X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fopenwrt.git;a=blobdiff_plain;f=openwrt%2Fpackage%2Fopenswan%2Fpatches%2Fscripts.patch;h=ed8eba92cf1551632d4072eaeba8f4c734cd497d;hp=6d571ef3fd9205bec82487636020815d16d9c2a5;hb=07c15ab8630b7827188a55d968a59b585575f5f3;hpb=9b93a39c2c52142e7200f9aee8735d5a2b7793d5 diff --git a/openwrt/package/openswan/patches/scripts.patch b/openwrt/package/openswan/patches/scripts.patch index 6d571ef3fd..ed8eba92cf 100644 --- a/openwrt/package/openswan/patches/scripts.patch +++ b/openwrt/package/openswan/patches/scripts.patch @@ -1,15 +1,15 @@ -diff -Nur openswan-2.4.5rc5/programs/loggerfix openswan-2.4.5rc5.patched/programs/loggerfix ---- openswan-2.4.5rc5/programs/loggerfix 1970-01-01 01:00:00.000000000 +0100 -+++ openswan-2.4.5rc5.patched/programs/loggerfix 2006-03-29 01:20:44.000000000 +0200 +diff -urN openswan.old/programs/loggerfix openswan.dev/programs/loggerfix +--- openswan.old/programs/loggerfix 1970-01-01 01:00:00.000000000 +0100 ++++ openswan.dev/programs/loggerfix 2006-10-08 20:41:08.000000000 +0200 @@ -0,0 +1,5 @@ +#!/bin/sh +# use filename instead of /dev/null to log, but dont log to flash or ram +# pref. log to nfs mount +echo "$*" >> /dev/null +exit 0 -diff -Nur openswan-2.4.5rc5/programs/look/look.in openswan-2.4.5rc5.patched/programs/look/look.in ---- openswan-2.4.5rc5/programs/look/look.in 2005-08-18 16:10:09.000000000 +0200 -+++ openswan-2.4.5rc5.patched/programs/look/look.in 2006-03-29 01:20:44.000000000 +0200 +diff -urN openswan.old/programs/look/look.in openswan.dev/programs/look/look.in +--- openswan.old/programs/look/look.in 2006-10-08 20:43:21.000000000 +0200 ++++ openswan.dev/programs/look/look.in 2006-10-08 20:41:08.000000000 +0200 @@ -84,7 +84,7 @@ then pat="$pat|$defaultroutephys\$|$defaultroutevirt\$" @@ -19,9 +19,9 @@ diff -Nur openswan-2.4.5rc5/programs/look/look.in openswan-2.4.5rc5.patched/prog do pat="$pat|$i\$" done -diff -Nur openswan-2.4.5rc5/programs/_plutorun/_plutorun.in openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in ---- openswan-2.4.5rc5/programs/_plutorun/_plutorun.in 2006-01-06 00:45:00.000000000 +0100 -+++ openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in 2006-03-29 01:20:44.000000000 +0200 +diff -urN openswan.old/programs/_plutorun/_plutorun.in openswan.dev/programs/_plutorun/_plutorun.in +--- openswan.old/programs/_plutorun/_plutorun.in 2006-10-08 20:43:21.000000000 +0200 ++++ openswan.dev/programs/_plutorun/_plutorun.in 2006-10-08 20:41:08.000000000 +0200 @@ -147,7 +147,7 @@ exit 1 fi @@ -31,30 +31,21 @@ diff -Nur openswan-2.4.5rc5/programs/_plutorun/_plutorun.in openswan-2.4.5rc5.pa then echo Cannot write to directory to create \"$stderrlog\". exit 1 -diff -Nur openswan-2.4.5rc5/programs/_realsetup/_realsetup.in openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in ---- openswan-2.4.5rc5/programs/_realsetup/_realsetup.in 2005-07-28 02:23:48.000000000 +0200 -+++ openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in 2006-03-29 01:20:44.000000000 +0200 -@@ -235,7 +235,7 @@ +diff -urN openswan.old/programs/_realsetup/_realsetup.in openswan.dev/programs/_realsetup/_realsetup.in +--- openswan.old/programs/_realsetup/_realsetup.in 2006-10-08 20:43:21.000000000 +0200 ++++ openswan.dev/programs/_realsetup/_realsetup.in 2006-10-08 20:41:08.000000000 +0200 +@@ -232,7 +232,7 @@ # misc pre-Pluto setup - perform test -d `dirname $subsyslock` "&&" touch $subsyslock -+ perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock ++ perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock if test " $IPSECforwardcontrol" = " yes" then -@@ -347,7 +347,7 @@ - lsmod 2>&1 | grep "^xfrm_user" > /dev/null && rmmod -s xfrm_user - fi - -- perform test -d `dirname $subsyslock` "&&" rm -f $subsyslock -+ perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock - - perform rm -f $info $lock $plutopid - perform echo "...Openswan IPsec stopped" "|" $LOGONLY -diff -Nur openswan-2.4.5rc5/programs/send-pr/send-pr.in openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in ---- openswan-2.4.5rc5/programs/send-pr/send-pr.in 2005-04-18 01:04:46.000000000 +0200 -+++ openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in 2006-03-29 01:20:44.000000000 +0200 +diff -urN openswan.old/programs/send-pr/send-pr.in openswan.dev/programs/send-pr/send-pr.in +--- openswan.old/programs/send-pr/send-pr.in 2006-10-08 20:43:21.000000000 +0200 ++++ openswan.dev/programs/send-pr/send-pr.in 2006-10-08 20:41:08.000000000 +0200 @@ -402,7 +402,7 @@ else if [ "$fieldname" != "Category" ] @@ -91,10 +82,10 @@ diff -Nur openswan-2.4.5rc5/programs/send-pr/send-pr.in openswan-2.4.5rc5.patche echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL fi echo "${fmtname}${desc}" >> $file -diff -Nur openswan-2.4.5rc5/programs/setup/setup.in openswan-2.4.5rc5.patched/programs/setup/setup.in ---- openswan-2.4.5rc5/programs/setup/setup.in 2005-07-25 21:17:03.000000000 +0200 -+++ openswan-2.4.5rc5.patched/programs/setup/setup.in 2006-03-29 01:20:44.000000000 +0200 -@@ -117,12 +117,22 @@ +diff -urN openswan.old/programs/setup/setup.in openswan.dev/programs/setup/setup.in +--- openswan.old/programs/setup/setup.in 2006-10-08 20:43:21.000000000 +0200 ++++ openswan.dev/programs/setup/setup.in 2006-10-08 20:41:08.000000000 +0200 +@@ -117,12 +117,21 @@ # do it case "$1" in start|--start|stop|--stop|_autostop|_autostart) @@ -105,7 +96,6 @@ diff -Nur openswan-2.4.5rc5/programs/setup/setup.in openswan-2.4.5rc5.patched/pr logger -s -p $IPSECsyslog -t ipsec_setup 2>&1 exit 1 fi -+ + # make sure all required directories exist + if [ ! -d /var/run/pluto ] + then @@ -118,9 +108,9 @@ diff -Nur openswan-2.4.5rc5/programs/setup/setup.in openswan-2.4.5rc5.patched/pr tmp=/var/run/pluto/ipsec_setup.st outtmp=/var/run/pluto/ipsec_setup.out ( -diff -Nur openswan-2.4.5rc5/programs/showhostkey/showhostkey.in openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in ---- openswan-2.4.5rc5/programs/showhostkey/showhostkey.in 2004-11-14 14:40:41.000000000 +0100 -+++ openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in 2006-03-29 01:20:44.000000000 +0200 +diff -urN openswan.old/programs/showhostkey/showhostkey.in openswan.dev/programs/showhostkey/showhostkey.in +--- openswan.old/programs/showhostkey/showhostkey.in 2006-10-08 20:43:21.000000000 +0200 ++++ openswan.dev/programs/showhostkey/showhostkey.in 2006-10-08 20:41:08.000000000 +0200 @@ -63,7 +63,7 @@ exit 1 fi @@ -130,15 +120,57 @@ diff -Nur openswan-2.4.5rc5/programs/showhostkey/showhostkey.in openswan-2.4.5rc awk ' BEGIN { inkey = 0 -diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in ---- openswan-2.4.5rc5/programs/_startklips/_startklips.in 2005-11-25 00:08:05.000000000 +0100 -+++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in 2006-03-29 01:23:54.000000000 +0200 +@@ -81,7 +81,7 @@ + os = "[ \t]*" + x = "[^ \t]+" + oc = "(#.