--- /dev/null
+#
+# Copyright (C) 2006-2008 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+# $Id$
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gmp
+PKG_VERSION:=4.2.2
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:=@GNU/gmp
+PKG_MD5SUM:=7ce52531644e6d12f16911b7e3151f3f
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/libgmp
+ SECTION:=libs
+ CATEGORY:=Libraries
+ TITLE:=GNU multiprecision arithmetic library
+ URL:=http://gmplib.org/
+endef
+
+define Package/libgmp/description
+ GMP is a free library for arbitrary precision arithmetic, operating on
+ signed integers, rational numbers, and floating point numbers.
+endef
+
+TARGET_CFLAGS += $(FPIC)
+CONFIGURE_VARS += CC="$(TARGET_CROSS)gcc"
+CONFIGURE_ARGS += \
+ --enable-shared \
+ --enable-static \
+
+define Build/Compile
+ $(call Build/Compile/Default, \
+ DESTDIR="$(PKG_INSTALL_DIR)" \
+ CC="$(TARGET_CC)" \
+ all install \
+ )
+endef
+
+define Build/InstallDev
+ mkdir -p $(1)/usr/include
+ $(CP) $(PKG_INSTALL_DIR)/usr/include/gmp* $(1)/usr/include/
+ mkdir -p $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgmp.{a,so*} $(1)/usr/lib/
+endef
+
+define Package/libgmp/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgmp.so.* $(1)/usr/lib/
+endef
+
+$(eval $(call BuildPackage,libgmp))
--- /dev/null
+#
+# Copyright (C) 2006 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+# $Id$
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=keynote
+PKG_VERSION:=2.3
+PKG_RELEASE:=2
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:=http://downloads.openwrt.org/sources/
+PKG_MD5SUM:=b569066ac2ba1356c2112b118a7d74d0
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/keynote
+ SECTION:=net
+ CATEGORY:=Network
+ DEPENDS:=@LINUX_2_6 +libopenssl
+ TITLE:=Simple and flexible trust-management system
+ URL:=http://www1.cs.columbia.edu/~angelos/keynote.html
+endef
+
+define Package/keynote/description
+ KeyNote is a simple and flexible trust-management system designed to work
+ well for a variety of large- and small- scale Internet-based applications.
+ It provides a single, unified language for both local policies and
+ credentials.
+endef
+
+CONFIGURE_ARGS += \
+ --enable-static \
+ --enable-shared
+
+MAKE_FLAGS += \
+ CFLAGS="$(TARGET_CFLAGS)"
+
+define Build/InstallDev
+ mkdir -p $(1)/usr/include/keynote
+ $(CP) $(PKG_BUILD_DIR)/{assertion,header,keynote,signature}.h $(1)/usr/include/keynote/
+ mkdir -p $(1)/usr/lib
+ $(CP) $(PKG_BUILD_DIR)/libkeynote.a $(1)/usr/lib/
+endef
+
+define Package/keynote/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/keynote $(1)/usr/sbin/
+endef
+
+$(eval $(call BuildPackage,keynote))
--- /dev/null
+Index: keynote-2.3/configure.in
+===================================================================
+--- keynote-2.3.orig/configure.in 2007-06-04 13:22:41.284579072 +0200
++++ keynote-2.3/configure.in 2007-06-04 13:22:41.389563112 +0200
+@@ -21,19 +21,13 @@
+ AC_PATH_PROG(ECHO, echo, /bin/echo)
+ AC_PATH_PROG(SED, sed, /usr/bin/sed)
+
+-dnl Checks for libraries.
+-LIBS="-L/usr/lib -L/usr/local/lib -L/usr/ssl/lib -L/usr/openssl/lib\
+- -L/usr/local/ssl/lib -L/usr/local/openssl/lib -L/usr/pkg/lib -L/pkg/lib"
+-
+ AC_CHECK_LIB(m, floor, LIBS="$LIBS -lm")
+ AC_CHECK_LIB(rsaref, RSAPrivateDecrypt, LIBS="$LIBS -lrsaref")
+ AC_CHECK_LIB(crypto, i2a_ASN1_STRING, LIBS="$LIBS -lcrypto")
+ AC_CHECK_LIB(RSAglue, RSA_ref_private_encrypt, LIBS="$LIBS -lRSAglue")
+
+ dnl Checks for header files.
+-CPPFLAGS="-I/usr/include -I/usr/local/include -I/usr/ssl/include\
+- -I/usr/local/ssl/include -I/usr/openssl/include -I/usr/pkg/include\
+- -I/usr/local/openssl/include -I/pkg/include"
++CPPFLAGS="-I/usr/include/openssl"
+
+ AC_HEADER_STDC
+ AC_HEADER_TIME
+Index: keynote-2.3/keynote-keygen.c
+===================================================================
+--- keynote-2.3.orig/keynote-keygen.c 2007-06-04 13:22:41.290578160 +0200
++++ keynote-2.3/keynote-keygen.c 2007-06-04 13:22:41.389563112 +0200
+@@ -161,7 +161,7 @@
+ if (strlen(algname) + 2 > prlen)
+ {
+ fprintf(stderr, "Parameter ``print-length'' should be larger "
+- "than the length of AlgorithmName (%d)\n", strlen(algname));
++ "than the length of AlgorithmName (%lu)\n", strlen(algname));
+ exit(-1);
+ }
+
+Index: keynote-2.3/keynote.l
+===================================================================
+--- keynote-2.3.orig/keynote.l 2007-06-04 13:22:41.295577400 +0200
++++ keynote-2.3/keynote.l 2007-06-04 13:22:41.390562960 +0200
+@@ -61,7 +61,8 @@
+ static struct lex_list *keynote_lex_list = (struct lex_list *) NULL;
+ static int keynote_max_lex_list = 32;
+ static int keynote_lex_counter = 0;
+-static int first_tok = 0;
++extern int first_tok;
++int first_tok = 0;
+ %}
+ digit [0-9]
+ specnumber [1-9][0-9]*
+@@ -766,7 +767,7 @@
+ if (0)
+ {
+ yyunput(0, NULL);
+- yy_flex_realloc(0, NULL);
++ yy_flex_realloc(NULL, 0);
+ }
+
+ return en;
+Index: keynote-2.3/keynote-ver.l
+===================================================================
+--- keynote-2.3.orig/keynote-ver.l 2007-06-04 13:22:41.301576488 +0200
++++ keynote-2.3/keynote-ver.l 2007-06-04 13:22:41.390562960 +0200
+@@ -267,7 +267,7 @@
+ if (0)
+ {
+ yyunput(0, NULL);
+- yy_flex_realloc(0, NULL);
++ yy_flex_realloc(NULL, 0);
+ }
+ }
+
+Index: keynote-2.3/keynote-ver.y
+===================================================================
+--- keynote-2.3.orig/keynote-ver.y 2007-06-04 13:22:41.306575728 +0200
++++ keynote-2.3/keynote-ver.y 2007-06-04 13:22:41.390562960 +0200
+@@ -49,7 +49,7 @@
+ return keynote_errno;
+ free($1);
+ }
+-
++ ;
+ expr: VSTRING EQ STRING { int i = kn_add_action(sessid, $1, $3, 0);
+
+ if (i != 0)
+@@ -64,6 +64,7 @@
+ free($1);
+ free($3);
+ } expr
++ ;
+ %%
+ void
+ kverror(char *s)
+Index: keynote-2.3/keynote.y
+===================================================================
+--- keynote-2.3.orig/keynote.y 2007-06-04 13:22:41.311574968 +0200
++++ keynote-2.3/keynote.y 2007-06-04 13:22:41.391562808 +0200
+@@ -73,8 +73,7 @@
+ %}
+ %%
+
+-grammarswitch: LOCINI { keynote_exceptionflag = keynote_donteval = 0; }
+- localinit
++grammarswitch: LOCINI { keynote_exceptionflag = keynote_donteval = 0; } localinit
+ | ACTSTR { keynote_exceptionflag = keynote_donteval = 0; } program
+ | KEYPRE { keynote_exceptionflag = keynote_donteval = 0; }
+ keypredicate
+@@ -91,17 +90,17 @@
+ STRING { keynote_lex_remove($3);
+ keynote_privkey = $3;
+ }
+-
++ ;
+ keypredicate: /* Nothing */ { keynote_returnvalue = 0;
+ return 0;
+ }
+ | notemptykeypredicate { keynote_returnvalue = $1;
+ return 0;
+ }
+-
++ ;
+ notemptykeypredicate: key { $$ = $1; }
+ | keyexp { $$ = $1; }
+-
++ ;
+ keyexp: notemptykeypredicate AND { if (($1 == 0) && !keynote_justrecord)
+ keynote_donteval = 1;
+ } notemptykeypredicate
+@@ -138,7 +137,7 @@
+ else
+ $$ = 0;
+ } /* K-th */
+-
++ ;
+ keylist: key
+ { /* Don't do anything if we're just recording */
+ if (!keynote_justrecord && !keynote_donteval)
+@@ -155,7 +154,7 @@
+
+ keylistcount++;
+ }
+-
++ ;
+ key: str {
+ if (keynote_donteval)
+ $$ = 0;
+@@ -193,10 +192,10 @@
+ }
+ }
+ }
+-
++ ;
+ localinit: /* Nothing */
+ | localconstants
+-
++ ;
+ localconstants: VARIABLE EQQ STRING
+ {
+ int i;
+@@ -265,12 +264,12 @@
+ if (i != RESULT_TRUE)
+ return -1;
+ } localconstants
+-
++ ;
+ program: prog {
+ keynote_returnvalue = $1;
+ return 0;
+ }
+-
++ ;
+ prog: /* Nada */ { $$ = 0; }
+ | notemptyprog {
+ /*
+@@ -285,7 +284,7 @@
+ else
+ $$ = $4;
+ }
+-
++ ;
+ notemptyprog: expr HINT afterhint
+ {
+ if (checkexception($1))
+@@ -300,7 +299,7 @@
+ else
+ $$ = 0;
+ }
+-
++ ;
+ afterhint: str { if (keynote_exceptionflag || keynote_donteval)
+ $$ = 0;
+ else
+@@ -315,7 +314,7 @@
+ }
+ }
+ | OPENBLOCK prog CLOSEBLOCK { $$ = $2; }
+-
++ ;
+
+ expr: OPENPAREN expr CLOSEPAREN { $$ = $2; }
+ | expr AND { if ($1 == 0)
+@@ -334,19 +333,19 @@
+ | stringexp { $$ = $1; }
+ | TRUE { $$ = 1; }
+ | FALSE { $$ = 0; }
+-
++ ;
+ numexp: numex LT numex { $$ = $1 < $3; }
+ | numex GT numex { $$ = $1 > $3; }
+ | numex EQ numex { $$ = $1 == $3; }
+ | numex LE numex { $$ = $1 <= $3; }
+ | numex GE numex { $$ = $1 >= $3; }
+ | numex NE numex { $$ = $1 != $3; }
+-
++ ;
+ floatexp: floatex LT floatex { $$ = $1 < $3; }
+ | floatex GT floatex { $$ = $1 > $3; }
+ | floatex LE floatex { $$ = $1 <= $3; }
+ | floatex GE floatex { $$ = $1 >= $3; }
+-
++ ;
+ numex: numex PLUS numex { $$ = $1 + $3; }
+ | numex MINUS numex { $$ = $1 - $3; }
+ | numex MULT numex { $$ = $1 * $3; }
+@@ -384,7 +383,7 @@
+ free($2);
+ }
+ }
+-
++ ;
+ floatex: floatex PLUS floatex { $$ = ($1 + $3); }
+ | floatex MINUS floatex { $$ = ($1 - $3); }
+ | floatex MULT floatex { $$ = ($1 * $3); }
+@@ -418,7 +417,7 @@
+ free($2);
+ }
+ }
+-
++ ;
+ stringexp: str EQ str {
+ if (keynote_exceptionflag || keynote_donteval)
+ $$ = 0;
+@@ -529,9 +528,9 @@
+ if (i == 0)
+ {
+ #if !defined(HAVE_SNPRINTF)
+- sprintf(grp, "%d", preg.re_nsub);
++ sprintf(grp, "%d", (int)preg.re_nsub);
+ #else /* !HAVE_SNPRINTF */
+- snprintf(grp, 3, "%d", preg.re_nsub);
++ snprintf(grp, 3, "%d", (int)preg.re_nsub);
+ #endif /* !HAVE_SNPRINTF */
+ if (keynote_env_add("_0", grp, &keynote_temp_list,
+ 1, 0) != RESULT_TRUE)
+@@ -579,7 +578,7 @@
+ }
+ }
+ }
+-
++ ;
+ str: str DOTT str { if (keynote_exceptionflag || keynote_donteval)
+ $$ = (char *) NULL;
+ else
+@@ -605,7 +604,7 @@
+ }
+ }
+ | strnotconcat { $$ = $1; }
+-
++ ;
+ strnotconcat: STRING { $$ = $1; }
+ | OPENPAREN str CLOSEPAREN { $$ = $2; }
+ | VARIABLE { if (keynote_exceptionflag || keynote_donteval)
+@@ -660,6 +659,7 @@
+ return -1;
+ }
+ }
++ ;
+ %%
+
+ /*
+Index: keynote-2.3/Makefile.in
+===================================================================
+--- keynote-2.3.orig/Makefile.in 2007-06-04 13:22:41.317574056 +0200
++++ keynote-2.3/Makefile.in 2007-06-04 13:22:41.391562808 +0200
+@@ -41,7 +41,8 @@
+ YACCFLAGS = -d -p kn -b k
+ LEXFLAGS2 = -Pkv -s -i
+ LEXFLAGS = -Cr -Pkn -s -i
+-CFLAGS = -O2 -Wall # -g
++CFLAGS = -O2 -Wall -fno-strict-aliasing # -g
++LDFLAGS = @LDFLAGS@
+ RMFLAGS2 = -rf
+ RMFLAGS = -f
+ NROFFFLAGS = -mandoc
+@@ -83,7 +84,7 @@
+ $(RANLIB) $(TARGET)
+
+ $(TARGET2): $(TARGET) $(OBJS2)
+- $(CC) $(CFLAGS) -o $(TARGET2) $(OBJS2) $(LIBS)
++ $(CC) $(CFLAGS) -o $(TARGET2) $(OBJS2) $(LDFLAGS) $(LIBS)
+
+ k.tab.c: keynote.y header.h keynote.h assertion.h config.h
+ $(YACC) $(YACCFLAGS) keynote.y
+Index: keynote-2.3/signature.c
+===================================================================
+--- keynote-2.3.orig/signature.c 2007-06-04 13:22:41.323573144 +0200
++++ keynote-2.3/signature.c 2007-06-04 13:22:41.392562656 +0200
+@@ -515,7 +515,7 @@
+ kk = dc->dec_key;
+ if (keytype == KEYNOTE_PRIVATE_KEY)
+ {
+- if (d2i_DSAPrivateKey((DSA **) &kk, &decoded, len) == (DSA *) NULL)
++ if (d2i_DSAPrivateKey((DSA **) &kk, (const unsigned char **) &decoded, len) == (DSA *) NULL)
+ {
+ if (ptr != (unsigned char *) NULL)
+ free(ptr);
+@@ -526,7 +526,7 @@
+ }
+ else
+ {
+- if (d2i_DSAPublicKey((DSA **) &kk, &decoded, len) == (DSA *) NULL)
++ if (d2i_DSAPublicKey((DSA **) &kk, (const unsigned char **) &decoded, len) == (DSA *) NULL)
+ {
+ if (ptr != (unsigned char *) NULL)
+ free(ptr);
+@@ -556,7 +556,7 @@
+ kk = dc->dec_key;
+ if (keytype == KEYNOTE_PRIVATE_KEY)
+ {
+- if (d2i_RSAPrivateKey((RSA **) &kk, &decoded, len) == (RSA *) NULL)
++ if (d2i_RSAPrivateKey((RSA **) &kk, (const unsigned char **) &decoded, len) == (RSA *) NULL)
+ {
+ if (ptr != (unsigned char *) NULL)
+ free(ptr);
+@@ -567,7 +567,7 @@
+ }
+ else
+ {
+- if (d2i_RSAPublicKey((RSA **) &kk, &decoded, len) == (RSA *) NULL)
++ if (d2i_RSAPublicKey((RSA **) &kk, (const unsigned char **) &decoded, len) == (RSA *) NULL)
+ {
+ if (ptr != (unsigned char *) NULL)
+ free(ptr);
--- /dev/null
+Index: keynote-2.3/configure
+===================================================================
+--- keynote-2.3.orig/configure 2007-06-04 13:22:41.259582872 +0200
++++ keynote-2.3/configure 2007-06-04 13:22:41.658522224 +0200
+@@ -889,52 +889,10 @@
+ done
+ test -n "$YACC" || YACC="yacc"
+
+-for ac_prog in openssl ssleay
+-do
+-# Extract the first word of "$ac_prog", so it can be a program name with args.
+-set dummy $ac_prog; ac_word=$2
+-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+-echo "configure:898: checking for $ac_word" >&5
+-if eval "test \"`echo '$''{'ac_cv_path_SSLEAY'+set}'`\" = set"; then
+- echo $ac_n "(cached) $ac_c" 1>&6
+-else
+- case "$SSLEAY" in
+- /*)
+- ac_cv_path_SSLEAY="$SSLEAY" # Let the user override the test with a path.
