in    2006-03-29 01:20:44.000000000 +0200
+diff -urN openswan.old/programs/look/look.in openswan.dev/programs/look/look.in
+--- openswan.old/programs/look/look.in 2006-10-08 20:43:21.000000000 +0200
++++ openswan.dev/programs/look/look.in 2006-10-08 20:41:08.000000000 +0200

 @@ -84,7 +84,7 @@
  then
        pat="$pat|$defaultroutephys\$|$defaultroutevirt\$"
 @@ -84,7 +84,7 @@
  then
        pat="$pat|$defaultroutephys\$|$defaultroutevirt\$"


@@ -19,9 +19,9 @@ diff -Nur openswan-2.4.5rc5/programs/look/look.in openswan-2.4.5rc5.patched/prog
        do
                pat="$pat|$i\$"
        done
        do
                pat="$pat|$i\$"
        done

-diff -Nur openswan-2.4.5rc5/programs/_plutorun/_plutorun.in openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in
---- openswan-2.4.5rc5/programs/_plutorun/_plutorun.in  2006-01-06 00:45:00.000000000 +0100
-+++ openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in  2006-03-29 01:20:44.000000000 +0200
+diff -urN openswan.old/programs/_plutorun/_plutorun.in openswan.dev/programs/_plutorun/_plutorun.in
+--- openswan.old/programs/_plutorun/_plutorun.in       2006-10-08 20:43:21.000000000 +0200
++++ openswan.dev/programs/_plutorun/_plutorun.in       2006-10-08 20:41:08.000000000 +0200

 @@ -147,7 +147,7 @@
                        exit 1
                fi
 @@ -147,7 +147,7 @@
                        exit 1
                fi


@@ -31,30 +31,21 @@ diff -Nur openswan-2.4.5rc5/programs/_plutorun/_plutorun.in openswan-2.4.5rc5.pa
                then
                        echo Cannot write to directory to create \"$stderrlog\".
                        exit 1
                then
                        echo Cannot write to directory to create \"$stderrlog\".
                        exit 1

-diff -Nur openswan-2.4.5rc5/programs/_realsetup/_realsetup.in openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in
---- openswan-2.4.5rc5/programs/_realsetup/_realsetup.in        2005-07-28 02:23:48.000000000 +0200
-+++ openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in        2006-03-29 01:20:44.000000000 +0200
-@@ -235,7 +235,7 @@
+diff -urN openswan.old/programs/_realsetup/_realsetup.in openswan.dev/programs/_realsetup/_realsetup.in
+--- openswan.old/programs/_realsetup/_realsetup.in     2006-10-08 20:43:21.000000000 +0200
++++ openswan.dev/programs/_realsetup/_realsetup.in     2006-10-08 20:41:08.000000000 +0200
+@@ -232,7 +232,7 @@

  
        # misc pre-Pluto setup
  
 -      perform test -d `dirname $subsyslock` "&&" touch $subsyslock
  
        # misc pre-Pluto setup
  
 -      perform test -d `dirname $subsyslock` "&&" touch $subsyslock

-+      perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock
++      perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock

  
        if test " $IPSECforwardcontrol" = " yes"
        then
  
        if test " $IPSECforwardcontrol" = " yes"
        then

-@@ -347,7 +347,7 @@
-               lsmod 2>&1 | grep "^xfrm_user" > /dev/null && rmmod -s xfrm_user
-       fi 
- 
--      perform test -d `dirname $subsyslock` "&&" rm -f $subsyslock
-+      perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock
- 
-       perform rm -f $info $lock $plutopid
-       perform echo "...Openswan IPsec stopped" "|" $LOGONLY
-diff -Nur openswan-2.4.5rc5/programs/send-pr/send-pr.in openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in
---- openswan-2.4.5rc5/programs/send-pr/send-pr.in      2005-04-18 01:04:46.000000000 +0200
-+++ openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in      2006-03-29 01:20:44.000000000 +0200
+diff -urN openswan.old/programs/send-pr/send-pr.in openswan.dev/programs/send-pr/send-pr.in
+--- openswan.old/programs/send-pr/send-pr.in   2006-10-08 20:43:21.000000000 +0200
++++ openswan.dev/programs/send-pr/send-pr.in   2006-10-08 20:41:08.000000000 +0200