*)?" +- suffix = ":" os "[rR][sS][aA]" os "{" os oc "$" ++ suffix = ":" os "[rR][sS][aA]" os "\0173" os oc "$" + if (id == "") { + pat = "^" suffix + printid = "default" +diff -urN openswan.old/programs/starter/klips.c openswan.dev/programs/starter/klips.c +--- openswan.old/programs/starter/klips.c 2006-10-08 20:43:21.000000000 +0200 ++++ openswan.dev/programs/starter/klips.c 2006-10-08 20:41:08.000000000 +0200 +@@ -83,7 +83,7 @@ + if (stat(PROC_MODULES,&stb)==0) { + unsetenv("MODPATH"); + unsetenv("MODULECONF"); +- system("depmod -a >/dev/null 2>&1 && modprobe ipsec"); ++ system("depmod -a >/dev/null 2>&1 && insmod ipsec"); + } + if (stat(PROC_IPSECVERSION,&stb)==0) { + _klips_module_loaded = 1; +diff -urN openswan.old/programs/starter/netkey.c openswan.dev/programs/starter/netkey.c +--- openswan.old/programs/starter/netkey.c 2006-10-08 20:43:21.000000000 +0200 ++++ openswan.dev/programs/starter/netkey.c 2006-10-08 20:41:08.000000000 +0200 +@@ -75,7 +75,7 @@ + if (stat(PROC_MODULES,&stb)==0) { + unsetenv("MODPATH"); + unsetenv("MODULECONF"); +- system("depmod -a >/dev/null 2>&1 && modprobe xfrm4_tunnel esp4 ah4 af_key"); ++ system("depmod -a >/dev/null 2>&1 && insmod xfrm4_tunnel esp4 ah4 af_key"); + } + if (stat(PROC_NETKEY,&stb)==0) { + _netkey_module_loaded = 1; +diff -urN openswan.old/programs/_startklips/_startklips.in openswan.dev/programs/_startklips/_startklips.in +--- openswan.old/programs/_startklips/_startklips.in 2006-10-08 20:43:21.000000000 +0200 ++++ openswan.dev/programs/_startklips/_startklips.in 2006-10-08 20:41:46.000000000 +0200 +@@ -242,7 +242,7 @@ + fi + if test -f $moduleinstplace/$wantgoo + then +- echo "modprobe failed, but found matching template module $wantgoo." ++ echo "insmod failed, but found matching template module $wantgoo." + echo "Copying $moduleinstplace/$wantgoo to $module." + rm -f $module + mkdir -p $moduleplace @@ -262,15 +262,15 @@ echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel" exit fi -if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec -+if test ! -f $ipsecversion && test ! -f $netkey && insmod ipsec ++if test ! -f $ipsecversion && test ! -f $netkey && insmod -q ipsec then # statically compiled KLIPS/NETKEY not found; try to load the module - modprobe ipsec @@ -152,7 +184,7 @@ diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in openswan-2.4.5rc fi if test -f $netkey -@@ -278,21 +278,21 @@ +@@ -278,25 +278,25 @@ klips=false if test -f $modules then @@ -167,12 +199,16 @@ diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in openswan-2.4.5rc + insmod -qv xfrm4_tunnel # xfrm_user contains netlink support for IPsec - modprobe -qv xfrm_user -- modprobe -qv hw_random + insmod -qv xfrm_user -+ insmod -qv hw_random - # padlock must load before aes module -- modprobe -qv padlock -+ insmod -qv padlock + if [ -n "`cat /proc/cpuinfo |grep Nehemiah`" ] + then + echo "VIA Nehemiah detected, probing for PadLock" +- modprobe -qv hw_random ++ insmod -qv hw_random + # padlock must load before aes module +- modprobe -qv padlock ++ insmod -qv padlock + fi # load the most common ciphers/algo's - modprobe -qv sha1 - modprobe -qv md5 @@ -185,7 +221,7 @@ diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in openswan-2.4.5rc fi fi -@@ -308,10 +308,10 @@ +@@ -312,10 +312,16 @@ fi unset MODPATH MODULECONF # no user overrides! depmod -a >/dev/null 2>&1 @@ -195,418 +231,13 @@ diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in openswan-2.4.5rc - modprobe -qv padlock - modprobe -v ipsec + insmod -qv padlock -+ insmod -v ipsec - fi - if test ! -f $ipsecversion - then -diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig ---- openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig 1970-01-01 01:00:00.000000000 +0100 -+++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig 2005-11-25 00:08:05.000000000 +0100 -@@ -0,0 +1,407 @@ -+#!