+- ;;
+- ?:/*)
+- ac_cv_path_SSLEAY="$SSLEAY" # Let the user override the test with a dos path.
+- ;;
+- *)
+- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
+- ac_dummy="\
+- $PATH:/usr/local/bin:/usr/local/ssl/sbin:/usr/local/ssl/bin:/usr/ssl/bin:/usr/ssl/sbin:/usr/sbin:/usr/openssl/bin:/usr/openssl/bin:/usr/local/openssl/bin:/usr/local/openssl/sbin"
+- for ac_dir in $ac_dummy; do
+- test -z "$ac_dir" && ac_dir=.
+- if test -f $ac_dir/$ac_word; then
+- ac_cv_path_SSLEAY="$ac_dir/$ac_word"
+- break
+- fi
+- done
+- IFS="$ac_save_ifs"
+- ;;
+-esac
+-fi
+-SSLEAY="$ac_cv_path_SSLEAY"
+-if test -n "$SSLEAY"; then
+- echo "$ac_t""$SSLEAY" 1>&6
+-else
+- echo "$ac_t""no" 1>&6
+-fi
+-
+-test -n "$SSLEAY" && break
+-done
+-test -n "$SSLEAY" || SSLEAY="/usr/local/bin/ssleay"
+-
+ # Extract the first word of "rm", so it can be a program name with args.
+ set dummy rm; ac_word=$2
+ echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+-echo "configure:938: checking for $ac_word" >&5
++echo "configure:896: checking for $ac_word" >&5
+ if eval "test \"`echo '$''{'ac_cv_path_RM'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -970,7 +928,7 @@
+ # Extract the first word of "ar", so it can be a program name with args.
+ set dummy ar; ac_word=$2
+ echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+-echo "configure:974: checking for $ac_word" >&5
++echo "configure:932: checking for $ac_word" >&5
+ if eval "test \"`echo '$''{'ac_cv_path_AR'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -1006,7 +964,7 @@
+ # Extract the first word of "nroff", so it can be a program name with args.
+ set dummy nroff; ac_word=$2
+ echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+-echo "configure:1010: checking for $ac_word" >&5
++echo "configure:968: checking for $ac_word" >&5
+ if eval "test \"`echo '$''{'ac_cv_path_NROFF'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -1042,7 +1000,7 @@
+ # Extract the first word of "tar", so it can be a program name with args.
+ set dummy tar; ac_word=$2
+ echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+-echo "configure:1046: checking for $ac_word" >&5
++echo "configure:1004: checking for $ac_word" >&5
+ if eval "test \"`echo '$''{'ac_cv_path_TAR'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -1078,7 +1036,7 @@
+ # Extract the first word of "true", so it can be a program name with args.
+ set dummy true; ac_word=$2
+ echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+-echo "configure:1082: checking for $ac_word" >&5
++echo "configure:1040: checking for $ac_word" >&5
+ if eval "test \"`echo '$''{'ac_cv_path_TRUE'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -1114,7 +1072,7 @@
+ # Extract the first word of "mkdir", so it can be a program name with args.
+ set dummy mkdir; ac_word=$2
+ echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+-echo "configure:1118: checking for $ac_word" >&5
++echo "configure:1076: checking for $ac_word" >&5
+ if eval "test \"`echo '$''{'ac_cv_path_MKDIR'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -1150,7 +1108,7 @@
+ # Extract the first word of "tr", so it can be a program name with args.
+ set dummy tr; ac_word=$2
+ echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+-echo "configure:1154: checking for $ac_word" >&5
++echo "configure:1112: checking for $ac_word" >&5
+ if eval "test \"`echo '$''{'ac_cv_path_TR'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -1186,7 +1144,7 @@
+ # Extract the first word of "echo", so it can be a program name with args.
+ set dummy echo; ac_word=$2
+ echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+-echo "configure:1190: checking for $ac_word" >&5
++echo "configure:1148: checking for $ac_word" >&5
+ if eval "test \"`echo '$''{'ac_cv_path_ECHO'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -1222,7 +1180,7 @@
+ # Extract the first word of "sed", so it can be a program name with args.
+ set dummy sed; ac_word=$2
+ echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+-echo "configure:1226: checking for $ac_word" >&5
++echo "configure:1184: checking for $ac_word" >&5
+ if eval "test \"`echo '$''{'ac_cv_path_SED'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -1256,11 +1214,8 @@
+ fi
+
+
+-LIBS="-L/usr/lib -L/usr/local/lib -L/usr/ssl/lib -L/usr/openssl/lib\
+- -L/usr/local/ssl/lib -L/usr/local/openssl/lib -L/usr/pkg/lib -L/pkg/lib"
+-
+ echo $ac_n "checking for floor in -lm""... $ac_c" 1>&6
+-echo "configure:1264: checking for floor in -lm" >&5
++echo "configure:1219: checking for floor in -lm" >&5
+ ac_lib_var=`echo m'_'floor | sed 'y%./+-%__p_%'`
+ if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+@@ -1268,7 +1223,7 @@
+ ac_save_LIBS="$LIBS"
+ LIBS="-lm $LIBS"
+ cat > conftest.$ac_ext <<EOF
+-#line 1272 "configure"
++#line 1227 "configure"
+ #include "confdefs.h"
+ /* Override any gcc2 internal prototype to avoid an error. */
+ /* We use char because int might match the return type of a gcc2
+@@ -1279,7 +1234,7 @@
+ floor()
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1283: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:1238: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+ else
+@@ -1300,7 +1255,7 @@
+ fi
+
+ echo $ac_n "checking for RSAPrivateDecrypt in -lrsaref""... $ac_c" 1>&6
+-echo "configure:1304: checking for RSAPrivateDecrypt in -lrsaref" >&5
++echo "configure:1259: checking for RSAPrivateDecrypt in -lrsaref" >&5
+ ac_lib_var=`echo rsaref'_'RSAPrivateDecrypt | sed 'y%./+-%__p_%'`
+ if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+@@ -1308,7 +1263,7 @@
+ ac_save_LIBS="$LIBS"
+ LIBS="-lrsaref $LIBS"
+ cat > conftest.$ac_ext <<EOF
+-#line 1312 "configure"
++#line 1267 "configure"
+ #include "confdefs.h"
+ /* Override any gcc2 internal prototype to avoid an error. */
+ /* We use char because int might match the return type of a gcc2
+@@ -1319,7 +1274,7 @@
+ RSAPrivateDecrypt()
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1323: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:1278: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+ else
+@@ -1340,7 +1295,7 @@
+ fi
+
+ echo $ac_n "checking for i2a_ASN1_STRING in -lcrypto""... $ac_c" 1>&6
+-echo "configure:1344: checking for i2a_ASN1_STRING in -lcrypto" >&5
++echo "configure:1299: checking for i2a_ASN1_STRING in -lcrypto" >&5
+ ac_lib_var=`echo crypto'_'i2a_ASN1_STRING | sed 'y%./+-%__p_%'`
+ if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+@@ -1348,7 +1303,7 @@
+ ac_save_LIBS="$LIBS"
+ LIBS="-lcrypto $LIBS"
+ cat > conftest.$ac_ext <<EOF
+-#line 1352 "configure"
++#line 1307 "configure"
+ #include "confdefs.h"
+ /* Override any gcc2 internal prototype to avoid an error. */
+ /* We use char because int might match the return type of a gcc2
+@@ -1359,7 +1314,7 @@
+ i2a_ASN1_STRING()
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1363: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:1318: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+ else
+@@ -1380,7 +1335,7 @@
+ fi
+
+ echo $ac_n "checking for RSA_ref_private_encrypt in -lRSAglue""... $ac_c" 1>&6
+-echo "configure:1384: checking for RSA_ref_private_encrypt in -lRSAglue" >&5
++echo "configure:1339: checking for RSA_ref_private_encrypt in -lRSAglue" >&5
+ ac_lib_var=`echo RSAglue'_'RSA_ref_private_encrypt | sed 'y%./+-%__p_%'`
+ if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+@@ -1388,7 +1343,7 @@
+ ac_save_LIBS="$LIBS"
+ LIBS="-lRSAglue $LIBS"
+ cat > conftest.$ac_ext <<EOF
+-#line 1392 "configure"
++#line 1347 "configure"
+ #include "confdefs.h"
+ /* Override any gcc2 internal prototype to avoid an error. */
+ /* We use char because int might match the return type of a gcc2
+@@ -1399,7 +1354,7 @@
+ RSA_ref_private_encrypt()
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1403: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:1358: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+ else
+@@ -1420,12 +1375,9 @@
+ fi
+
+
+-CPPFLAGS="-I/usr/include -I/usr/local/include -I/usr/ssl/include\
+- -I/usr/local/ssl/include -I/usr/openssl/include -I/usr/pkg/include\
+- -I/usr/local/openssl/include -I/pkg/include"
+
+ echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
+-echo "configure:1429: checking how to run the C preprocessor" >&5
++echo "configure:1381: checking how to run the C preprocessor" >&5
+ # On Suns, sometimes $CPP names a directory.
+ if test -n "$CPP" && test -d "$CPP"; then
+ CPP=
+@@ -1440,13 +1392,13 @@
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp.
+ cat > conftest.$ac_ext <<EOF
+-#line 1444 "configure"
++#line 1396 "configure"
+ #include "confdefs.h"
+ #include <assert.h>
+ Syntax Error
+ EOF
+ ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+-{ (eval echo configure:1450: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
++{ (eval echo configure:1402: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+ if test -z "$ac_err"; then
+ :
+@@ -1457,13 +1409,13 @@
+ rm -rf conftest*
+ CPP="${CC-cc} -E -traditional-cpp"
+ cat > conftest.$ac_ext <<EOF
+-#line 1461 "configure"
++#line 1413 "configure"
+ #include "confdefs.h"
+ #include <assert.h>
+ Syntax Error
+ EOF
+ ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+-{ (eval echo configure:1467: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
++{ (eval echo configure:1419: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+ if test -z "$ac_err"; then
+ :
+@@ -1474,13 +1426,13 @@
+ rm -rf conftest*
+ CPP="${CC-cc} -nologo -E"
+ cat > conftest.$ac_ext <<EOF
+-#line 1478 "configure"
++#line 1430 "configure"
+ #include "confdefs.h"
+ #include <assert.h>
+ Syntax Error
+ EOF
+ ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+-{ (eval echo configure:1484: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
++{ (eval echo configure:1436: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+ if test -z "$ac_err"; then
+ :
+@@ -1505,12 +1457,12 @@
+ echo "$ac_t""$CPP" 1>&6
+
+ echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
+-echo "configure:1509: checking for ANSI C header files" >&5
++echo "configure:1461: checking for ANSI C header files" >&5
+ if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1514 "configure"
++#line 1466 "configure"
+ #include "confdefs.h"
+ #include <stdlib.h>
+ #include <stdarg.h>
+@@ -1518,7 +1470,7 @@
+ #include <float.h>
+ EOF
+ ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+-{ (eval echo configure:1522: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
++{ (eval echo configure:1474: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+ if test -z "$ac_err"; then
+ rm -rf conftest*
+@@ -1535,7 +1487,7 @@
+ if test $ac_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+ cat > conftest.$ac_ext <<EOF
+-#line 1539 "configure"
++#line 1491 "configure"
+ #include "confdefs.h"
+ #include <string.h>
+ EOF
+@@ -1553,7 +1505,7 @@
+ if test $ac_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+ cat > conftest.$ac_ext <<EOF
+-#line 1557 "configure"
++#line 1509 "configure"
+ #include "confdefs.h"
+ #include <stdlib.h>
+ EOF
+@@ -1574,7 +1526,7 @@
+ :
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1578 "configure"
++#line 1530 "configure"
+ #include "confdefs.h"
+ #include <ctype.h>
+ #define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+@@ -1585,7 +1537,7 @@
+ exit (0); }
+
+ EOF
+-if { (eval echo configure:1589: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
++if { (eval echo configure:1541: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+ then
+ :
+ else
+@@ -1609,12 +1561,12 @@
+ fi
+
+ echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6
+-echo "configure:1613: checking whether time.h and sys/time.h may both be included" >&5
++echo "configure:1565: checking whether time.h and sys/time.h may both be included" >&5
+ if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1618 "configure"
++#line 1570 "configure"
+ #include "confdefs.h"
+ #include <sys/types.h>
+ #include <sys/time.h>
+@@ -1623,7 +1575,7 @@
+ struct tm *tp;
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1627: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
++if { (eval echo configure:1579: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ ac_cv_header_time=yes
+ else
+@@ -1647,17 +1599,17 @@
+ do
+ ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+ echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+-echo "configure:1651: checking for $ac_hdr" >&5
++echo "configure:1603: checking for $ac_hdr" >&5
+ if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1656 "configure"
++#line 1608 "configure"
+ #include "confdefs.h"
+ #include <$ac_hdr>
+ EOF
+ ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+-{ (eval echo configure:1661: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
++{ (eval echo configure:1613: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+ if test -z "$ac_err"; then
+ rm -rf conftest*
+@@ -1687,17 +1639,17 @@
+ do
+ ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+ echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+-echo "configure:1691: checking for $ac_hdr" >&5
++echo "configure:1643: checking for $ac_hdr" >&5
+ if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1696 "configure"
++#line 1648 "configure"
+ #include "confdefs.h"
+ #include <$ac_hdr>
+ EOF
+ ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+-{ (eval echo configure:1701: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
++{ (eval echo configure:1653: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+ if test -z "$ac_err"; then
+ rm -rf conftest*
+@@ -1726,12 +1678,12 @@
+
+
+ echo $ac_n "checking for working const""... $ac_c" 1>&6
+-echo "configure:1730: checking for working const" >&5
++echo "configure:1682: checking for working const" >&5
+ if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1735 "configure"
++#line 1687 "configure"
+ #include "confdefs.h"
+
+ int main() {
+@@ -1780,7 +1732,7 @@
+
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1784: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
++if { (eval echo configure:1736: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ ac_cv_c_const=yes
+ else
+@@ -1801,12 +1753,12 @@
+ fi
+
+ echo $ac_n "checking for u_int""... $ac_c" 1>&6
+-echo "configure:1805: checking for u_int" >&5
++echo "configure:1757: checking for u_int" >&5
+ if eval "test \"`echo '$''{'ac_cv_type_u_int'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1810 "configure"
++#line 1762 "configure"
+ #include "confdefs.h"
+ #include <sys/types.h>
+ #if STDC_HEADERS
+@@ -1834,12 +1786,12 @@
+ fi
+
+ echo $ac_n "checking for u_char""... $ac_c" 1>&6
+-echo "configure:1838: checking for u_char" >&5
++echo "configure:1790: checking for u_char" >&5
+ if eval "test \"`echo '$''{'ac_cv_type_u_char'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1843 "configure"
++#line 1795 "configure"
+ #include "confdefs.h"
+ #include <sys/types.h>
+ #if STDC_HEADERS
+@@ -1870,12 +1822,12 @@
+ for ac_func in regcomp open close read _open _close _read strchr memcpy
+ do
+ echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+-echo "configure:1874: checking for $ac_func" >&5
++echo "configure:1826: checking for $ac_func" >&5
+ if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1879 "configure"
++#line 1831 "configure"
+ #include "confdefs.h"
+ /* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+@@ -1898,7 +1850,7 @@
+
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1902: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:1854: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+ else
+@@ -1925,12 +1877,12 @@
+ for ac_func in strcasecmp strncasecmp stricmp strnicmp snprintf __b64_ntop
+ do
+ echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+-echo "configure:1929: checking for $ac_func" >&5
++echo "configure:1881: checking for $ac_func" >&5
+ if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1934 "configure"
++#line 1886 "configure"
+ #include "confdefs.h"
+ /* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+@@ -1953,7 +1905,7 @@
+
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1957: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:1909: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+ else
+@@ -1980,12 +1932,12 @@
+ for ac_func in getopt
+ do
+ echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+-echo "configure:1984: checking for $ac_func" >&5
++echo "configure:1936: checking for $ac_func" >&5
+ if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1989 "configure"
++#line 1941 "configure"
+ #include "confdefs.h"
+ /* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+@@ -2008,7 +1960,7 @@
+
+ ; return 0; }
+ EOF
+-if { (eval echo configure:2012: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:1964: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+ else
+@@ -2172,7 +2124,6 @@
+ s%@CC@%$CC%g
+ s%@RANLIB@%$RANLIB%g
+ s%@YACC@%$YACC%g
+-s%@SSLEAY@%$SSLEAY%g
+ s%@RM@%$RM%g
+ s%@AR@%$AR%g
+ s%@NROFF@%$NROFF%g
+Index: keynote-2.3/configure.in
+===================================================================
+--- keynote-2.3.orig/configure.in 2007-06-04 13:22:41.389563112 +0200
++++ keynote-2.3/configure.in 2007-06-04 13:22:41.658522224 +0200
+@@ -9,8 +9,8 @@
+ AC_PROG_CC
+ AC_PROG_RANLIB
+ AC_PROG_YACC
+-AC_PATH_PROGS(SSLEAY, openssl ssleay, /usr/local/bin/ssleay, \
+- $PATH:/usr/local/bin:/usr/local/ssl/sbin:/usr/local/ssl/bin:/usr/ssl/bin:/usr/ssl/sbin:/usr/sbin:/usr/openssl/bin:/usr/openssl/bin:/usr/local/openssl/bin:/usr/local/openssl/sbin)
++dnl AC_PATH_PROGS(SSLEAY, openssl ssleay, /usr/local/bin/ssleay, \
++dnl $PATH:/usr/local/bin:/usr/local/ssl/sbin:/usr/local/ssl/bin:/usr/ssl/bin:/usr/ssl/sbin:/usr/sbin:/usr/openssl/bin:/usr/openssl/bin:/usr/local/openssl/bin:/usr/local/openssl/sbin)
+ AC_PATH_PROG(RM, rm, /bin/rm)
+ AC_PATH_PROG(AR, ar, /usr/bin/ar)
+ AC_PATH_PROG(NROFF, nroff, /usr/bin/nroff)
+@@ -27,7 +27,7 @@
+ AC_CHECK_LIB(RSAglue, RSA_ref_private_encrypt, LIBS="$LIBS -lRSAglue")
+
+ dnl Checks for header files.
