Changeset b917538 in freewrt for package/openswan/patches/scripts.patch
- Timestamp:
- Oct 1, 2006, 10:31:51 AM (19 years ago)
- Branches:
- freewrt_1_0, freewrt_2_0
- Children:
- edaeca5
- Parents:
- 2f09cbe
- File:
-
- 1 edited
-
package/openswan/patches/scripts.patch (modified) (13 diffs)
Legend:
- Unmodified
- Added
- Removed
-
package/openswan/patches/scripts.patch
r2f09cbe rb917538 1 diff -Nur openswan-2.4. 5rc5/programs/loggerfix openswan-2.4.5rc5.patched/programs/loggerfix2 --- openswan-2.4. 5rc5/programs/loggerfix 1970-01-01 01:00:00.000000000 +01003 +++ openswan-2.4. 5rc5.patched/programs/loggerfix 2006-03-29 01:20:44.000000000 +02001 diff -Nur openswan-2.4.6/programs/loggerfix openswan-2.4.6.scripts/programs/loggerfix 2 --- openswan-2.4.6/programs/loggerfix 1970-01-01 01:00:00.000000000 +0100 3 +++ openswan-2.4.6.scripts/programs/loggerfix 2006-09-29 15:53:35.000000000 +0200 4 4 @@ -0,0 +1,5 @@ 5 5 +#!/bin/sh … … 8 8 +echo "$*" >> /dev/null 9 9 +exit 0 10 diff -Nur openswan-2.4. 5rc5/programs/look/look.in openswan-2.4.5rc5.patched/programs/look/look.in11 --- openswan-2.4. 5rc5/programs/look/look.in 2005-08-18 16:10:09.000000000 +020012 +++ openswan-2.4. 5rc5.patched/programs/look/look.in 2006-03-29 01:20:44.000000000 +020010 diff -Nur openswan-2.4.6/programs/look/look.in openswan-2.4.6.scripts/programs/look/look.in 11 --- openswan-2.4.6/programs/look/look.in 2005-08-18 16:10:09.000000000 +0200 12 +++ openswan-2.4.6.scripts/programs/look/look.in 2006-09-29 15:53:35.000000000 +0200 13 13 @@ -84,7 +84,7 @@ 14 14 then … … 20 20 pat="$pat|$i\$" 21 21 done 22 diff -Nur openswan-2.4. 5rc5/programs/_plutorun/_plutorun.in openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in23 --- openswan-2.4. 5rc5/programs/_plutorun/_plutorun.in 2006-01-06 00:45:00.000000000 +010024 +++ openswan-2.4. 5rc5.patched/programs/_plutorun/_plutorun.in 2006-03-29 01:20:44.000000000 +020022 diff -Nur openswan-2.4.6/programs/_plutorun/_plutorun.in openswan-2.4.6.scripts/programs/_plutorun/_plutorun.in 23 --- openswan-2.4.6/programs/_plutorun/_plutorun.in 2006-04-21 17:41:45.000000000 +0200 24 +++ openswan-2.4.6.scripts/programs/_plutorun/_plutorun.in 2006-09-29 15:53:35.000000000 +0200 25 25 @@ -147,7 +147,7 @@ 26 26 exit 1 … … 32 32 echo Cannot write to directory to create \"$stderrlog\". 33 33 exit 1 34 diff -Nur openswan-2.4. 5rc5/programs/_realsetup/_realsetup.in openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in35 --- openswan-2.4. 5rc5/programs/_realsetup/_realsetup.in 2005-07-28 02:23:48.000000000 +020036 +++ openswan-2.4. 5rc5.patched/programs/_realsetup/_realsetup.in 2006-03-29 01:20:44.000000000 +020037 @@ -23 5,7 +235,7 @@34 diff -Nur openswan-2.4.6/programs/_realsetup/_realsetup.in openswan-2.4.6.scripts/programs/_realsetup/_realsetup.in 35 --- openswan-2.4.6/programs/_realsetup/_realsetup.in 2006-05-05 20:49:45.000000000 +0200 36 +++ openswan-2.4.6.scripts/programs/_realsetup/_realsetup.in 2006-09-29 15:53:35.000000000 +0200 37 @@ -232,7 +232,7 @@ 38 38 39 39 # misc pre-Pluto setup … … 44 44 if test " $IPSECforwardcontrol" = " yes" 45 45 then 46 @@ -34 7,7 +347,7 @@46 @@ -344,7 +344,7 @@ 47 47 lsmod 2>&1 | grep "^xfrm_user" > /dev/null && rmmod -s xfrm_user 48 48 fi … … 53 53 perform rm -f $info $lock $plutopid 54 54 perform echo "...Openswan IPsec stopped" "|" $LOGONLY 55 diff -Nur openswan-2.4. 5rc5/programs/send-pr/send-pr.in openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in56 --- openswan-2.4. 5rc5/programs/send-pr/send-pr.in 2005-04-18 01:04:46.000000000 +020057 +++ openswan-2.4. 