 @@ -402,7 +402,7 @@
                    else
                        if [ "$fieldname" != "Category" ]
 @@ -402,7 +402,7 @@
                    else
                        if [ "$fieldname" != "Category" ]


@@ -91,10 +82,10 @@ diff -Nur openswan-2.4.5rc5/programs/send-pr/send-pr.in openswan-2.4.5rc5.patche
                        echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
                    fi
                    echo "${fmtname}${desc}" >> $file
                        echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
                    fi
                    echo "${fmtname}${desc}" >> $file

-diff -Nur openswan-2.4.5rc5/programs/setup/setup.in openswan-2.4.5rc5.patched/programs/setup/setup.in
---- openswan-2.4.5rc5/programs/setup/setup.in  2005-07-25 21:17:03.000000000 +0200
-+++ openswan-2.4.5rc5.patched/programs/setup/setup.in  2006-03-29 01:20:44.000000000 +0200
-@@ -117,12 +117,22 @@
+diff -urN openswan.old/programs/setup/setup.in openswan.dev/programs/setup/setup.in
+--- openswan.old/programs/setup/setup.in       2006-10-08 20:43:21.000000000 +0200
++++ openswan.dev/programs/setup/setup.in       2006-10-08 20:41:08.000000000 +0200
+@@ -117,12 +117,21 @@

  # do it
  case "$1" in
    start|--start|stop|--stop|_autostop|_autostart)
  # do it
  case "$1" in
    start|--start|stop|--stop|_autostop|_autostart)


@@ -105,7 +96,6 @@ diff -Nur openswan-2.4.5rc5/programs/setup/setup.in openswan-2.4.5rc5.patched/pr
                        logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
                exit 1
        fi
                        logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
                exit 1
        fi

-+

 +      # make sure all required directories exist
 +      if [ ! -d /var/run/pluto ]
 +      then
 +      # make sure all required directories exist
 +      if [ ! -d /var/run/pluto ]
 +      then


@@ -118,9 +108,9 @@ diff -Nur openswan-2.4.5rc5/programs/setup/setup.in openswan-2.4.5rc5.patched/pr
        tmp=/var/run/pluto/ipsec_setup.st
        outtmp=/var/run/pluto/ipsec_setup.out
        (
        tmp=/var/run/pluto/ipsec_setup.st
        outtmp=/var/run/pluto/ipsec_setup.out
        (

-diff -Nur openswan-2.4.5rc5/programs/showhostkey/showhostkey.in openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in
---- openswan-2.4.5rc5/programs/showhostkey/showhostkey.in      2004-11-14 14:40:41.000000000 +0100
-+++ openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in      2006-03-29 01:20:44.000000000 +0200
+diff -urN openswan.old/programs/showhostkey/showhostkey.in openswan.dev/programs/showhostkey/showhostkey.in
+--- openswan.old/programs/showhostkey/showhostkey.in   2006-10-08 20:43:21.000000000 +0200
++++ openswan.dev/programs/showhostkey/showhostkey.in   2006-10-08 20:41:08.000000000 +0200

 @@ -63,7 +63,7 @@
        exit 1
  fi
 @@ -63,7 +63,7 @@
        exit 1
  fi


@@ -130,15 +120,57 @@ diff -Nur openswan-2.4.5rc5/programs/showhostkey/showhostkey.in openswan-2.4.5rc
  
