update openswan to 2.4.5rc5 and fix compile issues
authorWaldemar Brodkorb <mail@waldemar-brodkorb.de>
Tue, 28 Mar 2006 23:33:28 +0000 (23:33 +0000)
committerWaldemar Brodkorb <mail@waldemar-brodkorb.de>
Tue, 28 Mar 2006 23:33:28 +0000 (23:33 +0000)
SVN-Revision: 3535

openwrt/package/openswan/Makefile
openwrt/package/openswan/patches/scripts.patch
openwrt/target/linux/package/openswan/Makefile
openwrt/target/linux/package/openswan/patches/100-fix-oops-on-24.patch [new file with mode: 0644]
openwrt/target/linux/package/openswan/patches/101-arp_header.patch [new file with mode: 0644]
openwrt/target/linux/package/openswan/patches/fix-compile-2.4.14-changes.patch [deleted file]
openwrt/target/linux/package/openswan/patches/fix-oops-on-24.patch [deleted file]

index 2cfdc21..69787c0 100644 (file)
@@ -3,9 +3,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openswan
-PKG_VERSION:=2.4.4
+PKG_VERSION:=2.4.5rc5
 PKG_RELEASE:=1
-PKG_MD5SUM:=bd1a46c64727674149de61da2a32ca63
+PKG_MD5SUM:=c2547f70b2d7c33deafb2b230305cef5
 
 PKG_SOURCE_URL:=http://www.openswan.org/download
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
index 5925f07..c472294 100644 (file)
@@ -1,15 +1,15 @@
-diff -Nur openswan-2.4.0.orig/programs/loggerfix openswan-2.4.0/programs/loggerfix
---- openswan-2.4.0.orig/programs/loggerfix     1970-01-01 01:00:00.000000000 +0100
-+++ openswan-2.4.0/programs/loggerfix  2005-09-29 13:44:43.325458750 +0200
+diff -Nur openswan-2.4.5rc5/programs/loggerfix openswan-2.4.5rc5.patched/programs/loggerfix
+--- openswan-2.4.5rc5/programs/loggerfix       1970-01-01 01:00:00.000000000 +0100
++++ openswan-2.4.5rc5.patched/programs/loggerfix       2006-03-29 01:20:44.000000000 +0200
 @@ -0,0 +1,5 @@
 +#!/bin/sh
 +# use filename instead of /dev/null to log, but dont log to flash or ram
 +# pref. log to nfs mount
 +echo "$*" >> /dev/null
 +exit 0
-diff -Nur openswan-2.4.0.orig/programs/look/look.in openswan-2.4.0/programs/look/look.in
---- openswan-2.4.0.orig/programs/look/look.in  2005-08-18 16:10:09.000000000 +0200
-+++ openswan-2.4.0/programs/look/look.in       2005-09-29 13:44:49.537847000 +0200
+diff -Nur openswan-2.4.5rc5/programs/look/look.in openswan-2.4.5rc5.patched/programs/look/look.in
+--- openswan-2.4.5rc5/programs/look/look.in    2005-08-18 16:10:09.000000000 +0200
++++ openswan-2.4.5rc5.patched/programs/look/look.in    2006-03-29 01:20:44.000000000 +0200
 @@ -84,7 +84,7 @@
  then
        pat="$pat|$defaultroutephys\$|$defaultroutevirt\$"
@@ -19,9 +19,9 @@ diff -Nur openswan-2.4.0.orig/programs/look/look.in openswan-2.4.0/programs/look
        do
                pat="$pat|$i\$"
        done
-diff -Nur openswan-2.4.0.orig/programs/manual/manual.in openswan-2.4.0/programs/manual/manual.in
---- openswan-2.4.0.orig/programs/manual/manual.in      2005-04-18 00:57:12.000000000 +0200
-+++ openswan-2.4.0/programs/manual/manual.in   2005-09-29 13:44:52.446028750 +0200
+diff -Nur openswan-2.4.5rc5/programs/manual/manual.in openswan-2.4.5rc5.patched/programs/manual/manual.in
+--- openswan-2.4.5rc5/programs/manual/manual.in        2005-11-18 06:18:33.000000000 +0100
++++ openswan-2.4.5rc5.patched/programs/manual/manual.in        2006-03-29 01:20:44.000000000 +0200
 @@ -104,7 +104,7 @@
                                sub(/:/, " ", $0)
                                if (interf != "")
@@ -31,9 +31,9 @@ diff -Nur openswan-2.4.0.orig/programs/manual/manual.in openswan-2.4.0/programs/
        ;;
  esac
  
-diff -Nur openswan-2.4.0.orig/programs/_plutorun/_plutorun.in openswan-2.4.0/programs/_plutorun/_plutorun.in
---- openswan-2.4.0.orig/programs/_plutorun/_plutorun.in        2005-04-21 23:57:16.000000000 +0200
-+++ openswan-2.4.0/programs/_plutorun/_plutorun.in     2005-09-29 13:44:53.442091000 +0200
+diff -Nur openswan-2.4.5rc5/programs/_plutorun/_plutorun.in openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in
+--- openswan-2.4.5rc5/programs/_plutorun/_plutorun.in  2006-01-06 00:45:00.000000000 +0100
++++ openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in  2006-03-29 01:20:44.000000000 +0200
 @@ -147,7 +147,7 @@
                        exit 1
                fi
@@ -43,9 +43,9 @@ diff -Nur openswan-2.4.0.orig/programs/_plutorun/_plutorun.in openswan-2.4.0/pro
                then
                        echo Cannot write to directory to create \"$stderrlog\".
