source:
freewrt/package/openswan/patches/scripts.patch@
475ad56
| Last change on this file since 475ad56 was 475ad56, checked in by , 20 years ago | |
|---|---|
|
|
| File size: 17.6 KB | |
-
programs/loggerfix
diff -Nur openswan-2.4.5rc5/programs/loggerfix openswan-2.4.5rc5.patched/programs/loggerfix
old new 1 #!/bin/sh 2 # use filename instead of /dev/null to log, but dont log to flash or ram 3 # pref. log to nfs mount 4 echo "$*" >> /dev/null 5 exit 0 -
programs/look/look.in
diff -Nur openswan-2.4.5rc5/programs/look/look.in openswan-2.4.5rc5.patched/programs/look/look.in
old new 84 84 then 85 85 pat="$pat|$defaultroutephys\$|$defaultroutevirt\$" 86 86 else 87 for i in `echo "$IPSECinterfaces" | sed 's/=/ /'`87 for i in `echo "$IPSECinterfaces" | tr '=' ' '` 88 88 do 89 89 pat="$pat|$i\$" 90 90 done -
programs/_plutorun/_plutorun.in
diff -Nur openswan-2.4.5rc5/programs/_plutorun/_plutorun.in openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in
old new 147 147 exit 1 148 148 fi 149 149 else 150 if test ! -w "` dirname $stderrlog`"150 if test ! -w "`echo $stderrlog | sed -r 's/(^.*\/)(.*$)/\1/'`" 151 151 then 152 152 echo Cannot write to directory to create \"$stderrlog\". 153 153 exit 1 -
programs/_realsetup/_realsetup.in
diff -Nur openswan-2.4.5rc5/programs/_realsetup/_realsetup.in openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in
old new 235 235 236 236 # misc pre-Pluto setup 237 237 238 perform test -d ` dirname $subsyslock` "&&" touch $subsyslock238 perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock 239 239 240 240 if test " $IPSECforwardcontrol" = " yes" 241 241 then … … 347 347 lsmod 2>&1 | grep "^xfrm_user" > /dev/null && rmmod -s xfrm_user 348 348 fi 349 349 350 perform test -d ` dirname $subsyslock`"&&" rm -f $subsyslock350 perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock 351 351 352 352 perform rm -f $info $lock $plutopid 353 353 perform echo "...Openswan IPsec stopped" "|" $LOGONLY -
programs/send-pr/send-pr.in
diff -Nur openswan-2.4.5rc5/programs/send-pr/send-pr.in openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in
old new 402 402 else 403 403 if [ "$fieldname" != "Category" ] 404 404 then 405 values=`${BINDIR}/query-pr --valid-values $fieldname | sed ':a;N;$!ba;s/\n/ /g' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`405 values=`${BINDIR}/query-pr --valid-values $fieldname | tr '\n' ' ' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'` 406 406 valslen=`echo "$values" | wc -c` 407 407 else 408 408 values="choose from a category listed above" … … 414 414 else 415 415 desc="<${values} (one line)>"; 416 416 fi 417 dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`417 dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'` 418 418 echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL 419 419 fi 420 420 echo "${fmtname}${desc}" >> $file … … 425 425 desc=" $default_val"; 426 426 else 427 427 desc=" <`${BINDIR}/query-pr --field-description $fieldname` (multiple lines)>"; 428 dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`428 dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'` 429 429 echo "s/^${dpat}//" >> $FIXFIL 430 430 fi 431 431 echo "${fmtname}" >> $file; … … 437 437 desc="${default_val}" 438 438 else 439 439 desc="<`${BINDIR}/query-pr --field-description $fieldname` (one line)>" 440 dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`440 dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'` 441 441 echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL 442 442 fi 443 443 echo "${fmtname}${desc}" >> $file -
