1 diff -Nur openswan-2.4.5rc5/programs/loggerfix openswan-2.4.5rc5.patched/programs/loggerfix
2 --- openswan-2.4.5rc5/programs/loggerfix 1970-01-01 01:00:00.000000000 +0100
3 +++ openswan-2.4.5rc5.patched/programs/loggerfix 2006-03-29 01:20:44.000000000 +0200
6 +# use filename instead of /dev/null to log, but dont log to flash or ram
7 +# pref. log to nfs mount
8 +echo "$*" >> /dev/null
10 diff -Nur openswan-2.4.5rc5/programs/look/look.in openswan-2.4.5rc5.patched/programs/look/look.in
11 --- openswan-2.4.5rc5/programs/look/look.in 2005-08-18 16:10:09.000000000 +0200
12 +++ openswan-2.4.5rc5.patched/programs/look/look.in 2006-03-29 01:20:44.000000000 +0200
15 pat="$pat|$defaultroutephys\$|$defaultroutevirt\$"
17 - for i in `echo "$IPSECinterfaces" | sed 's/=/ /'`
18 + for i in `echo "$IPSECinterfaces" | tr '=' ' '`
22 diff -Nur openswan-2.4.5rc5/programs/_plutorun/_plutorun.in openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in
23 --- openswan-2.4.5rc5/programs/_plutorun/_plutorun.in 2006-01-06 00:45:00.000000000 +0100
24 +++ openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in 2006-03-29 01:20:44.000000000 +0200
29 - if test ! -w "`dirname $stderrlog`"
30 + if test ! -w "`echo $stderrlog | sed -r 's/(^.*\/)(.*$)/\1/'`"
32 echo Cannot write to directory to create \"$stderrlog\".
34 diff -Nur openswan-2.4.5rc5/programs/_realsetup/_realsetup.in openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in
35 --- openswan-2.4.5rc5/programs/_realsetup/_realsetup.in 2005-07-28 02:23:48.000000000 +0200
36 +++ openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in 2006-03-29 01:20:44.000000000 +0200
39 # misc pre-Pluto setup
41 - perform test -d `dirname $subsyslock` "&&" touch $subsyslock
42 + perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock
44 if test " $IPSECforwardcontrol" = " yes"
47 lsmod 2>&1 | grep "^xfrm_user" > /dev/null && rmmod -s xfrm_user
50 - perform test -d `dirname $subsyslock` "&&" rm -f $subsyslock
51 + perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock
53 perform rm -f $info $lock $plutopid
54 perform echo "...Openswan IPsec stopped" "|" $LOGONLY
55 diff -Nur openswan-2.4.5rc5/programs/send-pr/send-pr.in openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in
56 --- openswan-2.4.5rc5/programs/send-pr/send-pr.in 2005-04-18 01:04:46.000000000 +0200
57 +++ openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in 2006-03-29 01:20:44.000000000 +0200
60 if [ "$fieldname" != "Category" ]
62 - values=`${BINDIR}/query-pr --valid-values $fieldname | sed ':a;N;$!ba;s/\n/ /g' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
63 + values=`${BINDIR}/query-pr --valid-values $fieldname | tr '\n' ' ' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
64 valslen=`echo "$values" | wc -c`
66 values="choose from a category listed above"
69 desc="<${values} (one line)>";
71 - dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
72 + dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
73 echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
75 echo "${fmtname}${desc}" >> $file
79 desc=" <`${BINDIR}/query-pr --field-description $fieldname` (multiple lines)>";
80 - dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
81 + dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
82 echo "s/^${dpat}//" >> $FIXFIL
84 echo "${fmtname}" >> $file;
88 desc="<`${BINDIR}/query-pr --field-description $fieldname` (one line)>"
89 - dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
90 + dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
91 echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
93 echo "${fmtname}${desc}" >> $file
94 diff -Nur openswan-2.4.5rc5/programs/setup/setup.in openswan-2.4.5rc5.patched/programs/setup/setup.in
95 --- openswan-2.4.5rc5/programs/setup/setup.in 2005-07-25 21:17:03.000000000 +0200