                        exit 1
-diff -Nur openswan-2.4.0.orig/programs/_realsetup/_realsetup.in openswan-2.4.0/programs/_realsetup/_realsetup.in
---- openswan-2.4.0.orig/programs/_realsetup/_realsetup.in      2005-07-28 02:23:48.000000000 +0200
-+++ openswan-2.4.0/programs/_realsetup/_realsetup.in   2005-09-29 13:44:53.442091000 +0200
+diff -Nur openswan-2.4.5rc5/programs/_realsetup/_realsetup.in openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in
+--- openswan-2.4.5rc5/programs/_realsetup/_realsetup.in        2005-07-28 02:23:48.000000000 +0200
++++ openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in        2006-03-29 01:20:44.000000000 +0200
 @@ -235,7 +235,7 @@
  
        # misc pre-Pluto setup
@@ -64,9 +64,9 @@ diff -Nur openswan-2.4.0.orig/programs/_realsetup/_realsetup.in openswan-2.4.0/p
  
        perform rm -f $info $lock $plutopid
        perform echo "...Openswan IPsec stopped" "|" $LOGONLY
-diff -Nur openswan-2.4.0.orig/programs/send-pr/send-pr.in openswan-2.4.0/programs/send-pr/send-pr.in
---- openswan-2.4.0.orig/programs/send-pr/send-pr.in    2005-04-18 01:04:46.000000000 +0200
-+++ openswan-2.4.0/programs/send-pr/send-pr.in 2005-09-29 13:44:53.442091000 +0200
+diff -Nur openswan-2.4.5rc5/programs/send-pr/send-pr.in openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in
+--- openswan-2.4.5rc5/programs/send-pr/send-pr.in      2005-04-18 01:04:46.000000000 +0200
++++ openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in      2006-03-29 01:20:44.000000000 +0200
 @@ -402,7 +402,7 @@
                    else
                        if [ "$fieldname" != "Category" ]
@@ -103,9 +103,9 @@ diff -Nur openswan-2.4.0.orig/programs/send-pr/send-pr.in openswan-2.4.0/program
                        echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
                    fi
                    echo "${fmtname}${desc}" >> $file
-diff -Nur openswan-2.4.0.orig/programs/setup/setup.in openswan-2.4.0/programs/setup/setup.in
---- openswan-2.4.0.orig/programs/setup/setup.in        2005-07-25 21:17:03.000000000 +0200
-+++ openswan-2.4.0/programs/setup/setup.in     2005-09-29 13:44:52.446028750 +0200
+diff -Nur openswan-2.4.5rc5/programs/setup/setup.in openswan-2.4.5rc5.patched/programs/setup/setup.in
+--- openswan-2.4.5rc5/programs/setup/setup.in  2005-07-25 21:17:03.000000000 +0200
++++ openswan-2.4.5rc5.patched/programs/setup/setup.in  2006-03-29 01:20:44.000000000 +0200
 @@ -117,12 +117,22 @@
  # do it
  case "$1" in
@@ -130,9 +130,9 @@ diff -Nur openswan-2.4.0.orig/programs/setup/setup.in openswan-2.4.0/programs/se
        tmp=/var/run/pluto/ipsec_setup.st
        outtmp=/var/run/pluto/ipsec_setup.out
        (
-diff -Nur openswan-2.4.0.orig/programs/showhostkey/showhostkey.in openswan-2.4.0/programs/showhostkey/showhostkey.in
---- openswan-2.4.0.orig/programs/showhostkey/showhostkey.in    2004-11-14 14:40:41.000000000 +0100
-+++ openswan-2.4.0/programs/showhostkey/showhostkey.in 2005-09-29 13:44:52.446028750 +0200
+diff -Nur openswan-2.4.5rc5/programs/showhostkey/showhostkey.in openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in
+--- openswan-2.4.5rc5/programs/showhostkey/showhostkey.in      2004-11-14 14:40:41.000000000 +0100
++++ openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in      2006-03-29 01:20:44.000000000 +0200
 @@ -63,7 +63,7 @@
        exit 1
  fi
@@ -142,9 +142,9 @@ diff -Nur openswan-2.4.0.orig/programs/showhostkey/showhostkey.in openswan-2.4.0
  
