+++ /dev/null
-#
-# Copyright (C) 2006 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-include $(INCLUDE_DIR)/kernel.mk
-
-PKG_NAME:=shfs
-PKG_VERSION:=0.35
-PKG_RELEASE:=2
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=@SF/shfs
-PKG_MD5SUM:=016f49d71bc32eee2b5d11fc1600cfbe
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/shfs/Default
- TITLE:=ShFS
- SUBMENU:=Filesystem
- URL:=http://shfs.sourceforge.net/
-endef
-
-define Package/shfs/Default/description
- ShFS is a simple and easy to use Linux kernel module which allows you to
- mount remote filesystems using a plain shell (SSH) connection. When using
- ShFS, you can access all remote files just like the local ones, only the
- access is governed through the transport security of SSH.
-endef
-
-define KernelPackage/shfs
-$(call Package/shfs/Default)
- TITLE+= (kernel module)
- DEPENDS:=@LINUX_2_4
- FILES:=$(PKG_INSTALL_DIR)/lib/modules/$(LINUX_VERSION)/kernel/fs/shfs/shfs.$(LINUX_KMOD_SUFFIX)
- SUBMENU:=Filesystems
- AUTOLOAD:=$(call AutoLoad,40,shfs)
-endef
-
-define KernelPackage/shfs/description
-$(call Package/shfs/Default/description)
- This package contains the ShFS kernel module.
-endef
-
-define Package/shfs-utils
-$(call Package/shfs/Default)
- SECTION:=utils
- CATEGORY:=Utilities
- DEPENDS+=+kmod-shfs
- TITLE+= (utilities)
-endef
-
-define Package/shfs-utils/description
-$(call Package/shfs/Default/description)
- This package contains the ShFS utilities.
-endef
-
-define Build/Compile
- $(MAKE) -C $(PKG_BUILD_DIR) \
- ARCH="$(LINUX_KARCH)" \
- CROSS_COMPILE="$(TARGET_CROSS)" \
- OFLAGS="$(TARGET_CFLAGS)" \
- CC="$(TARGET_CC)" \
- LINKER="$(TARGET_CC)" \
- KERNEL="$(LINUX_VERSION)" \
- KERNEL_SOURCES="$(LINUX_DIR)" \
- ROOT="$(PKG_INSTALL_DIR)" \
- module module-install
- $(MAKE) -C $(PKG_BUILD_DIR) \
- OFLAGS="$(TARGET_CFLAGS)" \
- CC="$(TARGET_CC)" \
- LINKER="$(TARGET_CC)" \
- KERNEL_SOURCES="$(LINUX_DIR)" \
- ROOT="$(PKG_INSTALL_DIR)" \
- utils utils-install
-endef
-
-define Package/shfs-utils/install
- $(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/shfs{,u}mount $(1)/usr/bin/
- $(INSTALL_DIR) $(1)/sbin
- ln -sf /usr/bin/shfsmount $(1)/sbin/mount.shfs
-endef
-
-$(eval $(call KernelPackage,shfs))
-$(eval $(call BuildPackage,shfs-utils))
+++ /dev/null
-Index: shfs-0.35/shfs/Linux-2.4/Makefile
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.4/Makefile 2007-06-04 13:22:58.143016200 +0200
-+++ shfs-0.35/shfs/Linux-2.4/Makefile 2007-06-04 13:22:58.209006168 +0200
-@@ -1,3 +1,13 @@
-+#
-+# the original Makefile was trashed and replaced by this one
-+# The main reason is that loadable modules should be built with
-+# the same compile flags the kernel was built with, so we'd better
-+# let the kernel tree build the module for us, like that :
-+#
-+# make -C $(KERNEL_DIR) SUBDIRS="$(shell pwd)" modules
-+# make -C $(KERNEL_DIR) SUBDIRS="$(shell pwd)" modules_install
-+#
-+
- ifndef KERNEL
- KERNEL=$(shell uname -r)
- endif
-@@ -10,67 +20,29 @@
- KERNEL_SOURCES=${MODULESDIR}/build
- endif
-
--ifeq (${MODVERSIONS},detect)
-- ifeq ($(shell test -e ${KERNEL_SOURCES}/include/linux/modversions.h; echo $$?),0)
-- MODVERSIONS=yes
-- endif
--endif
--
--ifeq (${MODVERSIONS},yes)
--MVER=-DMODVERSIONS -DEXPORT_SYMTAB
--endif
--
--LINVER=linux-${KERNEL}
--
--ALL_TARGETS := shfs.o
--
--SEARCHDIRS := -I- -I. -I${KERNEL_SOURCES}/include #-I/usr/src/linux/include/
-+all: all-y
-
--CC := gcc
--CFLAGS = -O2 -fomit-frame-pointer -fno-strict-aliasing -pipe -Wall ${SEARCHDIRS} -DMODULE ${MVER} -D__KERNEL__ -DLINUX
--LINKER := ld
--LDFLAGS = -r
--LOADLIBES :=
-+O_TARGET := shfs.o
-
--all: ${ALL_TARGETS}
-+shfs-objs := dcache.o dir.o fcache.o file.o inode.o ioctl.o proc.o shell.o symlink.o
-
--%.o: %.c $(wildcard *.h)
-- ${CC} ${CFLAGS} -c $< -o $@
-+obj-y := $(shfs-objs)
-+obj-m := $(O_TARGET)
-
--shfs.o: dcache.o dir.o fcache.o file.o inode.o ioctl.o proc.o shell.o symlink.o
-- ${LINKER} ${LDFLAGS} -o $@ ${filter-out %.a %.so, $^} ${LOADLIBES}
--
--tidy:
-- ${RM} core dcache.o dir.o fcache.o file.o inode.o ioctl.o proc.o shell.o symlink.o
--
--clean: tidy patch-clean
-- ${RM} shfs.o
-+-include $(TOPDIR)/Rules.make
-
-+all-y:
-+ make -C ${KERNEL_SOURCES} TOPDIR="${KERNEL_SOURCES}" SUBDIRS="$(shell pwd)" modules
-+
- install: shfs.o
- rm -f ${MODULESDIR}/kernel/fs/shfs/shfs.o
- install -m644 -b -D shfs.o ${MODULESDIR}/kernel/fs/shfs/shfs.o
-- if [ -x /sbin/depmod -a "${ROOT}" = "/" ]; then /sbin/depmod -aq; fi
-
- uninstall:
- rm -rf ${MODULESDIR}/kernel/fs/shfs
-- if [ -x /sbin/depmod -a "${ROOT}" = "/" ]; then /sbin/depmod -aq; fi
-
--patch:
-- rm -rf ${LINVER} ${LINVER}.orig; mkdir ${LINVER};
-- for i in Documentation fs/shfs include/linux; do \
-- mkdir -p ${LINVER}/$$i; \
-- done
-- cp ${KERNEL_SOURCES}/Documentation/Configure.help ${LINVER}/Documentation
-- cp ${KERNEL_SOURCES}/fs/{Makefile,Config.in} ${LINVER}/fs
-- cp -r ${LINVER} ${LINVER}.orig
-- cp ../../Changelog *.c shfs_debug.h proc.h ${LINVER}/fs/shfs/
-- cp shfs.h shfs_fs* ${LINVER}/include/linux/
-- (cd ${LINVER}; patch -p1 <../kernel-config.diff)
-- find . -type f -name "*.orig" -print | xargs rm -f
-- diff -urN ${LINVER}.orig ${LINVER} >${LINVER}.diff; true
--
--patch-clean:
-- rm -rf ${LINVER} ${LINVER}.orig;
-- rm -f ${LINVER}.diff
--
--.PHONY : all tidy clean install uninstall patch patch-clean
-+clean:
-+ rm -f core *.o *.a *.s
-+
-+shfs.o: $(shfs-objs)
-+
+++ /dev/null
-Index: shfs-0.35/shfs/Linux-2.6/inode.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.091024104 +0200
-+++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.397977440 +0200
-@@ -337,12 +337,21 @@
- return -EINVAL;
- }
-
-+#ifdef NEW_VFS_DENTRY_API
-+static int
-+shfs_get_sb(struct file_system_type *fs_type,
-+ int flags, const char *dev_name, void *data, struct vfsmount *mnt)
-+{
-+ return get_sb_nodev(fs_type, flags, data, shfs_read_super, mnt);
-+}
-+#else
- static struct super_block *
- shfs_get_sb(struct file_system_type *fs_type,
- int flags, const char *dev_name, void *data)
- {
- return get_sb_nodev(fs_type, flags, data, shfs_read_super);
- }
-+#endif
-
- static struct file_system_type sh_fs_type = {
- .owner = THIS_MODULE,
-Index: shfs-0.35/shfs/Linux-2.6/file.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/file.c 2007-06-04 13:22:58.096023344 +0200
-+++ shfs-0.35/shfs/Linux-2.6/file.c 2007-06-04 13:22:58.397977440 +0200
-@@ -199,7 +199,7 @@
- }
-
- static int
--shfs_file_flush(struct file *f)
-+do_file_flush(struct file *f)
- {
- struct dentry *dentry = f->f_dentry;
- struct shfs_sb_info *info = info_from_dentry(dentry);
-@@ -222,6 +222,16 @@
- }
-
- static int
-+#ifdef FLUSH_HAS_LOCK_OWNER
-+shfs_file_flush(struct file *f, fl_owner_t id)
-+#else
-+shfs_file_flush(struct file *f)
-+#endif
-+{
-+ return do_file_flush(f);
-+}
-+
-+static int
- shfs_file_release(struct inode *inode, struct file *f)
- {
- struct dentry *dentry = f->f_dentry;
-@@ -311,7 +321,7 @@
- DEBUG("\n");
- written = generic_file_write(f, buf, count, offset);
- if (written > 0) {
-- result = shfs_file_flush(f);
-+ result = do_file_flush(f);
- written = result < 0 ? result: written;
- }
-
-Index: shfs-0.35/shfs/Linux-2.6/proc.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/proc.c 2007-06-04 13:22:58.102022432 +0200
-+++ shfs-0.35/shfs/Linux-2.6/proc.c 2007-06-04 13:22:58.398977288 +0200
-@@ -570,6 +570,16 @@
- return result;
- }
-
-+#ifdef NEW_VFS_DENTRY_API
-+int
-+shfs_statfs(struct dentry *dentry, struct kstatfs *attr)
-+{
-+ struct shfs_sb_info *info = info_from_sb(dentry->d_sb);
-+
-+ DEBUG("\n");
-+ return info->fops.statfs(info, attr);
-+}
-+#else
- int
- shfs_statfs(struct super_block *sb, struct kstatfs *attr)
- {
-@@ -578,4 +588,5 @@
- DEBUG("\n");
- return info->fops.statfs(info, attr);
- }
-+#endif
-
-Index: shfs-0.35/shfs/Linux-2.6/shfs_fs.h
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.107021672 +0200
-+++ shfs-0.35/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.398977288 +0200
-@@ -9,6 +9,12 @@
-
- #include <linux/ioctl.h>
- #include <linux/pagemap.h>
-+#include <linux/version.h>
-+
-+#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,17)
-+#define NEW_VFS_DENTRY_API
-+#define FLUSH_HAS_LOCK_OWNER
-+#endif
-
- #define SHFS_MAX_AGE(info) (((info)->ttl * HZ) / 1000)
- #define SOCKBUF_SIZE (SHFS_PATH_MAX * 10)
-@@ -101,7 +107,12 @@
- void set_garbage(struct shfs_sb_info *info, int write, int count);
- int get_name(struct dentry *d, char *name);
- int shfs_notify_change(struct dentry *dentry, struct iattr *attr);
-+
-+#ifdef NEW_VFS_DENTRY_API
-+int shfs_statfs(struct dentry *dentry, struct kstatfs *attr);
-+#else
- int shfs_statfs(struct super_block *sb, struct kstatfs *attr);
-+#endif
-
- /* shfs/inode.c */
- void shfs_set_inode_attr(struct inode *inode, struct shfs_fattr *fattr);
-Index: shfs-0.35/shfs/Linux-2.6/symlink.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/symlink.c 2007-06-04 13:22:58.113020760 +0200
-+++ shfs-0.35/shfs/Linux-2.6/symlink.c 2007-06-04 13:22:58.398977288 +0200
-@@ -41,7 +41,7 @@
- return result;
- }
-
--static int
-+static void *
- shfs_follow_link(struct dentry *dentry, struct nameidata *nd)
- {
- struct shfs_sb_info *info = info_from_dentry(dentry);
-@@ -61,7 +61,7 @@
- DEBUG("%s\n", real_name);
- result = vfs_follow_link(nd, real_name);
- error:
-- return result;
-+ return NULL;
- }
-
- struct inode_operations shfs_symlink_inode_operations = {
-Index: shfs-0.35/shfs/Linux-2.6/dcache.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/dcache.c 2007-06-04 13:22:58.121019544 +0200
-+++ shfs-0.35/shfs/Linux-2.6/dcache.c 2007-06-04 13:22:58.398977288 +0200
-@@ -68,7 +68,7 @@
- spin_lock(&dcache_lock);
- next = parent->d_subdirs.next;
- while (next != &parent->d_subdirs) {
-- dentry = list_entry(next, struct dentry, d_child);
-+ dentry = list_entry(next, struct dentry, d_u.d_child);
- dentry->d_fsdata = NULL;