  awk ' BEGIN {
                inkey = 0
  
  awk ' BEGIN {
                inkey = 0

-diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in
---- openswan-2.4.5rc5/programs/_startklips/_startklips.in      2005-11-25 00:08:05.000000000 +0100
-+++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in      2006-03-29 01:23:54.000000000 +0200
+@@ -81,7 +81,7 @@
+               os = "[ \t]*"
+               x = "[^ \t]+"
+               oc = "(#.*)?"
+-              suffix = ":" os "[rR][sS][aA]" os "{" os oc "$"
++              suffix = ":" os "[rR][sS][aA]" os "\0173" os oc "$"
+               if (id == "") {
+                       pat = "^" suffix
+                       printid = "default"
+diff -urN openswan.old/programs/starter/klips.c openswan.dev/programs/starter/klips.c
+--- openswan.old/programs/starter/klips.c      2006-10-08 20:43:21.000000000 +0200
++++ openswan.dev/programs/starter/klips.c      2006-10-08 20:41:08.000000000 +0200
+@@ -83,7 +83,7 @@
+               if (stat(PROC_MODULES,&stb)==0) {
+                       unsetenv("MODPATH");
+                       unsetenv("MODULECONF");
+-                      system("depmod -a >/dev/null 2>&1 && modprobe ipsec");
++                      system("depmod -a >/dev/null 2>&1 && insmod ipsec");
+               }
+               if (stat(PROC_IPSECVERSION,&stb)==0) {
+                       _klips_module_loaded = 1;
+diff -urN openswan.old/programs/starter/netkey.c openswan.dev/programs/starter/netkey.c
+--- openswan.old/programs/starter/netkey.c     2006-10-08 20:43:21.000000000 +0200
++++ openswan.dev/programs/starter/netkey.c     2006-10-08 20:41:08.000000000 +0200
+@@ -75,7 +75,7 @@
+               if (stat(PROC_MODULES,&stb)==0) {
+                       unsetenv("MODPATH");
+                       unsetenv("MODULECONF");
+-                      system("depmod -a >/dev/null 2>&1 && modprobe xfrm4_tunnel esp4 ah4 af_key");
++                      system("depmod -a >/dev/null 2>&1 && insmod xfrm4_tunnel esp4 ah4 af_key");
+               }
+               if (stat(PROC_NETKEY,&stb)==0) {
+                       _netkey_module_loaded = 1;
+diff -urN openswan.old/programs/_startklips/_startklips.in openswan.dev/programs/_startklips/_startklips.in
+--- openswan.old/programs/_startklips/_startklips.in   2006-10-08 20:43:21.000000000 +0200
++++ openswan.dev/programs/_startklips/_startklips.in   2006-10-08 20:41:46.000000000 +0200
+@@ -242,7 +242,7 @@
+         fi
+         if test -f $moduleinstplace/$wantgoo
+         then
+-                echo "modprobe failed, but found matching template module $wantgoo."
++                echo "insmod failed, but found matching template module $wantgoo."
+                 echo "Copying $moduleinstplace/$wantgoo to $module."
+                 rm -f $module
+                 mkdir -p $moduleplace

 @@ -262,15 +262,15 @@
      echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
      exit
  fi
 -if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
 @@ -262,15 +262,15 @@
      echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
      exit
  fi
 -if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec

-+if test ! -f $ipsecversion && test ! -f $netkey && insmod ipsec
++if test ! -f $ipsecversion && test ! -f $netkey && insmod -q ipsec

  then
      # statically compiled KLIPS/NETKEY not found; try to load the module
 -    modprobe ipsec
  then
      # statically compiled KLIPS/NETKEY not found; try to load the module
 -    modprobe ipsec


@@ -152,7 +184,7 @@ diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in openswan-2.4.5rc
  fi
  
  if test -f $netkey
  fi
  
  if test -f $netkey

-@@ -278,21 +278,21 @@
+@@ -278,25 +278,25 @@

        klips=false
        if test -f $modules
        then
        klips=false
        if test -f $modules
        then


@@ -167,12 +199,16 @@ diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in openswan-2.4.5rc
 +              insmod -qv xfrm4_tunnel
                # xfrm_user contains netlink support for IPsec 
 -              modprobe -qv xfrm_user
 +              insmod -qv xfrm4_tunnel
                # xfrm_user contains netlink support for IPsec 
 -              modprobe -qv xfrm_user