  awk ' BEGIN {
                inkey = 0
-diff -Nur openswan-2.4.0.orig/programs/_startklips/_startklips.in openswan-2.4.0/programs/_startklips/_startklips.in
---- openswan-2.4.0.orig/programs/_startklips/_startklips.in    2005-03-31 23:07:27.000000000 +0200
-+++ openswan-2.4.0/programs/_startklips/_startklips.in 2005-09-29 13:44:53.442091000 +0200
+diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in
+--- openswan-2.4.5rc5/programs/_startklips/_startklips.in      2005-11-25 00:08:05.000000000 +0100
++++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in      2006-03-29 01:23:54.000000000 +0200
 @@ -262,15 +262,15 @@
      echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
      exit
@@ -164,7 +164,7 @@ diff -Nur openswan-2.4.0.orig/programs/_startklips/_startklips.in openswan-2.4.0
  fi
  
  if test -f $netkey
-@@ -278,18 +278,18 @@
+@@ -278,21 +278,21 @@
        klips=false
        if test -f $modules
        then
@@ -179,7 +179,12 @@ diff -Nur openswan-2.4.0.orig/programs/_startklips/_startklips.in openswan-2.4.0
 +              insmod -qv xfrm4_tunnel
                # xfrm_user contains netlink support for IPsec 
 -              modprobe -qv xfrm_user
+-              modprobe -qv hw_random
 +              insmod -qv xfrm_user
++              insmod -qv hw_random
+               # padlock must load before aes module
+-              modprobe -qv padlock
++              insmod -qv padlock
                # load the most common ciphers/algo's
 -              modprobe -qv sha1
 -              modprobe -qv md5
@@ -192,17 +197,428 @@ diff -Nur openswan-2.4.0.orig/programs/_startklips/_startklips.in openswan-2.4.0
        fi
  fi
  
-@@ -305,7 +305,12 @@
+@@ -308,10 +308,10 @@
                fi
                  unset MODPATH MODULECONF        # no user overrides!
                  depmod -a >/dev/null 2>&1
+-              modprobe -qv hw_random
++              insmod -qv hw_random
+               # padlock must load before aes module
+-              modprobe -qv padlock
 -                modprobe -v ipsec
-+                if [ -f modprobe ]
-+                                                                      then modprobe -v ipsec
-+                                                              elif [ -f insmod ]
-+                                                                      then insmod ipsec
-+                                                              fi
-+                                                                      
++              insmod -qv padlock
++                insmod -v ipsec
          fi
          if test ! -f $ipsecversion
          then
+diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig
+--- openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig 1970-01-01 01:00:00.000000000 +0100
++++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig 2005-11-25 00:08:05.000000000 +0100
+@@ -0,0 +1,407 @@
++#!/bin/sh
++# KLIPS startup script
++# Copyright (C) 1998, 1999, 2001, 2002  Henry Spencer.
++# 
++# This program is free software; you can redistribute it and/or modify it
++# under the terms of the GNU General Public License as published by the
++# Free Software Foundation; either version 2 of the License, or (at your
++# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
++# 
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
++# for more details.