- shfs_age_dentry(info, dentry);
- next = next->next;
-@@ -101,7 +101,7 @@
- spin_lock(&dcache_lock);
- next = parent->d_subdirs.next;
- while (next != &parent->d_subdirs) {
-- dent = list_entry(next, struct dentry, d_child);
-+ dent = list_entry(next, struct dentry, d_u.d_child);
- if ((unsigned long)dent->d_fsdata == fpos) {
- if (dent->d_inode)
- dget_locked(dent);
+++ /dev/null
-Index: shfs-0.35/shfs/Linux-2.6/inode.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.397977440 +0200
-+++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.637940960 +0200
-@@ -8,6 +8,7 @@
- #include <linux/modversions.h>
- #endif
-
-+#include <linux/version.h>
- #include <linux/kernel.h>
- #include <linux/module.h>
- #include <linux/init.h>
-@@ -118,6 +119,9 @@
- }
- KMEM_FREE("inode", inode_cache, i);
- out:
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,13))
-+ truncate_inode_pages(&inode->i_data, 0);
-+#endif
- clear_inode(inode);
- }
-
+++ /dev/null
-Index: shfs-0.35/shfs/Linux-2.6/dir.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/dir.c 2007-06-04 13:22:58.041031704 +0200
-+++ shfs-0.35/shfs/Linux-2.6/dir.c 2007-06-04 13:22:58.822912840 +0200
-@@ -19,6 +19,8 @@
- #include "shfs_debug.h"
- #include "proc.h"
-
-+static struct dentry_operations shfs_dentry_operations;
-+
- static int
- shfs_dir_open(struct inode *inode, struct file *filp)
- {
-Index: shfs-0.35/shfs/Linux-2.6/shfs_fs.h
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.398977288 +0200
-+++ shfs-0.35/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.823912688 +0200
-@@ -56,7 +56,6 @@
- #define ROUND_TO_MINS(x) do { (x).tv_sec = ((x).tv_sec / 60) * 60; (x).tv_nsec = 0; } while (0)
-
- /* shfs/dir.c */
--extern struct dentry_operations shfs_dentry_operations;
- extern struct file_operations shfs_dir_operations;
- extern struct inode_operations shfs_dir_inode_operations;
- extern void shfs_new_dentry(struct dentry *dentry);
+++ /dev/null
-Index: shfs-0.35/shfs/Linux-2.6/fcache.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/fcache.c 2007-06-04 13:22:57.997038392 +0200
-+++ shfs-0.35/shfs/Linux-2.6/fcache.c 2007-06-04 13:22:59.019882896 +0200
-@@ -100,7 +100,11 @@
- VERBOSE("dir in file cache?\n");
- return -EINVAL;
- }
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ p = (struct shfs_inode_info *)inode->i_private;
-+#else
- p = (struct shfs_inode_info *)inode->u.generic_ip;
-+#endif
- if (!p) {
- VERBOSE("inode without info\n");
- return -EINVAL;
-@@ -127,7 +131,11 @@
- VERBOSE("dir in file cache?\n");
- return -EINVAL;
- }
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ p = (struct shfs_inode_info *)inode->i_private;
-+#else
- p = (struct shfs_inode_info *)inode->u.generic_ip;
-+#endif
- if (!p) {
- VERBOSE("inode without info\n");
- return -EINVAL;
-@@ -160,7 +168,11 @@
- if (result == 0) {
- struct shfs_inode_info *p;
-
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ p = (struct shfs_inode_info *)f->f_dentry->d_inode->i_private;
-+#else
- p = (struct shfs_inode_info *)f->f_dentry->d_inode->u.generic_ip;
-+#endif
- if (!p) {
- VERBOSE("inode without info\n");
- return -EINVAL;
-@@ -184,7 +196,11 @@
- return -EINVAL;
- }
- DEBUG("ino: %lu\n", inode->i_ino);
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ p = (struct shfs_inode_info *)inode->i_private;
-+#else
- p = (struct shfs_inode_info *)inode->u.generic_ip;
-+#endif
- if (!p) {
- VERBOSE("inode without info\n");
- return -EINVAL;
-@@ -226,7 +242,11 @@
- VERBOSE("dir in file cache?\n");
- return -EINVAL;
- }
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ p = (struct shfs_inode_info *)inode->i_private;
-+#else
- p = (struct shfs_inode_info *)inode->u.generic_ip;
-+#endif
- if (!p) {
- VERBOSE("inode without info\n");
- return -EINVAL;
-@@ -327,7 +347,11 @@
- VERBOSE("dir in file cache?\n");
- return -EINVAL;
- }
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ p = (struct shfs_inode_info *)inode->i_private;
-+#else
- p = (struct shfs_inode_info *)inode->u.generic_ip;
-+#endif
- if (!p) {
- VERBOSE("inode without info\n");
- return -EINVAL;
-Index: shfs-0.35/shfs/Linux-2.6/inode.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.637940960 +0200
-+++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-04 13:22:59.020882744 +0200
-@@ -36,7 +36,11 @@
- shfs_set_inode_attr(struct inode *inode, struct shfs_fattr *fattr)
- {
- struct shfs_sb_info *info = info_from_inode(inode);
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ struct shfs_inode_info *i = inode->i_private;
-+#else
- struct shfs_inode_info *i = inode->u.generic_ip;
-+#endif
- struct timespec last_time = inode->i_mtime;
- loff_t last_size = inode->i_size;
-
-@@ -53,7 +57,9 @@
- inode->i_ctime = fattr->f_ctime;
- inode->i_atime = fattr->f_atime;
- inode->i_mtime = fattr->f_mtime;
-+#ifdef STRUCT_INODE_HAS_I_BLKSIZE
- inode->i_blksize= fattr->f_blksize;
-+#endif
- inode->i_blocks = fattr->f_blocks;
- inode->i_size = fattr->f_size;
-
-@@ -76,7 +82,11 @@
- if (!inode)
- return NULL;
- inode->i_ino = fattr->f_ino;
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ i = inode->i_private = (struct shfs_inode_info *)KMEM_ALLOC("inode", inode_cache, GFP_KERNEL);
-+#else
- i = inode->u.generic_ip = (struct shfs_inode_info *)KMEM_ALLOC("inode", inode_cache, GFP_KERNEL);
-+#endif
- if (!i)
- return NULL;
- i->cache = NULL;
-@@ -108,7 +118,11 @@
- struct shfs_inode_info *i;
-
- DEBUG("ino: %lu\n", inode->i_ino);
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ i = (struct shfs_inode_info *)inode->i_private;
-+#else
- i = (struct shfs_inode_info *)inode->u.generic_ip;
-+#endif
- if (!i) {
- VERBOSE("invalid inode\n");
- goto out;
-@@ -176,7 +190,11 @@
- {
- struct shfs_sb_info *info = info_from_dentry(dentry);
- struct inode *inode = dentry->d_inode;
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ struct shfs_inode_info *i = (struct shfs_inode_info *)inode->i_private;
-+#else
- struct shfs_inode_info *i = (struct shfs_inode_info *)inode->u.generic_ip;
-+#endif
- int result;
-
- DEBUG("%s\n", dentry->d_name.name);
-Index: shfs-0.35/shfs/Linux-2.6/dir.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/dir.c 2007-06-04 13:22:58.822912840 +0200
-+++ shfs-0.35/shfs/Linux-2.6/dir.c 2007-06-04 13:22:59.020882744 +0200
-@@ -302,8 +302,13 @@
-
- shfs_invalid_dir_cache(dir);
- result = shfs_instantiate(dentry);
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ if (forced_write && dentry->d_inode && dentry->d_inode->i_private)
-+ ((struct shfs_inode_info *)dentry->d_inode->i_private)->unset_write_on_close = 1;
-+#else
- if (forced_write && dentry->d_inode && dentry->d_inode->u.generic_ip)
- ((struct shfs_inode_info *)dentry->d_inode->u.generic_ip)->unset_write_on_close = 1;
-+#endif
- return result;
- }
-
-Index: shfs-0.35/shfs/Linux-2.6/file.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/file.c 2007-06-04 13:22:58.397977440 +0200
-+++ shfs-0.35/shfs/Linux-2.6/file.c 2007-06-04 13:22:59.020882744 +0200
-@@ -90,7 +90,11 @@
- struct dentry *dentry = f->f_dentry;
- struct shfs_sb_info *info = info_from_dentry(dentry);
- struct inode *inode = p->mapping->host;
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ struct shfs_inode_info *i = (struct shfs_inode_info *)inode->i_private;
-+#else
- struct shfs_inode_info *i = (struct shfs_inode_info *)inode->u.generic_ip;
-+#endif
- char *buffer = kmap(p) + offset;
- int written = 0, result;
- unsigned count = to - offset;
-@@ -252,8 +256,13 @@
- }
- }
- /* if file was forced to be writeable, change attrs back on close */
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ if (dentry->d_inode && dentry->d_inode->i_private) {
-+ if (((struct shfs_inode_info *)dentry->d_inode->i_private)->unset_write_on_close) {
-+#else
- if (dentry->d_inode && dentry->d_inode->u.generic_ip) {
- if (((struct shfs_inode_info *)dentry->d_inode->u.generic_ip)->unset_write_on_close) {
-+#endif
- char name[SHFS_PATH_MAX];
-
- if (get_name(dentry, name) < 0)
-@@ -302,7 +311,8 @@
- goto error;
- }
- if (result != 0) {
-- copy_to_user(buf, (char *)page, result);
-+ if (copy_to_user(buf, (char *)page, result))
-+ goto error;
- *ppos += result;
- }
- error:
-@@ -315,11 +325,15 @@
- static ssize_t
- shfs_slow_write(struct file *f, const char *buf, size_t count, loff_t *offset)
- {
-- int written = 0;
-+ ssize_t written = 0;
- int result;
-
- DEBUG("\n");
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ written = do_sync_write(f, buf, count, offset);
-+#else
- written = generic_file_write(f, buf, count, offset);
-+#endif
- if (written > 0) {
- result = do_file_flush(f);
- written = result < 0 ? result: written;
-@@ -330,14 +344,23 @@
-
- struct file_operations shfs_file_operations = {
- .llseek = generic_file_llseek,
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ .read = do_sync_read,
-+ .write = do_sync_write,
-+#else
- .read = generic_file_read,
- .write = generic_file_write,
-+#endif
- .ioctl = shfs_ioctl,
- .mmap = generic_file_mmap,
- .open = shfs_file_open,
- .flush = shfs_file_flush,
- .release = shfs_file_release,
- .fsync = shfs_file_sync,
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ .aio_read = generic_file_aio_read,
-+ .aio_write = generic_file_aio_write,
-+#endif
- };
-
- struct file_operations shfs_slow_operations = {
-Index: shfs-0.35/shfs/Linux-2.6/proc.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/proc.c 2007-06-04 13:22:58.398977288 +0200
-+++ shfs-0.35/shfs/Linux-2.6/proc.c 2007-06-04 13:22:59.021882592 +0200
-@@ -149,7 +149,12 @@
- {
- struct file *f = info->sock;
- mm_segment_t fs;
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ ssize_t result = 0;
-+ loff_t begin;
-+#else
- int c, result = 0;
-+#endif
- unsigned long flags, sigpipe;
- sigset_t old_set;
-
-@@ -161,7 +166,9 @@
- return result;
- }
-
-+#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19))