+-CPPFLAGS="-I/usr/include/openssl"
++dnl CPPFLAGS="-I/usr/include/openssl"
+
+ AC_HEADER_STDC
+ AC_HEADER_TIME
--- /dev/null
+#
+# Copyright (C) 2006-2008 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+# $Id$
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=aodv-uu
+PKG_VERSION:=0.9.3
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://core.it.uu.se/core/files/
+PKG_MD5SUM:=05460543054449cb4b170252a7168c65
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/aodv-uu/Default
+ TITLE:=Ad-hoc On-demand Distance Vector Routing
+ DEPENDS:=@BROKEN
+ URL:=http://core.it.uu.se/core/index.php/AODV-UU
+endef
+
+define Package/aodv-uu/Default/description
+ AODV is the Ad-hoc On-demand Distance Vector routing protocol
+ implementation created at Uppsala University.
+endef
+
+define Package/aodv-uu
+$(call Package/aodv-uu/Default)
+ SECTION:=net
+ CATEGORY:=Network
+ TITLE+= (daemon)
+endef
+
+define Package/aodv-uu/description
+$(call Package/aodv-uu/Default/description)
+ This package contains the AODV userland daemon.
+endef
+
+define KernelPackage/aodv-uu
+$(call Package/aodv-uu/Default)
+ TITLE+= (kernel module)
+ FILES:=$(PKG_BUILD_DIR)/lnx/kaodv.$(LINUX_KMOD_SUFFIX)
+ SUBMENU:=Network Support
+ AUTOLOAD:=$(call AutoLoad,80,$(shell cat ./files/aodv-uu.modules))
+endef
+
+define KernelPackage/aodv-uu/description
+$(call Package/aodv-uu/Default/description)
+ This package contains the AODV kernel module.
+endef
+
+ifeq ($(CONFIG_LINUX_2_6),y)
+ define Build/Compile/linux26
+ $(MAKE) -C $(LINUX_DIR) \
+ ARCH="$(LINUX_KARCH)" \
+ CROSS_COMPILE="$(TARGET_CROSS)" \
+ PATCHLEVEL="$(LINUX_VERSION)" \
+ KERNDIR="$(LINUX_DIR)" \
+ SUBDIRS="$(PKG_BUILD_DIR)/lnx" \
+ modules
+ endef
+else
+ # We assume 2.4 builds are only for brcm-2.4 yet
+ define Build/Compile/linux24-brcm
+ $(call Build/Compile/Default,\
+ KERNEL_DIR="$(LINUX_DIR)" \
+ KCC="$(TARGET_CC)" \
+ CFLAGS="$(TARGET_CFLAGS)" \
+ kaodv-mips \
+ )
+ cp $(PKG_BUILD_DIR)/lnx/kaodv-mips.$(LINUX_KMOD_SUFFIX) $(PKG_BUILD_DIR)/lnx/kaodv.$(LINUX_KMOD_SUFFIX)
+ endef
+endif
+
+define Build/Compile
+ $(call Build/Compile/linux26)
+ $(call Build/Compile/linux24-brcm)
+ $(call Build/Compile/Default,\
+ KERNEL_DIR="$(LINUX_DIR)" \
+ KCC="$(TARGET_CC)" \
+ CFLAGS="$(TARGET_CFLAGS)" \
+ aodvd \
+ )
+endef
+
+define Package/aodv-uu/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/aodvd $(1)/usr/sbin
+endef
+
+define Package/kmod-aodv-uu/install
+ $(INSTALL_DIR) $(1)/etc/modules.d
+ $(INSTALL_DATA) ./files/aodv-uu.modules $(1)/etc/modules.d/80-aodv-uu
+ $(INSTALL_DIR) $(1)/lib/modules/$(LINUX_VERSION)
+ $(CP) $(PKG_BUILD_DIR)/lnx/kaodv.$(LINUX_KMOD_SUFFIX) $(1)/lib/modules/$(LINUX_VERSION)/
+endef
+
+$(eval $(call BuildPackage,aodv-uu))
+$(eval $(call KernelPackage,aodv-uu))
--- /dev/null
+Index: aodv-uu-0.9.3/lnx/Makefile
+===================================================================
+--- aodv-uu-0.9.3.orig/lnx/Makefile 2007-06-04 13:22:19.859836128 +0200
++++ aodv-uu-0.9.3/lnx/Makefile 2007-06-04 13:22:19.932825032 +0200
+@@ -30,7 +30,7 @@
+ KCFLAGS=-Wall -Wno-strict-aliasing -O2 $(KDEFS) $(KINC) $(XDEFS)
+ KCFLAGS_ARM=-Wall -O2 -D__KERNEL__ -DMODULE -nostdinc $(shell $(ARM_CC) -print-search-dirs | sed -ne 's/install: \(.*\)/-I \1include/gp') -I$(KERNEL_INC)
+ KCFLAGS_MIPS=-Wall -mips2 -O2 -fno-pic -mno-abicalls -mlong-calls -G0 -msoft-float -D__KERNEL__ -DMODULE -nostdinc $(shell $(MIPS_CC) -print-search-dirs | sed -ne 's/install: \(.*\)/-I \1include/gp') -I$(KERNEL_INC) $(XDEFS)
+-
++endif
+ .PHONY: clean clean-2.4 clean-2.6 indent default
+
+ # Check for kernel version
+@@ -89,5 +89,3 @@
+ etags *.c *.h
+ indent:
+ indent -kr -i8 -ts8 -sob -l80 -ss -ncs *.c *.h
+-endif
+-
+Index: aodv-uu-0.9.3/Makefile
+===================================================================
+--- aodv-uu-0.9.3.orig/Makefile 2007-06-04 13:22:19.866835064 +0200
++++ aodv-uu-0.9.3/Makefile 2007-06-04 13:22:19.932825032 +0200
+@@ -87,7 +87,7 @@
+ mips: aodvd-mips kaodv-mips
+
+ endian.h:
+- $(CC) $(CFLAGS) -o endian endian.c
++ gcc -o endian endian.c
+ ./endian > endian.h
+
+ $(OBJS): %.o: %.c Makefile
+@@ -143,19 +143,18 @@
+ @makedepend -Y./ -- $(DEFS) -- $(SRC) &>/dev/null
+ @makedepend -a -Y./ -- $(KDEFS) kaodv.c &>/dev/null
+
+-install: default
+- install -s -m 755 aodvd /usr/sbin/aodvd
+- @if [ ! -d /lib/modules/$(KERNEL)/aodv ]; then \
+- mkdir /lib/modules/$(KERNEL)/aodv; \
+- fi
+-
+- @echo "Installing kernel module in /lib/modules/$(KERNEL)/aodv/";
+- @if [ -f ./kaodv.ko ]; then \
+- install -m 644 kaodv.ko /lib/modules/$(KERNEL)/aodv/kaodv.ko; \
+- else \
+- install -m 644 kaodv.o /lib/modules/$(KERNEL)/aodv/kaodv.o; \
+- fi
+- /sbin/depmod -a
++install: install-aodvd install-kaodv
++
++install-aodvd:
++ @echo "Installing aodv in $(DESTDIR)/usr/sbin";
++ install -d -m0755 $(DESTDIR)/usr/sbin/
++ install -m0755 aodvd $(DESTDIR)/usr/sbin/aodvd
++
++install-kaodv:
++ @echo "Installing kernel module in $(DESTDIR)/lib/modules/$(KERNEL)/";
++ install -d -m0644 $(DESTDIR)/lib/modules/$(KERNEL)/
++ install -m 644 lnx/kaodv.$(KMOD_SUFFIX) $(DESTDIR)/lib/modules/$(KERNEL)/kaodv.$(KMOD_SUFFIX);
++
+ uninstall:
+ rm -f /usr/sbin/aodvd
+ rm -rf /lib/modules/$(KERNEL)/aodv
--- /dev/null
+Index: aodv-uu-0.9.3/lnx/kaodv-mod.c
+===================================================================
+--- aodv-uu-0.9.3.orig/lnx/kaodv-mod.c 2007-06-04 13:22:19.830840536 +0200
++++ aodv-uu-0.9.3/lnx/kaodv-mod.c 2007-06-04 13:22:20.130794936 +0200
+@@ -19,7 +19,7 @@
+ * Author: Erik Nordström, <erik.nordstrom@it.uu.se>
+ *
+ *****************************************************************************/
+-#include <linux/config.h>
++#include <linux/autoconf.h>
+ #include <linux/version.h>
+
+ #ifdef KERNEL26
+@@ -258,7 +258,11 @@
+ if (!(*skb))
+ return NF_STOLEN;
+
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
++ ip_route_me_harder(skb, RTN_UNSPEC);
++#else
+ ip_route_me_harder(skb);
++#endif
+ }
+ break;
+ case NF_IP_POST_ROUTING:
+Index: aodv-uu-0.9.3/lnx/kaodv-queue.c
+===================================================================
+--- aodv-uu-0.9.3.orig/lnx/kaodv-queue.c 2007-06-04 13:22:19.837839472 +0200
++++ aodv-uu-0.9.3/lnx/kaodv-queue.c 2007-06-04 13:22:20.130794936 +0200
+@@ -29,6 +29,7 @@
+ #include <linux/spinlock.h>
+ #include <linux/sysctl.h>
+ #include <linux/proc_fs.h>
++#include <linux/version.h>
+ #include <net/sock.h>
+ #include <net/route.h>
+ #include <net/icmp.h>
+@@ -246,7 +247,11 @@
+ if (!entry->skb)
+ goto next;
+ }
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
++ ip_route_me_harder(&entry->skb, RTN_UNSPEC);
++#else
+ ip_route_me_harder(&entry->skb);
++#endif
+
+ pkts++;
+
--- /dev/null
+Index: aodv-uu-0.9.3/lnx/kaodv-netlink.c
+===================================================================
+--- aodv-uu-0.9.3.orig/lnx/kaodv-netlink.c 2007-06-04 13:22:19.810843576 +0200
++++ aodv-uu-0.9.3/lnx/kaodv-netlink.c 2007-06-04 13:22:20.326765144 +0200
+@@ -284,7 +284,11 @@
+ /* RCV_SKB_FAIL(-EINVAL); */
+
+ #ifdef KERNEL26
++# if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
++ if (security_netlink_recv(skb, CAP_NET_ADMIN))
++# else
+ if (security_netlink_recv(skb))
++# endif
+ RCV_SKB_FAIL(-EPERM);
+ #endif
+ //write_lock_bh(&queue_lock);
--- /dev/null
+Index: aodv-uu-0.9.3/main.c
+===================================================================
+--- aodv-uu-0.9.3.orig/main.c 2007-06-04 13:22:19.782847832 +0200
++++ aodv-uu-0.9.3/main.c 2007-06-04 13:22:20.513736720 +0200
+@@ -26,6 +26,8 @@
+ #include <sys/types.h>
+ #include <sys/socket.h>
+ #include <sys/stat.h>
++#include <linux/types.h>
++#include <linux/if.h>
+ #include <linux/sockios.h>
+ #include <linux/wireless.h>
+ #include <getopt.h>
+Index: aodv-uu-0.9.3/nl.c
+===================================================================
+--- aodv-uu-0.9.3.orig/nl.c 2007-06-04 13:22:19.789846768 +0200
++++ aodv-uu-0.9.3/nl.c 2007-06-04 13:22:20.513736720 +0200
+@@ -33,6 +33,10 @@
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
+ #include <linux/rtnetlink.h>
++#include <linux/version.h>
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
++#include <linux/if_addr.h>
++#endif
+
+ #include "defs.h"
+ #include "lnx/kaodv-netlink.h"
--- /dev/null
+Index: aodv-uu-0.9.3/lnx/kaodv-compat.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ aodv-uu-0.9.3/lnx/kaodv-compat.h 2007-06-17 02:49:46.844217144 +0200
+@@ -0,0 +1,15 @@
++#ifndef __KAODV_COMPAT_H
++#define __KAODV_COMPAT_H
++
++#include <linux/version.h>
++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22)
++
++#define ip_hdr(_skb) (_skb)->nh.iph
++#define skb_reset_network_header(_skb) do { \
++ _skb->nh.iph = (struct iphdr *)_skb->data; \
++ } while (0);
++
++
++#endif /* LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22) */
++
++#endif
+Index: aodv-uu-0.9.3/lnx/kaodv-ipenc.c
+===================================================================
+--- aodv-uu-0.9.3.orig/lnx/kaodv-ipenc.c 2007-06-17 02:31:56.448941960 +0200
++++ aodv-uu-0.9.3/lnx/kaodv-ipenc.c 2007-06-17 02:45:50.420159064 +0200
+@@ -64,7 +64,7 @@
+ if (skb->sk != NULL)
+ skb_set_owner_w(nskb, skb->sk);
+
+- iph = skb->nh.iph;
++ iph = ip_hdr(skb);
+
+ skb_put(nskb, sizeof(struct min_ipenc_hdr));
+
+@@ -78,7 +78,8 @@
+ skb = nskb;
+
+ /* Update pointers */
+- iph = skb->nh.iph = (struct iphdr *)skb->data;
++ skb_reset_network_header(skb);
++ iph = (struct iphdr *)skb->data;
+
+ ipe = (struct min_ipenc_hdr *)(skb->data + (iph->ihl << 2));
+
+@@ -99,8 +100,8 @@
+
+ ip_send_check(iph);
+
+- if (skb->nh.iph->id == 0)
+- ip_select_ident(skb->nh.iph, skb->dst, NULL);
++ if (ip_hdr(skb)->id == 0)
++ ip_select_ident(ip_hdr(skb), skb->dst, NULL);
+
+ return skb;
+ }
+@@ -108,9 +109,7 @@
+ struct sk_buff *ip_pkt_decapsulate(struct sk_buff *skb)
+ {
+ struct min_ipenc_hdr *ipe;
+- /* skb->nh.iph is probably not set yet */
+- struct iphdr *iph = skb->nh.iph;
+-
++ struct iphdr *iph = ip_hdr(skb);
+
+ ipe = (struct min_ipenc_hdr *)((char *)iph + (iph->ihl << 2));
+
+@@ -123,8 +122,9 @@
+ skb->len - (iph->ihl << 2) - sizeof(struct min_ipenc_hdr));
+
+ skb_trim(skb, skb->len - sizeof(struct min_ipenc_hdr));
+-
+- skb->nh.iph = iph = (struct iphdr *)skb->data;
++
++ skb_reset_network_header(skb);
++ iph = (struct iphdr *)skb->data;
+
+ iph->tot_len = htons((ntohs(iph->tot_len) - sizeof(struct min_ipenc_hdr)));
+ ip_send_check(iph);
+Index: aodv-uu-0.9.3/lnx/kaodv-ipenc.h
+===================================================================
+--- aodv-uu-0.9.3.orig/lnx/kaodv-ipenc.h 2007-06-17 02:44:13.881835120 +0200
++++ aodv-uu-0.9.3/lnx/kaodv-ipenc.h 2007-06-17 02:44:16.549429584 +0200
+@@ -27,6 +27,7 @@
+ #include <linux/ip.h>
+ #include <linux/skbuff.h>
+ #include <asm/byteorder.h>
++#include "kaodv-compat.h"
+
+ #define IPPROTO_MIPE 55
+
+Index: aodv-uu-0.9.3/lnx/kaodv-mod.c
+===================================================================
+--- aodv-uu-0.9.3.orig/lnx/kaodv-mod.c 2007-06-17 02:43:33.776931992 +0200
++++ aodv-uu-0.9.3/lnx/kaodv-mod.c 2007-06-17 02:43:39.008136728 +0200
+@@ -120,7 +120,7 @@
+ const struct net_device *out,
+ int (*okfn) (struct sk_buff *))
+ {
+- struct iphdr *iph = (*skb)->nh.iph;
++ struct iphdr *iph = ip_hdr(*skb);
+ struct expl_entry e;
+ struct in_addr ifaddr, bcaddr;
+ int res = 0;
+@@ -188,7 +188,7 @@
+ if (is_gateway && iph->protocol == IPPROTO_MIPE &&
+ iph->daddr == ifaddr.s_addr) {
+ ip_pkt_decapsulate(*skb);
+- iph = (*skb)->nh.iph;
++ iph = ip_hdr(*skb);
+ return NF_ACCEPT;
+ }
+ /* Ignore packets generated locally or that are for this
+Index: aodv-uu-0.9.3/lnx/kaodv-mod.h
+===================================================================
+--- aodv-uu-0.9.3.orig/lnx/kaodv-mod.h 2007-06-17 02:44:32.498005032 +0200
++++ aodv-uu-0.9.3/lnx/kaodv-mod.h 2007-06-17 02:44:34.662675952 +0200
+@@ -5,6 +5,7 @@
+ #include <linux/inetdevice.h>
+ #include <linux/list.h>
+ #include <linux/spinlock.h>
++#include "kaodv-compat.h"
+
+ /* Interface information */