--              modprobe -qv hw_random

 +              insmod -qv xfrm_user
 +              insmod -qv xfrm_user

-+              insmod -qv hw_random
-               # padlock must load before aes module
--              modprobe -qv padlock
-+              insmod -qv padlock
+               if [ -n "`cat /proc/cpuinfo |grep Nehemiah`" ]
+               then
+                       echo "VIA Nehemiah detected, probing for PadLock"
+-                      modprobe -qv hw_random
++                      insmod -qv hw_random
+                       # padlock must load before aes module
+-                      modprobe -qv padlock
++                      insmod -qv padlock
+               fi

                # load the most common ciphers/algo's
 -              modprobe -qv sha1
 -              modprobe -qv md5
                # load the most common ciphers/algo's
 -              modprobe -qv sha1
 -              modprobe -qv md5


@@ -185,7 +221,7 @@ diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in openswan-2.4.5rc
        fi
  fi
  
        fi
  fi
  

-@@ -308,10 +308,10 @@
+@@ -312,10 +312,16 @@

                fi
                  unset MODPATH MODULECONF        # no user overrides!
                  depmod -a >/dev/null 2>&1
                fi
                  unset MODPATH MODULECONF        # no user overrides!
                  depmod -a >/dev/null 2>&1


@@ -195,418 +231,13 @@ diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in openswan-2.4.5rc
 -              modprobe -qv padlock
 -                modprobe -v ipsec
 +              insmod -qv padlock
 -              modprobe -qv padlock
 -                modprobe -v ipsec
 +              insmod -qv padlock