- c = count;
-+#endif
-
- fs = get_fs();
- set_fs(get_ds());
-@@ -173,6 +180,16 @@
- SIGRECALC;
- SIGUNLOCK(flags);
-
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ begin = f->f_pos;
-+ result = do_sync_write(f, buffer, count, &f->f_pos);
-+
-+ if (result < 0) {
-+ DEBUG("error: %d\n", result);
-+ fput(f);
-+ info->sock = NULL;
-+ }
-+#else
- do {
- struct iovec vec[1];
-
-@@ -190,6 +207,7 @@
- buffer += result;
- c -= result;
- } while (c > 0);
-+#endif
-
- SIGLOCK(flags);
- if (result == -EPIPE && !sigpipe) {
-@@ -204,7 +222,11 @@
-
- DEBUG(">%d\n", result);
- if (result < 0)
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ set_garbage(info, 1, count - (f->f_pos - begin));
-+#else
- set_garbage(info, 1, c);
-+#endif
- else
- result = count;
- return result;
-@@ -222,6 +244,9 @@
- int c, result = 0;
- unsigned long flags, sigpipe;
- sigset_t old_set;
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ loff_t begin;
-+#endif
-
- if (!f)
- return -EIO;
-@@ -256,6 +281,20 @@
- fs = get_fs();
- set_fs(get_ds());
-
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ begin = f->f_pos;
-+ result = do_sync_read(f, buffer, c, &f->f_pos);
-+
-+ if (!result) {
-+ /* peer has closed socket */
-+ result = -EIO;
-+ }
-+ if (result < 0) {
-+ DEBUG("error: %d\n", result);
-+ fput(f);
-+ info->sock = NULL;
-+ }
-+#else
- do {
- struct iovec vec[1];
-
-@@ -277,6 +316,7 @@
- buffer += result;
- c -= result;
- } while (c > 0);
-+#endif
-
- SIGLOCK(flags);
- if (result == -EPIPE && !sigpipe) {
-@@ -291,7 +331,11 @@
-
- DEBUG("<%d\n", result);
- if (result < 0)
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ set_garbage(info, 0, count - (f->f_pos - begin));
-+#else
- set_garbage(info, 0, c);
-+#endif
- else
- result = count;
- return result;
-@@ -316,8 +360,10 @@
- return result;
- }
- while (1) {
-+#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19))
- struct iovec vec[1];
-
-+#endif
- nl = memchr(BUFFER, '\n', LEN);
- if (nl) {
- *nl = '\0';
-@@ -348,9 +394,13 @@
- fs = get_fs();
- set_fs(get_ds());
-
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
-+ result = do_sync_read(f, BUFFER+LEN, c, &f->f_pos);
-+#else
- vec[0].iov_base = BUFFER+LEN;
- vec[0].iov_len = c;
- result = f->f_op->readv(f, (const struct iovec *)&vec, 1, &f->f_pos);
-+#endif
- SIGLOCK(flags);
- if (result == -EPIPE && !sigpipe) {
- sigdelset(¤t->pending.signal, SIGPIPE);
+++ /dev/null
-Index: shfs-0.35/shfs/Linux-2.4/shell.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.4/shell.c 2007-06-04 13:22:57.970042496 +0200
-+++ shfs-0.35/shfs/Linux-2.4/shell.c 2007-06-04 13:22:59.249847936 +0200
-@@ -213,6 +213,7 @@
- int c = 0;
- int is_space = 1;
- int device = 0;
-+ char *start = s;
-
- while (*s) {
- if (c == DIR_COLS)
-@@ -227,17 +228,20 @@
- s++;
- }
- *s = '\0';
-+ start = s+1;
- is_space = 1;
-+ } else {
-+ if (c != DIR_NAME)
-+ start = s+1;
- }
- } else {
- if (is_space) {
- /* (b)lock/(c)haracter device hack */
-- col[c++] = s;
-+ col[c++] = start;
- is_space = 0;
- if ((c-1 == DIR_PERM) && ((*s == 'b')||(*s == 'c'))) {
- device = 1;
- }
--
- }
- }
- s++;
-Index: shfs-0.35/shfs/Linux-2.6/shell.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/shell.c 2007-06-04 13:22:57.977041432 +0200
-+++ shfs-0.35/shfs/Linux-2.6/shell.c 2007-06-04 13:22:59.249847936 +0200
-@@ -225,6 +225,7 @@
- int c = 0;
- int is_space = 1;
- int device = 0;
-+ char *start = s;
-
- while (*s) {
- if (c == DIR_COLS)
-@@ -239,17 +240,20 @@
- s++;
- }
- *s = '\0';
-+ start = s+1;
- is_space = 1;
-+ } else {
-+ if (c != DIR_NAME)
-+ start = s+1;
- }
- } else {
- if (is_space) {
- /* (b)lock/(c)haracter device hack */
-- col[c++] = s;
-+ col[c++] = start;
- is_space = 0;
- if ((c-1 == DIR_PERM) && ((*s == 'b')||(*s == 'c'))) {
- device = 1;
- }
--
- }
- }
- s++;
+++ /dev/null
-Index: shfs-0.35/shfs/Linux-2.4/shfs_fs_sb.h
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.4/shfs_fs_sb.h 2007-06-04 13:22:57.941046904 +0200
-+++ shfs-0.35/shfs/Linux-2.4/shfs_fs_sb.h 2007-06-04 13:22:59.448817688 +0200
-@@ -38,10 +38,10 @@
- struct shfs_fileops fops;
- int version;
- int ttl;
-- __kernel_uid_t uid;
-- __kernel_gid_t gid;
-- __kernel_mode_t root_mode;
-- __kernel_mode_t fmask;
-+ uid_t uid;
-+ gid_t gid;
-+ mode_t root_mode;
-+ mode_t fmask;
- char mount_point[SHFS_PATH_MAX];
- struct semaphore sock_sem; /* next 4 vars are guarded */
- struct file *sock;
-Index: shfs-0.35/shfs/Linux-2.6/shfs_fs_sb.h
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/shfs_fs_sb.h 2007-06-04 13:22:57.949045688 +0200
-+++ shfs-0.35/shfs/Linux-2.6/shfs_fs_sb.h 2007-06-04 13:22:59.449817536 +0200
-@@ -38,10 +38,10 @@
- struct shfs_fileops fops;
- int version;
- int ttl;
-- __kernel_uid_t uid;
-- __kernel_gid_t gid;
-- __kernel_mode_t root_mode;
-- __kernel_mode_t fmask;
-+ uid_t uid;
-+ gid_t gid;
-+ mode_t root_mode;
-+ mode_t fmask;
- char mount_point[SHFS_PATH_MAX];
- struct semaphore sock_sem; /* next 4 vars are guarded */
- struct file *sock;
+++ /dev/null
-Index: shfs-0.35/shfs/Linux-2.4/shell.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.4/shell.c 2007-06-04 13:22:59.249847936 +0200
-+++ shfs-0.35/shfs/Linux-2.4/shell.c 2007-06-04 13:22:59.643788048 +0200
-@@ -961,11 +961,11 @@
-
- s = info->sockbuf;
- if ((p = strsep(&s, " ")))
-- attr->f_blocks = simple_strtoull(p, NULL, 10);
-+ attr->f_blocks = simple_strtoull(p, NULL, 10) >> 2;
- if ((p = strsep(&s, " ")))
-- attr->f_bfree = attr->f_blocks - simple_strtoull(p, NULL, 10);
-+ attr->f_bfree = attr->f_blocks - (simple_strtoull(p, NULL, 10) >> 2);
- if ((p = strsep(&s, " ")))
-- attr->f_bavail = simple_strtoull(p, NULL, 10);
-+ attr->f_bavail = simple_strtoull(p, NULL, 10) >> 2;
-
- result = sock_readln(info, info->sockbuf, SOCKBUF_SIZE);
- if (result < 0)
-Index: shfs-0.35/shfs/Linux-2.6/shell.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/shell.c 2007-06-04 13:22:59.249847936 +0200
-+++ shfs-0.35/shfs/Linux-2.6/shell.c 2007-06-04 13:22:59.643788048 +0200
-@@ -974,11 +974,11 @@
-
- s = info->sockbuf;
- if ((p = strsep(&s, " ")))
-- attr->f_blocks = simple_strtoull(p, NULL, 10);
-+ attr->f_blocks = simple_strtoull(p, NULL, 10) >> 2;
- if ((p = strsep(&s, " ")))
-- attr->f_bfree = attr->f_blocks - simple_strtoull(p, NULL, 10);
-+ attr->f_bfree = attr->f_blocks - (simple_strtoull(p, NULL, 10) >> 2);
- if ((p = strsep(&s, " ")))
-- attr->f_bavail = simple_strtoull(p, NULL, 10);
-+ attr->f_bavail = simple_strtoull(p, NULL, 10) >> 2;
-
- result = sock_readln(info, info->sockbuf, SOCKBUF_SIZE);
- if (result < 0)
+++ /dev/null
-Index: shfs-0.35/shfsmount/shfsmount.c
-===================================================================
---- shfs-0.35.orig/shfsmount/shfsmount.c 2007-06-04 13:22:57.883055720 +0200
-+++ shfs-0.35/shfsmount/shfsmount.c 2007-06-04 13:22:59.838758408 +0200
-@@ -74,7 +74,7 @@
- static int have_uid = 0;
-
- /* do not update /etc/mtab */
--static int nomtab = 0;
-+static int nomtab = 1;
-
- /* preserve owner of files */
- static int preserve = 0;
-Index: shfs-0.35/shfsmount/shfsumount.c
-===================================================================
---- shfs-0.35.orig/shfsmount/shfsumount.c 2007-06-04 13:22:57.890054656 +0200
-+++ shfs-0.35/shfsmount/shfsumount.c 2007-06-04 13:22:59.838758408 +0200
-@@ -67,10 +67,6 @@
- FILE *new_mtab;
- struct mntent *ment;
-
-- if ((fd = open(MOUNTED"~", O_RDWR|O_CREAT|O_EXCL, 0600)) == -1) {
-- fprintf(stderr, "Can't get "MOUNTED"~ lock file");
-- return 0;
-- }
- close(fd);
- if ((mtab = setmntent(MOUNTED, "r")) == NULL) {
- fprintf(stderr, "Can't open " MOUNTED ": %s\n", strerror(errno));
+++ /dev/null
-Index: shfs-0.35/shfs/Linux-2.6/dir.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/dir.c 2007-06-17 04:08:32.449815896 +0200
-+++ shfs-0.35/shfs/Linux-2.6/dir.c 2007-06-17 04:08:41.766399560 +0200
-@@ -13,6 +13,7 @@
- #include <asm/uaccess.h>
- #include <linux/smp_lock.h>
- #include <linux/stat.h>
-+#include <linux/jiffies.h>
-
- #include "shfs_fs.h"
- #include "shfs_fs_i.h"
-Index: shfs-0.35/shfs/Linux-2.6/inode.c
-===================================================================
---- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-17 04:09:01.961329464 +0200
-+++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-17 04:13:08.501849608 +0200
-@@ -15,6 +15,9 @@
- #include <asm/uaccess.h>
- #include <linux/file.h>
- #include <linux/smp_lock.h>
-+#include <linux/jiffies.h>
-+#include <linux/sched.h>
-+#include <asm/current.h>
-
- #include "shfs_fs.h"
- #include "shfs_fs_sb.h"
+++ /dev/null
-#
-# Copyright (C) 2006 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-include $(INCLUDE_DIR)/kernel.mk
-
-PKG_NAME:=strongswan
-PKG_VERSION:=2.8.11
-PKG_RELEASE:=1
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=http://download.strongswan.org/
-PKG_MD5SUM:=067189ae1586f0fdc5527c3c90448771
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/strongswan/Default
- TITLE:=strongSwan
- DEPENDS:=@LINUX_2_4
- URL:=http://www.strongswan.org/
-endef
-
-define Package/strongswan/Default/description
- strongSwan is an IPsec implementation for Linux.
-endef
-
-define Package/strongswan
-$(call Package/strongswan/Default)
- SECTION:=net
- CATEGORY:=Network
- DEPENDS:=+kmod-strongswan +libgmp @LINUX_2_4
- TITLE+= (daemon)
-endef
-
-define Package/strongswan/description
-$(call Package/strongswan/Default/description)
- This package contains the strongSwan user-land daemon.
-endef
-
-define KernelPackage/strongswan
-$(call Package/strongswan/Default)
- SUBMENU:=Network Support
- TITLE+= (kernel module)
- DEPENDS:=@LINUX_2_4
- FILES:=$(PKG_BUILD_DIR)/linux/net/ipsec/ipsec.$(LINUX_KMOD_SUFFIX)
- AUTOLOAD:=$(call AutoLoad,50,ipsec)
-endef
-
-define KernelPackage/strongswan/description
-$(call Package/strongswan/Default/description)
- This package contains the strongSwan kernel module.