/bin/sh -+# KLIPS startup script -+# Copyright (C) 1998, 1999, 2001, 2002 Henry Spencer. -+# -+# This program is free software; you can redistribute it and/or modify it -+# under the terms of the GNU General Public License as published by the -+# Free Software Foundation; either version 2 of the License, or (at your -+# option) any later version. See . -+# -+# This program is distributed in the hope that it will be useful, but -+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+# for more details. -+# -+# RCSID $Id$ -+ -+me='ipsec _startklips' # for messages -+ -+# KLIPS-related paths -+sysflags=/proc/sys/net/ipsec -+modules=/proc/modules -+# full rp_filter path is $rpfilter1/interface/$rpfilter2 -+rpfilter1=/proc/sys/net/ipv4/conf -+rpfilter2=rp_filter -+# %unchanged or setting (0, 1, or 2) -+rpfiltercontrol=0 -+ipsecversion=/proc/net/ipsec_version -+moduleplace=/lib/modules/`uname -r`/kernel/net/ipsec -+bareversion=`uname -r | sed -e 's/\.nptl//' | sed -e 's/^\(2\.[0-9]\.[1-9][0-9]*-[1-9][0-9]*\(\.[0-9][0-9]*\)*\(\.x\)*\).*$/\1/'` -+moduleinstplace=/lib/modules/$bareversion/kernel/net/ipsec -+case $bareversion in -+ 2.6*) -+ modulename=ipsec.ko -+ ;; -+ *) -+ modulename=ipsec.o -+ ;; -+esac -+ -+klips=true -+netkey=/proc/net/pfkey -+ -+info=/dev/null -+log=daemon.error -+for dummy -+do -+ case "$1" in -+ --log) log="$2" ; shift ;; -+ --info) info="$2" ; shift ;; -+ --debug) debug="$2" ; shift ;; -+ --omtu) omtu="$2" ; shift ;; -+ --fragicmp) fragicmp="$2" ; shift ;; -+ --hidetos) hidetos="$2" ; shift ;; -+ --rpfilter) rpfiltercontrol="$2" ; shift ;; -+ --) shift ; break ;; -+ -*) echo "$me: unknown option \`$1'" >&2 ; exit 2 ;; -+ *) break ;; -+ esac -+ shift -+done -+ -+ -+ -+# some shell functions, to clarify the actual code -+ -+# set up a system flag based on a variable -+# sysflag value shortname default flagname -+sysflag() { -+ case "$1" in -+ '') v="$3" ;; -+ *) v="$1" ;; -+ esac -+ if test ! -f $sysflags/$4 -+ then -+ if test " $v" != " $3" -+ then -+ echo "cannot do $2=$v, $sysflags/$4 does not exist" -+ exit 1 -+ else -+ return # can't set, but it's the default anyway -+ fi -+ fi -+ case "$v" in -+ yes|no) ;; -+ *) echo "unknown (not yes/no) $2 value \`$1'" -+ exit 1 -+ ;; -+ esac -+ case "$v" in -+ yes) echo 1 >$sysflags/$4 ;; -+ no) echo 0 >$sysflags/$4 ;; -+ esac -+} -+ -+# set up a Klips interface -+klipsinterface() { -+ # pull apart the interface spec -+ virt=`expr $1 : '\([^=]*\)=.*'` -+ phys=`expr $1 : '[^=]*=\(.