-+                insmod -v ipsec
-         fi
-         if test ! -f $ipsecversion
-         then
-diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig
---- openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig 1970-01-01 01:00:00.000000000 +0100
-+++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig 2005-11-25 00:08:05.000000000 +0100
-@@ -0,0 +1,407 @@
-+#!/bin/sh
-+# KLIPS startup script
-+# Copyright (C) 1998, 1999, 2001, 2002  Henry Spencer.
-+# 
-+# This program is free software; you can redistribute it and/or modify it
-+# under the terms of the GNU General Public License as published by the
-+# Free Software Foundation; either version 2 of the License, or (at your
-+# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-+# 
-+# This program is distributed in the hope that it will be useful, but
-+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-+# for more details.
-+#
-+# RCSID $Id$
-+
-+me='ipsec _startklips'                # for messages
-+
-+# KLIPS-related paths
-+sysflags=/proc/sys/net/ipsec
-+modules=/proc/modules
-+# full rp_filter path is $rpfilter1/interface/$rpfilter2
-+rpfilter1=/proc/sys/net/ipv4/conf
-+rpfilter2=rp_filter
-+# %unchanged or setting (0, 1, or 2)
-+rpfiltercontrol=0
-+ipsecversion=/proc/net/ipsec_version
-+moduleplace=/lib/modules/`uname -r`/kernel/net/ipsec
-+bareversion=`uname -r | sed -e 's/\.nptl//' | sed -e 's/^\(2\.[0-9]\.[1-9][0-9]*-[1-9][0-9]*\(\.[0-9][0-9]*\)*\(\.x\)*\).*$/\1/'`
-+moduleinstplace=/lib/modules/$bareversion/kernel/net/ipsec
-+case $bareversion in
-+      2.6*)
-+              modulename=ipsec.ko
-+              ;;
-+      *)
-+              modulename=ipsec.o
-+              ;;
-+esac
-+
-+klips=true
-+netkey=/proc/net/pfkey
-+
-+info=/dev/null
-+log=daemon.error
-+for dummy
-+do
-+      case "$1" in
-+      --log)          log="$2" ; shift        ;;
-+      --info)         info="$2" ; shift       ;;
-+      --debug)        debug="$2" ; shift      ;;
-+      --omtu)         omtu="$2" ; shift       ;;
-+      --fragicmp)     fragicmp="$2" ; shift   ;;
-+      --hidetos)      hidetos="$2" ; shift    ;;
-+      --rpfilter)     rpfiltercontrol="$2" ; shift    ;;
-+      --)     shift ; break   ;;
-+      -*)     echo "$me: unknown option \`$1'" >&2 ; exit 2   ;;
-+      *)      break   ;;
-+      esac
-+      shift
-+done
-+
-+
-+
-+# some shell functions, to clarify the actual code
-+
-+# set up a system flag based on a variable
-+# sysflag value shortname default flagname
-+sysflag() {
-+      case "$1" in
-+      '')     v="$3"  ;;
-+      *)      v="$1"  ;;
-+      esac
-+      if test ! -f $sysflags/$4
-+      then
-+              if test " $v" != " $3"
-+              then
-+                      echo "cannot do $2=$v, $sysflags/$4 does not exist"
-+                      exit 1
-+              else
-+                      return  # can't set, but it's the default anyway
-+              fi
-+      fi
-+      case "$v" in
-+      yes|no) ;;
-+      *)      echo "unknown (not yes/no) $2 value \`$1'"
-+              exit 1
-+              ;;
-+      esac
-+      case "$v" in
-+      yes)    echo 1 >$sysflags/$4    ;;
-+      no)     echo 0 >$sysflags/$4    ;;
-+      esac
-+}
-+
-+# set up a Klips interface
-+klipsinterface() {
-+      # pull apart the interface spec
-+      virt=`expr $1 : '\([^=]*\)=.*'`
-+      phys=`expr $1 : '[^=]*=\(.*\)'`
-+      case "$virt" in
-+      ipsec[0-9])     ;;
-+      *)      echo "invalid interface \`$virt' in \`$1'" ; exit 1     ;;
-+      esac
-+
-+      # figure out ifconfig for interface
-+      addr=
-+      eval `ifconfig $phys |
-+              awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ {
-+                      gsub(/:/, " ", $0)
-+                      print "addr=" $3
-+                      other = $5
-+                      if ($4 == "Bcast")
-+                              print "type=broadcast"
-+                      else if ($4 == "P-t-P")
-+                              print "type=pointopoint"
-+                      else if (NF == 5) {
-+                              print "type="
-+                              other = ""
-+                      } else
-+                              print "type=unknown"
-+                      print "otheraddr=" other
-+                      print "mask=" $NF
-+              }'`
-+      if test " $addr" = " "
-+      then
-+              echo "unable to determine address of \`$phys'"
-+              exit 1
-+      fi
-+      if test " $type" = " unknown"
-+      then
-+              echo "\`$phys' is of an unknown type"
-+              exit 1
-+      fi
-+      if test " $omtu" != " "
-+      then
-+              mtu="mtu $omtu"
-+      else
-+              mtu=
-+      fi
-+      echo "KLIPS $virt on $phys $addr/$mask $type $otheraddr $mtu" | logonly
-+
-+      if $klips
-+      then
-+              # attach the interface and bring it up
-+              ipsec tncfg --attach --virtual $virt --physical $phys
-+              ifconfig $virt inet $addr $type $otheraddr netmask $mask $mtu
-+      fi
-+
-+      # if %defaultroute, note the facts
-+      if test " $2" != " "
-+      then
-+              (
-+                      echo "defaultroutephys=$phys"
-+                      echo "defaultroutevirt=$virt"
-+                      echo "defaultrouteaddr=$addr"
-+                      if test " $2" != " 0.0.0.0"
-+                      then
-+                              echo "defaultroutenexthop=$2"
-+                      fi
-+              ) >>$info
-+      else
-+              echo '#dr: no default route' >>$info
-+      fi
-+
-+      # check for rp_filter trouble
-+      checkif $phys                   # thought to be a problem only on phys
-+}
-+
-+# check an interface for problems
-+checkif() {
-+      $klips || return 0
-+      rpf=$rpfilter1/$1/$rpfilter2
-+      if test -f $rpf
-+      then
-+              r="`cat $rpf`"
-+              if test " $r" != " 0"
++                if [ -f insmod ]