-endef
-
-PKG_MAKE_OPTS:= \
- LINUX_RELEASE="$(LINUX_RELEASE)" \
- KERNELSRC="$(LINUX_DIR)" \
- ARCH="$(LINUX_KARCH)" \
- CROSS_COMPILE="$(TARGET_CROSS)" \
- USERCOMPILE="$(TARGET_CFLAGS) -I./linux/include $(TARGET_CPPFLAGS) $(TARGET_LDFLAGS)" \
- IPSECDIR="/usr/lib/ipsec" \
- INC_USRLOCAL="/usr" \
-
-define Build/Compile
- $(MAKE) -C $(PKG_BUILD_DIR) \
- $(TARGET_CONFIGURE_OPTS) \
- $(PKG_MAKE_OPTS) \
- LDFLAGS="$(TARGET_LDFLAGS)" \
- DESTDIR="$(PKG_INSTALL_DIR)" \
- programs module install
-endef
-
-define Package/strongswan/install
- $(CP) $(PKG_INSTALL_DIR)/* $(1)
- $(INSTALL_DIR) $(1)/etc/init.d
- $(INSTALL_DIR) $(1)/etc/config
- $(INSTALL_DIR) $(1)/etc/cron.tick
- $(INSTALL_DIR) $(1)/etc/hotplug.d/iface
- $(INSTALL_DIR) $(1)/etc/hotplug.d/button
- $(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec
- $(INSTALL_BIN) ./files/ipsec.cron $(1)/etc/cron.tick/ipsec-wakeup
- $(INSTALL_BIN) ./files/ipsec.iface $(1)/etc/hotplug.d/iface/65-ipsec
- $(INSTALL_BIN) ./files/ipsec.button $(1)/etc/hotplug.d/button/65-ipsec
- $(INSTALL_DATA) ./files/ipsec.config $(1)/etc/config/ipsec
- $(INSTALL_DATA) ./files/ipsec.conf $(1)/etc/ipsec.conf
- rm -rf $(1)/usr/share
- rm -rf $(1)/usr/man
- rm -rf $(1)/var
- rm -rf $(1)/etc/rc.d
- find $(1) -name \*.old | xargs rm -rf
-endef
-
-$(eval $(call BuildPackage,strongswan))
-$(eval $(call KernelPackage,strongswan))
+++ /dev/null
-#!/bin/sh
-
-# snarf the code that loads the config values
-# since we also load the functions, might as well save the shell calls
-. /etc/init.d/ipsec
-
-[ -n "$IPSEC_RESET_BUTTON" -a "$BUTTON" = "$IPSEC_RESET_BUTTON" ] || exit
-
-if [ ! -e /var/run/pluto.pid ] ; then
-
- [ "$ACTION" = "pressed" ] && start
-
-else
-
- if [ "$ACTION" = "pressed" ] ; then
-
- stop
-
- elif [ "$ACTION" = "released" ] ; then
-
- while [ -e /var/run/pluto.pid ] ; do
- sleep 1
- done
-
- while ps auxww | grep ipsec | grep -v grep ; do
- sleep 1
- done
-
- start
-
- fi
-
-fi
-
+++ /dev/null
-
-version 2.0
-
-config setup
- interfaces=%defaultroute
- nat_traversal=yes # required on both ends
- uniqueids=yes # makes sense on client, not server
- hidetos=no
-
-conn %default
- authby=rsasig
- keyingtries=3
- keyexchange=ike
- left=%defaultroute
- leftrsasigkey=%cert
- rightrsasigkey=%cert
- dpdtimeout=30 # keepalive must arrive within
- dpddelay=5 # secs before keepalives start
- compress=no # breaks double nat installations
- pfs=yes
-
-conn sample
- leftca=%same
- leftcert=my.certificate.crt
- leftsourceip=192.168.10.1
- leftsubnet=192.168.10.0/24
- right=my.vpn.concentrator.net.
- rightca=%same
- rightid="C=??, ST=??, O=??, OU=??, CN=my.vpn.concentrator.net, E=root@concentrator.net"
- rightsourceip=192.168.11.1
- rightsubnet=192.168.11.0/24
- dpdaction=hold
- auto=start
-
+++ /dev/null
-
-# Configure button/light behavior here.
-config device
- option reset_button ses
- option status_start ses_orange
- option status_valid ses_white
-
-# iptables setup for traffic to/from this host
-config filter
- option rule_in input_rule
- option dest_in ACCEPT
- option rule_out output_rule
- option dest_out ACCEPT
-
-# iptables setup for traffic to/from another host
-config forward
- option rule_in forwarding_rule
- option dest_in forwarding_vpn_in
- option rule_out forwarding_rule
- option dest_out forwarding_vpn_out
-
+++ /dev/null
-#!/bin/sh
-/usr/sbin/ipsec wakeup
+++ /dev/null
-NAME=ipsec
-CTLFILE="/var/run/pluto.ctl"
-
-[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] || exit
-
-[ -e "$CTLFILE" ] || exit
-
-/etc/init.d/ipsec update
+++ /dev/null
-#!/bin/sh /etc/rc.common
-
-START=65
-
-config_cb() {
- local cfg="$CONFIG_SECTION"
- local cfgt
- config_get cfgt "$cfg" TYPE
-
- case "$cfgt" in
- device)
- config_get IPSEC_RESET_BUTTON $cfg reset_button
- config_get IPSEC_STATUS_LED_START $cfg status_start
- config_get IPSEC_STATUS_LED_VALID $cfg status_valid
- ;;
- filter)
- config_get IPSEC_UPDOWN_RULE_IN $cfg rule_in
- config_get IPSEC_UPDOWN_DEST_IN $cfg dest_in
- config_get IPSEC_UPDOWN_RULE_OUT $cfg rule_out
- config_get IPSEC_UPDOWN_DEST_OUT $cfg dest_out
- ;;
- forward)
- config_get IPSEC_UPDOWN_FWD_RULE_IN $cfg rule_in
- config_get IPSEC_UPDOWN_FWD_DEST_IN $cfg dest_in
- config_get IPSEC_UPDOWN_FWD_RULE_OUT $cfg rule_out
- config_get IPSEC_UPDOWN_FWD_DEST_OUT $cfg dest_out
- ;;
- *)
- ;;
- esac
-}
-
-config_load ipsec
-
-export IPSEC_RESET_BUTTON
-export IPSEC_STATUS_LED_START
-export IPSEC_STATUS_LED_VALID
-
-export IPSEC_UPDOWN_RULE_IN
-export IPSEC_UPDOWN_DEST_IN
-export IPSEC_UPDOWN_RULE_OUT
-export IPSEC_UPDOWN_DEST_OUT
-
-export IPSEC_UPDOWN_FWD_RULE_IN
-export IPSEC_UPDOWN_FWD_DEST_IN
-export IPSEC_UPDOWN_FWD_RULE_OUT
-export IPSEC_UPDOWN_FWD_DEST_OUT
-
-
-start() {
-
- [ -f /etc/ipsec.conf ] || exit
- [ -e /var/run/starter.pid ] && exit
-
- /usr/sbin/ipsec _showstatus start
-
- # stuff the dnsmasq cache in case dns is on our own subnet
- for peer in `grep left= /etc/ipsec.conf | \
- cut -f 1 -d% | cut -f 2 -d=` ; do
- ping -c 1 $peer > /dev/null 2>&1
- done
-
- /usr/sbin/ipsec start || exit
-
- # work around broken routing behavior:
- # a route to the local wan segment will appear
- # the need was removed in the patched _updown script
-
- while ! route -n | grep -q ipsec ; do sleep 1 ; done
-
- defint=`route -n | awk '/^0.0.0.0/{print $8}'`
- defnet=`route -n | grep $defint | awk '!/^0.0.0.0/{print $1}'`
- dnmask=`route -n | grep $defint | awk '!/^0.0.0.0/{print $3}'`
- tundev=`route -n | grep $defnet | awk '/ipsec/{print $8}'`
-
- route del -net $defnet netmask $dnmask dev $tundev
-}
-
-
-stop() {
-
- /usr/sbin/ipsec stop 2> /dev/null
-
- # wait until the shutdown actually happens
- while [ -e /var/run/starter.pid ] ; do
- if [ -d /proc/`cat /var/run/starter.pid` ] ; then
- sleep 1
- else
- rm /var/run/starter.pid
- fi
- done
-
- # kill any lingering processes
- while ps auxww | grep -q ipsec | grep -v init.d; do
- kill `ps auxww | grep -v init.d | awk '/\/ipsec\//{print $1}'` 2> /dev/null
- sleep 1
- done
-
- ipsec _showstatus stop
-}
-
+++ /dev/null
-Index: strongswan-2.8.2/lib/libcrypto/libaes/Makefile
-===================================================================
---- strongswan-2.8.2.orig/lib/libcrypto/libaes/Makefile 2007-06-04 13:23:04.777007680 +0200
-+++ strongswan-2.8.2/lib/libcrypto/libaes/Makefile 2007-06-04 13:23:04.873992936 +0200
-@@ -25,10 +25,8 @@
-
- $(BLIB): $(LIBOBJ)
- /bin/rm -f $(BLIB)
-- ar cr $(BLIB) $(LIBOBJ)
-- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
-- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
-- else exit 0; fi; fi
-+ $(AR) cr $(BLIB) $(LIBOBJ)
-+ $(RANLIB) $(BLIB)
-
- testx: test_main_mac.o $(BLIB)
- $(CC) -o $@ $^
-Index: strongswan-2.8.2/lib/libcrypto/libblowfish/Makefile
-===================================================================
---- strongswan-2.8.2.orig/lib/libcrypto/libblowfish/Makefile 2007-06-04 13:23:04.783006768 +0200
-+++ strongswan-2.8.2/lib/libcrypto/libblowfish/Makefile 2007-06-04 13:23:04.873992936 +0200
-@@ -58,7 +58,7 @@
- lib: $(LIB)
-
- $(LIB): $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-+ $(AR) -r $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB)
-
- # elf
-Index: strongswan-2.8.2/lib/libcrypto/libserpent/Makefile
-===================================================================
---- strongswan-2.8.2.orig/lib/libcrypto/libserpent/Makefile 2007-06-04 13:23:04.790005704 +0200
-+++ strongswan-2.8.2/lib/libcrypto/libserpent/Makefile 2007-06-04 13:23:04.873992936 +0200
-@@ -8,10 +8,8 @@
-
- $(BLIB): $(LIBOBJ)
- /bin/rm -f $(BLIB)
-- ar cr $(BLIB) $(LIBOBJ)
-- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
-- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
-- else exit 0; fi; fi
-+ $(AR) cr $(BLIB) $(LIBOBJ)
-+ $(RANLIB) $(BLIB)
-
- test: test_main.o $(BLIB)
- $(CC) -o $@ $^
-Index: strongswan-2.8.2/lib/libcrypto/libsha2/Makefile
-===================================================================
---- strongswan-2.8.2.orig/lib/libcrypto/libsha2/Makefile 2007-06-04 13:23:04.796004792 +0200
-+++ strongswan-2.8.2/lib/libcrypto/libsha2/Makefile 2007-06-04 13:23:04.874992784 +0200
-@@ -9,10 +9,8 @@
-
- $(BLIB): $(LIBOBJ)
- /bin/rm -f $(BLIB)
-- ar cr $(BLIB) $(LIBOBJ)
-- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
-- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
-- else exit 0; fi; fi
-+ $(AR) cr $(BLIB) $(LIBOBJ)
-+ $(RANLIB) $(BLIB)
-
- test: test_main.o $(BLIB)
- $(CC) -o $@ $^
-Index: strongswan-2.8.2/lib/libcrypto/libtwofish/Makefile
-===================================================================
---- strongswan-2.8.2.orig/lib/libcrypto/libtwofish/Makefile 2007-06-04 13:23:04.804003576 +0200
-+++ strongswan-2.8.2/lib/libcrypto/libtwofish/Makefile 2007-06-04 13:23:04.874992784 +0200
-@@ -9,10 +9,8 @@
-
- $(BLIB): $(LIBOBJ)
- /bin/rm -f $(BLIB)
-- ar cr $(BLIB) $(LIBOBJ)
-- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
-- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
-- else exit 0; fi; fi
-+ $(AR) cr $(BLIB) $(LIBOBJ)
-+ $(RANLIB) $(BLIB)
-
- test: test_main.o $(BLIB)
- $(CC) -o $@ $^
+++ /dev/null
-Index: strongswan-2.8.2/programs/ipsec/Makefile
-===================================================================
---- strongswan-2.8.2.orig/programs/ipsec/Makefile 2007-06-04 13:23:04.756010872 +0200
-+++ strongswan-2.8.2/programs/ipsec/Makefile 2007-06-04 13:23:05.227939128 +0200
-@@ -24,5 +24,5 @@
- include ../Makefile.program
-
- install:: ipsec
-- @$(INSTALL) $(INSTBINFLAGS) ipsec $(RCDIR)/ipsec
-+ @$(INSTALL) $(INSTBINFLAGS) -D ipsec $(RCDIR)/ipsec
-
+++ /dev/null
-Index: strongswan-2.8.2/programs/pluto/alg/Makefile
-===================================================================
---- strongswan-2.8.2.orig/programs/pluto/alg/Makefile 2007-06-04 13:23:04.734014216 +0200
-+++ strongswan-2.8.2/programs/pluto/alg/Makefile 2007-06-04 13:23:05.416910400 +0200
-@@ -20,7 +20,7 @@
- include Config.ike_alg
-
- LIBCRYPTO:=../../../lib/libcrypto
--ALLFLAGS=$(CPPFLAGS) $(CFLAGS) -I .. -I- -I ../../../linux/include -I $(LIBCRYPTO)
-+ALLFLAGS=$(CPPFLAGS) $(CFLAGS) -I .. -I- -I ../../../linux/include -I $(LIBCRYPTO) $(USERCOMPILE)
- LIBALG := libalg.o
-
- all : $(LIBALG)
+++ /dev/null
-Index: strongswan-2.8.2/programs/starter/Makefile
-===================================================================
---- strongswan-2.8.2.orig/programs/starter/Makefile 2007-06-04 13:23:04.711017712 +0200
-+++ strongswan-2.8.2/programs/starter/Makefile 2007-06-04 13:23:06.227787128 +0200
-@@ -16,7 +16,6 @@
- FREESWANSRCDIR?=$(shell cd ../..; pwd)
- include ${FREESWANSRCDIR}/Makefile.inc
-
--LD=$(CC)
- RM=rm
- LEX=flex
- BISON=bison
-@@ -59,7 +58,7 @@
- all: starter
-
- starter: $(OBJS) $(FREESWANLIB)
-- $(LD) $(LDFLAGS) -o starter $(OBJS) $(LIBS)
-+ $(CC) $(LDFLAGS) -o starter $(OBJS) $(LIBS)
-
- lex.yy.c: parser.tab.c parser.l parser.y parser.h
- $(LEX) parser.l
+++ /dev/null
-Index: strongswan-2.8.2/programs/Makefile
-===================================================================
---- strongswan-2.8.2.orig/programs/Makefile 2007-06-04 13:23:04.661025312 +0200
-+++ strongswan-2.8.2/programs/Makefile 2007-06-04 13:23:06.414758704 +0200
-@@ -22,7 +22,7 @@
- SUBDIRS+=_realsetup _secretcensor _startklips _updown _updown_espmark
- SUBDIRS+=auto barf ipsec look manual ranbits secrets starter
- SUBDIRS+=rsasigkey send-pr setup showdefaults showhostkey calcgoo mailkey
--SUBDIRS+=ikeping examples openac scepclient
-+SUBDIRS+=ikeping examples openac scepclient _showstatus wakeup
-
- ifeq ($(USE_LWRES),true)
- SUBDIRS+=lwdnsq
-Index: strongswan-2.8.2/programs/_showstatus/Makefile
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ strongswan-2.8.2/programs/_showstatus/Makefile 2007-06-04 13:23:06.414758704 +0200
-@@ -0,0 +1,22 @@
-+# Makefile for miscelaneous programs
-+# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
-+#
-+# This program is free software; you can redistribute it and/or modify it
-+# under the terms of the GNU General Public License as published by the
-+# Free Software Foundation; either version 2 of the License, or (at your
-+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+#
-+# This program is distributed in the hope that it will be useful, but
-+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+# for more details.