++#
++# RCSID $Id$
++
++me='ipsec _startklips'                # for messages
++
++# KLIPS-related paths
++sysflags=/proc/sys/net/ipsec
++modules=/proc/modules
++# full rp_filter path is $rpfilter1/interface/$rpfilter2
++rpfilter1=/proc/sys/net/ipv4/conf
++rpfilter2=rp_filter
++# %unchanged or setting (0, 1, or 2)
++rpfiltercontrol=0
++ipsecversion=/proc/net/ipsec_version
++moduleplace=/lib/modules/`uname -r`/kernel/net/ipsec
++bareversion=`uname -r | sed -e 's/\.nptl//' | sed -e 's/^\(2\.[0-9]\.[1-9][0-9]*-[1-9][0-9]*\(\.[0-9][0-9]*\)*\(\.x\)*\).*$/\1/'`
++moduleinstplace=/lib/modules/$bareversion/kernel/net/ipsec
++case $bareversion in
++      2.6*)
++              modulename=ipsec.ko
++              ;;
++      *)
++              modulename=ipsec.o
++              ;;
++esac
++
++klips=true
++netkey=/proc/net/pfkey
++
++info=/dev/null
++log=daemon.error
++for dummy
++do
++      case "$1" in
++      --log)          log="$2" ; shift        ;;
++      --info)         info="$2" ; shift       ;;
++      --debug)        debug="$2" ; shift      ;;
++      --omtu)         omtu="$2" ; shift       ;;
++      --fragicmp)     fragicmp="$2" ; shift   ;;
++      --hidetos)      hidetos="$2" ; shift    ;;
++      --rpfilter)     rpfiltercontrol="$2" ; shift    ;;
++      --)     shift ; break   ;;
++      -*)     echo "$me: unknown option \`$1'" >&2 ; exit 2   ;;
++      *)      break   ;;
++      esac
++      shift
++done
++
++
++
++# some shell functions, to clarify the actual code
++
++# set up a system flag based on a variable
++# sysflag value shortname default flagname
++sysflag() {
++      case "$1" in
++      '')     v="$3"  ;;
++      *)      v="$1"  ;;
++      esac
++      if test ! -f $sysflags/$4
++      then
++              if test " $v" != " $3"
++              then
++                      echo "cannot do $2=$v, $sysflags/$4 does not exist"
++                      exit 1
++              else
++                      return  # can't set, but it's the default anyway
++              fi
++      fi
++      case "$v" in
++      yes|no) ;;
++      *)      echo "unknown (not yes/no) $2 value \`$1'"
++              exit 1
++              ;;
++      esac
++      case "$v" in
++      yes)    echo 1 >$sysflags/$4    ;;
++      no)     echo 0 >$sysflags/$4    ;;
++      esac
++}
++
++# set up a Klips interface
++klipsinterface() {
++      # pull apart the interface spec
++      virt=`expr $1 : '\([^=]*\)=.*'`
++      phys=`expr $1 : '[^=]*=\(.*\)'`
++      case "$virt" in
++      ipsec[0-9])     ;;
++      *)      echo "invalid interface \`$virt' in \`$1'" ; exit 1     ;;
++      esac
++
++      # figure out ifconfig for interface
++      addr=
++      eval `ifconfig $phys |
++              awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ {
++                      gsub(/:/, " ", $0)
++                      print "addr=" $3
++                      other = $5
++                      if ($4 == "Bcast")
++                              print "type=broadcast"
++                      else if ($4 == "P-t-P")
++                              print "type=pointopoint"
++                      else if (NF == 5) {
++                              print "type="
++                              other = ""
++                      } else
++                              print "type=unknown"
++                      print "otheraddr=" other
++                      print "mask=" $NF
++              }'`
++      if test " $addr" = " "
++      then
++              echo "unable to determine address of \`$phys'"
++              exit 1
++      fi
++      if test " $type" = " unknown"
++      then
++              echo "\`$phys' is of an unknown type"
++              exit 1
++      fi
++      if test " $omtu" != " "
++      then
++              mtu="mtu $omtu"
++      else
++              mtu=
++      fi
++      echo "KLIPS $virt on $phys $addr/$mask $type $otheraddr $mtu" | logonly
++
++      if $klips
++      then
++              # attach the interface and bring it up
++              ipsec tncfg --attach --virtual $virt --physical $phys
++              ifconfig $virt inet $addr $type $otheraddr netmask $mask $mtu
++      fi
++
++      # if %defaultroute, note the facts
++      if test " $2" != " "
++      then
++              (
++                      echo "defaultroutephys=$phys"
++                      echo "defaultroutevirt=$virt"
++                      echo "defaultrouteaddr=$addr"
++                      if test " $2" != " 0.0.0.0"
++                      then
++                              echo "defaultroutenexthop=$2"
++                      fi
++              ) >>$info
++      else
++              echo '#dr: no default route' >>$info
++      fi
++
++      # check for rp_filter trouble
++      checkif $phys                   # thought to be a problem only on phys
++}
++
++# check an interface for problems
++checkif() {
++      $klips || return 0
++      rpf=$rpfilter1/$1/$rpfilter2
++      if test -f $rpf
++      then
++              r="`cat $rpf`"
++              if test " $r" != " 0"
++              then
++                      case "$r-$rpfiltercontrol" in
++                      0-%unchanged|0-0|1-1|2-2)
++                              # happy state
++                              ;;
++                      *-%unchanged)
++                              echo "WARNING: $1 has route filtering turned on; KLIPS may not work ($rpf is $r)"
++                              ;;
++                      [012]-[012])
++                              echo "WARNING: changing route filtering on $1 (changing $rpf from $r to $rpfiltercontrol)"
++                              echo "$rpfiltercontrol" >$rpf
++                              ;;
++                      [012]-*)
++                              echo "ERROR: unknown rpfilter setting: $rpfiltercontrol"
++                              ;;
++                      *)
++                              echo "ERROR: unknown $rpf value $r"
++                              ;;
++                      esac
++              fi
++      fi
++}
++
++# interfaces=%defaultroute:  put ipsec0 on top of default route's interface
++defaultinterface() {
++      phys=`netstat -nr |
++              awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'`
++      if test " $phys" = " "
++      then
++              echo "no default route, %defaultroute cannot cope!!!"