programs/setup/setup.in
diff -Nur openswan-2.4.5rc5/programs/setup/setup.in openswan-2.4.5rc5.patched/programs/setup/setup.in
old new 117 117 # do it 118 118 case "$1" in 119 119 start|--start|stop|--stop|_autostop|_autostart) 120 if test " `id -u`" != " 0"120 if [ "x${USER}" != "xroot" ] 121 121 then 122 122 echo "permission denied (must be superuser)" | 123 123 logger -s -p $IPSECsyslog -t ipsec_setup 2>&1 124 124 exit 1 125 125 fi 126 127 # make sure all required directories exist 128 if [ ! -d /var/run/pluto ] 129 then 130 mkdir -p /var/run/pluto 131 fi 132 if [ ! -d /var/lock/subsys ] 133 then 134 mkdir -p /var/lock/subsys 135 fi 126 136 tmp=/var/run/pluto/ipsec_setup.st 127 137 outtmp=/var/run/pluto/ipsec_setup.out 128 138 ( -
programs/showhostkey/showhostkey.in
diff -Nur openswan-2.4.5rc5/programs/showhostkey/showhostkey.in openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in
old new 63 63 exit 1 64 64 fi 65 65 66 host="` hostname --fqdn`"66 host="`cat /proc/sys/kernel/hostname`" 67 67 68 68 awk ' BEGIN { 69 69 inkey = 0 -
programs/_startklips/_startklips.in
diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in
old new 262 262 echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel" 263 263 exit 264 264 fi 265 if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qnipsec265 if test ! -f $ipsecversion && test ! -f $netkey && insmod ipsec 266 266 then 267 267 # statically compiled KLIPS/NETKEY not found; try to load the module 268 modprobeipsec268 insmod ipsec 269 269 fi 270 270 271 271 if test ! -f $ipsecversion && test ! -f $netkey 272 272 then 273 modprobe-v af_key273 insmod -v af_key 274 274 fi 275 275 276 276 if test -f $netkey … … 278 278 klips=false 279 279 if test -f $modules 280 280 then 281 modprobe-qv ah4282 modprobe-qv esp4283 modprobe-qv ipcomp281 insmod -qv ah4 282 insmod -qv esp4 283 insmod -qv ipcomp 284 284 # xfrm4_tunnel is needed by ipip and ipcomp 285 modprobe-qv xfrm4_tunnel285 insmod -qv xfrm4_tunnel 286 286 # xfrm_user contains netlink support for IPsec 287 modprobe-qv xfrm_user288 modprobe-qv hw_random287 insmod -qv xfrm_user 288 insmod -qv hw_random 289 289 # padlock must load before aes module 290 modprobe-qv padlock290 insmod -qv padlock 291 291 # load the most common ciphers/algo's 292 modprobe-qv sha1293 modprobe-qv md5294 modprobe-qv des295 modprobe-qv aes292 insmod -qv sha1 293 insmod -qv md5 294 insmod -qv des 295 insmod -qv aes 296 296 fi 297 297 fi 298 298 … … 308 308 fi 309 309 unset MODPATH MODULECONF # no user overrides! 310 310 depmod -a >/dev/null 2>&1 311 modprobe-qv hw_random311 insmod -qv hw_random 312 312 # padlock must load before aes module 313 modprobe-qv padlock314 modprobe-v ipsec313 insmod -qv padlock 314 insmod -v ipsec 315 315 fi 316 316 if test ! -f $ipsecversion 317 317 then -
programs/_startklips/_startklips.in.orig
diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig
old new 1 #!/bin/sh 2 # KLIPS startup script 3 # Copyright (C) 1998, 1999, 2001, 2002 Henry Spencer. 4 # 5 # This program is free software; you can redistribute it and/or modify it 6 # under the terms of the GNU General Public License as published by the 7 # Free Software Foundation; either version 2 of the License, or (at your 8 # option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 9 # 10 # This program is distributed in the hope that it will be useful, but 11 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12 # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13 # for more details. 14 # 15 # RCSID $Id: scripts.patch 3639 2006-04-13 18:33:50Z nbd $ 16 17 me='ipsec _startklips' # for messages 18 19 # KLIPS-related paths 20 sysflags=/proc/sys/net/ipsec 21 modules=/proc/modules 22 # full rp_filter path is $rpfilter1/interface/$rpfilter2 23 rpfilter1=/proc/sys/net/ipv4/conf 24 rpfilter2=rp_filter 25 # %unchanged or setting (0, 1, or 2) 26 rpfiltercontrol=0 27 ipsecversion=/proc/net/ipsec_version 28 moduleplace=/lib/modules/`uname -r`/kernel/net/ipsec 29 bareversion=`uname -r | sed -e 's/\.nptl//' | sed -e 's/^\(2\.[0-9]\.[1-9][0-9]*-[1-9][0-9]*\(\.[0-9][0-9]*\)*\(\.x\)*\).*$/\1/'` 30 moduleinstplace=/lib/modules/$bareversion/kernel/net/ipsec 31 case $bareversion in 32 2.6*) 33 modulename=ipsec.ko 34 ;; 35 *) 36 modulename=ipsec.o 37 ;; 38 esac 39 40 klips=true 41 netkey=/proc/net/pfkey 42 43 info=/dev/null 44 log=daemon.error 45 for dummy 46 do 47 case "$1" in 48 --log) log="$2" ; shift ;; 49 --info) info="$2" ; shift ;; 50 --debug) debug="$2" ; shift ;; 51 --omtu) omtu="$2" ; shift ;; 52 --fragicmp) fragicmp="$2" ; shift ;; 53 --hidetos) hidetos="$2" ; shift ;; 54 --rpfilter) rpfiltercontrol="$2" ; shift ;; 55 --) shift ; break ;; 56 -*) echo "$me: unknown option \`$1'" >&2 ; exit 2 ;; 57 *) break ;; 58 esac 59 shift 60 done 61 62 63 64 # some shell functions, to clarify the actual code 65 66 # set up a system flag based on a variable 67 # sysflag value shortname default flagname 68 sysflag() { 69 case "$1" in 70 '') v="$3" ;; 71 *) v="$1" ;; 72 esac 73 if test ! -f $sysflags/$4 74 then 75 if test " $v" != " $3" 76 then 77 echo "cannot do $2=$v, $sysflags/$4 does not exist" 78 exit 1 79 else 80 return # can't set, but it's the default anyway 81 fi 82 fi 83 case "$v" in 84 yes|no) ;; 85 *) echo "unknown (not yes/no) $2 value \`$1'" 86 exit 1 87 ;; 88 esac 89 case "$v" in 90 yes) echo 1 >$sysflags/$4 ;; 91 no) echo 0 >$sysflags/$4 ;; 92 esac 93 } 94 95 # set up a Klips interface 96 klipsinterface() { 97 # pull apart the interface spec 98 virt=`expr $1 : '\([^=]*\)=.*'` 99 phys=`expr $1 : '[^=]*=\(.*\)'` 100 case "$virt" in 101 ipsec[0-9]) ;; 102 *) echo "invalid interface \`$virt' in \`$1'" ; exit 1 ;; 103 esac 104 105 # figure out ifconfig for interface 106 addr= 107 eval `ifconfig $phys | 108 awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ { 109 gsub(/:/, " ", $0) 110 print "addr=" $3 111 other = $5 112 if ($4 == "Bcast") 113 print "type=broadcast" 114 else if ($4 == "P-t-P") 115 print "type=pointopoint" 116 else if (NF == 5) { 117 print "type=" 118 other = "" 119 } else 120 print "type=unknown" 121 print "otheraddr=" other 122 print "mask=" $NF 123 }'` 124 if test " $addr" = " " 125 then 126 echo "unable to determine address of \`$phys'" 127 exit 1 128 fi 129 if test " $type" = " unknown" 130 then 131 echo "\`$phys' is of an unknown type" 132 exit 1 133 fi 134 if test " $omtu" != " " 135 then 136 mtu="mtu $omtu" 137 else 138 mtu= 139 fi 140 echo "KLIPS $virt on $phys $addr/$mask $type $otheraddr $mtu" | logonly 141 142 if $klips 