-+#
-+# RCSID $Id: Makefile,v 1.3 2006/04/17 06:48:49 as Exp $
-+
-+FREESWANSRCDIR=../..
-+include ${FREESWANSRCDIR}/Makefile.inc
-+
-+PROGRAM=_showstatus
-+PROGRAMDIR=${LIBDIR}
-+
-+include ../Makefile.program
-Index: strongswan-2.8.2/programs/_showstatus/_showstatus.8
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ strongswan-2.8.2/programs/_showstatus/_showstatus.8 2007-06-04 13:23:06.414758704 +0200
-@@ -0,0 +1,23 @@
-+.TH _showstatus 8 "03 Feb 2007"
-+.\"
-+.\" RCSID $Id: _showstatus.8
-+.\"
-+.SH NAME
-+ipsec _showstatus \- give state feedback via led or other method
-+.SH SYNOPSIS
-+.I _showstatus
-+is invoked by _updown to trigger led's, or other distribution
-+or platform specific behavior. Presently, the SES button is
-+supported as a status light on OpenWRT platforms. The button
-+is configurable by environment variable:
-+-B IPSEC_STATUS_LED_START
-+defaults to ses_orange, and
-+-B IPSEC_STATUS_LED_VALID
-+defaults to ses_white.
-+.SH "SEE ALSO"
-+ipsec(8), ipsec_updown(8).
-+.SH HISTORY
-+Man page written for the Linux strongSwan project <http://www.strongswan.org/>
-+by Kevin Cody Jr. Original manpage for _updown by Michael Richardson.
-+Original program written by Henry Spencer. Extended for the Linux strongSwan
-+project <http://www.strongswan.org/> by Andreas Steffen.
-Index: strongswan-2.8.2/programs/_showstatus/_showstatus.in
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ strongswan-2.8.2/programs/_showstatus/_showstatus.in 2007-06-04 13:23:06.414758704 +0200
-@@ -0,0 +1,70 @@
-+#! /bin/sh
-+#
-+# Copyright (C) 2007 Kevin Cody Jr. <kcody@vegaresearch.com>
-+#
-+# This program is free software; you can redistribute it and/or modify it
-+# under the terms of the GNU General Public License as published by the
-+# Free Software Foundation; either version 2 of the License, or (at your
-+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+#
-+# This program is distributed in the hope that it will be useful, but
-+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+# for more details.
-+#
-+# RCSID $Id: _showstatus.in
-+
-+
-+LED_START=$IPSEC_STATUS_LED_START
-+LED_VALID=$IPSEC_STATUS_LED_VALID
-+
-+[ -z "$LED_START" ] && LED_START="ses_orange"
-+[ -z "$LED_VALID" ] && LED_VALID="ses_white"
-+
-+
-+setled() {
-+ led=$1
-+ st=$2
-+
-+ [ -n "$led" -a -n "$st" ] || return
-+
-+ if [ -w "/proc/diag/led/$led" ] ; then
-+ echo "$st" > "/proc/diag/led/$led"
-+ fi
-+
-+ # integrate other led control methods here
-+
-+}
-+
-+
-+case "$1" in
-+ 'start')
-+ [ -n "$LED_VALID" ] && setled "$LED_START" 1
-+ [ -z "$LED_VALID" ] && setled "$LED_START" f
-+ setled "$LED_VALID" 0
-+ ;;
-+ 'stop')
-+ setled "$LED_START" 0
-+ setled "$LED_VALID" 0
-+ ;;
-+ 'valid')
-+ setled "$LED_VALID" 1
-+ ;;
-+ 'invalid')
-+ setled "$LED_VALID" 0
-+ ;;
-+ 'up')
-+ [ -n "$LED_VALID" ] && setled "$LED_START" 0
-+ [ -z "$LED_VALID" ] && setled "$LED_START" 1
-+ setled "$LED_VALID" 1
-+ ;;
-+ 'down')
-+ [ -n "$LED_VALID" ] && setled "$LED_START" 1
-+ [ -z "$LED_VALID" ] && setled "$LED_START" f
-+ setled "$LED_VALID" f
-+ ;;
-+ *)
-+ echo "$0: unknown status $status" >&2
-+ ;;
-+esac
-+
-Index: strongswan-2.8.2/programs/wakeup/Makefile
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ strongswan-2.8.2/programs/wakeup/Makefile 2007-06-04 13:23:06.415758552 +0200
-@@ -0,0 +1,22 @@
-+# Makefile for miscelaneous programs
-+# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
-+#
-+# This program is free software; you can redistribute it and/or modify it
-+# under the terms of the GNU General Public License as published by the
-+# Free Software Foundation; either version 2 of the License, or (at your
-+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+#
-+# This program is distributed in the hope that it will be useful, but
-+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+# for more details.
-+#
-+# RCSID $Id: Makefile,v 1.3 2006/04/17 06:48:49 as Exp $
-+
-+FREESWANSRCDIR=../..
-+include ${FREESWANSRCDIR}/Makefile.inc
-+
-+PROGRAM=wakeup
-+PROGRAMDIR=${LIBDIR}
-+
-+include ../Makefile.program
-Index: strongswan-2.8.2/programs/wakeup/wakeup.8
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ strongswan-2.8.2/programs/wakeup/wakeup.8 2007-06-04 13:23:06.415758552 +0200
-@@ -0,0 +1,16 @@
-+.TH wakeup 8 "03 Feb 2007"
-+.\"
-+.\" RCSID $Id: wakeup.8
-+.\"
-+.SH NAME
-+ipsec wakeup \- stalled and down connection detection
-+.SH SYNOPSIS
-+.I wakeup
-+is invoked by cron and checks ipsec status, whacking as necessary.
-+.SH "SEE ALSO"
-+ipsec(8), ipsec_whack(8).
-+.SH HISTORY
-+Man page written for the Linux strongSwan project <http://www.strongswan.org/>
-+by Kevin Cody Jr. Original manpage for _updown by Michael Richardson.
-+Original program written by Henry Spencer. Extended for the Linux strongSwan
-+project <http://www.strongswan.org/> by Andreas Steffen.
-Index: strongswan-2.8.2/programs/wakeup/wakeup.in
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ strongswan-2.8.2/programs/wakeup/wakeup.in 2007-06-04 13:23:06.415758552 +0200
-@@ -0,0 +1,38 @@
-+#! /bin/sh
-+# wakeup script
-+#
-+# Copyright (C) 2007 Kevin Cody Jr. <kcody@vegaresearch.com>
-+#
-+# This program is free software; you can redistribute it and/or modify it
-+# under the terms of the GNU General Public License as published by the
-+# Free Software Foundation; either version 2 of the License, or (at your
-+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+#
-+# This program is distributed in the hope that it will be useful, but
-+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+# for more details.
-+#
-+
-+# only applicable when ipsec is running
-+[ -e /var/run/pluto.pid ] || exit
-+
-+# loop through any erouted tunnels in the HOLD state
-+for f in `ipsec status | awk '/erouted HOLD/{ print $2 }' | cut -f1 -d\: | cut -f2 -d\"` ; do
-+
-+ # only whack if no pending events at all exists
-+ ipsec status | grep STATE | grep -q $f ||
-+ ipsec whack --name $f --initiate --asynchronous
-+
-+done
-+
-+# loop through any tunnels that don't quite exist
-+for f in `ipsec status | awk '/prospective erouted/{ print $2 }' | cut -f1 -d: | grep -v \# | cut -f2 -d\"` ; do
-+
-+ ipsec status | grep STATE_QUICK | grep -q $f || {
-+ ipsec status | grep STATE_MAIN | grep -q $f && ipsec down $f
-+ ipsec up $f
-+ }
-+
-+done
-+
+++ /dev/null
-Index: strongswan-2.8.2/programs/_updown/_updown.8
-===================================================================
---- strongswan-2.8.2.orig/programs/_updown/_updown.8 2007-06-04 13:23:04.632029720 +0200
-+++ strongswan-2.8.2/programs/_updown/_updown.8 2007-06-04 13:23:06.656721920 +0200
-@@ -8,8 +8,23 @@
- .I _updown
- is invoked by pluto when it has brought up a new connection. This script
- is used to insert the appropriate routing entries for IPsec operation.
--It can also be used to insert and delete dynamic iptables firewall rules.
--The interface to the script is documented in the pluto man page.
-+It also inserts and deletes dynamic iptables firewall rules. IMPORTANT!
-+By default, it will ACCEPT as appropriate on the INPUT, OUTPUT, FORWARD
-+tables. Most distributions will want to change that to provide more
-+flexibility in their firewall configuration.
-+The script looks for the environment variables
-+.B IPSEC_UPDOWN_RULE_IN
-+for the iptables table it should insert into,
-+.B IPSEC_UPDOWN_DEST_IN
-+for where the rule should -j jump to,
-+.B IPSEC_UPDOWN_RULE_OUT
-+.B IPSEC_UPDOWN_DEST_OUT
-+for the same on outgoing packets, and
-+.B IPSEC_UPDOWN_FWD_RULE_IN
-+.B IPSEC_UPDOWN_FWD_DEST_IN
-+.B IPSEC_UPDOWN_FWD_RULE_OUT
-+.B IPSEC_UPDOWN_FWD_DEST_OUT
-+respectively for packets being forwarded to/from the local networks.
- .SH "SEE ALSO"
- ipsec(8), ipsec_pluto(8).
- .SH HISTORY
-Index: strongswan-2.8.2/programs/_updown/_updown.in
-===================================================================
---- strongswan-2.8.2.orig/programs/_updown/_updown.in 2007-06-04 13:23:04.642028200 +0200
-+++ strongswan-2.8.2/programs/_updown/_updown.in 2007-06-04 13:23:06.657721768 +0200
-@@ -5,6 +5,7 @@
- # Copyright (C) 2003-2004 Tuomo Soini
- # Copyright (C) 2002-2004 Michael Richardson
- # Copyright (C) 2005-2006 Andreas Steffen <andreas.steffen@strongswan.org>
-+# Copyright (C) 2007 Kevin Cody Jr <kcody@vegaresearch.com>
- #
- # This program is free software; you can redistribute it and/or modify it
- # under the terms of the GNU General Public License as published by the
-@@ -118,20 +119,61 @@
- # restricted on the peer side.