5rc5.patched/programs/send-pr/send-pr.in 2006-03-29 01:20:44.000000000 +020055 diff -Nur openswan-2.4.6/programs/send-pr/send-pr.in openswan-2.4.6.scripts/programs/send-pr/send-pr.in 56 --- openswan-2.4.6/programs/send-pr/send-pr.in 2005-04-18 01:04:46.000000000 +0200 57 +++ openswan-2.4.6.scripts/programs/send-pr/send-pr.in 2006-09-29 15:53:35.000000000 +0200 58 58 @@ -402,7 +402,7 @@ 59 59 else … … 92 92 fi 93 93 echo "${fmtname}${desc}" >> $file 94 diff -Nur openswan-2.4. 5rc5/programs/setup/setup.in openswan-2.4.5rc5.patched/programs/setup/setup.in95 --- openswan-2.4. 5rc5/programs/setup/setup.in 2005-07-25 21:17:03.000000000 +020096 +++ openswan-2.4. 5rc5.patched/programs/setup/setup.in 2006-03-29 01:20:44.000000000 +020094 diff -Nur openswan-2.4.6/programs/setup/setup.in openswan-2.4.6.scripts/programs/setup/setup.in 95 --- openswan-2.4.6/programs/setup/setup.in 2005-07-25 21:17:03.000000000 +0200 96 +++ openswan-2.4.6.scripts/programs/setup/setup.in 2006-09-29 15:53:35.000000000 +0200 97 97 @@ -117,12 +117,22 @@ 98 98 # do it … … 119 119 outtmp=/var/run/pluto/ipsec_setup.out 120 120 ( 121 diff -Nur openswan-2.4. 5rc5/programs/showhostkey/showhostkey.in openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in122 --- openswan-2.4. 5rc5/programs/showhostkey/showhostkey.in 2004-11-14 14:40:41.000000000 +0100123 +++ openswan-2.4. 5rc5.patched/programs/showhostkey/showhostkey.in 2006-03-29 01:20:44.000000000 +0200121 diff -Nur openswan-2.4.6/programs/showhostkey/showhostkey.in openswan-2.4.6.scripts/programs/showhostkey/showhostkey.in 122 --- openswan-2.4.6/programs/showhostkey/showhostkey.in 2004-11-14 14:40:41.000000000 +0100 123 +++ openswan-2.4.6.scripts/programs/showhostkey/showhostkey.in 2006-09-29 15:53:35.000000000 +0200 124 124 @@ -63,7 +63,7 @@ 125 125 exit 1 … … 131 131 awk ' BEGIN { 132 132 inkey = 0 133 diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in 134 --- openswan-2.4.5rc5/programs/_startklips/_startklips.in 2005-11-25 00:08:05.000000000 +0100 135 +++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in 2006-03-29 01:23:54.000000000 +0200 133 diff -Nur openswan-2.4.6/programs/_startklips/_startklips.in openswan-2.4.6.scripts/programs/_startklips/_startklips.in 134 --- openswan-2.4.6/programs/_startklips/_startklips.in 2006-05-09 20:34:34.000000000 +0200 135 +++ openswan-2.4.6.scripts/programs/_startklips/_startklips.in 2006-09-29 15:59:10.000000000 +0200 136 @@ -242,7 +242,7 @@ 137 fi 138 if test -f $moduleinstplace/$wantgoo 139 then 140 - echo "modprobe failed, but found matching template module $wantgoo." 141 + echo "insmod failed, but found matching template module $wantgoo." 142 echo "Copying $moduleinstplace/$wantgoo to $module." 143 rm -f $module 144 mkdir -p $moduleplace 136 145 @@ -262,15 +262,15 @@ 137 146 echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel" … … 153 162 154 163 if test -f $netkey 155 @@ -278,2 1 +278,21@@164 @@ -278,25 +278,25 @@ 156 165 klips=false 157 166 if test -f $modules … … 168 177 # xfrm_user contains netlink support for IPsec 169 178 - modprobe -qv xfrm_user 170 - modprobe -qv hw_random171 179 + insmod -qv xfrm_user 172 + insmod -qv hw_random 173 # padlock must load before aes module 174 - modprobe -qv padlock 175 + insmod -qv padlock 180 if [ -n "`cat /proc/cpuinfo |grep Nehemiah`" ] 181 then 182 echo "VIA Nehemiah detected, probing for PadLock" 183 - modprobe -qv hw_random 184 + insmod -qv hw_random 185 # padlock must load before aes module 186 - modprobe -qv padlock 187 + insmod -qv padlock 188 fi 176 189 # load the most common ciphers/algo's 177 190 - modprobe -qv sha1 … … 186 199 fi 187 200 188 @@ -3 08,10 +308,10 @@201 @@ -312,10 +312,10 @@ 189 202 fi 190 203 unset MODPATH MODULECONF # no user overrides! … … 200 213 if test ! -f $ipsecversion 201 214 then 202 diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig203 --- openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig 1970-01-01 01:00:00.000000000 +0100204 +++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig 2005-11-25 00:08:05.000000000 +0100205 @@ -0,0 +1,407 @@206 +#!