++              exit 1
++      fi
++      if test `echo " $phys" | wc -l` -gt 1
++      then
++              echo "multiple default routes, %defaultroute cannot cope!!!"
++              exit 1
++      fi
++      next=`netstat -nr |
++              awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'`
++      klipsinterface "ipsec0=$phys" $next
++}
++
++# log only to syslog, not to stdout/stderr
++logonly() {
++      logger -p $log -t ipsec_setup
++}
++
++# sort out which module is appropriate, changing it if necessary
++setmodule() {
++      if [ -e /proc/kallsyms ]
++      then
++              kernelsymbols="/proc/kallsyms";
++              echo "calcgoo: warning: 2.6 kernel with kallsyms not supported yet"
++      else
++              kernelsymbols="/proc/ksyms";
++      fi      
++        wantgoo="`ipsec calcgoo $kernelsymbols`"
++        module=$moduleplace/$modulename
++        if test -f $module
++        then
++                goo="`nm -ao $module | ipsec calcgoo`"
++                if test " $wantgoo" = " $goo"
++                then
++                        return          # looks right
++                fi
++        fi
++        if test -f $moduleinstplace/$wantgoo
++        then
++                echo "modprobe failed, but found matching template module $wantgoo."
++                echo "Copying $moduleinstplace/$wantgoo to $module."
++                rm -f $module
++                mkdir -p $moduleplace
++                cp -p $moduleinstplace/$wantgoo $module
++                # "depmod -a" gets done by caller
++        fi
++}
++
++
++
++# main line
++
++# load module if possible
++if test -f $ipsecversion && test -f $netkey
++then
++    # both KLIPS and NETKEY code detected, bail out
++    echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
++    exit
++fi
++if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
++then
++    # statically compiled KLIPS/NETKEY not found; try to load the module
++    modprobe ipsec
++fi
++
++if test ! -f $ipsecversion && test ! -f $netkey
++then
++      modprobe -v af_key
++fi
++
++if test -f $netkey
++then
++      klips=false
++      if test -f $modules
++      then
++              modprobe -qv ah4
++              modprobe -qv esp4
++              modprobe -qv ipcomp
++              #  xfrm4_tunnel is needed by ipip and ipcomp
++              modprobe -qv xfrm4_tunnel
++              # xfrm_user contains netlink support for IPsec 
++              modprobe -qv xfrm_user
++              modprobe -qv hw_random
++              # padlock must load before aes module
++              modprobe -qv padlock
++              # load the most common ciphers/algo's
++              modprobe -qv sha1
++              modprobe -qv md5
++              modprobe -qv des
++              modprobe -qv aes
++      fi
++fi
++
++if test ! -f $ipsecversion && $klips
++then
++        if test -r $modules             # kernel does have modules
++        then
++              if [ ! -e /proc/ksyms -a ! -e /proc/kallsyms ]
++              then
++                      echo "Broken 2.6 kernel without kallsyms, skipping calcgoo (Fedora rpm?)"
++              else
++                      setmodule
++              fi
++                unset MODPATH MODULECONF        # no user overrides!