- #
-
--# uncomment to log VPN connections
--VPN_LOGGING=1
--#
-+# set to /bin/true to silence log messages
-+LOGGER=logger
-+
- # tag put in front of each log entry:
- TAG=vpn
--#
-+
- # syslog facility and priority used:
--FAC_PRIO=local0.notice
--#
--# to create a special vpn logging file, put the following line into
--# the syslog configuration file /etc/syslog.conf:
--#
--# local0.notice -/var/log/vpn
--#
-+FAC_PRIO=authpriv.info
-+
-+
-+# in the presence of KLIPS and ipsecN interfaces do not use IPSEC_POLICY
-+if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ] ; then
-+ IPSEC_POLICY_IN=""
-+ IPSEC_POLICY_OUT=""
-+else
-+ IPSEC_POLICY="-m policy --pol ipsec --proto esp --reqid $PLUTO_REQID"
-+ IPSEC_POLICY_IN="$IPSEC_POLICY --dir in"
-+ IPSEC_POLICY_OUT="$IPSEC_POLICY --dir out"
-+fi
-+
-+# are there port numbers?
-+if [ "$PLUTO_MY_PORT" != 0 ] ; then
-+ S_MY_PORT="--sport $PLUTO_MY_PORT"
-+ D_MY_PORT="--dport $PLUTO_MY_PORT"
-+fi
-+
-+if [ "$PLUTO_PEER_PORT" != 0 ] ; then
-+ S_PEER_PORT="--sport $PLUTO_PEER_PORT"
-+ D_PEER_PORT="--dport $PLUTO_PEER_PORT"
-+fi
-+
-+# import firewall behavior
-+IPT_RULE_IN=$IPSEC_UPDOWN_RULE_IN
-+IPT_DEST_IN=$IPSEC_UPDOWN_DEST_IN
-+IPT_RULE_OUT=$IPSEC_UPDOWN_RULE_OUT
-+IPT_DEST_OUT=$IPSEC_UPDOWN_DEST_OUT
-+
-+# import forwarding behavior
-+FWD_RULE_IN=$IPSEC_UPDOWN_FWD_RULE_IN
-+FWD_DEST_IN=$IPSEC_UPDOWN_FWD_DEST_IN
-+FWD_RULE_OUT=$IPSEC_UPDOWN_FWD_RULE_OUT
-+FWD_DEST_OUT=$IPSEC_UPDOWN_FWD_DEST_OUT
-+
-+# default firewall behavior
-+[ -z "$IPT_RULE_IN" ] && IPT_RULE_IN=INPUT
-+[ -z "$IPT_DEST_IN" ] && IPT_DEST_IN=ACCEPT
-+[ -z "$IPT_RULE_OUT" ] && IPT_RULE_OUT=OUTPUT
-+[ -z "$IPT_DEST_OUT" ] && IPT_DEST_OUT=ACCEPT
-+
-+# default forwarding behavior
-+[ -z "$FWD_RULE_IN" ] && FWD_RULE_IN=FORWARD
-+[ -z "$FWD_DEST_IN" ] && FWD_DEST_IN=ACCEPT
-+[ -z "$FWD_RULE_OUT" ] && FWD_RULE_OUT=FORWARD
-+[ -z "$FWD_DEST_OUT" ] && FWD_DEST_OUT=ACCEPT
-+
-
- # check interface version
- case "$PLUTO_VERSION" in
-@@ -150,8 +192,6 @@
- case "$1:$*" in
- ':') # no parameters
- ;;
--iptables:iptables) # due to (left/right)firewall; for default script only
-- ;;
- custom:*) # custom parameters (see above CAUTION comment)
- ;;
- *) echo "$0: unknown parameters \`$*'" >&2
-@@ -159,345 +199,307 @@
- ;;
- esac
-
-+
- # utility functions for route manipulation
- # Meddling with this stuff should not be necessary and requires great care.
-+
- uproute() {
- doroute add
- ip route flush cache
- }
-+
- downroute() {
- doroute delete
- ip route flush cache
- }
-
-+upfirewall() {
-+ in_rule=$1
-+ in_dest=$2
-+ out_rule=$3
-+ out_dest=$4
-+
-+ [ -n "$in_rule" -a -n "$in_dest" ] && \
-+ iptables -I $in_rule 1 \
-+ -i $PLUTO_INTERFACE \
-+ -p $PLUTO_MY_PROTOCOL \
-+ -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-+ -d $PLUTO_MY_CLIENT $D_MY_PORT \
-+ $IPSEC_POLICY_IN \
-+ -j $in_dest
-+
-+ [ -n "$out_rule" -a -n "$out_dest" ] && \
-+ iptables -I $out_rule 1 \
-+ -o $PLUTO_INTERFACE \
-+ -p $PLUTO_PEER_PROTOCOL \
-+ -s $PLUTO_MY_CLIENT $S_MY_PORT \
-+ -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
-+ $IPSEC_POLICY_OUT \
-+ -j $out_dest
-+
-+}
-+
-+downfirewall() {
-+ in_rule=$1
-+ in_dest=$2
-+ out_rule=$3
-+ out_dest=$4
-+
-+ [ -n "$in_rule" -a -n "$in_dest" ] && \
-+ iptables -D $in_rule \
-+ -i $PLUTO_INTERFACE \
-+ -p $PLUTO_MY_PROTOCOL \
-+ -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-+ -d $PLUTO_MY_CLIENT $D_MY_PORT \
-+ $IPSEC_POLICY_IN \
-+ -j $in_dest
-+
-+ [ -n "$out_rule" -a -n "$out_dest" ] && \
-+ iptables -D $out_rule \
-+ -o $PLUTO_INTERFACE \
-+ -p $PLUTO_PEER_PROTOCOL \
-+ -s $PLUTO_MY_CLIENT $S_MY_PORT \
-+ -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
-+ $IPSEC_POLICY_OUT \
-+ -j $out_dest
-+
-+}
-+
- addsource() {
- st=0
-- if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local
-- then
-+
-+ if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local ; then
-+
- it="ip addr add ${PLUTO_MY_SOURCEIP%/*}/32 dev $PLUTO_INTERFACE"
- oops="`eval $it 2>&1`"
- st=$?
-- if test " $oops" = " " -a " $st" != " 0"
-- then
-+
-+ if [ " $oops" = " " -a " $st" != " 0" ] ; then
- oops="silent error, exit status $st"
- fi
-- if test " $oops" != " " -o " $st" != " 0"
-- then
-+
-+ if [ " $oops" != " " -o " $st" != " 0" ] ; then
- echo "$0: addsource \`$it' failed ($oops)" >&2
- fi
- fi
-+
- return $st
- }
-
- doroute() {
- st=0
- parms="$PLUTO_PEER_CLIENT"
-+ parms2="dev $PLUTO_INTERFACE"
-
-- parms2=
-- if [ -n "$PLUTO_NEXT_HOP" ]
-- then
-- parms2="via $PLUTO_NEXT_HOP"
-- fi
-- parms2="$parms2 dev $PLUTO_INTERFACE"
--
-- if [ -z "$PLUTO_MY_SOURCEIP" ]
-- then
-- if [ -f /etc/sysconfig/defaultsource ]
-- then
-- . /etc/sysconfig/defaultsource
-- fi
-+ if [ -z "$PLUTO_MY_SOURCEIP" ] ; then
-
-- if [ -f /etc/conf.d/defaultsource ]
-- then
-- . /etc/conf.d/defaultsource
-- fi
-+ [ -f /etc/sysconfig/defaultsource ] && \
-+ . /etc/sysconfig/defaultsource
-+
-+ [ -f /etc/conf.d/defaultsource ] && \
-+ . /etc/conf.d/defaultsource
-+
-+ [ -n "$DEFAULTSOURCE" ] && \
-+ PLUTO_MY_SOURCEIP=$DEFAULTSOURCE
-
-- if [ -n "$DEFAULTSOURCE" ]
-- then
-- PLUTO_MY_SOURCEIP=$DEFAULTSOURCE
-- fi
- fi
-
- parms3=
-- if test "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP"
-- then
-+ if [ "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP" ] ; then
- addsource
- parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*}"
- fi
-
-- case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
-- "0.0.0.0/0.0.0.0")
-+ if [ "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" = \
-+ "0.0.0.0/0.0.0.0" ] ; then
- # opportunistic encryption work around
- # need to provide route that eclipses default, without
- # replacing it.
-- it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
-- ip route $1 128.0.0.0/1 $parms2 $parms3"
-- ;;
-- *) it="ip route $1 $parms $parms2 $parms3"
-- ;;
-- esac
-+ it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
-+ ip route $1 128.0.0.0/1 $parms2 $parms3"
-+ else
-+ it="ip route $1 $parms $parms2 $parms3"
-+ fi
-+
- oops="`eval $it 2>&1`"
- st=$?
-- if test " $oops" = " " -a " $st" != " 0"
-- then
-- oops="silent error, exit status $st"
-- fi
-- if test " $oops" != " " -o " $st" != " 0"
-- then
-- echo "$0: doroute \`$it' failed ($oops)" >&2
-+
-+ if [ " $oops" = " " -a " $st" != " 0" ] ; then
-+ oops="silent error, exit status $st"
- fi
-+
-+ if [ " $oops" != " " -o " $st" != " 0" ] ; then
-+ echo "$0: doroute \`$it' failed ($oops)" >&2
-+ fi
-+
- return $st
- }
--
--# in the presence of KLIPS and ipsecN interfaces do not use IPSEC_POLICY
--if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ]
--then
-- IPSEC_POLICY_IN=""
-- IPSEC_POLICY_OUT=""
--else
-- IPSEC_POLICY="-m policy --pol ipsec --proto esp --reqid $PLUTO_REQID"
-- IPSEC_POLICY_IN="$IPSEC_POLICY --dir in"
-- IPSEC_POLICY_OUT="$IPSEC_POLICY --dir out"
--fi
-
--# are there port numbers?
--if [ "$PLUTO_MY_PORT" != 0 ]
--then
-- S_MY_PORT="--sport $PLUTO_MY_PORT"
-- D_MY_PORT="--dport $PLUTO_MY_PORT"
--fi
--if [ "$PLUTO_PEER_PORT" != 0 ]
--then
-- S_PEER_PORT="--sport $PLUTO_PEER_PORT"
-- D_PEER_PORT="--dport $PLUTO_PEER_PORT"
--fi
-+dologentry() {
-+ action=$1
-+
-+ if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] ; then
-+ rem="$PLUTO_PEER"
-+ else
-+ rem="$PLUTO_PEER_CLIENT == $PLUTO_PEER"
-+ fi
-+
-+ if [ "$PLUTO_MY_CLIENT" == "$PLUTO_ME/32" ] ; then
-+ loc="$PLUTO_ME"
-+ else
-+ loc="$PLUTO_ME == $PLUTO_MY_CLIENT"
-+ fi
-+
-+ $LOGGER -t $TAG -p $FAC_PRIO "$action $rem -- $loc ($PLUTO_PEER_ID)"
-+}
-+
-
- # the big choice
-+
- case "$PLUTO_VERB:$1" in
- prepare-host:*|prepare-client:*)
- # delete possibly-existing route (preliminary to adding a route)
-- case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
-- "0.0.0.0/0.0.0.0")
-- # need to provide route that eclipses default, without
-+
-+ if [ "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" = \
-+ "0.0.0.0/0.0.0.0" ] ; then
-+ # need to remove the route that eclipses default, without
- # replacing it.
-- parms1="0.0.0.0/1"
-- parms2="128.0.0.0/1"
-- it="ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1"
-- oops="`ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1`"
-- ;;
-- *)
-- parms="$PLUTO_PEER_CLIENT"
-- it="ip route delete $parms 2>&1"
-- oops="`ip route delete $parms 2>&1`"
-- ;;
-- esac
-- status="$?"
-- if test " $oops" = " " -a " $status" != " 0"
-- then
-- oops="silent error, exit status $status"
-+ it="( ip route delete 0.0.0.0/1 ;
-+ ip route delete 128.0.0.0/1 )"
-+ else
-+ it="ip route delete $PLUTO_PEER_CLIENT"
-+ fi
-+
-+ oops="`$it 2>&1`"
-+ st="$?"
-+
-+ if [ " $oops" = " " -a " $st" != " 0" ] ; then
-+ oops="silent error, exit status $st"
- fi
-+
- case "$oops" in
- *'RTNETLINK answers: No such process'*)
- # This is what route (currently -- not documented!) gives
- # for "could not find such a route".
- oops=
-- status=0
-+ st=0
- ;;
- esac
-- if test " $oops" != " " -o " $status" != " 0"
-- then
-+
-+ if [ " $oops" != " " -o " $st" != " 0" ] ; then
- echo "$0: \`$it' failed ($oops)" >&2
- fi
-- exit $status
-+
-+ exit $st
-+
- ;;
- route-host:*|route-client:*)
- # connection to me or my client subnet being routed
-+
-+ ipsec _showstatus valid
- uproute
-+
- ;;
- unroute-host:*|unroute-client:*)
- # connection to me or my client subnet being unrouted
-+
-+ ipsec _showstatus invalid
- downroute
-+
- ;;
--up-host:)
-+up-host:*)
- # connection to me coming up
-- # If you are doing a custom version, firewall commands go here.