143 then 144 # attach the interface and bring it up 145 ipsec tncfg --attach --virtual $virt --physical $phys 146 ifconfig $virt inet $addr $type $otheraddr netmask $mask $mtu 147 fi 148 149 # if %defaultroute, note the facts 150 if test " $2" != " " 151 then 152 ( 153 echo "defaultroutephys=$phys" 154 echo "defaultroutevirt=$virt" 155 echo "defaultrouteaddr=$addr" 156 if test " $2" != " 0.0.0.0" 157 then 158 echo "defaultroutenexthop=$2" 159 fi 160 ) >>$info 161 else 162 echo '#dr: no default route' >>$info 163 fi 164 165 # check for rp_filter trouble 166 checkif $phys # thought to be a problem only on phys 167 } 168 169 # check an interface for problems 170 checkif() { 171 $klips || return 0 172 rpf=$rpfilter1/$1/$rpfilter2 173 if test -f $rpf 174 then 175 r="`cat $rpf`" 176 if test " $r" != " 0" 177 then 178 case "$r-$rpfiltercontrol" in 179 0-%unchanged|0-0|1-1|2-2) 180 # happy state 181 ;; 182 *-%unchanged) 183 echo "WARNING: $1 has route filtering turned on; KLIPS may not work ($rpf is $r)" 184 ;; 185 [012]-[012]) 186 echo "WARNING: changing route filtering on $1 (changing $rpf from $r to $rpfiltercontrol)" 187 echo "$rpfiltercontrol" >$rpf 188 ;; 189 [012]-*) 190 echo "ERROR: unknown rpfilter setting: $rpfiltercontrol" 191 ;; 192 *) 193 echo "ERROR: unknown $rpf value $r" 194 ;; 195 esac 196 fi 197 fi 198 } 199 200 # interfaces=%defaultroute: put ipsec0 on top of default route's interface 201 defaultinterface() { 202 phys=`netstat -nr | 203 awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'` 204 if test " $phys" = " " 205 then 206 echo "no default route, %defaultroute cannot cope!!!" 207 exit 1 208 fi 209 if test `echo " $phys" | wc -l` -gt 1 210 then 211 echo "multiple default routes, %defaultroute cannot cope!!!" 212 exit 1 213 fi 214 next=`netstat -nr | 215 awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'` 216 klipsinterface "ipsec0=$phys" $next 217 } 218 219 # log only to syslog, not to stdout/stderr 220 logonly() { 221 logger -p $log -t ipsec_setup 222 } 223 224 # sort out which module is appropriate, changing it if necessary 225 setmodule() { 226 if [ -e /proc/kallsyms ] 227 then 228 kernelsymbols="/proc/kallsyms"; 229 echo "calcgoo: warning: 2.6 kernel with kallsyms not supported yet" 230 else 231 kernelsymbols="/proc/ksyms"; 232 fi 233 wantgoo="`ipsec calcgoo $kernelsymbols`" 234 module=$moduleplace/$modulename 235 if test -f $module 236 then 237 goo="`nm -ao $module | ipsec calcgoo`" 238 if test " $wantgoo" = " $goo" 239 then 240 return # looks right 241 fi 242 fi 243 if test -f $moduleinstplace/$wantgoo 244 then 245 echo "modprobe failed, but found matching template module $wantgoo." 246 echo "Copying $moduleinstplace/$wantgoo to $module." 247 rm -f $module 248 mkdir -p $moduleplace 249 cp -p $moduleinstplace/$wantgoo $module 250 # "depmod -a" gets done by caller 251 fi 252 } 253 254 255 256 # main line 257 258 # load module if possible 259 if test -f $ipsecversion && test -f $netkey 260 then 261 # both KLIPS and NETKEY code detected, bail out 262 echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel" 263 exit 264 fi 265 if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec 266 then 267 # statically compiled KLIPS/NETKEY not found; try to load the module 268 modprobe ipsec 269 fi 270 271 if test ! -f $ipsecversion && test ! -f $netkey 272 then 273 modprobe -v af_key 