 +              then
 +              then

-+                      case "$r-$rpfiltercontrol" in
-+                      0-%unchanged|0-0|1-1|2-2)
-+                              # happy state
-+                              ;;
-+                      *-%unchanged)
-+                              echo "WARNING: $1 has route filtering turned on; KLIPS may not work ($rpf is $r)"
-+                              ;;
-+                      [012]-[012])
-+                              echo "WARNING: changing route filtering on $1 (changing $rpf from $r to $rpfiltercontrol)"
-+                              echo "$rpfiltercontrol" >$rpf
-+                              ;;
-+                      [012]-*)
-+                              echo "ERROR: unknown rpfilter setting: $rpfiltercontrol"
-+                              ;;
-+                      *)
-+                              echo "ERROR: unknown $rpf value $r"
-+                              ;;
-+                      esac
-+              fi
-+      fi
-+}
-+
-+# interfaces=%defaultroute:  put ipsec0 on top of default route's interface
-+defaultinterface() {
-+      phys=`netstat -nr |
-+              awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'`
-+      if test " $phys" = " "
-+      then
-+              echo "no default route, %defaultroute cannot cope!!!"
-+              exit 1
-+      fi
-+      if test `echo " $phys" | wc -l` -gt 1
-+      then
-+              echo "multiple default routes, %defaultroute cannot cope!!!"
-+              exit 1
-+      fi
-+      next=`netstat -nr |
-+              awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'`
-+      klipsinterface "ipsec0=$phys" $next
-+}
-+
-+# log only to syslog, not to stdout/stderr
-+logonly() {
-+      logger -p $log -t ipsec_setup
-+}
-+
-+# sort out which module is appropriate, changing it if necessary
-+setmodule() {
-+      if [ -e /proc/kallsyms ]
-+      then
-+              kernelsymbols="/proc/kallsyms";
-+              echo "calcgoo: warning: 2.6 kernel with kallsyms not supported yet"
-+      else
-+              kernelsymbols="/proc/ksyms";
-+      fi      
-+        wantgoo="`ipsec calcgoo $kernelsymbols`"
-+        module=$moduleplace/$modulename
-+        if test -f $module
-+        then
-+                goo="`nm -ao $module | ipsec calcgoo`"
-+                if test " $wantgoo" = " $goo"
-+                then
-+                        return          # looks right
-+                fi
-+        fi
-+        if test -f $moduleinstplace/$wantgoo
-+        then
-+                echo "modprobe failed, but found matching template module $wantgoo."
-+                echo "Copying $moduleinstplace/$wantgoo to $module."
-+                rm -f $module
-+                mkdir -p $moduleplace
-+                cp -p $moduleinstplace/$wantgoo $module
-+                # "depmod -a" gets done by caller
-+        fi
-+}
-+
-+
-+
-+# main line
-+
-+# load module if possible
-+if test -f $ipsecversion && test -f $netkey
-+then
-+    # both KLIPS and NETKEY code detected, bail out
-+    echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
-+    exit
-+fi
-+if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
-+then
-+    # statically compiled KLIPS/NETKEY not found; try to load the module
-+    modprobe ipsec
-+fi
-+
-+if test ! -f $ipsecversion && test ! -f $netkey
-+then
-+      modprobe -v af_key
-+fi
-+
-+if test -f $netkey
-+then
-+      klips=false
-+      if test -f $modules
-+      then
-+              modprobe -qv ah4
-+              modprobe -qv esp4
-+              modprobe -qv ipcomp
-+              #  xfrm4_tunnel is needed by ipip and ipcomp
-+              modprobe -qv xfrm4_tunnel
-+              # xfrm_user contains netlink support for IPsec 
-+              modprobe -qv xfrm_user
-+              modprobe -qv hw_random
-+              # padlock must load before aes module
-+              modprobe -qv padlock
-+              # load the most common ciphers/algo's
-+              modprobe -qv sha1
-+              modprobe -qv md5
-+              modprobe -qv des
-+              modprobe -qv aes
-+      fi
-+fi
-+
-+if test ! -f $ipsecversion && $klips
-+then
-+        if test -r $modules             # kernel does have modules
-+        then
-+              if [ ! -e /proc/ksyms -a ! -e /proc/kallsyms ]
++                      insmod -v ipsec
++              elif [ -f insmod ]