-+
-+ ipsec _showstatus up
-+ upfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT
-+ dologentry "VPN-UP"
-+
- ;;
--down-host:)
-+down-host:*)
- # connection to me going down
-- # If you are doing a custom version, firewall commands go here.
-- ;;
--up-client:)
-- # connection to my client subnet coming up
-- # If you are doing a custom version, firewall commands go here.
-- ;;
--down-client:)
-- # connection to my client subnet going down
-- # If you are doing a custom version, firewall commands go here.
-+
-+ ipsec _showstatus down
-+ downfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT
-+ dologentry "VPN-DN"
-+
- ;;
--up-host:iptables)
-- # connection to me, with (left/right)firewall=yes, coming up
-- # This is used only by the default updown script, not by your custom
-- # ones, so do not mess with it; see CAUTION comment up at top.
-- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
-- -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
-- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-- -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT
-- #
-- # log IPsec host connection setup
-- if [ $VPN_LOGGING ]
-- then
-- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
-- then
-- logger -t $TAG -p $FAC_PRIO \
-- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME"
-- else
-- logger -t $TAG -p $FAC_PRIO \
-- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
-- fi
-- fi
-- ;;
--down-host:iptables)
-- # connection to me, with (left/right)firewall=yes, going down
-- # This is used only by the default updown script, not by your custom
-- # ones, so do not mess with it; see CAUTION comment up at top.
-- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
-- -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
-- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-- -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT
-- #
-- # log IPsec host connection teardown
-- if [ $VPN_LOGGING ]
-- then
-- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
-- then
-- logger -t $TAG -p $FAC_PRIO -- \
-- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME"
-- else
-- logger -t $TAG -p $FAC_PRIO -- \
-- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
-- fi
-- fi
-- ;;
--up-client:iptables)
-- # connection to client subnet, with (left/right)firewall=yes, coming up
-- # This is used only by the default updown script, not by your custom
-- # ones, so do not mess with it; see CAUTION comment up at top.
-- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
-- then
-- iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
-- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \
-- $IPSEC_POLICY_OUT -j ACCEPT
-- iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
-- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
-- $IPSEC_POLICY_IN -j ACCEPT
-+up-client:*)
-+ # connection to client subnet coming up
-+
-+ ipsec _showstatus up
-+
-+ if [ "$PLUTO_MY_CLIENT" != "$PLUTO_ME/32" -a \
-+ "$PLUTO_MY_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] ; then
-+ upfirewall $FWD_RULE_IN $FWD_DEST_IN $FWD_RULE_OUT $FWD_DEST_OUT
- fi
-- #
-+
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
-- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
-- then
-- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
-- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
-- $IPSEC_POLICY_IN -j ACCEPT
-- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
-- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \
-- $IPSEC_POLICY_OUT -j ACCEPT
-- fi
-- #
-- # log IPsec client connection setup
-- if [ $VPN_LOGGING ]
-- then
-- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
-- then
-- logger -t $TAG -p $FAC_PRIO \
-- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
-- else
-- logger -t $TAG -p $FAC_PRIO \
-- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
-- fi
-- fi
-- ;;
--down-client:iptables)
-- # connection to client subnet, with (left/right)firewall=yes, going down
-- # This is used only by the default updown script, not by your custom
-- # ones, so do not mess with it; see CAUTION comment up at top.
-- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
-- then
-- iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
-- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \
-- $IPSEC_POLICY_OUT -j ACCEPT
-- iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
-- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
-- $IPSEC_POLICY_IN -j ACCEPT
-+ if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] ; then
-+ upfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT
-+ fi
-+
-+ dologentry "VPN-UP"
-+
-+ ;;
-+down-client:*)
-+ # connection to client subnet going down
-+
-+ ipsec _showstatus down
-+
-+ if [ "$PLUTO_MY_CLIENT" != "$PLUTO_ME/32" -a \
-+ "$PLUTO_MY_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] ; then
-+ downfirewall $FWD_RULE_IN $FWD_DEST_IN $FWD_RULE_OUT $FWD_DEST_OUT
- fi
-- #
-+
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
-- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
-- then
-- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
-- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
-- $IPSEC_POLICY_IN -j ACCEPT
-- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
-- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \
-- $IPSEC_POLICY_OUT -j ACCEPT
-- fi
-- #
-- # log IPsec client connection teardown
-- if [ $VPN_LOGGING ]
-- then
-- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
-- then
-- logger -t $TAG -p $FAC_PRIO -- \
-- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
-- else
-- logger -t $TAG -p $FAC_PRIO -- \
-- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
-- fi
-+ if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] ; then
-+ downfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT
- fi
-+
-+ dologentry "VPN-DN"
-+
- ;;
--#
--# IPv6
--#
- prepare-host-v6:*|prepare-client-v6:*)
-+
- ;;
- route-host-v6:*|route-client-v6:*)
- # connection to me or my client subnet being routed
-+
- #uproute_v6
-+
- ;;
- unroute-host-v6:*|unroute-client-v6:*)
- # connection to me or my client subnet being unrouted
-+
- #downroute_v6
-+
- ;;
- up-host-v6:*)
- # connection to me coming up
- # If you are doing a custom version, firewall commands go here.
-+
- ;;
- down-host-v6:*)
- # connection to me going down
- # If you are doing a custom version, firewall commands go here.
-+
- ;;
- up-client-v6:)
- # connection to my client subnet coming up
- # If you are doing a custom version, firewall commands go here.
-+
- ;;
- down-client-v6:)
- # connection to my client subnet going down
- # If you are doing a custom version, firewall commands go here.
-+
- ;;
--*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
-+*)
-+ echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
- exit 1
-+
- ;;
- esac
-+
+++ /dev/null
-Index: strongswan-2.8.2/Makefile.inc
-===================================================================
---- strongswan-2.8.2.orig/Makefile.inc 2007-06-04 13:23:04.604033976 +0200
-+++ strongswan-2.8.2/Makefile.inc 2007-06-04 13:23:06.855691672 +0200
-@@ -123,7 +123,7 @@
- # With a non-null DESTDIR, INC_RCDEFAULT will be used unless one of the
- # INC_RCDIRS directories has been pre-created under DESTDIR.
- INC_RCDIRS=/etc/rc.d/init.d /etc/rc.d /etc/init.d /sbin/init.d
--INC_RCDEFAULT=/etc/rc.d/init.d
-+INC_RCDEFAULT=/etc/init.d
-
- # RCDIR is where boot/shutdown scripts go; FINALRCDIR is where they think
- # will finally be (so utils/Makefile can create a symlink in BINDIR to the
-Index: strongswan-2.8.2/programs/showhostkey/showhostkey.in
-===================================================================
---- strongswan-2.8.2.orig/programs/showhostkey/showhostkey.in 2007-06-04 13:23:04.612032760 +0200
-+++ strongswan-2.8.2/programs/showhostkey/showhostkey.in 2007-06-04 13:23:06.855691672 +0200
-@@ -62,7 +62,7 @@
- exit 1
- fi
-
--host="`hostname --fqdn`"
-+host="`cat /proc/sys/kernel/hostname`"
-
- awk ' BEGIN {
- inkey = 0
+++ /dev/null
-Index: strongswan-2.8.2/linux/net/ipsec/alg/Makefile.alg_cryptoapi
-===================================================================
---- strongswan-2.8.2.orig/linux/net/ipsec/alg/Makefile.alg_cryptoapi 2007-06-04 13:23:04.583037168 +0200
-+++ strongswan-2.8.2/linux/net/ipsec/alg/Makefile.alg_cryptoapi 2007-06-04 13:23:07.053661576 +0200
-@@ -1,10 +1,10 @@
- MOD_CRYPTOAPI := ipsec_cryptoapi.o
-
- ifneq ($(wildcard $(TOPDIR)/include/linux/crypto.h),)
--ALG_MODULES += $(MOD_CRYPTOAPI)
--obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += $(MOD_CRYPTOAPI)
--static_init-func-$(CONFIG_IPSEC_ALG_CRYPTOAPI)+= ipsec_cryptoapi_init
--alg_obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += ipsec_alg_cryptoapi.o
-+#ALG_MODULES += $(MOD_CRYPTOAPI)
-+#obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += $(MOD_CRYPTOAPI)
-+#static_init-func-$(CONFIG_IPSEC_ALG_CRYPTOAPI)+= ipsec_cryptoapi_init
-+#alg_obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += ipsec_alg_cryptoapi.o
- else
- $(warning "Linux CryptoAPI (2.4.22+ or 2.6.x) not found, not building ipsec_cryptoapi.o")
- endif
+++ /dev/null
-Index: strongswan-2.8.2/programs/starter/klips.c
-===================================================================
---- strongswan-2.8.2.orig/programs/starter/klips.c 2007-06-04 13:23:04.544043096 +0200
-+++ strongswan-2.8.2/programs/starter/klips.c 2007-06-04 13:23:07.238633456 +0200
-@@ -44,7 +44,7 @@
- unsetenv("MODPATH");
- unsetenv("MODULECONF");
- system("depmod -a >/dev/null 2>&1");
-- system("modprobe -qv ipsec");
-+ system("insmod -qv ipsec");
- }
- if (stat(PROC_IPSECVERSION, &stb) == 0)
- {
-@@ -62,11 +62,11 @@
- /* make sure that all available crypto algorithms are loaded */
- if (stat(PROC_MODULES, &stb) == 0)
- {
-- system("modprobe -qv ipsec_aes");
-- system("modprobe -qv ipsec_serpent");
-- system("modprobe -qv ipsec_twofish");
-- system("modprobe -qv ipsec_blowfish");
-- system("modprobe -qv ipsec_sha2");
-+ system("insmod -qv ipsec_aes");
-+ system("insmod -qv ipsec_serpent");
-+ system("insmod -qv ipsec_twofish");
-+ system("insmod -qv ipsec_blowfish");
-+ system("insmod -qv ipsec_sha2");
- }
-
- starter_klips_clear();
-Index: strongswan-2.8.2/programs/starter/netkey.c
-===================================================================
---- strongswan-2.8.2.orig/programs/starter/netkey.c 2007-06-04 13:23:04.551042032 +0200
-+++ strongswan-2.8.2/programs/starter/netkey.c 2007-06-04 13:23:07.238633456 +0200
-@@ -36,7 +36,7 @@
- /* af_key module makes the netkey proc interface visible */
- if (stat(PROC_MODULES, &stb) == 0)
- {
-- system("modprobe -qv af_key");
-+ system("insmod -qv af_key");
- }
-
- /* now test again */
-@@ -52,11 +52,11 @@
- /* make sure that all required IPsec modules are loaded */
- if (stat(PROC_MODULES, &stb) == 0)
- {
-- system("modprobe -qv ah4");
-- system("modprobe -qv esp4");
-- system("modprobe -qv ipcomp");
-- system("modprobe -qv xfrm4_tunnel");
-- system("modprobe -qv xfrm_user");
-+ system("insmod -qv ah4");
-+ system("insmod -qv esp4");
-+ system("insmod -qv ipcomp");
-+ system("insmod -qv xfrm4_tunnel");
-+ system("insmod -qv xfrm_user");
- }
-
- DBG(DBG_CONTROL,
-Index: strongswan-2.8.2/programs/_startklips/_startklips.in
-===================================================================
---- strongswan-2.8.2.orig/programs/_startklips/_startklips.in 2007-06-04 13:23:04.560040664 +0200
-+++ strongswan-2.8.2/programs/_startklips/_startklips.in 2007-06-04 13:23:07.238633456 +0200
-@@ -249,7 +249,7 @@
-
- if test ! -f $ipsecversion && test ! -f $netkey
- then
-- modprobe -v af_key
-+ insmod -v af_key
- fi
-
- if test -f $netkey
-@@ -257,11 +257,11 @@
- klips=false
- if test -f $modules
- then
-- modprobe -qv ah4
-- modprobe -qv esp4
-- modprobe -qv ipcomp
-- modprobe -qv xfrm4_tunnel
-- modprobe -qv xfrm_user
-+ insmod -qv ah4
-+ insmod -qv esp4
-+ insmod -qv ipcomp
-+ insmod -qv xfrm4_tunnel
-+ insmod -qv xfrm_user
- fi
- fi
-
-@@ -272,7 +272,7 @@
- setmodule
- unset MODPATH MODULECONF # no user overrides!