*\)'` -+ case "$virt" in -+ ipsec[0-9]) ;; -+ *) echo "invalid interface \`$virt' in \`$1'" ; exit 1 ;; -+ esac -+ -+ # figure out ifconfig for interface -+ addr= -+ eval `ifconfig $phys | -+ awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ { -+ gsub(/:/, " ", $0) -+ print "addr=" $3 -+ other = $5 -+ if ($4 == "Bcast") -+ print "type=broadcast" -+ else if ($4 == "P-t-P") -+ print "type=pointopoint" -+ else if (NF == 5) { -+ print "type=" -+ other = "" -+ } else -+ print "type=unknown" -+ print "otheraddr=" other -+ print "mask=" $NF -+ }'` -+ if test " $addr" = " " -+ then -+ echo "unable to determine address of \`$phys'" -+ exit 1 -+ fi -+ if test " $type" = " unknown" -+ then -+ echo "\`$phys' is of an unknown type" -+ exit 1 -+ fi -+ if test " $omtu" != " " -+ then -+ mtu="mtu $omtu" -+ else -+ mtu= -+ fi -+ echo "KLIPS $virt on $phys $addr/$mask $type $otheraddr $mtu" | logonly -+ -+ if $klips -+ then -+ # attach the interface and bring it up -+ ipsec tncfg --attach --virtual $virt --physical $phys -+ ifconfig $virt inet $addr $type $otheraddr netmask $mask $mtu -+ fi -+ -+ # if %defaultroute, note the facts -+ if test " $2" != " " -+ then -+ ( -+ echo "defaultroutephys=$phys" -+ echo "defaultroutevirt=$virt" -+ echo "defaultrouteaddr=$addr" -+ if test " $2" != " 0.0.0.0" -+ then -+ echo "defaultroutenexthop=$2" -+ fi -+ ) >>$info -+ else -+ echo '#dr: no default route' >>$info -+ fi -+ -+ # check for rp_filter trouble -+ checkif $phys # thought to be a problem only on phys -+} -+ -+# check an interface for problems -+checkif() { -+ $klips || return 0 -+ rpf=$rpfilter1/$1/$rpfilter2 -+ if test -f $rpf -+ then -+ r="`cat $rpf`" -+ if test " $r" != " 0" ++ if [ -f insmod ] + then -+ case "$r-$rpfiltercontrol" in -+ 0-%unchanged|0-0|1-1|2-2) -+ # happy state -+ ;; -+ *-%unchanged) -+ echo "WARNING: $1 has route filtering turned on; KLIPS may not work ($rpf is $r)" -+ ;; -+ [012]-[012]) -+ echo "WARNING: changing route filtering on $1 (changing $rpf from $r to $rpfiltercontrol)" -+ echo "$rpfiltercontrol" >$rpf -+ ;; -+ [012]-*) -+ echo "ERROR: unknown rpfilter setting: $rpfiltercontrol" -+ ;; -+ *) -+ echo "ERROR: unknown $rpf value $r" -+ ;; -+ esac -+ fi -+ fi -+} -+ -+# interfaces=%defaultroute: put ipsec0 on top of default route's interface -+defaultinterface() { -+ phys=`netstat -nr | -+ awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'` -+ if test " $phys" = " " -+ then -+ echo "no default route, %defaultroute cannot cope!!!" -+ exit 1 -+ fi -+ if test `echo " $phys" | wc -l` -gt 1 -+ then -+ echo "multiple default routes, %defaultroute cannot cope!!!" -+ exit 1 -+ fi -+ next=`netstat -nr | -+ awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'` -+ klipsinterface "ipsec0=$phys" $next -+} -+ -+# log only to syslog, not to stdout/stderr -+logonly() { -+ logger -p $log -t ipsec_setup -+} -+ -+# sort out which module is appropriate, changing it if necessary -+setmodule() { -+ if [ -e /proc/kallsyms ] -+ then -+ kernelsymbols="/proc/kallsyms"; -+ echo "calcgoo: warning: 2.6 kernel with kallsyms not supported yet" -+ else -+ kernelsymbols="/proc/ksyms"; -+ fi -+ wantgoo="`ipsec calcgoo $kernelsymbols`" -+ module=$moduleplace/$modulename -+ if test -f $module -+ then -+ goo="`nm -ao $module | ipsec calcgoo`" -+ if test " $wantgoo" = " $goo" -+ then -+ return # looks right -+ fi -+ fi -+ if test -f $moduleinstplace/$wantgoo -+ then -+ echo "modprobe failed, but found matching template module $wantgoo." -+ echo "Copying $moduleinstplace/$wantgoo to $module." -+ rm -f $module -+ mkdir -p $moduleplace -+ cp -p $moduleinstplace/$wantgoo $module -+ # "depmod -a" gets done by caller -+ fi -+} -+ -+ -+ -+# main line -+ -+# load module if possible -+if test -f $ipsecversion && test -f $netkey -+then -+ # both KLIPS and NETKEY code detected, bail out -+ echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel" -+ exit -+fi -+if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec -+then -+ # statically compiled KLIPS/NETKEY not found; try to load the module -+ modprobe ipsec -+fi -+ -+if test ! -f $ipsecversion && test ! -f $netkey -+then -+ modprobe -v af_key -+fi -+ -+if test -f $netkey -+then -+ klips=false -+ if test -f $modules -+ then -+ modprobe -qv ah4 -+ modprobe -qv esp4 -+ modprobe -qv ipcomp -+ # xfrm4_tunnel is needed by ipip and ipcomp -+ modprobe -qv xfrm4_tunnel -+ # xfrm_user contains netlink support for IPsec -+ modprobe -qv xfrm_user -+ modprobe -qv hw_random -+ # padlock must load before aes module -+ modprobe -qv padlock -+ # load the most common ciphers/algo's -+ modprobe -qv sha1 -+ modprobe -qv md5 -+ modprobe -qv des -+ modprobe -qv aes -+ fi -+fi -+ -+if test ! -f $ipsecversion && $klips -+then -+ if test -r $modules # kernel does have modules -+ then -+ if [ ! -e /proc/ksyms -a ! -e /proc/kallsyms ] ++ insmod -v ipsec ++ elif [ -f insmod ] + then -+ echo "Broken 2.6 kernel without kallsyms, skipping calcgoo (Fedora rpm?)" -+ else -+ setmodule ++ insmod ipsec + fi -+ unset MODPATH MODULECONF # no user overrides! -+ depmod -a >/dev/null 2>&1 -+ modprobe -qv hw_random -+ # padlock must load before aes module -+ modprobe -qv padlock -+ modprobe -v ipsec -+ fi -+ if test ! -f $ipsecversion -+ then -+ echo "kernel appears to lack IPsec support (neither CONFIG_KLIPS or CONFIG_NET_KEY are set)" -+ exit 1 -+ fi -+fi -+ -+# figure out debugging flags -+case "$debug" in -+'') debug=none ;; -+esac -+if test -r /proc/net/ipsec_klipsdebug -+then -+ echo "KLIPS debug \`$debug'" | logonly -+ case "$debug" in -+ none) ipsec klipsdebug --none ;; -+ all) ipsec klipsdebug --all ;; -+ *) ipsec klipsdebug --none -+ for d in $debug -+ do -+ ipsec klipsdebug --set $d -+ done -+ ;; -+ esac -+elif $klips -+then -+ if test " $debug" != " none" -+ then -+ echo "klipsdebug=\`$debug' ignored, KLIPS lacks debug facilities" -+ fi -+fi -+ -+# figure out misc. kernel config -+if test -d $sysflags -+then -+ sysflag "$fragicmp" "fragicmp" yes icmp -+ echo 1 >$sysflags/inbound_policy_check # no debate -+ sysflag no "no_eroute_pass" no no_eroute_pass # obsolete parm -+ sysflag no "opportunistic" no opportunistic # obsolete parm -+ sysflag "$hidetos" "hidetos" yes tos -+elif $klips -+then -+ echo "WARNING: cannot adjust KLIPS flags, no $sysflags directory!" -+ # carry on -+fi -+ -+if $klips -+then -+ # clear tables out in case dregs have been left over -+ ipsec eroute --clear -+ ipsec spi --clear -+elif test $netkey -+then -+ if ip xfrm state > /dev/null 2>&1 -+ then -+ ip xfrm state flush -+ ip xfrm policy flush -+ elif type setkey > /dev/null 2>&1 -+ then -+ # Check that the setkey command is available. -+ setkeycmd= -+ PATH=$PATH:/usr/local/sbin -+ for dir in `echo $PATH | tr ':' ' '` -+ do -+ if test -f $dir/setkey -a -x $dir/setkey -+ then -+ setkeycmd=$dir/setkey -+ break # NOTE BREAK OUT -+ fi -+ done -+ $setkeycmd -F -+ $setkeycmd -FP -+ else -+ -+ echo "WARNING: cannot flush state/policy database -- \`$1'. Install a newer version of iproute/iproute2 or install the ipsec-tools package to obtain the setkey command." | -+ logger -s -p daemon.error -t ipsec_setup -+ fi -+fi -+ -+# figure out interfaces -+for i -+do -+ case "$i" in -+ ipsec*=?*) klipsinterface "$i" ;; -+ %defaultroute) defaultinterface ;; -+ *) echo "interface \`$i' not understood" -+ exit 1 -+ ;; -+ esac -+done -+ -+exit 0 + fi + if test ! -f $ipsecversion + then