96 +++ openswan-2.4.5rc5.patched/programs/setup/setup.in 2006-03-29 01:20:44.000000000 +0200
100 start|--start|stop|--stop|_autostop|_autostart)
101 - if test " `id -u`" != " 0"
102 + if [ "x${USER}" != "xroot" ]
104 echo "permission denied (must be superuser)" |
105 logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
109 + # make sure all required directories exist
110 + if [ ! -d /var/run/pluto ]
112 + mkdir -p /var/run/pluto
114 + if [ ! -d /var/lock/subsys ]
116 + mkdir -p /var/lock/subsys
118 tmp=/var/run/pluto/ipsec_setup.st
119 outtmp=/var/run/pluto/ipsec_setup.out
121 diff -Nur openswan-2.4.5rc5/programs/showhostkey/showhostkey.in openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in
122 --- openswan-2.4.5rc5/programs/showhostkey/showhostkey.in 2004-11-14 14:40:41.000000000 +0100
123 +++ openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in 2006-03-29 01:20:44.000000000 +0200
128 -host="`hostname --fqdn`"
129 +host="`cat /proc/sys/kernel/hostname`"
133 diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in
134 --- openswan-2.4.5rc5/programs/_startklips/_startklips.in 2005-11-25 00:08:05.000000000 +0100
135 +++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in 2006-03-29 01:23:54.000000000 +0200
136 @@ -262,15 +262,15 @@
137 echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
140 -if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
141 +if test ! -f $ipsecversion && test ! -f $netkey && insmod ipsec
143 # statically compiled KLIPS/NETKEY not found; try to load the module
148 if test ! -f $ipsecversion && test ! -f $netkey
155 @@ -278,21 +278,21 @@
161 - modprobe -qv ipcomp
165 # xfrm4_tunnel is needed by ipip and ipcomp
166 - modprobe -qv xfrm4_tunnel
167 + insmod -qv xfrm4_tunnel
168 # xfrm_user contains netlink support for IPsec
169 - modprobe -qv xfrm_user
170 - modprobe -qv hw_random
171 + insmod -qv xfrm_user
172 + insmod -qv hw_random
173 # padlock must load before aes module
174 - modprobe -qv padlock
176 # load the most common ciphers/algo's
188 @@ -308,10 +308,10 @@
190 unset MODPATH MODULECONF # no user overrides!
191 depmod -a >/dev/null 2>&1
192 - modprobe -qv hw_random
193 + insmod -qv hw_random
194 # padlock must load before aes module
195 - modprobe -qv padlock
200 if test ! -f $ipsecversion
202 diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig
203 --- openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig 1970-01-01 01:00:00.000000000 +0100
204 +++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig 2005-11-25 00:08:05.000000000 +0100
207 +# KLIPS startup script
208 +# Copyright (C) 1998, 1999, 2001, 2002 Henry Spencer.
210 +# This program is free software; you can redistribute it and/or modify it
211 +# under the terms of the GNU General Public License as published by the
212 +# Free Software Foundation; either version 2 of the License, or (at your
213 +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
215 +# This program is distributed in the hope that it will be useful, but
216 +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
217 +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
222 +me='ipsec _startklips' # for messages
224 +# KLIPS-related paths
225 +sysflags=/proc/sys/net/ipsec
226 +modules=/proc/modules
227 +# full rp_filter path is $rpfilter1/interface/$rpfilter2
228 +rpfilter1=/proc/sys/net/ipv4/conf
230 +# %unchanged or setting (0, 1, or 2)
232 +ipsecversion=/proc/net/ipsec_version
233 +moduleplace=/lib/modules/`uname -r`/kernel/net/ipsec
234 +bareversion=`uname -r | sed -e 's/\.nptl//' | sed -e 's/^\(2\.[0-9]\.[1-9][0-9]*-[1-9][0-9]*\(\.[0-9][0-9]*\)*\(\.x\)*\).*$/\1/'`
235 +moduleinstplace=/lib/modules/$bareversion/kernel/net/ipsec
236 +case $bareversion in
238 + modulename=ipsec.ko
246 +netkey=/proc/net/pfkey