 +              then
 +              then

-+                      echo "Broken 2.6 kernel without kallsyms, skipping calcgoo (Fedora rpm?)"
-+              else
-+                      setmodule
++                      insmod ipsec

 +              fi
 +              fi

-+                unset MODPATH MODULECONF        # no user overrides!
-+                depmod -a >/dev/null 2>&1
-+              modprobe -qv hw_random
-+              # padlock must load before aes module
-+              modprobe -qv padlock
-+                modprobe -v ipsec
-+        fi
-+        if test ! -f $ipsecversion
-+        then
-+                echo "kernel appears to lack IPsec support (neither CONFIG_KLIPS or CONFIG_NET_KEY are set)"
-+                exit 1
-+        fi
-+fi
-+
-+# figure out debugging flags
-+case "$debug" in
-+'')   debug=none      ;;
-+esac
-+if test -r /proc/net/ipsec_klipsdebug
-+then
-+      echo "KLIPS debug \`$debug'" | logonly
-+      case "$debug" in
-+      none)   ipsec klipsdebug --none ;;
-+      all)    ipsec klipsdebug --all  ;;
-+      *)      ipsec klipsdebug --none
-+              for d in $debug
-+              do
-+                      ipsec klipsdebug --set $d
-+              done
-+              ;;
-+      esac
-+elif $klips
-+then
-+      if test " $debug" != " none"
-+      then
-+              echo "klipsdebug=\`$debug' ignored, KLIPS lacks debug facilities"
-+      fi
-+fi
-+
-+# figure out misc. kernel config
-+if test -d $sysflags
-+then
-+      sysflag "$fragicmp" "fragicmp" yes icmp
-+      echo 1 >$sysflags/inbound_policy_check          # no debate
-+      sysflag no "no_eroute_pass" no no_eroute_pass   # obsolete parm
-+      sysflag no "opportunistic" no opportunistic     # obsolete parm
-+      sysflag "$hidetos" "hidetos" yes tos
-+elif $klips
-+then
-+      echo "WARNING: cannot adjust KLIPS flags, no $sysflags directory!"
-+      # carry on
-+fi
-+
-+if $klips
-+then
-+      # clear tables out in case dregs have been left over
-+      ipsec eroute --clear
-+      ipsec spi --clear
-+elif test $netkey
-+then
-+      if ip xfrm state > /dev/null 2>&1
-+      then
-+              ip xfrm state flush
-+              ip xfrm policy flush
-+      elif type setkey > /dev/null 2>&1
-+      then
-+              # Check that the setkey command is available.
-+              setkeycmd=       
-+              PATH=$PATH:/usr/local/sbin       
-+              for dir in `echo $PATH | tr ':' ' '`     
-+              do       
-+                      if test -f $dir/setkey -a -x $dir/setkey         
-+                      then
-+                              setkeycmd=$dir/setkey
-+                              break                   # NOTE BREAK OUT 
-+                      fi
-+              done
-+              $setkeycmd -F
-+              $setkeycmd -FP
-+      else
-+      
-+              echo "WARNING: cannot flush state/policy database -- \`$1'. Install a newer version of iproute/iproute2 or install the ipsec-tools package to obtain the setkey command." |
-+                      logger -s -p daemon.error -t ipsec_setup
-+      fi
-+fi
-+
-+# figure out interfaces
-+for i
-+do
-+      case "$i" in
-+      ipsec*=?*)      klipsinterface "$i"     ;;
-+      %defaultroute)  defaultinterface        ;;
-+      *)      echo "interface \`$i' not understood"
-+              exit 1
-+              ;;
-+      esac
-+done
-+
-+exit 0
+         fi
+         if test ! -f $ipsecversion
+         then