++                depmod -a >/dev/null 2>&1
++              modprobe -qv hw_random
++              # padlock must load before aes module
++              modprobe -qv padlock
++                modprobe -v ipsec
++        fi
++        if test ! -f $ipsecversion
++        then
++                echo "kernel appears to lack IPsec support (neither CONFIG_KLIPS or CONFIG_NET_KEY are set)"
++                exit 1
++        fi
++fi
++
++# figure out debugging flags
++case "$debug" in
++'')   debug=none      ;;
++esac
++if test -r /proc/net/ipsec_klipsdebug
++then
++      echo "KLIPS debug \`$debug'" | logonly
++      case "$debug" in
++      none)   ipsec klipsdebug --none ;;
++      all)    ipsec klipsdebug --all  ;;
++      *)      ipsec klipsdebug --none
++              for d in $debug
++              do
++                      ipsec klipsdebug --set $d
++              done
++              ;;
++      esac
++elif $klips
++then
++      if test " $debug" != " none"
++      then
++              echo "klipsdebug=\`$debug' ignored, KLIPS lacks debug facilities"
++      fi
++fi
++
++# figure out misc. kernel config
++if test -d $sysflags
++then
++      sysflag "$fragicmp" "fragicmp" yes icmp
++      echo 1 >$sysflags/inbound_policy_check          # no debate
++      sysflag no "no_eroute_pass" no no_eroute_pass   # obsolete parm
++      sysflag no "opportunistic" no opportunistic     # obsolete parm
++      sysflag "$hidetos" "hidetos" yes tos
++elif $klips
++then
++      echo "WARNING: cannot adjust KLIPS flags, no $sysflags directory!"
++      # carry on
++fi
++
++if $klips
++then
++      # clear tables out in case dregs have been left over
++      ipsec eroute --clear
++      ipsec spi --clear
++elif test $netkey
++then
++      if ip xfrm state > /dev/null 2>&1
++      then
++              ip xfrm state flush
++              ip xfrm policy flush
++      elif type setkey > /dev/null 2>&1
++      then
++              # Check that the setkey command is available.
++              setkeycmd=       
++              PATH=$PATH:/usr/local/sbin       
++              for dir in `echo $PATH | tr ':' ' '`     
++              do       
++                      if test -f $dir/setkey -a -x $dir/setkey         
++                      then
++                              setkeycmd=$dir/setkey
++                              break                   # NOTE BREAK OUT 
++                      fi
++              done
++              $setkeycmd -F
++              $setkeycmd -FP
++      else
++      
++              echo "WARNING: cannot flush state/policy database -- \`$1'. Install a newer version of iproute/iproute2 or install the ipsec-tools package to obtain the setkey command." |
++                      logger -s -p daemon.error -t ipsec_setup
++      fi
++fi
++
++# figure out interfaces
++for i
++do
++      case "$i" in
++      ipsec*=?*)      klipsinterface "$i"     ;;
++      %defaultroute)  defaultinterface        ;;
++      *)      echo "interface \`$i' not understood"
++              exit 1
++              ;;
++      esac
++done
++
++exit 0
index 9c1b182..bedd543 100644 (file)
@@ -4,9 +4,9 @@ include $(TOPDIR)/rules.mk
 include ../../rules.mk
 
 PKG_NAME:=openswan
-PKG_VERSION:=2.4.4
-PKG_RELEASE:=2
-PKG_MD5SUM:=bd1a46c64727674149de61da2a32ca63
+PKG_VERSION:=2.4.5rc5
+PKG_RELEASE:=1
+PKG_MD5SUM:=c2547f70b2d7c33deafb2b230305cef5
 
 PKG_SOURCE_URL:=http://www.openswan.org/download
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
diff --git a/openwrt/target/linux/package/openswan/patches/100-fix-oops-on-24.patch b/openwrt/target/linux/package/openswan/patches/100-fix-oops-on-24.patch
new file mode 100644 (file)
index 0000000..0861b04
--- /dev/null