+ struct if_info {
+Index: aodv-uu-0.9.3/lnx/kaodv-queue.c
+===================================================================
+--- aodv-uu-0.9.3.orig/lnx/kaodv-queue.c 2007-06-17 02:45:01.513593992 +0200
++++ aodv-uu-0.9.3/lnx/kaodv-queue.c 2007-06-17 02:45:11.534070648 +0200
+@@ -152,7 +152,7 @@
+ {
+ int status = -EINVAL;
+ struct kaodv_queue_entry *entry;
+- struct iphdr *iph = skb->nh.iph;
++ struct iphdr *iph = ip_hdr(skb);
+
+ entry = kmalloc(sizeof(*entry), GFP_ATOMIC);
+
+Index: aodv-uu-0.9.3/lnx/kaodv-queue.h
+===================================================================
+--- aodv-uu-0.9.3.orig/lnx/kaodv-queue.h 2007-06-17 02:44:50.537262648 +0200
++++ aodv-uu-0.9.3/lnx/kaodv-queue.h 2007-06-17 02:44:53.629792512 +0200
+@@ -21,6 +21,7 @@
+ *****************************************************************************/
+ #ifndef _KAODV_QUEUE_H
+ #define _KAODV_QUEUE_H
++#include "kaodv-compat.h"
+
+ #define KAODV_QUEUE_DROP 1
+ #define KAODV_QUEUE_SEND 2
+Index: aodv-uu-0.9.3/lnx/kaodv-netlink.c
+===================================================================
+--- aodv-uu-0.9.3.orig/lnx/kaodv-netlink.c 2007-06-17 02:47:48.927143264 +0200
++++ aodv-uu-0.9.3/lnx/kaodv-netlink.c 2007-06-17 02:49:11.604574384 +0200
+@@ -338,8 +338,10 @@
+ netlink_register_notifier(&kaodv_nl_notifier);
+ #if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,14))
+ kaodvnl = netlink_kernel_create(NETLINK_AODV, kaodv_netlink_rcv_sk);
+-#else
++#elif (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22))
+ kaodvnl = netlink_kernel_create(NETLINK_AODV, AODVGRP_MAX, kaodv_netlink_rcv_sk, THIS_MODULE);
++#else
++ kaodvnl = netlink_kernel_create(NETLINK_AODV, AODVGRP_MAX, kaodv_netlink_rcv_sk, NULL, THIS_MODULE);
+ #endif
+ if (kaodvnl == NULL) {
+ printk(KERN_ERR "kaodv_netlink: failed to create netlink socket\n");
--- /dev/null
+#
+# Copyright (C) 2006 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+# $Id$
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=ipsec-tools
+PKG_VERSION:=0.7
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:=@SF/ipsec-tools
+PKG_MD5SUM:=c0a586924edde35264ecfe94ad1c261f
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/ipsec-tools
+ SECTION:=net
+ CATEGORY:=Network
+ DEPENDS:=@LINUX_2_6 +libopenssl
+ TITLE:=IPsec management tools
+ URL:=http://ipsec-tools.sourceforge.net/
+endef
+
+CONFIGURE_ARGS += \
+ --enable-shared \
+ --enable-static \
+ --with-kernel-headers="$(LINUX_DIR)/include" \
+ --without-readline \
+ --with-openssl="$(STAGING_DIR)/usr" \
+ --without-libradius \
+ --without-libpam \
+ --enable-dpd \
+ --enable-hybrid \
+ --enable-security-context=no \
+ --enable-natt \
+ --enable-adminport \
+ --enable-ipv6
+
+define Build/Configure
+ (cd $(PKG_BUILD_DIR); touch \
+ configure.ac \
+ aclocal.m4 \
+ Makefile.in \
+ config.h.in \
+ configure \
+ );
+ $(call Build/Configure/Default)
+ echo "#undef HAVE_SHADOW_H" >> $(PKG_BUILD_DIR)/config.h
+endef
+
+# override CFLAGS holding "-Werror" that break builds on compile warnings
+define Build/Compile
+ $(MAKE) -C $(PKG_BUILD_DIR) \
+ DESTDIR="$(PKG_INSTALL_DIR)" \
+ CFLAGS="$(TARGET_CFLAGS)" \
+ all install
+endef
+
+define Package/ipsec-tools/install
+ $(INSTALL_DIR) $(1)/etc
+ $(INSTALL_CONF) $(PKG_BUILD_DIR)/src/racoon/samples/racoon.conf $(1)/etc/
+ $(SED) 's|@sysconfdir_x@|/etc|g' $(1)/etc/racoon.conf
+ $(INSTALL_DIR) $(1)/etc/racoon
+ $(INSTALL_CONF) $(PKG_BUILD_DIR)/src/racoon/samples/psk.txt $(1)/etc/racoon/
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libipsec.so.* $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libracoon.so.* $(1)/usr/lib/
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/plainrsa-gen $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/racoon $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/racoonctl $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/setkey $(1)/usr/sbin/
+endef
+
+define Package/ipsec-tools/conffiles
+/etc/racoon.conf
+/etc/racoon/psk.txt
+endef
+
+$(eval $(call BuildPackage,ipsec-tools))
--- /dev/null
+Index: ipsec-tools-0.6.6/src/racoon/cftoken.l
+===================================================================
+--- ipsec-tools-0.6.6.orig/src/racoon/cftoken.l 2007-06-04 13:22:36.567296208 +0200
++++ ipsec-tools-0.6.6/src/racoon/cftoken.l 2007-06-04 13:22:36.646284200 +0200
+@@ -105,6 +105,8 @@
+ static int incstackp = 0;
+
+ static int yy_first_time = 1;
++
++int yywrap(void) { return 1; }
+ %}
+
+ /* common seciton */
+Index: ipsec-tools-0.6.6/src/setkey/token.l
+===================================================================
+--- ipsec-tools-0.6.6.orig/src/setkey/token.l 2007-06-04 13:22:36.575294992 +0200
++++ ipsec-tools-0.6.6/src/setkey/token.l 2007-06-04 13:22:36.646284200 +0200
+@@ -84,6 +84,8 @@
+ #ifndef SADB_X_EALG_AESCTR
+ #define SADB_X_EALG_AESCTR (-1)
+ #endif
++
++int yywrap(void) { return 1; }
+ %}
+
+ /* common section */
--- /dev/null
+Index: ipsec-tools-0.6.6/configure.ac
+===================================================================
+--- ipsec-tools-0.6.6.orig/configure.ac 2007-06-04 13:22:36.540300312 +0200
++++ ipsec-tools-0.6.6/configure.ac 2007-06-04 13:22:36.841254560 +0200
+@@ -183,7 +183,7 @@
+
+ if test "x$crypto_dir" != "x"; then
+ LIBS="$LIBS -L${crypto_dir}/lib"
+- CPPFLAGS="-I${crypto_dir}/include $CPPLAGS"
++ CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
+ fi
+ AC_MSG_CHECKING(openssl version)
+
+Index: ipsec-tools-0.6.6/configure
+===================================================================
+--- ipsec-tools-0.6.6.orig/configure 2007-06-04 13:22:36.547299248 +0200
++++ ipsec-tools-0.6.6/configure 2007-06-04 13:22:36.850253192 +0200
+@@ -23687,7 +23687,7 @@
+
+ if test "x$crypto_dir" != "x"; then
+ LIBS="$LIBS -L${crypto_dir}/lib"
+- CPPFLAGS="-I${crypto_dir}/include $CPPLAGS"
++ CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
+ fi
+ echo "$as_me:$LINENO: checking openssl version" >&5
+ echo $ECHO_N "checking openssl version... $ECHO_C" >&6
--- /dev/null
+Index: ipsec-tools-0.6.6/src/racoon/grabmyaddr.c
+===================================================================
+--- ipsec-tools-0.6.6.orig/src/racoon/grabmyaddr.c 2007-06-04 13:22:36.521303200 +0200
++++ ipsec-tools-0.6.6/src/racoon/grabmyaddr.c 2007-06-04 13:22:37.064220664 +0200
+@@ -77,10 +77,17 @@
+ #ifdef __linux__
+ #include <linux/types.h>
+ #include <linux/rtnetlink.h>
++#include <linux/version.h>
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
++# include <linux/if_addr.h>
++#endif
+ #ifndef HAVE_GETIFADDRS
+ #define HAVE_GETIFADDRS
+ #define NEED_LINUX_GETIFADDRS
+ #endif
++#ifndef IFA_RTA
++# define IFA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
++#endif
+ #endif
+
+ #ifndef HAVE_GETIFADDRS
--- /dev/null
+#
+# Copyright (C) 2006 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+# $Id$
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=isakmpd
+PKG_VERSION:=20041012
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).orig.tar.gz
+PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/main/i/isakmpd/
+PKG_MD5SUM:=e6d25a9e232fb186e1a48dc06453bd57
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION).orig
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+define Package/isakmpd
+ SECTION:=net
+ CATEGORY:=Network
+ DEPENDS:=@LINUX_2_6 +libopenssl +keynote +libgmp
+ TITLE:=IPsec management tools
+ URL:=http://isakmpd.sourceforge.net/
+endef
+
+define Build/Compile
+ CFLAGS="$(TARGET_CFLAGS)" \
+ $(MAKE) -C $(PKG_BUILD_DIR) \
+ $(TARGET_CONFIGURE_OPTS) \
+ LINUX_DIR="$(LINUX_DIR)" \
+ EXTRA_CPPFLAGS="$(TARGET_CPPFLAGS) -I$(STAGING_DIR)/usr/include/openssl -I$(STAGING_DIR)/usr/include/keynote" \
+ EXTRA_LDFLAGS="$(TARGET_LDFLAGS)"
+
+ $(MAKE) -C $(PKG_BUILD_DIR) \
+ DESTDIR="$(PKG_INSTALL_DIR)" \
+ INSTALL="install -c" \
+ install-bin
+endef
+
+define Package/isakmpd/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(CP) $(PKG_INSTALL_DIR)/* $(1)/
+endef
+
+$(eval $(call BuildPackage,isakmpd))
--- /dev/null
+Index: isakmpd-20041012.orig/dpd.c
+===================================================================
+--- isakmpd-20041012.orig.orig/dpd.c 2007-06-04 13:22:39.088912864 +0200
++++ isakmpd-20041012.orig/dpd.c 2007-06-04 13:22:39.282883376 +0200
+@@ -26,6 +26,7 @@
+
+ #include <sys/types.h>
+ #include <stdlib.h>
++#include <memory.h>
+
+ #include "sysdep.h"
+
+@@ -174,6 +175,7 @@
+ }
+ break;
+ default:
++ ;
+ }
+
+ /* Mark handled. */
+@@ -223,6 +225,7 @@
+ dpd_check_event, sa, &tv);
+ break;
+ default:
++ ;
+ }
+ if (!sa->dpd_event)
+ log_print("dpd_timer_reset: timer_add_event failed");
+Index: isakmpd-20041012.orig/ipsec.c
+===================================================================
+--- isakmpd-20041012.orig.orig/ipsec.c 2007-06-04 13:22:39.093912104 +0200
++++ isakmpd-20041012.orig/ipsec.c 2007-06-04 13:22:39.283883224 +0200
+@@ -1020,6 +1020,52 @@
+ }
+ }
+
++/*
++ * deal with a NOTIFY of INVALID_SPI
++ */
++static void
++ipsec_invalid_spi (struct message *msg, struct payload *p)
++{
++ struct sockaddr *dst;
++ int invspisz, off;
++ u_int32_t spi;
++ u_int16_t totsiz;
++ u_int8_t spisz;
++
++ /* Any notification that make us do something should be protected */
++ if(!TAILQ_FIRST (&msg->payload[ISAKMP_PAYLOAD_HASH]))
++ {
++ LOG_DBG ((LOG_SA, 40,
++ "ipsec_invalid_spi: missing HASH payload in INVALID_SPI"
++ " notification"));
++ return;
++ }
++
++ /*
++ * get the invalid spi out of the variable sized notification data
++ * field, which is after the variable sized SPI field [which specifies
++ * the receiving entity's phase-1 SPI, not the invalid spi]
++ */
++ totsiz = GET_ISAKMP_GEN_LENGTH (p->p);
++ spisz = GET_ISAKMP_NOTIFY_SPI_SZ (p->p);
++ off = ISAKMP_NOTIFY_SPI_OFF + spisz;
++ invspisz = totsiz - off;
++
++ if (invspisz != sizeof spi)
++ {
++ LOG_DBG ((LOG_SA, 40,
++ "ipsec_invalid_spi: SPI size %d in INVALID_SPI "
++ "payload unsupported", spisz));
++ return;
++ }
++ memcpy (&spi, p->p + off, sizeof spi);
++
++ msg->transport->vtbl->get_dst (msg->transport, &dst);
++
++ /* delete matching SPI's from this peer */
++ ipsec_delete_spi_list (dst, 0, (u_int8_t *)&spi, 1, "INVALID_SPI");
++}
++
+ static int
+ ipsec_responder(struct message *msg)
+ {
+@@ -1205,7 +1251,9 @@
+ return dv != IPSEC_ENCAP_TUNNEL
+ && dv != IPSEC_ENCAP_TRANSPORT
+ && dv != IPSEC_ENCAP_UDP_ENCAP_TUNNEL
+- && dv != IPSEC_ENCAP_UDP_ENCAP_TRANSPORT;
++ && dv != IPSEC_ENCAP_UDP_ENCAP_TRANSPORT
++ && dv != IPSEC_ENCAP_UDP_ENCAP_TUNNEL_DRAFT
++ && dv != IPSEC_ENCAP_UDP_ENCAP_TRANSPORT_DRAFT;
+ #else
+ return dv < IPSEC_ENCAP_TUNNEL
+ || dv > IPSEC_ENCAP_TRANSPORT;
+@@ -1837,7 +1885,7 @@
+ ipsec_get_id(char *section, int *id, struct sockaddr **addr,
+ struct sockaddr **mask, u_int8_t *tproto, u_int16_t *port)
+ {
+- char *type, *address, *netmask;
++ char *type, *address, *netmask;
+
+ type = conf_get_str(section, "ID-type");
+ if (!type) {
+Index: isakmpd-20041012.orig/GNUmakefile
+===================================================================
+--- isakmpd-20041012.orig.orig/GNUmakefile 2007-06-04 13:22:39.099911192 +0200
++++ isakmpd-20041012.orig/GNUmakefile 2007-06-04 13:22:39.283883224 +0200
+@@ -40,12 +40,12 @@
+ # integrated, freebsd/netbsd means FreeBSD/NetBSD with KAME IPsec.
+ # darwin means MacOS X 10.2 and later with KAME IPsec. linux means Linux-2.5
+ # and later with native IPSec support.
+-OS= openbsd
++#OS= openbsd
+ #OS= netbsd
+ #OS= freebsd
+ #OS= freeswan
+ #OS= darwin
+-#OS= linux
++OS= linux
+
+ .CURDIR:= $(shell pwd)
+ VPATH= ${.CURDIR}/sysdep/${OS}
+@@ -55,9 +55,10 @@
+ ifndef BINDIR
+ BINDIR= /sbin
+ endif
+-ifndef LDSTATIC
+-LDSTATIC= -static
+-endif
++
++#ifndef LDSTATIC
++#LDSTATIC= -static
++#endif
+
+ SRCS= app.c attribute.c cert.c connection.c \
+ constants.c conf.c cookie.c crypto.c dh.c doi.c exchange.c \
+@@ -131,11 +132,14 @@
+ ifneq ($(findstring install,$(MAKECMDGOALS)),install)
+ # Skip 'regress' until the regress/ structure has gmake makefiles for it.