253 + --log) log="$2" ; shift ;;
254 + --info) info="$2" ; shift ;;
255 + --debug) debug="$2" ; shift ;;
256 + --omtu) omtu="$2" ; shift ;;
257 + --fragicmp) fragicmp="$2" ; shift ;;
258 + --hidetos) hidetos="$2" ; shift ;;
259 + --rpfilter) rpfiltercontrol="$2" ; shift ;;
260 + --) shift ; break ;;
261 + -*) echo "$me: unknown option \`$1'" >&2 ; exit 2 ;;
269 +# some shell functions, to clarify the actual code
271 +# set up a system flag based on a variable
272 +# sysflag value shortname default flagname
278 + if test ! -f $sysflags/$4
280 + if test " $v" != " $3"
282 + echo "cannot do $2=$v, $sysflags/$4 does not exist"
285 + return # can't set, but it's the default anyway
290 + *) echo "unknown (not yes/no) $2 value \`$1'"
295 + yes) echo 1 >$sysflags/$4 ;;
296 + no) echo 0 >$sysflags/$4 ;;
300 +# set up a Klips interface
302 + # pull apart the interface spec
303 + virt=`expr $1 : '\([^=]*\)=.*'`
304 + phys=`expr $1 : '[^=]*=\(.*\)'`
307 + *) echo "invalid interface \`$virt' in \`$1'" ; exit 1 ;;
310 + # figure out ifconfig for interface
312 + eval `ifconfig $phys |
313 + awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ {
318 + print "type=broadcast"
319 + else if ($4 == "P-t-P")
320 + print "type=pointopoint"
321 + else if (NF == 5) {
325 + print "type=unknown"
326 + print "otheraddr=" other
329 + if test " $addr" = " "
331 + echo "unable to determine address of \`$phys'"
334 + if test " $type" = " unknown"
336 + echo "\`$phys' is of an unknown type"
339 + if test " $omtu" != " "
345 + echo "KLIPS $virt on $phys $addr/$mask $type $otheraddr $mtu" | logonly
349 + # attach the interface and bring it up
350 + ipsec tncfg --attach --virtual $virt --physical $phys
351 + ifconfig $virt inet $addr $type $otheraddr netmask $mask $mtu
354 + # if %defaultroute, note the facts
355 + if test " $2" != " "
358 + echo "defaultroutephys=$phys"
359 + echo "defaultroutevirt=$virt"
360 + echo "defaultrouteaddr=$addr"
361 + if test " $2" != " 0.0.0.0"
363 + echo "defaultroutenexthop=$2"
367 + echo '#dr: no default route' >>$info
370 + # check for rp_filter trouble
371 + checkif $phys # thought to be a problem only on phys
374 +# check an interface for problems
377 + rpf=$rpfilter1/$1/$rpfilter2
381 + if test " $r" != " 0"
383 + case "$r-$rpfiltercontrol" in
384 + 0-%unchanged|0-0|1-1|2-2)
388 + echo "WARNING: $1 has route filtering turned on; KLIPS may not work ($rpf is $r)"
391 + echo "WARNING: changing route filtering on $1 (changing $rpf from $r to $rpfiltercontrol)"
392 + echo "$rpfiltercontrol" >$rpf
395 + echo "ERROR: unknown rpfilter setting: $rpfiltercontrol"
398 + echo "ERROR: unknown $rpf value $r"
405 +# interfaces=%defaultroute: put ipsec0 on top of default route's interface
406 +defaultinterface() {
407 + phys=`netstat -nr |
408 + awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'`
409 + if test " $phys" = " "
411 + echo "no default route, %defaultroute cannot cope!!!"
414 + if test `echo " $phys" | wc -l` -gt 1
416 + echo "multiple default routes, %defaultroute cannot cope!!!"
419 + next=`netstat -nr |
420 + awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'`
421 + klipsinterface "ipsec0=$phys" $next
424 +# log only to syslog, not to stdout/stderr
426 + logger -p $log -t ipsec_setup
429 +# sort out which module is appropriate, changing it if necessary
431 + if [ -e /proc/kallsyms ]
433 + kernelsymbols="/proc/kallsyms";
434 + echo "calcgoo: warning: 2.6 kernel with kallsyms not supported yet"
436 + kernelsymbols="/proc/ksyms";
438 + wantgoo="`ipsec calcgoo $kernelsymbols`"
439 + module=$moduleplace/$modulename
442 + goo="`nm -ao $module | ipsec calcgoo`"
443 + if test " $wantgoo" = " $goo"
445 + return # looks right
448 + if test -f $moduleinstplace/$wantgoo
450 + echo "modprobe failed, but found matching template module $wantgoo."