@@ -0,0 +1,23 @@
+diff -Nur openswan-2.4.4/linux/net/ipsec/pfkey_v2.c openswan-2.4.4.patched/linux/net/ipsec/pfkey_v2.c
+--- openswan-2.4.4/linux/net/ipsec/pfkey_v2.c  2005-09-14 18:40:45.000000000 +0200
++++ openswan-2.4.4.patched/linux/net/ipsec/pfkey_v2.c  2005-12-25 04:35:57.674968000 +0100
+@@ -820,7 +820,9 @@
+               return 0; /* -EINVAL; */
+       }
++#ifdef NET_26
+       write_lock_bh(&pfkey_sock_lock);
++#endif
+       KLIPS_PRINT(debug_pfkey,
+                   "klips_debug:pfkey_release: "
+@@ -851,7 +853,9 @@
+                   "klips_debug:pfkey_release: "
+                   "succeeded.\n");
++#ifdef NET_26
+       write_unlock_bh(&pfkey_sock_lock);
++#endif
+       return 0;
+ }
diff --git a/openwrt/target/linux/package/openswan/patches/101-arp_header.patch b/openwrt/target/linux/package/openswan/patches/101-arp_header.patch
new file mode 100644 (file)
index 0000000..7375f65
--- /dev/null
@@ -0,0 +1,11 @@
+diff -Nur openswan-2.4.5rc5/linux/net/ipsec/ipsec_tunnel.c openswan-2.4.5rc5.patched/linux/net/ipsec/ipsec_tunnel.c
+--- openswan-2.4.5rc5/linux/net/ipsec/ipsec_tunnel.c   2005-11-22 05:11:52.000000000 +0100
++++ openswan-2.4.5rc5.patched/linux/net/ipsec/ipsec_tunnel.c   2006-03-29 01:13:35.000000000 +0200
+@@ -33,6 +33,7 @@
+ #include <linux/types.h>  /* size_t */
+ #include <linux/interrupt.h> /* mark_bh */
++#include <net/arp.h>
+ #include <net/tcp.h>
+ #include <net/udp.h>
+ #include <linux/skbuff.h>
diff --git a/openwrt/target/linux/package/openswan/patches/fix-compile-2.4.14-changes.patch b/openwrt/target/linux/package/openswan/patches/fix-compile-2.4.14-changes.patch
deleted file mode 100644 (file)
index 7f2252a..0000000
+++ /dev/null
@@ -1,119 +0,0 @@
-diff -Nur openswan-2.4.4/linux/include/openswan.h openswan-2.4.4.patched/linux/include/openswan.h
---- openswan-2.4.4/linux/include/openswan.h    2005-04-14 22:21:51.000000000 +0200
-+++ openswan-2.4.4.patched/linux/include/openswan.h    2005-12-23 20:31:58.248159750 +0100
-@@ -78,6 +78,10 @@
- #define NET_21
- #endif
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,15)
-+#define KERNEL_2615
-+#endif
-+
- #ifndef IPPROTO_COMP
- #  define IPPROTO_COMP 108
- #endif /* !IPPROTO_COMP */
-diff -Nur openswan-2.4.4/linux/net/ipsec/ipcomp.c openswan-2.4.4.patched/linux/net/ipsec/ipcomp.c
---- openswan-2.4.4/linux/net/ipsec/ipcomp.c    2005-08-28 01:40:00.000000000 +0200
-+++ openswan-2.4.4.patched/linux/net/ipsec/ipcomp.c    2005-12-23 20:35:02.482256250 +0100
-@@ -600,7 +600,9 @@
-         memcpy(n->head,
-              skb->head,
-              ((char *)iph - (char *)skb->head) + iphlen);
--        n->list=NULL;
-+#ifndef KERNEL_2615
-+      n->list=NULL;
-+#endif
-       n->next=NULL;
-       n->prev=NULL;
-         n->sk=NULL;
-@@ -657,7 +659,11 @@
-       n->pkt_bridged=skb->pkt_bridged;
- #endif /* NETDEV_23 */
-       n->ip_summed=0;
--        n->stamp=skb->stamp;
-+#ifdef KERNEL_2615
-+        n->tstamp=skb->tstamp;
-+#else
-+      n->stamp=skb->stamp;
-+#endif
- #ifndef NETDEV_23 /* this seems to have been removed in 2.4 */
- #if defined(CONFIG_SHAPER) || defined(CONFIG_SHAPER_MODULE)
-         n->shapelatency=skb->shapelatency;       /* Latency on frame */
-diff -Nur openswan-2.4.4/linux/net/ipsec/ipsec_tunnel.c openswan-2.4.4.patched/linux/net/ipsec/ipsec_tunnel.c
---- openswan-2.4.4/linux/net/ipsec/ipsec_tunnel.c      2005-09-22 00:57:43.000000000 +0200
-+++ openswan-2.4.4.patched/linux/net/ipsec/ipsec_tunnel.c      2005-12-23 20:38:17.666454500 +0100
-@@ -34,6 +34,9 @@
- #include <linux/interrupt.h> /* mark_bh */
- #include <net/tcp.h>
-+#ifdef KERNEL_2615
-+#include <net/inet_timewait_sock.h>
-+#endif
- #include <net/udp.h>