- depmod -a >/dev/null 2>&1
-- modprobe -v ipsec
-+ insmod -v ipsec
- fi
- if test ! -f $ipsecversion
- then
-@@ -288,7 +288,7 @@
- do
- if test -f $moduleinstplace/alg/ipsec_$alg.o
- then
-- modprobe ipsec_$alg
-+ insmod ipsec_$alg
- fi
- done
- fi
+++ /dev/null
-Index: strongswan-2.8.2/programs/Makefile
-===================================================================
---- strongswan-2.8.2.orig/programs/Makefile 2007-06-04 13:23:06.414758704 +0200
-+++ strongswan-2.8.2/programs/Makefile 2007-06-04 13:23:07.444602144 +0200
-@@ -17,12 +17,10 @@
- FREESWANSRCDIR=..
- include ${FREESWANSRCDIR}/Makefile.inc
-
--SUBDIRS=spi eroute spigrp tncfg klipsdebug pf_key proc pluto
--SUBDIRS+=_confread _copyright _include _keycensor _plutoload _plutorun
--SUBDIRS+=_realsetup _secretcensor _startklips _updown _updown_espmark
--SUBDIRS+=auto barf ipsec look manual ranbits secrets starter
--SUBDIRS+=rsasigkey send-pr setup showdefaults showhostkey calcgoo mailkey
--SUBDIRS+=ikeping examples openac scepclient _showstatus wakeup
-+SUBDIRS=_copyright _updown _showstatus wakeup examples
-+SUBDIRS+=barf calcgoo eroute ikeping klipsdebug look mailkey manual
-+SUBDIRS+=openac pf_key pluto proc ranbits rsasigkey scepclient secrets
-+SUBDIRS+=showdefaults showhostkey spi spigrp starter tncfg ipsec
-
- ifeq ($(USE_LWRES),true)
- SUBDIRS+=lwdnsq
+++ /dev/null
-diff -Nurp strongswan-2.8.11.orig/linux/include/circ-queue.h strongswan-2.8.11.queue/linux/include/circ-queue.h
---- strongswan-2.8.11.orig/linux/include/circ-queue.h 1970-01-01 01:00:00.000000000 +0100
-+++ strongswan-2.8.11.queue/linux/include/circ-queue.h 2009-12-02 19:11:31.414549616 +0100
-@@ -0,0 +1,131 @@
-+/*
-+ * Copyright (c) 1991, 1993
-+ * The Regents of the University of California. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ * 3. All advertising materials mentioning features or use of this software
-+ * must display the following acknowledgement:
-+ * This product includes software developed by the University of
-+ * California, Berkeley and its contributors.
-+ * 4. Neither the name of the University nor the names of its contributors
-+ * may be used to endorse or promote products derived from this software
-+ * without specific prior written permission.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+ * SUCH DAMAGE.
-+ *
-+ * @(#)queue.h 8.5 (Berkeley) 8/20/94
-+ * $FreeBSD: ports/misc/44bsd-more/files/queue.h,v 1.1 2001/01/06 03:41:36 hoek Exp $
-+ */
-+
-+/*
-+ * Circular queue definitions.
-+ */
-+#define CIRCLEQ_HEAD(name, type) \
-+struct name { \
-+ struct type *cqh_first; /* first element */ \
-+ struct type *cqh_last; /* last element */ \
-+}
-+
-+#define CIRCLEQ_ENTRY(type) \
-+struct { \
-+ struct type *cqe_next; /* next element */ \
-+ struct type *cqe_prev; /* previous element */ \
-+}
-+
-+/*
-+ * Circular queue functions.
-+ */
-+#define CIRCLEQ_EMPTY(head) ((head)->cqh_first == (void *)(head))
-+
-+#define CIRCLEQ_FIRST(head) ((head)->cqh_first)
-+
-+#define CIRCLEQ_FOREACH(var, head, field) \
-+ for((var) = (head)->cqh_first; \
-+ (var) != (void *)(head); \
-+ (var) = (var)->field.cqe_next)
-+
-+#define CIRCLEQ_FOREACH_REVERSE(var, head, field) \
-+ for((var) = (head)->cqh_last; \
-+ (var) != (void *)(head); \
-+ (var) = (var)->field.cqe_prev)
-+
-+#define CIRCLEQ_INIT(head) do { \
-+ (head)->cqh_first = (void *)(head); \
-+ (head)->cqh_last = (void *)(head); \
-+} while (0)
-+
-+#define CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) do { \
-+ (elm)->field.cqe_next = (listelm)->field.cqe_next; \
-+ (elm)->field.cqe_prev = (listelm); \
-+ if ((listelm)->field.cqe_next == (void *)(head)) \
-+ (head)->cqh_last = (elm); \
-+ else \
-+ (listelm)->field.cqe_next->field.cqe_prev = (elm); \
-+ (listelm)->field.cqe_next = (elm); \
-+} while (0)
-+
-+#define CIRCLEQ_INSERT_BEFORE(head, listelm, elm, field) do { \
-+ (elm)->field.cqe_next = (listelm); \
-+ (elm)->field.cqe_prev = (listelm)->field.cqe_prev; \
-+ if ((listelm)->field.cqe_prev == (void *)(head)) \
-+ (head)->cqh_first = (elm); \
-+ else \
-+ (listelm)->field.cqe_prev->field.cqe_next = (elm); \
-+ (listelm)->field.cqe_prev = (elm); \
-+} while (0)
-+
-+#define CIRCLEQ_INSERT_HEAD(head, elm, field) do { \
-+ (elm)->field.cqe_next = (head)->cqh_first; \
-+ (elm)->field.cqe_prev = (void *)(head); \
-+ if ((head)->cqh_last == (void *)(head)) \
-+ (head)->cqh_last = (elm); \
-+ else \
-+ (head)->cqh_first->field.cqe_prev = (elm); \
-+ (head)->cqh_first = (elm); \
-+} while (0)
-+
-+#define CIRCLEQ_INSERT_TAIL(head, elm, field) do { \
-+ (elm)->field.cqe_next = (void *)(head); \
-+ (elm)->field.cqe_prev = (head)->cqh_last; \
-+ if ((head)->cqh_first == (void *)(head)) \
-+ (head)->cqh_first = (elm); \
-+ else \
-+ (head)->cqh_last->field.cqe_next = (elm); \
-+ (head)->cqh_last = (elm); \
-+} while (0)
-+
-+#define CIRCLEQ_LAST(head) ((head)->cqh_last)
-+
-+#define CIRCLEQ_NEXT(elm,field) ((elm)->field.cqe_next)
-+
-+#define CIRCLEQ_PREV(elm,field) ((elm)->field.cqe_prev)
-+
-+#define CIRCLEQ_REMOVE(head, elm, field) do { \
-+ if ((elm)->field.cqe_next == (void *)(head)) \
-+ (head)->cqh_last = (elm)->field.cqe_prev; \
-+ else \
-+ (elm)->field.cqe_next->field.cqe_prev = \
-+ (elm)->field.cqe_prev; \
-+ if ((elm)->field.cqe_prev == (void *)(head)) \
-+ (head)->cqh_first = (elm)->field.cqe_next; \
-+ else \
-+ (elm)->field.cqe_prev->field.cqe_next = \
-+ (elm)->field.cqe_next; \
-+} while (0)
-diff -Nurp strongswan-2.8.11.orig/programs/pluto/connections.h strongswan-2.8.11.queue/programs/pluto/connections.h
---- strongswan-2.8.11.orig/programs/pluto/connections.h 2007-06-18 20:24:51.000000000 +0200
-+++ strongswan-2.8.11.queue/programs/pluto/connections.h 2009-12-02 19:11:02.127064115 +0100
-@@ -18,6 +18,10 @@
- #define _CONNECTIONS_H
-
- #include <sys/queue.h>
-+/* This handles the 'syntax error before "CIRCLEQ_ENTRY"' */
-+#ifndef CIRCLEQ_HEAD
-+#include <circ-queue.h>
-+#endif
-
- #include "id.h"
- #include "certs.h"
+++ /dev/null
-#
-# Copyright (C) 2006 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-include $(INCLUDE_DIR)/kernel.mk
-
-PKG_NAME:=alsa-driver
-PKG_VERSION:=1.0.14rc1
-PKG_RELEASE:=1
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=ftp://ftp.alsa-project.org/pub/driver/
-PKG_MD5SUM:=4cff99be4b225e96663fbd61cabe3182
-
-include $(INCLUDE_DIR)/package.mk
-
-define KernelPackage/alsa
- SUBMENU:=Other modules
- DEPENDS:=@USB_SUPPORT @LINUX_2_4
- TITLE:=Advanced Linux Sound Architecture
- FILES:=$(PKG_BUILD_DIR)/modules/*.$(LINUX_KMOD_SUFFIX)
- AUTOLOAD=$(call AutoLoad,70,$(shell cat ./files/alsa.modules))
-endef
-
-ifeq ($(KERNEL),2.4)
- ifeq ($(LINUX_KARCH),i386)
- KERNEL_C_OPTS:= -Os -mpreferred-stack-boundary=2 -march=i486 -fno-unit-at-a-time
- endif
- ifeq ($(LINUX_KARCH),mips)
- KERNEL_C_OPTS:= -Os -G 0 -mlong-calls -mno-abicalls -fno-pic -finline-limit=100000 -mabi=32 -march=mips32 -Wa,-32 -Wa,-march=mips32 -Wa,-mips32 -Wa,--trap
- endif
-endif
-ifeq ($(LINUX_KARCH),i386)
- KERNEL_C_INCS:= -I$(LINUX_DIR)/include/asm-i386/mach-generic -I$(LINUX_DIR)/include/asm-i386/mach-default
-endif
-ifeq ($(LINUX_KARCH),mips)
- KERNEL_C_INCS:= -I$(LINUX_DIR)/include/asm-mips/mach-generic
-endif
-
-CONFIGURE_VARS:= \
- CFLAGS="$(KERNEL_C_INCS)"
-
-CONFIGURE_ARGS:= \
- --with-build="$(LINUX_DIR)" \
- --with-kernel="$(LINUX_DIR)" \
- --with-cross="$(KERNEL_CROSS)" \
- --with-redhat=no \
- --with-suse=no \
- --with-oss=yes \
- --with-isapnp=no \
- --with-sequencer=no \
- --with-cards=usb-audio
-
-define Build/Compile
- $(MAKE) -C $(PKG_BUILD_DIR) \
- ARCH="$(LINUX_KARCH)" \
- CROSS_COMPILE="$(TARGET_CROSS)" \
- c_opts="$(KERNEL_C_OPTS)" \
- CP="$(CP)" \
- all
-endef
-
-$(eval $(call KernelPackage,alsa))
+++ /dev/null
-snd-page-alloc
-snd
-snd-timer
-snd-pcm
-snd-rawmidi
-snd-usb-lib
-snd-hwdep
-snd-usb-audio
-snd-mixer-oss
-snd-pcm-oss
+++ /dev/null
-Index: alsa-driver-1.0.14rc1/include/adriver.h
-===================================================================
---- alsa-driver-1.0.14rc1.orig/include/adriver.h 2007-06-04 13:22:44.887031416 +0200
-+++ alsa-driver-1.0.14rc1/include/adriver.h 2007-06-04 13:22:44.956020928 +0200
-@@ -514,7 +514,7 @@
- #endif /* < 2.6.0 */
-
- /* workarounds for USB API */
--#if defined(SND_NEED_USB_WRAPPER) && (defined(CONFIG_USB) || defined(CONFIG_USB_MODULE))
-+#if 1
-
- #include <linux/usb.h>
-
-@@ -1360,4 +1360,5 @@
- #endif
- #endif
-
-+#undef info /* used in several structs */
- #endif /* __SOUND_LOCAL_DRIVER_H */
+++ /dev/null
-Index: alsa-driver-1.0.14rc1/Makefile
-===================================================================
---- alsa-driver-1.0.14rc1.orig/Makefile 2007-06-04 13:22:44.865034760 +0200
-+++ alsa-driver-1.0.14rc1/Makefile 2007-06-04 13:22:45.149991440 +0200
-@@ -115,7 +115,7 @@
- if [ ! -d include/sound -a ! -L include/sound ]; then \
- ln -sf ../alsa-kernel/include include/sound ; \
- fi
-- cp -puvf include/version.h include/sound/version.h
-+ $(CP) include/version.h include/sound/version.h
-
- utils/mod-deps: utils/mod-deps.c
- gcc utils/mod-deps.c -o utils/mod-deps
+++ /dev/null
-Index: alsa-driver-1.0.14rc1/alsa-kernel/core/sound.c
-===================================================================
---- alsa-driver-1.0.14rc1.orig/alsa-kernel/core/sound.c 2007-07-11 12:15:11.408530571 +0200
-+++ alsa-driver-1.0.14rc1/alsa-kernel/core/sound.c 2007-07-11 12:15:26.421386105 +0200
-@@ -171,7 +171,7 @@
- return err;
- }
-
--static struct file_operations snd_fops =
-+struct file_operations snd_fops =
- {
- .owner = THIS_MODULE,
- .open = snd_open
projects / openwrt / svn-archive / packages.git / commitdiff