+ #SUBDIR:= regress
+-SUBDIR:=
++#SUBDIR:= apps/certpatch
+ mksubdirs:
+ $(foreach DIR, ${SUBDIR}, \
+- cd ${DIR}; ${MAKE} ${MAKEFLAGS} CFLAGS="${CFLAGS}" \
+- MKDEP="${MKDEP}" ${MAKECMDGOALS})
++ cd ${.CURDIR}/${DIR}; ${MAKE} ${MAKECMDGOALS};)
++
++# $(foreach DIR, ${SUBDIR}, \
++# cd ${DIR}; ${MAKE} CFLAGS="${CFLAGS}" \
++# MKDEP="${MKDEP}" ${MAKECMDGOALS})
+ else
+ mksubdirs:
+ endif
+@@ -173,7 +177,7 @@
+ endif
+
+ SRCS+= ${IPSEC_SRCS} ${X509} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \
+- $(ISAKMP_CFG)
++ $(ISAKMP_CFG) ${DPD} ${NAT_TRAVERSAL}
+ CFLAGS+= ${IPSEC_CFLAGS}
+ LDADD+= ${DESLIB}
+ DPADD+= ${DESLIBDEP}
+Index: isakmpd-20041012.orig/exchange.h
+===================================================================
+--- isakmpd-20041012.orig.orig/exchange.h 2007-06-04 13:22:39.104910432 +0200
++++ isakmpd-20041012.orig/exchange.h 2007-06-04 13:22:39.283883224 +0200
+@@ -221,6 +221,8 @@
+ #define EXCHANGE_FLAG_NAT_T_ENABLE 0x10 /* We are doing NAT-T. */
+ #define EXCHANGE_FLAG_NAT_T_KEEPALIVE 0x20 /* We are the NAT:ed peer. */
+ #define EXCHANGE_FLAG_DPD_CAP_PEER 0x40 /* Peer is DPD capable. */
++#define EXCHANGE_FLAG_NAT_T_RFC 0x0080 /* Peer does RFC NAT-T. */
++#define EXCHANGE_FLAG_NAT_T_DRAFT 0x0100 /* Peer does draft NAT-T.*/
+
+ extern int exchange_add_certs(struct message *);
+ extern void exchange_finalize(struct message *);
+Index: isakmpd-20041012.orig/log.c
+===================================================================
+--- isakmpd-20041012.orig.orig/log.c 2007-06-04 13:22:39.110909520 +0200
++++ isakmpd-20041012.orig/log.c 2007-06-04 13:22:39.284883072 +0200
+@@ -79,7 +79,6 @@
+
+ struct packhdr {
+ struct pcap_pkthdr pcap;/* pcap file packet header */
+- u_int32_t sa_family; /* address family */
+ union {
+ struct ip ip4; /* IPv4 header (w/o options) */
+ struct ip6_hdr ip6; /* IPv6 header */
+@@ -97,7 +96,7 @@
+ static u_int8_t *packet_buf = NULL;
+
+ static int udp_cksum(struct packhdr *, const struct udphdr *,
+- u_int16_t *);
++ u_int16_t *, int);
+ static u_int16_t in_cksum(const u_int16_t *, int);
+ #endif /* USE_DEBUG */
+
+@@ -539,11 +538,9 @@
+ udp.uh_ulen = htons(datalen);
+
+ /* ip */
+- hdr.sa_family = htonl(src->sa_family);
+ switch (src->sa_family) {
+ default:
+ /* Assume IPv4. XXX Can 'default' ever happen here? */
+- hdr.sa_family = htonl(AF_INET);
+ hdr.ip.ip4.ip_src.s_addr = 0x02020202;
+ hdr.ip.ip4.ip_dst.s_addr = 0x01010101;
+ /* The rest of the setup is common to AF_INET. */
+@@ -584,9 +581,7 @@
+ }
+
+ /* Calculate UDP checksum. */
+- udp.uh_sum = udp_cksum(&hdr, &udp, (u_int16_t *) packet_buf);
+- hdrlen += sizeof hdr.sa_family;
+-
++ udp.uh_sum = udp_cksum(&hdr, &udp, (u_int16_t *) packet_buf, src->sa_family);
+ /* pcap file packet header */
+ gettimeofday(&tv, 0);
+ hdr.pcap.ts.tv_sec = tv.tv_sec;
+@@ -610,7 +605,7 @@
+
+ /* Copied from tcpdump/print-udp.c, mostly rewritten. */
+ static int
+-udp_cksum(struct packhdr *hdr, const struct udphdr *u, u_int16_t *d)
++udp_cksum(struct packhdr *hdr, const struct udphdr *u, u_int16_t *d, int af)
+ {
+ struct ip *ip4;
+ struct ip6_hdr *ip6;
+@@ -639,7 +634,7 @@
+
+ /* Setup pseudoheader. */
+ memset(phu.pa, 0, sizeof phu);
+- switch (ntohl(hdr->sa_family)) {
++ switch (af) {
+ case AF_INET:
+ ip4 = &hdr->ip.ip4;
+ memcpy(&phu.ip4p.src, &ip4->ip_src, sizeof(struct in_addr));
+@@ -664,7 +659,7 @@
+
+ /* IPv6 wants a 0xFFFF checksum "on error", not 0x0. */
+ if (tlen < 0)
+- return (ntohl(hdr->sa_family) == AF_INET ? 0 : 0xFFFF);
++ return (af == AF_INET ? 0 : 0xFFFF);
+
+ sum = 0;
+ for (i = 0; i < hdrlen; i += 2)
+Index: isakmpd-20041012.orig/nat_traversal.c
+===================================================================
+--- isakmpd-20041012.orig.orig/nat_traversal.c 2007-06-04 13:22:39.115908760 +0200
++++ isakmpd-20041012.orig/nat_traversal.c 2007-06-04 13:22:39.284883072 +0200
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: nat_traversal.c,v 1.7 2004/08/08 19:11:06 deraadt Exp $ */
++/* $OpenBSD: nat_traversal.c,v 1.17 2006/06/14 14:03:33 hshoexer Exp $ */
+
+ /*
+ * Copyright (c) 2004 HÃ¥kan Olsson. All rights reserved.
+@@ -48,40 +48,40 @@
+ #include "util.h"
+ #include "virtual.h"
+
++int disable_nat_t = 0;
++
+ /*
+- * XXX According to draft-ietf-ipsec-nat-t-ike-07.txt, the NAT-T
+- * capability of the other peer is determined by a particular vendor ID
+- * sent as the first message. This vendor ID string is supposed to be a
+- * MD5 hash of "RFC XXXX", where XXXX is the future RFC number.
++ * NAT-T capability of the other peer is determined by a particular vendor
++ * ID sent in the first message. This vendor ID string is supposed to be a
++ * MD5 hash of "RFC 3947".
+ *
+ * These seem to be the "well" known variants of this string in use by
+ * products today.
+ */
+-static const char *isakmp_nat_t_cap_text[] = {
+- "draft-ietf-ipsec-nat-t-ike-00", /* V1 (XXX: may be obsolete) */
+- "draft-ietf-ipsec-nat-t-ike-02\n", /* V2 */
+- "draft-ietf-ipsec-nat-t-ike-03", /* V3 */
+-#ifdef notyet
+- "RFC XXXX",
+-#endif
++
++static struct nat_t_cap isakmp_nat_t_cap[] = {
++ { VID_DRAFT_V2_N, EXCHANGE_FLAG_NAT_T_DRAFT,
++ "draft-ietf-ipsec-nat-t-ike-02\n", NULL, 0 },
++ { VID_DRAFT_V3, EXCHANGE_FLAG_NAT_T_DRAFT,
++ "draft-ietf-ipsec-nat-t-ike-03", NULL, 0 },
++ { VID_RFC3947, EXCHANGE_FLAG_NAT_T_RFC,
++ "RFC 3947", NULL, 0 },
+ };
+
++#define NUMNATTCAP (sizeof isakmp_nat_t_cap / sizeof isakmp_nat_t_cap[0])
++
+ /* In seconds. Recommended in draft-ietf-ipsec-udp-encaps-09. */
+ #define NAT_T_KEEPALIVE_INTERVAL 20
+
+-/* The MD5 hashes of the above strings is put in this array. */
+-static char **nat_t_hashes;
+-static size_t nat_t_hashsize;
+-
+ static int nat_t_setup_hashes(void);
+-static int nat_t_add_vendor_payload(struct message *, char *);
++static int nat_t_add_vendor_payload(struct message *, struct nat_t_cap *);
+ static int nat_t_add_nat_d(struct message *, struct sockaddr *);
+ static int nat_t_match_nat_d_payload(struct message *, struct sockaddr *);
+
+ void
+ nat_t_init(void)
+ {
+- nat_t_hashes = (char **)NULL;
++ nat_t_setup_hashes();
+ }
+
+ /* Generate the NAT-T capability marker hashes. Executed only once. */
+@@ -89,7 +89,7 @@
+ nat_t_setup_hashes(void)
+ {
+ struct hash *hash;
+- int n = sizeof isakmp_nat_t_cap_text / sizeof isakmp_nat_t_cap_text[0];
++ int n = NUMNATTCAP;
+ int i;
+
+ /* The draft says to use MD5. */
+@@ -100,56 +100,49 @@
+ "could not find MD5 hash structure!");
+ return -1;
+ }
+- nat_t_hashsize = hash->hashsize;
+
+- /* Allocate one more than is necessary, i.e NULL terminated. */
+- nat_t_hashes = (char **)calloc((size_t)(n + 1), sizeof(char *));
+- if (!nat_t_hashes) {
+- log_error("nat_t_setup_hashes: calloc (%lu,%lu) failed",
+- (unsigned long)n, (unsigned long)sizeof(char *));
+- return -1;
+- }
+-
+- /* Populate with hashes. */
++ /* Populate isakmp_nat_t_cap with hashes. */
+ for (i = 0; i < n; i++) {
+- nat_t_hashes[i] = (char *)malloc(nat_t_hashsize);
+- if (!nat_t_hashes[i]) {
++ isakmp_nat_t_cap[i].hashsize = hash->hashsize;
++ isakmp_nat_t_cap[i].hash = (char *)malloc(hash->hashsize);
++ if (!isakmp_nat_t_cap[i].hash) {
+ log_error("nat_t_setup_hashes: malloc (%lu) failed",
+- (unsigned long)nat_t_hashsize);
++ (unsigned long)hash->hashsize);
+ goto errout;
+ }
+
+ hash->Init(hash->ctx);
+ hash->Update(hash->ctx,
+- (unsigned char *)isakmp_nat_t_cap_text[i],
+- strlen(isakmp_nat_t_cap_text[i]));
+- hash->Final(nat_t_hashes[i], hash->ctx);
++ (unsigned char *)isakmp_nat_t_cap[i].text,
++ strlen(isakmp_nat_t_cap[i].text));
++ hash->Final(isakmp_nat_t_cap[i].hash, hash->ctx);
+
+ LOG_DBG((LOG_EXCHANGE, 50, "nat_t_setup_hashes: "
+- "MD5(\"%s\") (%lu bytes)", isakmp_nat_t_cap_text[i],
+- (unsigned long)nat_t_hashsize));
++ "MD5(\"%s\") (%lu bytes)", isakmp_nat_t_cap[i].text,
++ (unsigned long)hash->hashsize));
+ LOG_DBG_BUF((LOG_EXCHANGE, 50, "nat_t_setup_hashes",
+- nat_t_hashes[i], nat_t_hashsize));
++ isakmp_nat_t_cap[i].hash, hash->hashsize));
+ }
+
+ return 0;
+
+- errout:
++errout:
+ for (i = 0; i < n; i++)
+- if (nat_t_hashes[i])
+- free(nat_t_hashes[i]);
+- free(nat_t_hashes);
+- nat_t_hashes = NULL;
++ if (isakmp_nat_t_cap[i].hash)
++ free(isakmp_nat_t_cap[i].hash);
+ return -1;
+ }
+
+ /* Add one NAT-T VENDOR payload. */
+ static int
+-nat_t_add_vendor_payload(struct message *msg, char *hash)
++nat_t_add_vendor_payload(struct message *msg, struct nat_t_cap *cap)
+ {
+- size_t buflen = nat_t_hashsize + ISAKMP_GEN_SZ;
++ size_t buflen = cap->hashsize + ISAKMP_GEN_SZ;
+ u_int8_t *buf;
+
++ if (disable_nat_t)
++ return 0;
++
+ buf = malloc(buflen);
+ if (!buf) {
+ log_error("nat_t_add_vendor_payload: malloc (%lu) failed",
+@@ -158,12 +151,11 @@
+ }
+
+ SET_ISAKMP_GEN_LENGTH(buf, buflen);
+- memcpy(buf + ISAKMP_VENDOR_ID_OFF, hash, nat_t_hashsize);
++ memcpy(buf + ISAKMP_VENDOR_ID_OFF, cap->hash, cap->hashsize);
+ if (message_add_payload(msg, ISAKMP_PAYLOAD_VENDOR, buf, buflen, 1)) {
+ free(buf);
+ return -1;
+ }
+-
+ return 0;
+ }
+
+@@ -171,16 +163,14 @@
+ int
+ nat_t_add_vendor_payloads(struct message *msg)
+ {
+- int i = 0;
++ int i;
+
+- if (!nat_t_hashes)
+- if (nat_t_setup_hashes())
+- return 0; /* XXX should this be an error? */
++ if (disable_nat_t)
++ return 0;
+
+- while (nat_t_hashes[i])
+- if (nat_t_add_vendor_payload(msg, nat_t_hashes[i++]))
++ for (i = 0; i < NUMNATTCAP; i++)
++ if (nat_t_add_vendor_payload(msg, &isakmp_nat_t_cap[i]))
+ return -1;
+-
+ return 0;
+ }
+
+@@ -192,36 +182,31 @@
+ {
+ u_int8_t *pbuf = p->p;
+ size_t vlen;
+- int i = 0;
++ int i;
+
+- /* Already checked? */
+- if (p->flags & PL_MARK ||
+- msg->exchange->flags & EXCHANGE_FLAG_NAT_T_CAP_PEER)
++ if (disable_nat_t)
+ return;
+
+- if (!nat_t_hashes)
+- if (nat_t_setup_hashes())
+- return;
+-
+ vlen = GET_ISAKMP_GEN_LENGTH(pbuf) - ISAKMP_GEN_SZ;
+- if (vlen != nat_t_hashsize) {
+- LOG_DBG((LOG_EXCHANGE, 50, "nat_t_check_vendor_payload: "
+- "bad size %lu != %lu", (unsigned long)vlen,
+- (unsigned long)nat_t_hashsize));
+- return;
+- }
+
+- while (nat_t_hashes[i])
+- if (memcmp(nat_t_hashes[i++], pbuf + ISAKMP_GEN_SZ,
++ for (i = 0; i < NUMNATTCAP; i++) {
++ if (vlen != isakmp_nat_t_cap[i].hashsize) {
++ LOG_DBG((LOG_EXCHANGE, 50, "nat_t_check_vendor_payload: "
++ "bad size %lu != %lu", (unsigned long)vlen,
++ (unsigned long)isakmp_nat_t_cap[i].hashsize));
++ continue;
++ }
++ if (memcmp(isakmp_nat_t_cap[i].hash, pbuf + ISAKMP_GEN_SZ,
+ vlen) == 0) {
+ /* This peer is NAT-T capable. */
+ msg->exchange->flags |= EXCHANGE_FLAG_NAT_T_CAP_PEER;
++ msg->exchange->flags |= isakmp_nat_t_cap[i].flags;
+ LOG_DBG((LOG_EXCHANGE, 10,
+ "nat_t_check_vendor_payload: "
+ "NAT-T capable peer detected"));
+ p->flags |= PL_MARK;
+- return;
+ }
++ }
+
+ return;
+ }
+@@ -233,10 +218,8 @@
+ {
+ struct ipsec_exch *ie = (struct ipsec_exch *)msg->exchange->data;
+ struct hash *hash;
+- struct prf *prf;
+ u_int8_t *res;
+ in_port_t port;
+- int prf_type = PRF_HMAC; /* XXX */
+
+ hash = hash_get(ie->hash->type);
+ if (hash == NULL) {
+@@ -244,31 +227,25 @@
+ return NULL;
+ }
+
+- prf = prf_alloc(prf_type, hash->type, msg->exchange->cookies,
+- ISAKMP_HDR_COOKIES_LEN);
+- if(!prf) {
+- log_print("nat_t_generate_nat_d_hash: prf_alloc failed");
+- return NULL;
+- }
++ *hashlen = hash->hashsize;
+
+- *hashlen = prf->blocksize;
+ res = (u_int8_t *)malloc((unsigned long)*hashlen);
+ if (!res) {
+ log_print("nat_t_generate_nat_d_hash: malloc (%lu) failed",
+ (unsigned long)*hashlen);
+- prf_free(prf);
+ *hashlen = 0;
+ return NULL;
+ }
+
+ port = sockaddr_port(sa);
+- memset(res, 0, *hashlen);
+-
+- prf->Update(prf->prfctx, sockaddr_addrdata(sa), sockaddr_addrlen(sa));
+- prf->Update(prf->prfctx, (unsigned char *)&port, sizeof port);
+- prf->Final(res, prf->prfctx);
+- prf_free (prf);
++ bzero(res, *hashlen);
+
++ hash->Init(hash->ctx);
++ hash->Update(hash->ctx, msg->exchange->cookies,
++ sizeof msg->exchange->cookies);
++ hash->Update(hash->ctx, sockaddr_addrdata(sa), sockaddr_addrlen(sa));
++ hash->Update(hash->ctx, (unsigned char *)&port, sizeof port);
++ hash->Final(res, hash->ctx);
+ return res;
+ }
+
+@@ -276,6 +253,7 @@
+ static int
+ nat_t_add_nat_d(struct message *msg, struct sockaddr *sa)
+ {
++ int ret;
+ u_int8_t *hbuf, *buf;
+ size_t hbuflen, buflen;
+
+@@ -298,11 +276,19 @@
+ memcpy(buf + ISAKMP_NAT_D_DATA_OFF, hbuf, hbuflen);
+ free(hbuf);
+
+- if (message_add_payload(msg, ISAKMP_PAYLOAD_NAT_D, buf, buflen, 1)) {
++ if (msg->exchange->flags & EXCHANGE_FLAG_NAT_T_RFC)
++ ret = message_add_payload(msg, ISAKMP_PAYLOAD_NAT_D, buf,
++ buflen, 1);
++ else if (msg->exchange->flags & EXCHANGE_FLAG_NAT_T_DRAFT)
++ ret = message_add_payload(msg, ISAKMP_PAYLOAD_NAT_D_DRAFT,
++ buf, buflen, 1);
++ else
++ ret = -1;
++
++ if (ret) {
+ free(buf);
+ return -1;
+ }
+-
+ return 0;
+ }
+
+@@ -312,14 +298,14 @@
+ {
+ struct sockaddr *sa;
+
+- msg->transport->vtbl->get_src(msg->transport, &sa);
++ /* Remote address first. */
++ msg->transport->vtbl->get_dst(msg->transport, &sa);
+ if (nat_t_add_nat_d(msg, sa))
+ return -1;
+
+- msg->transport->vtbl->get_dst(msg->transport, &sa);
++ msg->transport->vtbl->get_src(msg->transport, &sa);
+ if (nat_t_add_nat_d(msg, sa))
+ return -1;
+-
+ return 0;
+ }
+
+@@ -336,8 +322,8 @@
+ * If there are no NAT-D payloads in the message, return "found"
+ * as this will avoid NAT-T (see nat_t_exchange_check_nat_d()).