451 + echo "Copying $moduleinstplace/$wantgoo to $module."
453 + mkdir -p $moduleplace
454 + cp -p $moduleinstplace/$wantgoo $module
455 + # "depmod -a" gets done by caller
463 +# load module if possible
464 +if test -f $ipsecversion && test -f $netkey
466 + # both KLIPS and NETKEY code detected, bail out
467 + echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
470 +if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
472 + # statically compiled KLIPS/NETKEY not found; try to load the module
476 +if test ! -f $ipsecversion && test ! -f $netkey
484 + if test -f $modules
488 + modprobe -qv ipcomp
489 + # xfrm4_tunnel is needed by ipip and ipcomp
490 + modprobe -qv xfrm4_tunnel
491 + # xfrm_user contains netlink support for IPsec
492 + modprobe -qv xfrm_user
493 + modprobe -qv hw_random
494 + # padlock must load before aes module
495 + modprobe -qv padlock
496 + # load the most common ciphers/algo's
504 +if test ! -f $ipsecversion && $klips
506 + if test -r $modules # kernel does have modules
508 + if [ ! -e /proc/ksyms -a ! -e /proc/kallsyms ]
510 + echo "Broken 2.6 kernel without kallsyms, skipping calcgoo (Fedora rpm?)"
514 + unset MODPATH MODULECONF # no user overrides!
515 + depmod -a >/dev/null 2>&1
516 + modprobe -qv hw_random
517 + # padlock must load before aes module
518 + modprobe -qv padlock
521 + if test ! -f $ipsecversion
523 + echo "kernel appears to lack IPsec support (neither CONFIG_KLIPS or CONFIG_NET_KEY are set)"
528 +# figure out debugging flags
532 +if test -r /proc/net/ipsec_klipsdebug
534 + echo "KLIPS debug \`$debug'" | logonly
536 + none) ipsec klipsdebug --none ;;
537 + all) ipsec klipsdebug --all ;;
538 + *) ipsec klipsdebug --none
541 + ipsec klipsdebug --set $d
547 + if test " $debug" != " none"
549 + echo "klipsdebug=\`$debug' ignored, KLIPS lacks debug facilities"
553 +# figure out misc. kernel config
554 +if test -d $sysflags
556 + sysflag "$fragicmp" "fragicmp" yes icmp
557 + echo 1 >$sysflags/inbound_policy_check # no debate
558 + sysflag no "no_eroute_pass" no no_eroute_pass # obsolete parm
559 + sysflag no "opportunistic" no opportunistic # obsolete parm
560 + sysflag "$hidetos" "hidetos" yes tos
563 + echo "WARNING: cannot adjust KLIPS flags, no $sysflags directory!"
569 + # clear tables out in case dregs have been left over
570 + ipsec eroute --clear
574 + if ip xfrm state > /dev/null 2>&1
576 + ip xfrm state flush
577 + ip xfrm policy flush
578 + elif type setkey > /dev/null 2>&1
580 + # Check that the setkey command is available.
582 + PATH=$PATH:/usr/local/sbin
583 + for dir in `echo $PATH | tr ':' ' '`
585 + if test -f $dir/setkey -a -x $dir/setkey
587 + setkeycmd=$dir/setkey
588 + break # NOTE BREAK OUT
595 + echo "WARNING: cannot flush state/policy database -- \`$1'. Install a newer version of iproute/iproute2 or install the ipsec-tools package to obtain the setkey command." |
596 + logger -s -p daemon.error -t ipsec_setup
600 +# figure out interfaces
604 + ipsec*=?*) klipsinterface "$i" ;;
605 + %defaultroute) defaultinterface ;;
606 + *) echo "interface \`$i' not understood"
projects / openwrt.git / blob