- #include <linux/skbuff.h>
-@@ -272,9 +275,13 @@
-               if(ixs->skb->sk) {
- #ifdef NET_26
-+#ifdef KERNEL_2615
-+                      struct inet_timewait_sock *tw;
-+                      tw = (struct inet_timewait_sock *)ixs->skb->sk;
-+#else
-                       struct tcp_tw_bucket *tw;
--                      
-                       tw = (struct tcp_tw_bucket *)ixs->skb->sk;
-+#endif
-                       ixs->sport = ntohs(tw->tw_sport);
-                       ixs->dport = ntohs(tw->tw_dport);
-diff -Nur openswan-2.4.4/linux/net/ipsec/pfkey_v2.c openswan-2.4.4.patched/linux/net/ipsec/pfkey_v2.c
---- openswan-2.4.4/linux/net/ipsec/pfkey_v2.c  2005-09-14 18:40:45.000000000 +0200
-+++ openswan-2.4.4.patched/linux/net/ipsec/pfkey_v2.c  2005-12-23 20:43:21.481441750 +0100
-@@ -459,11 +459,17 @@
-                                   "skb=0p%p dequeued.\n", skb);
-                       printk(KERN_INFO "klips_debug:pfkey_destroy_socket: "
-                              "pfkey_skb contents:");
-+#ifndef       KERNEL_2615
-+                      printk(" list:0p%p", skb->list);
-+#endif
-                       printk(" next:0p%p", skb->next);
-                       printk(" prev:0p%p", skb->prev);
--                      printk(" list:0p%p", skb->list);
-                       printk(" sk:0p%p", skb->sk);
-+#ifdef KERNEL_2615
-+                      printk(" tstamp:%d.%d", skb->tstamp.off_sec, skb->tstamp.off_usec);
-+#else
-                       printk(" stamp:%ld.%ld", skb->stamp.tv_sec, skb->stamp.tv_usec);
-+#endif
-                       printk(" dev:0p%p", skb->dev);
-                       if(skb->dev) {
-                               if(skb->dev->name) {
-@@ -1376,7 +1382,12 @@
- #endif /* NET_21 */
-       skb_copy_datagram_iovec(skb, 0, msg->msg_iov, size);
--        sk->sk_stamp=skb->stamp;
-+#ifdef KERNEL_2615
-+        sk->sk_stamp.tv_sec=skb->tstamp.off_sec;
-+        sk->sk_stamp.tv_usec=skb->tstamp.off_usec;
-+#else
-+      sk->sk_stamp=skb->stamp;
-+#endif
-       skb_free_datagram(sk, skb);
-       return size;
-@@ -1495,8 +1506,13 @@
- #endif                                        
-                                       sk->sk_protocol,
-                                       sk->sk_sndbuf,
-+#ifdef KERNEL_2615
-+                                      sk->sk_stamp.tv_sec,
-+                                      sk->sk_stamp.tv_usec,
-+#else
-                                       (unsigned int)sk->sk_stamp.tv_sec,
-                                       (unsigned int)sk->sk_stamp.tv_usec,
-+#endif
-                                       sk->sk_socket->flags,
-                                       sk->sk_socket->type,
-                                       sk->sk_socket->state);
diff --git a/openwrt/target/linux/package/openswan/patches/fix-oops-on-24.patch b/openwrt/target/linux/package/openswan/patches/fix-oops-on-24.patch
deleted file mode 100644 (file)
index 0861b04..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-diff -Nur openswan-2.4.4/linux/net/ipsec/pfkey_v2.c openswan-2.4.4.patched/linux/net/ipsec/pfkey_v2.c
---- openswan-2.4.4/linux/net/ipsec/pfkey_v2.c  2005-09-14 18:40:45.000000000 +0200
-+++ openswan-2.4.4.patched/linux/net/ipsec/pfkey_v2.c  2005-12-25 04:35:57.674968000 +0100
-@@ -820,7 +820,9 @@
-               return 0; /* -EINVAL; */
-       }
-+#ifdef NET_26
-       write_lock_bh(&pfkey_sock_lock);
-+#endif
-       KLIPS_PRINT(debug_pfkey,
-                   "klips_debug:pfkey_release: "
-@@ -851,7 +853,9 @@
-                   "klips_debug:pfkey_release: "
-                   "succeeded.\n");
-+#ifdef NET_26
-       write_unlock_bh(&pfkey_sock_lock);
-+#endif
-       return 0;
- }