+ */
+- p = payload_first(msg, ISAKMP_PAYLOAD_NAT_D);
+- if (!p)
++ if ((p = payload_first(msg, ISAKMP_PAYLOAD_NAT_D_DRAFT)) == NULL &&
++ (p = payload_first(msg, ISAKMP_PAYLOAD_NAT_D)) == NULL)
+ return 1;
+
+ hbuf = nat_t_generate_nat_d_hash(msg, sa, &hbuflen);
+Index: isakmpd-20041012.orig/udp_encap.c
+===================================================================
+--- isakmpd-20041012.orig.orig/udp_encap.c 2007-06-04 13:22:39.121907848 +0200
++++ isakmpd-20041012.orig/udp_encap.c 2007-06-04 13:22:39.284883072 +0200
+@@ -61,6 +61,11 @@
+
+ #define UDP_SIZE 65536
+
++#if defined(USE_NAT_TRAVERSAL) && defined (LINUX_IPSEC)
++#include <linux/socket.h>
++#include <linux/udp.h>
++#endif
++
+ /* If a system doesn't have SO_REUSEPORT, SO_REUSEADDR will have to do. */
+ #ifndef SO_REUSEPORT
+ #define SO_REUSEPORT SO_REUSEADDR
+@@ -134,6 +139,18 @@
+ if (sysdep_cleartext(s, laddr->sa_family) == -1)
+ goto err;
+
++#if defined(USE_NAT_TRAVERSAL) && defined (LINUX_IPSEC)
++ {
++#ifndef SOL_UDP
++#define SOL_UDP 17
++#endif
++ int option = UDP_ENCAP_ESPINUDP;
++ if(setsockopt(s, SOL_UDP, UDP_ENCAP, &option,
++ sizeof (option)) < 0)
++ goto err;
++ }
++#endif
++
+ /* Wildcard address ? */
+ switch (laddr->sa_family) {
+ case AF_INET:
+Index: isakmpd-20041012.orig/apps/Makefile
+===================================================================
+--- isakmpd-20041012.orig.orig/apps/Makefile 2007-06-04 13:22:39.126907088 +0200
++++ isakmpd-20041012.orig/apps/Makefile 2007-06-04 13:22:39.285882920 +0200
+@@ -31,4 +31,4 @@
+
+ SUBDIR= certpatch
+
+-.include <bsd.subdir.mk>
++#.include <bsd.subdir.mk>
+Index: isakmpd-20041012.orig/apps/certpatch/GNUmakefile
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ isakmpd-20041012.orig/apps/certpatch/GNUmakefile 2007-06-04 13:22:39.285882920 +0200
+@@ -0,0 +1,55 @@
++# $OpenBSD: Makefile,v 1.7 2003/06/03 14:35:00 ho Exp $
++# $EOM: Makefile,v 1.6 2000/03/28 21:22:06 ho Exp $
++
++#
++# Copyright (c) 1999 Niels Provos. All rights reserved.
++# Copyright (c) 2001 Niklas Hallqvist. All rights reserved.
++#
++# Redistribution and use in source and binary forms, with or without
++# modification, are permitted provided that the following conditions
++# are met:
++# 1. Redistributions of source code must retain the above copyright
++# notice, this list of conditions and the following disclaimer.
++# 2. Redistributions in binary form must reproduce the above copyright
++# notice, this list of conditions and the following disclaimer in the
++# documentation and/or other materials provided with the distribution.
++#
++# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
++# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
++# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++#
++
++#
++# This code was written under funding by Ericsson Radio Systems.
++#
++
++PROG= certpatch
++SRCS= certpatch.c
++BINDIR?= /usr/sbin
++TOPSRC= ${.CURDIR}../..
++TOPOBJ!= cd ${TOPSRC}; printf "all:\n\t@pwd\n" |${MAKE} -f-
++OS= linux
++FEATURES!= awk '/^FEATURES=/ { print $$0 }' ${.CURDIR}/../../Makefile | sed 's/FEATURES=.//'
++.PATH: ${TOPSRC} ${TOPSRC}/sysdep/${OS} ${TOPOBJ}
++CFLAGS+= -I${TOPSRC} -I${TOPSRC}/sysdep/${OS} -I${TOPOBJ} -Wall
++LDFLAGS+= -lcrypto -lssl -lgmp
++MAN= certpatch.8
++
++CFLAGS+= -DMP_FLAVOUR=MP_FLAVOUR_GMP
++LDADD+= -lgmp
++DPADD+= ${LIBGMP}
++
++# Override LIBSYSDEPDIR definition from Makefile.sysdep
++LIBSYSDEPDIR= ${TOPSRC}/sysdep/common/libsysdep
++
++all: ${PROG}
++
++clean:
++ rm -f ${PROG}
+Index: isakmpd-20041012.orig/pf_key_v2.c
+===================================================================
+--- isakmpd-20041012.orig.orig/pf_key_v2.c 2007-06-04 13:22:39.137905416 +0200
++++ isakmpd-20041012.orig/pf_key_v2.c 2007-06-04 13:22:39.287882616 +0200
+@@ -1055,6 +1055,10 @@
+ #endif
+ #if defined (USE_NAT_TRAVERSAL) && defined (SADB_X_EXT_UDPENCAP)
+ struct sadb_x_udpencap udpencap;
++#elif defined (USE_NAT_TRAVERSAL) && defined (SADB_X_EXT_NAT_T_TYPE)
++ struct sadb_x_nat_t_type nat_t_type;
++ struct sadb_x_nat_t_port nat_t_sport;
++ struct sadb_x_nat_t_port nat_t_dport;
+ #endif
+ #ifdef USE_DEBUG
+ char *addr_str;
+@@ -1273,10 +1277,15 @@
+ log_print("pf_key_v2_set_spi: invalid proto %d", proto->proto);
+ goto cleanup;
+ }
+- if (incoming)
++ if (incoming) {
+ sa->transport->vtbl->get_src(sa->transport, &dst);
+- else
++ sa->transport->vtbl->get_dst(sa->transport, &src);
++ }
++ else {
+ sa->transport->vtbl->get_dst(sa->transport, &dst);
++ sa->transport->vtbl->get_src(sa->transport, &src);
++ }
++
+ #ifdef KAME
+ msg.sadb_msg_seq = (incoming ?
+ pf_key_v2_seq_by_sa(proto->spi[incoming], sizeof ssa.sadb_sa_spi,
+@@ -1319,12 +1328,13 @@
+ ssa.sadb_sa_flags = 0;
+ #ifdef SADB_X_SAFLAGS_TUNNEL
+ if (iproto->encap_mode == IPSEC_ENCAP_TUNNEL ||
+- iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TUNNEL)
++ iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TUNNEL ||
++ iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TUNNEL_DRAFT)
+ ssa.sadb_sa_flags = SADB_X_SAFLAGS_TUNNEL;
+ #endif
+
+-#if defined (USE_NAT_TRAVERSAL) && defined (SADB_X_EXT_UDPENCAP)
+ if (isakmp_sa->flags & SA_FLAG_NAT_T_ENABLE) {
++#if defined (USE_NAT_TRAVERSAL) && defined (SADB_X_EXT_UDPENCAP)
+ memset(&udpencap, 0, sizeof udpencap);
+ ssa.sadb_sa_flags |= SADB_X_SAFLAGS_UDPENCAP;
+ udpencap.sadb_x_udpencap_exttype = SADB_X_EXT_UDPENCAP;
+@@ -1334,8 +1344,40 @@
+ if (pf_key_v2_msg_add(update, (struct sadb_ext *)&udpencap, 0)
+ == -1)
+ goto cleanup;
+- }
++#elif defined (USE_NAT_TRAVERSAL) && defined (SADB_X_EXT_NAT_T_TYPE)
++#ifndef UDP_ENCAP_ESPINUDP
++#define UDP_ENCAP_ESPINUDP 2
++#endif
++ memset(&nat_t_type, 0, sizeof nat_t_type);
++ memset(&nat_t_sport, 0, sizeof nat_t_sport);
++ memset(&nat_t_dport, 0, sizeof nat_t_dport);
++
++ /* type = draft-udp-encap-06 */
++ nat_t_type.sadb_x_nat_t_type_len = sizeof nat_t_type / PF_KEY_V2_CHUNK;
++ nat_t_type.sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
++ nat_t_type.sadb_x_nat_t_type_type = UDP_ENCAP_ESPINUDP;
++ if(pf_key_v2_msg_add(update, (struct sadb_ext *)&nat_t_type, 0) == -1)
++ goto cleanup;
++
++ /* source port */
++ nat_t_sport.sadb_x_nat_t_port_len = sizeof nat_t_sport /
++ PF_KEY_V2_CHUNK;
++ nat_t_sport.sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT;
++ nat_t_sport.sadb_x_nat_t_port_port = sockaddr_port(src);
++ if(pf_key_v2_msg_add(update, (struct sadb_ext *)&nat_t_sport, 0) == -1)
++ goto cleanup;
++
++ /* destination port */
++ nat_t_dport.sadb_x_nat_t_port_len = sizeof nat_t_dport /
++ PF_KEY_V2_CHUNK;
++ nat_t_dport.sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT;
++ nat_t_dport.sadb_x_nat_t_port_port = sockaddr_port(dst);
++ if(pf_key_v2_msg_add(update, (struct sadb_ext *)&nat_t_dport, 0) == -1)
++ goto cleanup;
++
++ /* original address (transport mode checksum missing info) goes here */
+ #endif
++ }
+
+ if (pf_key_v2_msg_add(update, (struct sadb_ext *)&ssa, 0) == -1)
+ goto cleanup;
+@@ -1395,10 +1437,6 @@
+ /*
+ * Setup the ADDRESS extensions.
+ */
+- if (incoming)
+- sa->transport->vtbl->get_dst(sa->transport, &src);
+- else
+- sa->transport->vtbl->get_src(sa->transport, &src);
+ len = sizeof *addr + PF_KEY_V2_ROUND(sysdep_sa_len(src));
+ addr = calloc(1, len);
+ if (!addr)
+@@ -2167,7 +2205,7 @@
+ pf_key_v2_msg_free(ret);
+ return -1;
+
+-#elif defined (SADB_X_SPDADD) && defined (SADB_X_SPDDELETE)
++#elif defined (SADB_X_SPDUPDATE) && defined (SADB_X_SPDDELETE)
+ struct sadb_msg msg;
+ struct sadb_x_policy *policy = 0;
+ struct sadb_x_ipsecrequest *ipsecrequest;
+@@ -2181,7 +2219,7 @@
+ struct sockaddr_in *ip4_sa;
+ struct sockaddr_in6 *ip6_sa;
+
+- msg.sadb_msg_type = delete ? SADB_X_SPDDELETE : SADB_X_SPDADD;
++ msg.sadb_msg_type = delete ? SADB_X_SPDDELETE : SADB_X_SPDUPDATE;
+ msg.sadb_msg_satype = SADB_SATYPE_UNSPEC;
+ msg.sadb_msg_seq = 0;
+ flow = pf_key_v2_msg_new(&msg, 0);
+Index: isakmpd-20041012.orig/isakmp_num.cst
+===================================================================
+--- isakmpd-20041012.orig.orig/isakmp_num.cst 2007-06-04 13:22:39.143904504 +0200
++++ isakmpd-20041012.orig/isakmp_num.cst 2007-06-04 13:22:39.287882616 +0200
+@@ -57,15 +57,18 @@
+ KD 17 # RFC 3547, Key Download
+ SEQ 18 # RFC 3547, Sequence Number
+ POP 19 # RFC 3547, Proof of possession
+- RESERVED_MIN 20
++ NAT_D 20 # RFC 3947, NAT Discovery payload
++ NAT_OA 21 # RFC 3947, NAT Original Address payload
++ RESERVED_MIN 22
+ RESERVED_MAX 127
+ PRIVATE_MIN 128
+ # XXX values from draft-ietf-ipsec-nat-t-ike-01,02,03. Later drafts specify
+ # XXX NAT_D as payload 15 and NAT_OA as 16, but these are allocated by RFC
+ # XXX 3547 as seen above.
+- NAT_D 130 # NAT Discovery payload
+- NAT_OA 131 # NAT Original Address payload
++ NAT_D_DRAFT 130 # NAT Discovery payload
++ NAT_OA_DRAFT 131 # NAT Original Address payload
+ PRIVATE_MAX 255
++ MAX 255
+ .
+
+ # ISAKMP exchange types.
+Index: isakmpd-20041012.orig/ipsec_num.cst
+===================================================================
+--- isakmpd-20041012.orig.orig/ipsec_num.cst 2007-06-04 13:22:39.149903592 +0200
++++ isakmpd-20041012.orig/ipsec_num.cst 2007-06-04 13:22:39.287882616 +0200
+@@ -62,10 +62,10 @@
+ IPSEC_ENCAP
+ TUNNEL 1
+ TRANSPORT 2
+- FUTURE_UDP_ENCAP_TUNNEL 3 # XXX Not yet assigned
+- FUTURE_UDP_ENCAP_TRANSPORT 4 # XXX Not yet assigned
+- UDP_ENCAP_TUNNEL 61443 # draft-ietf-ipsec-nat-t-ike
+- UDP_ENCAP_TRANSPORT 61443 # draft-ietf-ipsec-nat-t-ike
++ UDP_ENCAP_TUNNEL 3
++ UDP_ENCAP_TRANSPORT 4
++ UDP_ENCAP_TUNNEL_DRAFT 61443 # draft-ietf-ipsec-nat-t-ike
++ UDP_ENCAP_TRANSPORT_DRAFT 61443 # draft-ietf-ipsec-nat-t-ike
+ .
+
+ # IPSEC authentication algorithm.
+Index: isakmpd-20041012.orig/nat_traversal.h
+===================================================================
+--- isakmpd-20041012.orig.orig/nat_traversal.h 2007-06-04 13:22:39.154902832 +0200
++++ isakmpd-20041012.orig/nat_traversal.h 2007-06-04 13:22:39.287882616 +0200
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: nat_traversal.h,v 1.2 2004/06/21 23:27:10 ho Exp $ */
++/* $OpenBSD: nat_traversal.h,v 1.4 2005/07/25 15:03:47 hshoexer Exp $ */
+
+ /*
+ * Copyright (c) 2004 HÃ¥kan Olsson. All rights reserved.
+@@ -27,6 +27,24 @@
+ #ifndef _NAT_TRAVERSAL_H_
+ #define _NAT_TRAVERSAL_H_
+
++#define VID_DRAFT_V2 0
++#define VID_DRAFT_V2_N 1
++#define VID_DRAFT_V3 2
++#define VID_RFC3947 3
++
++struct nat_t_cap {
++ int id;
++ u_int32_t flags;
++ const char *text;
++ char *hash;
++ size_t hashsize;
++};
++
++/*
++ * Set if -T is given on the command line to disable NAT-T support.