/bin/sh207 +# KLIPS startup script208 +# Copyright (C) 1998, 1999, 2001, 2002 Henry Spencer.209 +#210 +# This program is free software; you can redistribute it and/or modify it211 +# under the terms of the GNU General Public License as published by the212 +# Free Software Foundation; either version 2 of the License, or (at your213 +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.214 +#215 +# This program is distributed in the hope that it will be useful, but216 +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY217 +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License218 +# for more details.219 +#220 +# RCSID $Id: scripts.patch 3639 2006-04-13 18:33:50Z nbd $221 +222 +me='ipsec _startklips' # for messages223 +224 +# KLIPS-related paths225 +sysflags=/proc/sys/net/ipsec226 +modules=/proc/modules227 +# full rp_filter path is $rpfilter1/interface/$rpfilter2228 +rpfilter1=/proc/sys/net/ipv4/conf229 +rpfilter2=rp_filter230 +# %unchanged or setting (0, 1, or 2)231 +rpfiltercontrol=0232 +ipsecversion=/proc/net/ipsec_version233 +moduleplace=/lib/modules/`uname -r`/kernel/net/ipsec234 +bareversion=`uname -r | sed -e 's/\.nptl//' | sed -e 's/^\(2\.[0-9]\.[1-9][0-9]*-[1-9][0-9]*\(\.[0-9][0-9]*\)*\(\.x\)*\).*$/\1/'`235 +moduleinstplace=/lib/modules/$bareversion/kernel/net/ipsec236 +case $bareversion in237 + 2.6*)238 + modulename=ipsec.ko239 + ;;240 + *)241 + modulename=ipsec.o242 + ;;243 +esac244 +245 +klips=true246 +netkey=/proc/net/pfkey247 +248 +info=/dev/null249 +log=daemon.error250 +for dummy251 +do252 + case "$1" in253 + --log) log="$2" ; shift ;;254 + --info) info="$2" ; shift ;;255 + --debug) debug="$2" ; shift ;;256 + --omtu) omtu="$2" ; shift ;;257 + --fragicmp) fragicmp="$2" ; shift ;;258 + --hidetos) hidetos="$2" ; shift ;;259 + --rpfilter) rpfiltercontrol="$2" ; shift ;;260 + --) shift ; break ;;261 + -*) echo "$me: unknown option \`$1'" >&2 ; exit 2 ;;262 + *) break ;;263 + esac264 + shift265 +done266 +267 +268 +269 +# some shell functions, to clarify the actual code270 +271 +# set up a system flag based on a variable272 +# sysflag value shortname default flagname273 +sysflag() {274 + case "$1" in275 + '') v="$3" ;;276 + *) v="$1" ;;277 + esac278 + if test ! -f $sysflags/$4279 + then280 + if test " $v" != " $3"281 + then282 + echo "cannot do $2=$v, $sysflags/$4 does not exist"283 + exit 1284 + else285 + return # can't set, but it's the default anyway286 + fi287 + fi288 + case "$v" in289 + yes|no) ;;290 + *) echo "unknown (not yes/no) $2 value \`$1'"291 + exit 1292 + ;;293 + esac294 + case "$v" in295 + yes) echo 1 >$sysflags/$4 ;;296 + no) echo 0 >$sysflags/$4 ;;297 + esac298 +}299 +300 +# set up a Klips interface301 +klipsinterface() {302 + # pull apart the interface spec303 + virt=`expr $1 : '\([^=]*\)=.*'`304 + phys=`expr $1 : '[^=]*=\(.*\)'`305 + case "$virt" in306 + ipsec[0-9]) ;;307 + *) echo "invalid interface \`$virt' in \`$1'" ; exit 1 ;;308 + esac309 +310 + # figure out ifconfig for interface311 + addr=312 + eval `ifconfig $phys |313 + awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ {314 + gsub(/:/, " ", $0)315 + print "addr=" $3316 + other = $5317 + if ($4 == "Bcast")318 + print "type=broadcast"319 + else if ($4 == "P-t-P")320 + print "type=pointopoint"321 + else if (NF == 5) {322 + print "type="323 + other = ""324 + } else325 + print "type=unknown"326 + print "otheraddr=" other327 + print "mask=" $NF328 + }'`329 + if test " $addr" = " "330 + then331 + echo "unable to determine address of \`$phys'"332 + exit 1333 + fi334 + if test " $type" = " unknown"335 + then336 + echo "\`$phys' is of an unknown type"337 + exit 1338 + fi339 + if test " $omtu" != " "340 + then341 + mtu="mtu $omtu"342 + else343 + mtu=344 + fi345 + echo "KLIPS $virt on $phys $addr/$mask $type $otheraddr $mtu" | logonly346 +347 + if $klips348 + then349 + # attach the interface and bring it up350 + ipsec tncfg --attach --virtual $virt --physical $phys351 + ifconfig $virt inet $addr $type $otheraddr netmask $mask $mtu352 + fi353 +354 + # if %defaultroute, note the facts355 + if test " $2" != " "356 + then357 + (358 + echo "defaultroutephys=$phys"359 + echo "defaultroutevirt=$virt"360 + echo "defaultrouteaddr=$addr"361 + if test " $2" != " 0.0.0.0"362 + then363 + echo "defaultroutenexthop=$2"364 + fi365 + ) >>$info366 + else367 + echo '#dr: no default route' >>$info368 + fi369 +370 + # check for rp_filter trouble371 + checkif $phys # thought to be a problem only on phys372 +}373 +374 +# check an interface for problems375 +checkif() {376 + $klips || return 0377 + rpf=$rpfilter1/$1/$rpfilter2378 + if test -f $rpf379 + then380 + r="`cat $rpf`"381 + if test " $r" != " 0"382 + then383 + case "$r-$rpfiltercontrol" in384 + 0-%unchanged|0-0|1-1|2-2)385 + # happy state386 + ;;387 + *-%unchanged)388 + echo "WARNING: $1 has route filtering turned on; KLIPS may not work ($rpf is $r)"389 + ;;390 + [012]-[012])391 + echo "WARNING: changing route filtering on $1 (changing $rpf from $r to $rpfiltercontrol)"392 + echo "$rpfiltercontrol" >$rpf393 + ;;394 + [012]-*)395 + echo "ERROR: unknown rpfilter setting: $rpfiltercontrol"396 + ;;397 + *)398 + echo "ERROR: unknown $rpf value $r"399 + ;;400 + esac401 + fi402 + fi403 +}404 +405 +# interfaces=%defaultroute: put ipsec0 on top of default route's interface406 +defaultinterface() {407 + phys=`netstat -nr |408 + awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'`409 + if test " $phys" = " "410 + then411 + echo "no default route, %defaultroute cannot cope!!!"412 + exit 1413 + fi414 + if test `echo " $phys" | wc -l` -gt 1415 + then416 + echo "multiple default routes, %defaultroute cannot cope!!!"417 + exit 1418 + fi419 + next=`netstat -nr |420 + awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'`421 + klipsinterface "ipsec0=$phys" $next422 +}423 +424 +# log only to syslog, not to stdout/stderr425 +logonly() {426 + logger -p $log -t ipsec_setup427 +}428 +429 +# sort out which module is appropriate, changing it if necessary430 +setmodule() {431 + if [ -e /proc/kallsyms ]432 + then433 + kernelsymbols="/proc/kallsyms";434 + echo "calcgoo: warning: 2.6 kernel with kallsyms not supported yet"435 + else436 + kernelsymbols="/proc/ksyms";437 + fi438 + wantgoo="`ipsec calcgoo $kernelsymbols`"439 + module=$moduleplace/$modulename440 + if test -f $module441 + then442 + goo="`nm -ao $module | ipsec calcgoo`"443 + if test " $wantgoo" = " $goo"444 + then445 + return # looks right446 + fi447 + fi448 + if test -f $moduleinstplace/$wantgoo449 + then450 + echo "modprobe failed, but found matching template module $wantgoo."451 + echo "Copying $moduleinstplace/$wantgoo to $module."452 + rm -f $module453 + mkdir -p $moduleplace454 + cp -p $moduleinstplace/$wantgoo $module455 + # "depmod -a" gets done by caller456 + fi457 +}458 +459 +460 +461 +# main line462 +463 +# load module if possible464 +if test -f $ipsecversion && test -f $netkey465 +then466 + # both KLIPS and NETKEY code detected, bail out467 + echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"468 + exit469 +fi470 +if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec471 +then472 + # statically compiled KLIPS/NETKEY not found; try to load the module473 + modprobe ipsec474 +fi475 +476 +if test ! -f $ipsecversion && test ! -f $netkey477 +then478 + modprobe -v af_key479 +fi480 +481 +if test -f $netkey482 +then483 + klips=false484 + if test -f $modules485 + then486 + modprobe -qv ah4487 + modprobe -qv esp4488 + modprobe -qv ipcomp489 + # xfrm4_tunnel is needed by ipip and ipcomp490 + modprobe -qv xfrm4_tunnel491 + # xfrm_user contains netlink support for IPsec492 + modprobe -qv xfrm_user493 + modprobe -qv hw_random494 + # padlock must load before aes module495 + modprobe -qv padlock496 + # load the most common ciphers/algo's497 + modprobe -qv sha1498 + modprobe -qv md5499 + modprobe -qv des500 + modprobe -qv aes501 + fi502 +fi503 +504 +if test ! -f $ipsecversion && $klips505 +then506 + if test -r $modules # kernel does have modules507 + then508 + if [ ! -e /proc/ksyms -a ! -e /proc/kallsyms ]509 + then510 + echo "Broken 2.6 kernel without kallsyms, skipping calcgoo (Fedora rpm?)"511 + else512 + setmodule513 + fi514 + unset MODPATH MODULECONF # no user overrides!515 + depmod -a >/dev/null 2>&1516 + modprobe -qv hw_random517 + # padlock must load before aes module518 + modprobe -qv padlock519 + modprobe -v ipsec520 + fi521 + if test ! -f $ipsecversion522 + then523 + echo "kernel appears to lack IPsec support (neither CONFIG_KLIPS or CONFIG_NET_KEY are set)"524 + exit 1525 + fi526 +fi527 +528 +# figure out debugging flags529 +case "$debug" in530 +'') debug=none ;;531 +esac532 +if test -r /proc/net/ipsec_klipsdebug533 +then534 + echo "KLIPS debug \`$debug'" | logonly535 + case "$debug" in536 + none) ipsec klipsdebug --none ;;537 + all) ipsec klipsdebug --all ;;538 + *) ipsec klipsdebug --none539 + for d in $debug540 + do541 + ipsec klipsdebug --set $d542 + done543 + ;;544 + esac545 +elif $klips546 +then547 + if test " $debug" != " none"548 + then549 + echo "klipsdebug=\`$debug' ignored, KLIPS lacks debug facilities"550 + fi551 +fi552 +553 +# figure out misc. kernel config554 +if test -d $sysflags555 +then556 + sysflag "$fragicmp" "fragicmp" yes icmp557 + echo 1 >$sysflags/inbound_policy_check # no debate558 + sysflag no "no_eroute_pass" no no_eroute_pass # obsolete parm559 + sysflag no "opportunistic" no opportunistic # obsolete parm560 + sysflag "$hidetos" "hidetos" yes tos561 +elif $klips562 +then563 + echo "WARNING: cannot adjust KLIPS flags, no $sysflags directory!"564 + # carry on565 +fi566 +567 +if $klips568 +then569 + # clear tables out in case dregs have been left over570 + ipsec eroute --clear571 + ipsec spi --clear572 +elif test $netkey573 +then574 + if ip xfrm state > /dev/null 2>&1575 + then576 + ip xfrm state flush577 + ip xfrm policy flush578 + elif type setkey > /dev/null 2>&1579 + then580 + # Check that the setkey command is available.581 + setkeycmd=582 + PATH=$PATH:/usr/local/sbin583 + for dir in `echo $PATH | tr ':' ' '`584 + do585 + if test -f $dir/setkey -a -x $dir/setkey586 + then587 + setkeycmd=$dir/setkey588 + break # NOTE BREAK OUT589 + fi590 + done591 + $setkeycmd -F592 + $setkeycmd -FP593 + else594 +595 + echo "WARNING: cannot flush state/policy database -- \`$1'. Install a newer version of iproute/iproute2 or install the ipsec-tools package to obtain the setkey command." |596 + logger -s -p daemon.error -t ipsec_setup597 + fi598 +fi599 +600 +# figure out interfaces601 +for i602 +do603 + case "$i" in604 + ipsec*=?*) klipsinterface "$i" ;;605 + %defaultroute) defaultinterface ;;606 + *) echo "interface \`$i' not understood"607 + exit 1608 + ;;609 + esac610 +done611 +612 +exit 0
Note:
See TracChangeset
for help on using the changeset viewer.