274 fi 275 276 if test -f $netkey 277 then 278 klips=false 279 if test -f $modules 280 then 281 modprobe -qv ah4 282 modprobe -qv esp4 283 modprobe -qv ipcomp 284 # xfrm4_tunnel is needed by ipip and ipcomp 285 modprobe -qv xfrm4_tunnel 286 # xfrm_user contains netlink support for IPsec 287 modprobe -qv xfrm_user 288 modprobe -qv hw_random 289 # padlock must load before aes module 290 modprobe -qv padlock 291 # load the most common ciphers/algo's 292 modprobe -qv sha1 293 modprobe -qv md5 294 modprobe -qv des 295 modprobe -qv aes 296 fi 297 fi 298 299 if test ! -f $ipsecversion && $klips 300 then 301 if test -r $modules # kernel does have modules 302 then 303 if [ ! -e /proc/ksyms -a ! -e /proc/kallsyms ] 304 then 305 echo "Broken 2.6 kernel without kallsyms, skipping calcgoo (Fedora rpm?)" 306 else 307 setmodule 308 fi 309 unset MODPATH MODULECONF # no user overrides! 310 depmod -a >/dev/null 2>&1 311 modprobe -qv hw_random 312 # padlock must load before aes module 313 modprobe -qv padlock 314 modprobe -v ipsec 315 fi 316 if test ! -f $ipsecversion 317 then 318 echo "kernel appears to lack IPsec support (neither CONFIG_KLIPS or CONFIG_NET_KEY are set)" 319 exit 1 320 fi 321 fi 322 323 # figure out debugging flags 324 case "$debug" in 325 '') debug=none ;; 326 esac 327 if test -r /proc/net/ipsec_klipsdebug 328 then 329 echo "KLIPS debug \`$debug'" | logonly 330 case "$debug" in 331 none) ipsec klipsdebug --none ;; 332 all) ipsec klipsdebug --all ;; 333 *) ipsec klipsdebug --none 334 for d in $debug 335 do 336 ipsec klipsdebug --set $d 337 done 338 ;; 339 esac 340 elif $klips 341 then 342 if test " $debug" != " none" 343 then 344 echo "klipsdebug=\`$debug' ignored, KLIPS lacks debug facilities" 345 fi 346 fi 347 348 # figure out misc. kernel config 349 if test -d $sysflags 350 then 351 sysflag "$fragicmp" "fragicmp" yes icmp 352 echo 1 >$sysflags/inbound_policy_check # no debate 353 sysflag no "no_eroute_pass" no no_eroute_pass # obsolete parm 354 sysflag no "opportunistic" no opportunistic # obsolete parm 355 sysflag "$hidetos" "hidetos" yes tos 356 elif $klips 357 then 358 echo "WARNING: cannot adjust KLIPS flags, no $sysflags directory!" 359 # carry on 360 fi 361 362 if $klips 363 then 364 # clear tables out in case dregs have been left over 365 ipsec eroute --clear 366 ipsec spi --clear 367 elif test $netkey 368 then 369 if ip xfrm state > /dev/null 2>&1 370 then 371 ip xfrm state flush 372 ip xfrm policy flush 373 elif type setkey > /dev/null 2>&1 374 then 375 # Check that the setkey command is available. 376 setkeycmd= 377 PATH=$PATH:/usr/local/sbin 378 for dir in `echo $PATH | tr ':' ' '` 379 do 380 if test -f $dir/setkey -a -x $dir/setkey 381 then 382 setkeycmd=$dir/setkey 383 break # NOTE BREAK OUT 384 fi 385 done 386 $setkeycmd -F 387 $setkeycmd -FP 388 else 389 390 echo "WARNING: cannot flush state/policy database -- \`$1'. Install a newer version of iproute/iproute2 or install the ipsec-tools package to obtain the setkey command." | 391 logger -s -p daemon.error -t ipsec_setup 392 fi 393 fi 394 395 # figure out interfaces 396 for i 397 do 398 case "$i" in 399 ipsec*=?*) klipsinterface "$i" ;; 400 %defaultroute) defaultinterface ;; 401 *) echo "interface \`$i' not understood" 402 exit 1 403 ;; 404 esac 405 done 406 407 exit 0
Note:
See TracBrowser
for help on using the repository browser.