++ */
++extern int disable_nat_t;
++
+ void nat_t_init(void);
+ int nat_t_add_vendor_payloads(struct message *);
+ void nat_t_check_vendor_payload(struct message *, struct payload *);
+Index: isakmpd-20041012.orig/message.c
+===================================================================
+--- isakmpd-20041012.orig.orig/message.c 2007-06-04 13:22:39.160901920 +0200
++++ isakmpd-20041012.orig/message.c 2007-06-04 13:22:39.288882464 +0200
+@@ -112,6 +112,7 @@
+ message_validate_hash, message_validate_sig, message_validate_nonce,
+ message_validate_notify, message_validate_delete,
+ message_validate_vendor, message_validate_attribute,
++ message_validate_nat_d, message_validate_nat_oa,
+ message_validate_nat_d, message_validate_nat_oa
+ };
+
+@@ -120,7 +121,7 @@
+ isakmp_id_fld, isakmp_cert_fld, isakmp_certreq_fld, isakmp_hash_fld,
+ isakmp_sig_fld, isakmp_nonce_fld, isakmp_notify_fld, isakmp_delete_fld,
+ isakmp_vendor_fld, isakmp_attribute_fld, isakmp_nat_d_fld,
+- isakmp_nat_oa_fld
++ isakmp_nat_oa_fld, isakmp_nat_d_fld, isakmp_nat_oa_fld
+ };
+
+ /*
+@@ -138,7 +139,8 @@
+ ISAKMP_PAYLOAD_SAK, ISAKMP_PAYLOAD_SAT, ISAKMP_PAYLOAD_KD,
+ ISAKMP_PAYLOAD_SEQ, ISAKMP_PAYLOAD_POP
+ #endif
+- ISAKMP_PAYLOAD_NAT_D, ISAKMP_PAYLOAD_NAT_OA
++ ISAKMP_PAYLOAD_NAT_D, ISAKMP_PAYLOAD_NAT_OA,
++ ISAKMP_PAYLOAD_NAT_D_DRAFT, ISAKMP_PAYLOAD_NAT_OA_DRAFT
+ };
+
+ static u_int8_t payload_map[256];
+@@ -347,8 +349,8 @@
+ }
+ /* Ignore most private payloads. */
+ if (next >= ISAKMP_PAYLOAD_PRIVATE_MIN &&
+- next != ISAKMP_PAYLOAD_NAT_D &&
+- next != ISAKMP_PAYLOAD_NAT_OA) {
++ next != ISAKMP_PAYLOAD_NAT_D_DRAFT &&
++ next != ISAKMP_PAYLOAD_NAT_OA_DRAFT) {
+ LOG_DBG((LOG_MESSAGE, 30, "message_parse_payloads: "
+ "private next payload type %s in payload of "
+ "type %d ignored",
+@@ -460,8 +462,10 @@
+ return ISAKMP_ATTRIBUTE_SZ;
+ #if defined (USE_NAT_TRAVERSAL)
+ case ISAKMP_PAYLOAD_NAT_D:
++ case ISAKMP_PAYLOAD_NAT_D_DRAFT:
+ return ISAKMP_NAT_D_SZ;
+ case ISAKMP_PAYLOAD_NAT_OA:
++ case ISAKMP_PAYLOAD_NAT_OA_DRAFT:
+ return ISAKMP_NAT_OA_SZ;
+ #endif
+ /* Not yet supported and any other unknown payloads. */
+Index: isakmpd-20041012.orig/policy.c
+===================================================================
+--- isakmpd-20041012.orig.orig/policy.c 2007-06-04 13:22:39.165901160 +0200
++++ isakmpd-20041012.orig/policy.c 2007-06-04 13:22:39.289882312 +0200
+@@ -511,7 +511,10 @@
+ break;
+ }
+ #if defined (USE_NAT_TRAVERSAL)
+- else if (decode_16(value) == IPSEC_ENCAP_UDP_ENCAP_TUNNEL)
++ else if (decode_16(value) ==
++ IPSEC_ENCAP_UDP_ENCAP_TUNNEL ||
++ decode_16(value) ==
++ IPSEC_ENCAP_UDP_ENCAP_TUNNEL_DRAFT)
+ switch (proto->proto) {
+ case IPSEC_PROTO_IPSEC_AH:
+ ah_encapsulation = "udp-encap-tunnel";
+@@ -1932,7 +1935,7 @@
+ void
+ policy_init(void)
+ {
+- char *ptr, *policy_file;
++ char *ptr, *policy_file, *use_keynote;
+ char **asserts;
+ size_t sz, len;
+ int fd, i;
+@@ -1940,10 +1943,11 @@
+ LOG_DBG((LOG_POLICY, 30, "policy_init: initializing"));
+
+ /* Do we want to use the policy modules? */
+- if (ignore_policy ||
+- strncmp("yes", conf_get_str("General", "Use-Keynote"), 3))
+- return;
+-
++ use_keynote = conf_get_str("General", "Use-Keynote");
++ if (ignore_policy ||
++ (use_keynote && strncmp("yes", use_keynote, 3)))
++ return;
++
+ /* Get policy file from configuration. */
+ policy_file = conf_get_str("General", "Policy-file");
+ if (!policy_file)
+Index: isakmpd-20041012.orig/ike_phase_1.c
+===================================================================
+--- isakmpd-20041012.orig.orig/ike_phase_1.c 2007-06-04 13:22:39.170900400 +0200
++++ isakmpd-20041012.orig/ike_phase_1.c 2007-06-04 13:22:39.290882160 +0200
+@@ -1040,9 +1040,9 @@
+
+ /* Compare expected/desired and received remote ID */
+ if (bcmp(rid, payload->p + ISAKMP_ID_DATA_OFF, sz)) {
+- free(rid);
+ log_print("ike_phase_1_recv_ID: "
+- "received remote ID other than expected %s", p);
++ "received remote ID other than expected %s - %s", p, payload->p);
++ free(rid);
+ return -1;
+ }
+ free(rid);
+Index: isakmpd-20041012.orig/x509.c
+===================================================================
+--- isakmpd-20041012.orig.orig/x509.c 2007-06-04 13:22:39.176899488 +0200
++++ isakmpd-20041012.orig/x509.c 2007-06-04 13:22:39.290882160 +0200
+@@ -910,7 +910,11 @@
+ X509_STORE_CTX_init(&csc, x509_cas, cert, NULL);
+ #if OPENSSL_VERSION_NUMBER >= 0x00907000L
+ /* XXX See comment in x509_read_crls_from_dir. */
++#if OPENSSL_VERSION_NUMBER >= 0x00908000L
++ if (x509_cas->param->flags & X509_V_FLAG_CRL_CHECK) {
++#else
+ if (x509_cas->flags & X509_V_FLAG_CRL_CHECK) {
++#endif
+ X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK);
+ X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK_ALL);
+ }
+Index: isakmpd-20041012.orig/sysdep/linux/sysdep.c
+===================================================================
+--- isakmpd-20041012.orig.orig/sysdep/linux/sysdep.c 2007-06-04 13:22:39.182898576 +0200
++++ isakmpd-20041012.orig/sysdep/linux/sysdep.c 2007-06-04 13:22:39.291882008 +0200
+@@ -169,22 +169,22 @@
+ return 0;
+
+ if (!(af == AF_INET || af == AF_INET6))
+- {
++ {
+ log_print ("sysdep_cleartext: unsupported protocol family %d", af);
+ return -1;
+ }
+
+ if (setsockopt (fd, af == AF_INET ? IPPROTO_IP : IPPROTO_IPV6,
+- af == AF_INET ? IP_IPSEC_POLICY : IPV6_IPSEC_POLICY,
+- &pol_in, sizeof pol_in) < 0 ||
++ af == AF_INET ? IP_IPSEC_POLICY : IPV6_IPSEC_POLICY,
++ &pol_in, sizeof pol_in) < 0 ||
+ setsockopt (fd, af == AF_INET ? IPPROTO_IP : IPPROTO_IPV6,
+- af == AF_INET ? IP_IPSEC_POLICY : IPV6_IPSEC_POLICY,
+- &pol_out, sizeof pol_out) < 0)
+- {
++ af == AF_INET ? IP_IPSEC_POLICY : IPV6_IPSEC_POLICY,
++ &pol_out, sizeof pol_out) < 0)
++ {
+ log_error ("sysdep_cleartext: "
+- "setsockopt (%d, IPPROTO_IP%s, IP%s_IPSEC_POLICY, ...) "
+- "failed", fd, af == AF_INET ? "" : "V6",
+- af == AF_INET ? "" : "V6");
++ "setsockopt (%d, IPPROTO_IP%s, IP%s_IPSEC_POLICY, ...) "
++ "failed", fd, af == AF_INET ? "" : "V6",
++ af == AF_INET ? "" : "V6");
+ return -1;
+ }
+ return 0;
+Index: isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep
+===================================================================
+--- isakmpd-20041012.orig.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.187897816 +0200
++++ isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.291882008 +0200
+@@ -33,13 +33,13 @@
+ LDADD+= -lgmp ${LIBSYSDEP} ${LIBCRYPTO}
+ DPADD+= ${LIBGMP} ${LIBSYSDEP}
+
+-CFLAGS+= -DUSE_OLD_SOCKADDR -DHAVE_PCAP \
+- -DNEED_SYSDEP_APP -DMP_FLAVOUR=MP_FLAVOUR_GMP \
+- -I/usr/src/linux/include -I${.CURDIR}/sysdep/common \
++CFLAGS+= -DHAVE_GETNAMEINFO -DUSE_OLD_SOCKADDR -DHAVE_PCAP \
++ -DNEED_SYSDEP_APP -DMP_FLAVOUR=MP_FLAVOUR_GMP -DUSE_AES \
++ -I${.CURDIR}/sysdep/linux/include -I${.CURDIR}/sysdep/common \
+ -I/usr/include/openssl
+
+ FEATURES= debug tripledes blowfish cast ec aggressive x509 policy
+-FEATURES+= des aes
++FEATURES+= dpd nat_traversal isakmp_cfg des aes
+
+ IPSEC_SRCS= pf_key_v2.c
+ IPSEC_CFLAGS= -DUSE_PF_KEY_V2
+@@ -51,7 +51,7 @@
+ # hack libsysdep.a dependenc
+ ${LIBSYSDEPDIR}/.depend ${LIBSYSDEP}:
+ cd ${LIBSYSDEPDIR} && \
+- ${MAKE} --no-print-directory ${MAKEFLAGS} \
++ ${MAKE} --no-print-directory \
+ CFLAGS="${CFLAGS}" MKDEP="${MKDEP}" ${MAKECMDGOALS}
+
+ ifeq ($(findstring clean,$(MAKECMDGOALS)),clean)
+Index: isakmpd-20041012.orig/sysdep/linux/include/bitstring.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ isakmpd-20041012.orig/sysdep/linux/include/bitstring.h 2007-06-04 13:22:39.291882008 +0200
+@@ -0,0 +1,132 @@
++/* $OpenBSD: bitstring.h,v 1.4 2002/06/19 02:50:10 millert Exp $ */
++/* $NetBSD: bitstring.h,v 1.5 1997/05/14 15:49:55 pk Exp $ */
++
++/*
++ * Copyright (c) 1989, 1993
++ * The Regents of the University of California. All rights reserved.
++ *
++ * This code is derived from software contributed to Berkeley by
++ * Paul Vixie.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ * 3. All advertising materials mentioning features or use of this software
++ * must display the following acknowledgement:
++ * This product includes software developed by the University of
++ * California, Berkeley and its contributors.
++ * 4. Neither the name of the University nor the names of its contributors
++ * may be used to endorse or promote products derived from this software
++ * without specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ *
++ * @(#)bitstring.h 8.1 (Berkeley) 7/19/93
++ */
++
++#ifndef _BITSTRING_H_
++#define _BITSTRING_H_
++
++/* modified for SV/AT and bitstring bugfix by M.R.Murphy, 11oct91
++ * bitstr_size changed gratuitously, but shorter
++ * bit_alloc spelling error fixed
++ * the following were efficient, but didn't work, they've been made to
++ * work, but are no longer as efficient :-)
++ * bit_nclear, bit_nset, bit_ffc, bit_ffs
++ */
++typedef unsigned char bitstr_t;
++
++/* internal macros */
++ /* byte of the bitstring bit is in */
++#define _bit_byte(bit) \
++ ((bit) >> 3)
++
++ /* mask for the bit within its byte */
++#define _bit_mask(bit) \
++ (1 << ((bit)&0x7))
++
++/* external macros */
++ /* bytes in a bitstring of nbits bits */
++#define bitstr_size(nbits) \
++ (((nbits) + 7) >> 3)
++
++ /* allocate a bitstring */
++#define bit_alloc(nbits) \
++ (bitstr_t *)calloc((size_t)bitstr_size(nbits), sizeof(bitstr_t))
++
++ /* allocate a bitstring on the stack */
++#define bit_decl(name, nbits) \
++ ((name)[bitstr_size(nbits)])
++
++ /* is bit N of bitstring name set? */
++#define bit_test(name, bit) \
++ ((name)[_bit_byte(bit)] & _bit_mask(bit))
++
++ /* set bit N of bitstring name */
++#define bit_set(name, bit) \
++ ((name)[_bit_byte(bit)] |= _bit_mask(bit))
++
++ /* clear bit N of bitstring name */
++#define bit_clear(name, bit) \
++ ((name)[_bit_byte(bit)] &= ~_bit_mask(bit))
++
++ /* clear bits start ... stop in bitstring */
++#define bit_nclear(name, start, stop) do { \
++ register bitstr_t *_name = name; \
++ register int _start = start, _stop = stop; \
++ while (_start <= _stop) { \
++ bit_clear(_name, _start); \
++ _start++; \
++ } \
++} while(0)
++
++ /* set bits start ... stop in bitstring */
++#define bit_nset(name, start, stop) do { \
++ register bitstr_t *_name = name; \
++ register int _start = start, _stop = stop; \
++ while (_start <= _stop) { \
++ bit_set(_name, _start); \
++ _start++; \
++ } \
++} while(0)
++
++ /* find first bit clear in name */
++#define bit_ffc(name, nbits, value) do { \
++ register bitstr_t *_name = name; \
++ register int _bit, _nbits = nbits, _value = -1; \
++ for (_bit = 0; _bit < _nbits; ++_bit) \
++ if (!bit_test(_name, _bit)) { \
++ _value = _bit; \
++ break; \
++ } \
++ *(value) = _value; \
++} while(0)
++
++ /* find first bit set in name */
++#define bit_ffs(name, nbits, value) do { \
++ register bitstr_t *_name = name; \
++ register int _bit, _nbits = nbits, _value = -1; \
++ for (_bit = 0; _bit < _nbits; ++_bit) \
++ if (bit_test(_name, _bit)) { \
++ _value = _bit; \
++ break; \
++ } \
++ *(value) = _value; \
++} while(0)
++
++#endif /* !_BITSTRING_H_ */
+Index: isakmpd-20041012.orig/sysdep/linux/include/sys/queue.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ isakmpd-20041012.orig/sysdep/linux/include/sys/queue.h 2007-06-04 13:22:39.292881856 +0200
+@@ -0,0 +1,453 @@
++/*
++ * Copyright (c) 1991, 1993
++ * The Regents of the University of California. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ * 3. All advertising materials mentioning features or use of this software
++ * must display the following acknowledgement:
++ * This product includes software developed by the University of
++ * California, Berkeley and its contributors.
++ * 4. Neither the name of the University nor the names of its contributors
++ * may be used to endorse or promote products derived from this software
++ * without specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ *
++ * @(#)queue.h 8.5 (Berkeley) 8/20/94
++ * $FreeBSD: src/sys/sys/queue.h,v 1.45 2001/12/11 11:49:58 sheldonh Exp $
++ */
++
++#ifndef _SYS_QUEUE_H_
++#define _SYS_QUEUE_H_
++
++//#include <machine/ansi.h> /* for __offsetof */
++
++/*
++ * This file defines four types of data structures: singly-linked lists,
++ * singly-linked tail queues, lists and tail queues.
++ *
++ * A singly-linked list is headed by a single forward pointer. The elements
++ * are singly linked for minimum space and pointer manipulation overhead at
++ * the expense of O(n) removal for arbitrary elements. New elements can be
++ * added to the list after an existing element or at the head of the list.
++ * Elements being removed from the head of the list should use the explicit
++ * macro for this purpose for optimum efficiency. A singly-linked list may
++ * only be traversed in the forward direction. Singly-linked lists are ideal
++ * for applications with large datasets and few or no removals or for
++ * implementing a LIFO queue.
++ *
++ * A singly-linked tail queue is headed by a pair of pointers, one to the
++ * head of the list and the other to the tail of the list. The elements are
++ * singly linked for minimum space and pointer manipulation overhead at the
++ * expense of O(n) removal for arbitrary elements. New elements can be added
++ * to the list after an existing element, at the head of the list, or at the
++ * end of the list. Elements being removed from the head of the tail queue
++ * should use the explicit macro for this purpose for optimum efficiency.
++ * A singly-linked tail queue may only be traversed in the forward direction.
++ * Singly-linked tail queues are ideal for applications with large datasets
++ * and few or no removals or for implementing a FIFO queue.
++ *
++ * A list is headed by a single forward pointer (or an array of forward
++ * pointers for a hash table header). The elements are doubly linked
++ * so that an arbitrary element can be removed without a need to
++ * traverse the list. New elements can be added to the list before
++ * or after an existing element or at the head of the list. A list
++ * may only be traversed in the forward direction.
++ *
++ * A tail queue is headed by a pair of pointers, one to the head of the
++ * list and the other to the tail of the list. The elements are doubly
++ * linked so that an arbitrary element can be removed without a need to
++ * traverse the list. New elements can be added to the list before or
++ * after an existing element, at the head of the list, or at the end of
++ * the list. A tail queue may be traversed in either direction.
++ *
++ * For details on the use of these macros, see the queue(3) manual page.
++ *
++ *
++ * SLIST LIST STAILQ TAILQ
++ * _HEAD + + + +
++ * _HEAD_INITIALIZER + + + +
++ * _ENTRY + + + +
++ * _INIT + + + +
++ * _EMPTY + + + +
++ * _FIRST + + + +
++ * _NEXT + + + +
++ * _PREV - - - +
++ * _LAST - - + +
++ * _FOREACH + + + +
++ * _FOREACH_REVERSE - - - +
++ * _INSERT_HEAD + + + +
++ * _INSERT_BEFORE - + - +
++ * _INSERT_AFTER + + + +
++ * _INSERT_TAIL - - + +
++ * _REMOVE_HEAD + - + -
++ * _REMOVE + + + +
++ *
++ */
++
++/*
++ * Singly-linked List declarations.
++ */
++#define SLIST_HEAD(name, type) \
++struct name { \
++ struct type *slh_first; /* first element */ \
++}
++
++#define SLIST_HEAD_INITIALIZER(head) \
++ { NULL }
++
++#define SLIST_ENTRY(type) \
++struct { \
++ struct type *sle_next; /* next element */ \
++}
++
++/*
++ * Singly-linked List functions.
++ */
++#define SLIST_EMPTY(head) ((head)->slh_first == NULL)
++
++#define SLIST_FIRST(head) ((head)->slh_first)
++
++#define SLIST_FOREACH(var, head, field) \
++ for ((var) = SLIST_FIRST((head)); \
++ (var); \
++ (var) = SLIST_NEXT((var), field))
++
++#define SLIST_INIT(head) do { \
++ SLIST_FIRST((head)) = NULL; \
++} while (0)
++
++#define SLIST_INSERT_AFTER(slistelm, elm, field) do { \
++ SLIST_NEXT((elm), field) = SLIST_NEXT((slistelm), field); \
++ SLIST_NEXT((slistelm), field) = (elm); \
++} while (0)
++
++#define SLIST_INSERT_HEAD(head, elm, field) do { \
++ SLIST_NEXT((elm), field) = SLIST_FIRST((head)); \
++ SLIST_FIRST((head)) = (elm); \
++} while (0)
++
++#define SLIST_NEXT(elm, field) ((elm)->field.sle_next)
++
++#define SLIST_REMOVE(head, elm, type, field) do { \
++ if (SLIST_FIRST((head)) == (elm)) { \
++ SLIST_REMOVE_HEAD((head), field); \
++ } \
++ else { \
++ struct type *curelm = SLIST_FIRST((head)); \
++ while (SLIST_NEXT(curelm, field) != (elm)) \
++ curelm = SLIST_NEXT(curelm, field); \
++ SLIST_NEXT(curelm, field) = \
++ SLIST_NEXT(SLIST_NEXT(curelm, field), field); \
++ } \
++} while (0)
++
++#define SLIST_REMOVE_HEAD(head, field) do { \
++ SLIST_FIRST((head)) = SLIST_NEXT(SLIST_FIRST((head)), field); \
++} while (0)
++
++/*
++ * Singly-linked Tail queue declarations.
++ */
++#define STAILQ_HEAD(name, type) \
++struct name { \
++ struct type *stqh_first;/* first element */ \
++ struct type **stqh_last;/* addr of last next element */ \
++}
++
++#define STAILQ_HEAD_INITIALIZER(head) \
++ { NULL, &(head).stqh_first }
++
++#define STAILQ_ENTRY(type) \
++struct { \
++ struct type *stqe_next; /* next element */ \
++}
++
++/*
++ * Singly-linked Tail queue functions.
++ */
++#define STAILQ_EMPTY(head) ((head)->stqh_first == NULL)
++
++#define STAILQ_FIRST(head) ((head)->stqh_first)
++
++#define STAILQ_FOREACH(var, head, field) \
++ for((var) = STAILQ_FIRST((head)); \
++ (var); \
++ (var) = STAILQ_NEXT((var), field))
++
++#define STAILQ_INIT(head) do { \
++ STAILQ_FIRST((head)) = NULL; \
++ (head)->stqh_last = &STAILQ_FIRST((head)); \
++} while (0)
++
++#define STAILQ_INSERT_AFTER(head, tqelm, elm, field) do { \
++ if ((STAILQ_NEXT((elm), field) = STAILQ_NEXT((tqelm), field)) == NULL)\
++ (head)->stqh_last = &STAILQ_NEXT((elm), field); \
++ STAILQ_NEXT((tqelm), field) = (elm); \
++} while (0)
++
++#define STAILQ_INSERT_HEAD(head, elm, field) do { \
++ if ((STAILQ_NEXT((elm), field) = STAILQ_FIRST((head))) == NULL) \
++ (head)->stqh_last = &STAILQ_NEXT((elm), field); \
++ STAILQ_FIRST((head)) = (elm); \
++} while (0)
++
++#define STAILQ_INSERT_TAIL(head, elm, field) do { \
++ STAILQ_NEXT((elm), field) = NULL; \
++ *(head)->stqh_last = (elm); \
++ (head)->stqh_last = &STAILQ_NEXT((elm), field); \
++} while (0)
++
++#define STAILQ_LAST(head, type, field) \
++ (STAILQ_EMPTY(head) ? \
++ NULL : \
++ ((struct type *) \
++ ((char *)((head)->stqh_last) - __offsetof(struct type, field))))
++
++#define STAILQ_NEXT(elm, field) ((elm)->field.stqe_next)
++
++#define STAILQ_REMOVE(head, elm, type, field) do { \
++ if (STAILQ_FIRST((head)) == (elm)) { \
++ STAILQ_REMOVE_HEAD(head, field); \
++ } \
++ else { \
++ struct type *curelm = STAILQ_FIRST((head)); \
++ while (STAILQ_NEXT(curelm, field) != (elm)) \
++ curelm = STAILQ_NEXT(curelm, field); \
++ if ((STAILQ_NEXT(curelm, field) = \
++ STAILQ_NEXT(STAILQ_NEXT(curelm, field), field)) == NULL)\
++ (head)->stqh_last = &STAILQ_NEXT((curelm), field);\
++ } \
++} while (0)
++
++#define STAILQ_REMOVE_HEAD(head, field) do { \
++ if ((STAILQ_FIRST((head)) = \
++ STAILQ_NEXT(STAILQ_FIRST((head)), field)) == NULL) \
++ (head)->stqh_last = &STAILQ_FIRST((head)); \
++} while (0)
++
++#define STAILQ_REMOVE_HEAD_UNTIL(head, elm, field) do { \
++ if ((STAILQ_FIRST((head)) = STAILQ_NEXT((elm), field)) == NULL) \
++ (head)->stqh_last = &STAILQ_FIRST((head)); \
++} while (0)
++
++/*
++ * List declarations.
++ */
++#define LIST_HEAD(name, type) \
++struct name { \
++ struct type *lh_first; /* first element */ \
++}
++
++#define LIST_HEAD_INITIALIZER(head) \
++ { NULL }
++
++#define LIST_ENTRY(type) \
++struct { \
++ struct type *le_next; /* next element */ \
++ struct type **le_prev; /* address of previous next element */ \
++}
++
++/*
++ * List functions.
++ */
++
++#define LIST_EMPTY(head) ((head)->lh_first == NULL)
++
++#define LIST_FIRST(head) ((head)->lh_first)
++
++#define LIST_FOREACH(var, head, field) \
++ for ((var) = LIST_FIRST((head)); \
++ (var); \
++ (var) = LIST_NEXT((var), field))
++
++#define LIST_INIT(head) do { \
++ LIST_FIRST((head)) = NULL; \
++} while (0)
++
++#define LIST_INSERT_AFTER(listelm, elm, field) do { \
++ if ((LIST_NEXT((elm), field) = LIST_NEXT((listelm), field)) != NULL)\
++ LIST_NEXT((listelm), field)->field.le_prev = \
++ &LIST_NEXT((elm), field); \
++ LIST_NEXT((listelm), field) = (elm); \
++ (elm)->field.le_prev = &LIST_NEXT((listelm), field); \
++} while (0)
++
++#define LIST_INSERT_BEFORE(listelm, elm, field) do { \
++ (elm)->field.le_prev = (listelm)->field.le_prev; \
++ LIST_NEXT((elm), field) = (listelm); \
++ *(listelm)->field.le_prev = (elm); \
++ (listelm)->field.le_prev = &LIST_NEXT((elm), field); \
++} while (0)
++
++#define LIST_INSERT_HEAD(head, elm, field) do { \
++ if ((LIST_NEXT((elm), field) = LIST_FIRST((head))) != NULL) \
++ LIST_FIRST((head))->field.le_prev = &LIST_NEXT((elm), field);\
++ LIST_FIRST((head)) = (elm); \
++ (elm)->field.le_prev = &LIST_FIRST((head)); \
++} while (0)
++
++#define LIST_NEXT(elm, field) ((elm)->field.le_next)
++
++#define LIST_REMOVE(elm, field) do { \
++ if (LIST_NEXT((elm), field) != NULL) \
++ LIST_NEXT((elm), field)->field.le_prev = \
++ (elm)->field.le_prev; \
++ *(elm)->field.le_prev = LIST_NEXT((elm), field); \
++} while (0)
++
++/*
++ * Tail queue declarations.
++ */
++#define TAILQ_HEAD(name, type) \
++struct name { \
++ struct type *tqh_first; /* first element */ \
++ struct type **tqh_last; /* addr of last next element */ \
++}
++
++#define TAILQ_HEAD_INITIALIZER(head) \
++ { NULL, &(head).tqh_first }
++
++#define TAILQ_ENTRY(type) \
++struct { \
++ struct type *tqe_next; /* next element */ \
++ struct type **tqe_prev; /* address of previous next element */ \
++}
++
++/*
++ * Tail queue functions.
++ */
++#define TAILQ_EMPTY(head) ((head)->tqh_first == NULL)
++
++#define TAILQ_FIRST(head) ((head)->tqh_first)
++
++#define TAILQ_FOREACH(var, head, field) \
++ for ((var) = TAILQ_FIRST((head)); \
++ (var); \
++ (var) = TAILQ_NEXT((var), field))
++
++#define TAILQ_FOREACH_REVERSE(var, head, headname, field) \
++ for ((var) = TAILQ_LAST((head), headname); \
++ (var); \
++ (var) = TAILQ_PREV((var), headname, field))
++
++#define TAILQ_INIT(head) do { \
++ TAILQ_FIRST((head)) = NULL; \
++ (head)->tqh_last = &TAILQ_FIRST((head)); \
++} while (0)
++
++#define TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \
++ if ((TAILQ_NEXT((elm), field) = TAILQ_NEXT((listelm), field)) != NULL)\
++ TAILQ_NEXT((elm), field)->field.tqe_prev = \
++ &TAILQ_NEXT((elm), field); \
++ else \
++ (head)->tqh_last = &TAILQ_NEXT((elm), field); \
++ TAILQ_NEXT((listelm), field) = (elm); \
++ (elm)->field.tqe_prev = &TAILQ_NEXT((listelm), field); \
++} while (0)
++
++#define TAILQ_INSERT_BEFORE(listelm, elm, field) do { \
++ (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \
++ TAILQ_NEXT((elm), field) = (listelm); \
++ *(listelm)->field.tqe_prev = (elm); \
++ (listelm)->field.tqe_prev = &TAILQ_NEXT((elm), field); \
++} while (0)
++
++#define TAILQ_INSERT_HEAD(head, elm, field) do { \
++ if ((TAILQ_NEXT((elm), field) = TAILQ_FIRST((head))) != NULL) \
++ TAILQ_FIRST((head))->field.tqe_prev = \
++ &TAILQ_NEXT((elm), field); \
++ else \
++ (head)->tqh_last = &TAILQ_NEXT((elm), field); \
++ TAILQ_FIRST((head)) = (elm); \
++ (elm)->field.tqe_prev = &TAILQ_FIRST((head)); \
++} while (0)
++
++#define TAILQ_INSERT_TAIL(head, elm, field) do { \
++ TAILQ_NEXT((elm), field) = NULL; \
++ (elm)->field.tqe_prev = (head)->tqh_last; \
++ *(head)->tqh_last = (elm); \
++ (head)->tqh_last = &TAILQ_NEXT((elm), field); \
++} while (0)
++
++#define TAILQ_LAST(head, headname) \
++ (*(((struct headname *)((head)->tqh_last))->tqh_last))
++
++#define TAILQ_NEXT(elm, field) ((elm)->field.tqe_next)
++
++#define TAILQ_PREV(elm, headname, field) \
++ (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last))
++
++#define TAILQ_REMOVE(head, elm, field) do { \
++ if ((TAILQ_NEXT((elm), field)) != NULL) \
++ TAILQ_NEXT((elm), field)->field.tqe_prev = \
++ (elm)->field.tqe_prev; \
++ else \
++ (head)->tqh_last = (elm)->field.tqe_prev; \
++ *(elm)->field.tqe_prev = TAILQ_NEXT((elm), field); \
++} while (0)
++
++
++#ifdef _KERNEL
++
++/*
++ * XXX insque() and remque() are an old way of handling certain queues.
++ * They bogusly assumes that all queue heads look alike.
++ */
++
++struct quehead {
++ struct quehead *qh_link;
++ struct quehead *qh_rlink;
++};
++
++#ifdef __GNUC__
++
++static __inline void
++insque(void *a, void *b)
++{
++ struct quehead *element = (struct quehead *)a,
++ *head = (struct quehead *)b;
++
++ element->qh_link = head->qh_link;
++ element->qh_rlink = head;
++ head->qh_link = element;
++ element->qh_link->qh_rlink = element;
++}
++
++static __inline void
++remque(void *a)
++{
++ struct quehead *element = (struct quehead *)a;
++
++ element->qh_link->qh_rlink = element->qh_rlink;
++ element->qh_rlink->qh_link = element->qh_link;
++ element->qh_rlink = 0;
++}
++
++#else /* !__GNUC__ */
++
++void insque __P((void *a, void *b));
++void remque __P((void *a));
++
++#endif /* __GNUC__ */
++
++#endif /* _KERNEL */
++
++#endif /* !_SYS_QUEUE_H_ */
+Index: isakmpd-20041012.orig/sysdep/common/pcap.h
+===================================================================
+--- isakmpd-20041012.orig.orig/sysdep/common/pcap.h 2007-06-04 13:22:39.203895384 +0200
++++ isakmpd-20041012.orig/sysdep/common/pcap.h 2007-06-04 13:22:39.292881856 +0200
+@@ -55,8 +55,13 @@
+ u_int32_t linktype; /* data link type (DLT_*) */
+ };
+
++struct pcap_timeval {
++ int32_t tv_sec; /* seconds */
++ int32_t tv_usec; /* microseconds */
++};
++
+ struct pcap_pkthdr {
+- struct timeval ts; /* time stamp */
++ struct pcap_timeval ts; /* time stamp */
+ u_int32_t caplen; /* length of portion present */
+ u_int32_t len; /* length this packet (off wire) */
+ };
+Index: isakmpd-20041012.orig/sysdep/common/libsysdep/arc4random.c
+===================================================================
+--- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/arc4random.c 2007-06-04 13:22:39.211894168 +0200
++++ isakmpd-20041012.orig/sysdep/common/libsysdep/arc4random.c 2007-06-04 13:22:39.292881856 +0200
+@@ -78,7 +78,7 @@
+ static void
+ arc4_stir(struct arc4_stream *as)
+ {
+- int fd;
++ int fd, i;
+ struct {
+ struct timeval tv;
+ u_int8_t rnd[128 - sizeof(struct timeval)];
+Index: isakmpd-20041012.orig/x509v3.cnf
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ isakmpd-20041012.orig/x509v3.cnf 2007-06-04 13:22:39.293881704 +0200
+@@ -0,0 +1,26 @@
++# default settings
++CERTPATHLEN = 1
++CERTUSAGE = digitalSignature,keyCertSign
++CERTIP = 0.0.0.0
++CERTFQDN = nohost.nodomain
++
++# This section should be referenced when building an x509v3 CA
++# Certificate.
++# The default path length and the key usage can be overriden
++# modified by setting the CERTPATHLEN and CERTUSAGE environment
++# variables.
++[x509v3_CA]
++basicConstraints=critical,CA:true,pathlen:$ENV::CERTPATHLEN
++keyUsage=$ENV::CERTUSAGE
++
++# This section should be referenced to add an IP Address
++# as an alternate subject name, needed by isakmpd
++# The address must be provided in the CERTIP environment variable
++[x509v3_IPAddr]
++subjectAltName=IP:$ENV::CERTIP
++
++# This section should be referenced to add a FQDN hostname
++# as an alternate subject name, needed by isakmpd
++# The address must be provided in the CERTFQDN environment variable
++[x509v3_FQDN]
++subjectAltName=DNS:$ENV::CERTFQDN
--- /dev/null
+Index: isakmpd-20041012.orig/GNUmakefile
+===================================================================
+--- isakmpd-20041012.orig.orig/GNUmakefile 2007-06-04 13:22:39.283883224 +0200
++++ isakmpd-20041012.orig/GNUmakefile 2007-06-04 13:22:39.722816496 +0200
+@@ -168,7 +168,6 @@
+ X509= x509.c
+ CFLAGS+= -DUSE_LIBCRYPTO
+ LDADD+= -lcrypto
+-DPADD+= ${LIBCRYPTO}
+ endif
+
+ ifdef USE_RAWKEY
+@@ -242,3 +241,16 @@
+
+ realcleandepend:
+ rm -f .depend tags
++
++# Install rules
++install: install-bin install-man
++
++install-bin: isakmpd
++ -mkdir -p $(DESTDIR)$(BINDIR)
++ $(INSTALL) $(INSTALL_OPTS) -m 755 isakmpd $(DESTDIR)$(BINDIR)
++
++install-man:
++ -mkdir -p $(DESTDIR)$(MANDIR)/man8
++ $(INSTALL) $(INSTALL_OPTS) -m 444 isakmpd.8 $(DESTDIR)$(MANDIR)/man8
++ -mkdir -p $(DESTDIR)$(MANDIR)/man5
++ $(INSTALL) $(INSTALL_OPTS) -m 444 isakmpd.conf.5 isakmpd.policy.5 $(DESTDIR)$(MANDIR)/man5
+Index: isakmpd-20041012.orig/samples/Makefile
+===================================================================
+--- isakmpd-20041012.orig.orig/samples/Makefile 2007-06-04 13:22:39.015923960 +0200
++++ isakmpd-20041012.orig/samples/Makefile 2007-06-04 13:22:39.722816496 +0200
+@@ -26,7 +26,7 @@
+ #
+
+ FILES= VPN-* policy singlehost-*
+-TARGETDIR= /usr/share/ipsec/isakmpd
++TARGETDIR= /usr/share/isakmpd/samples
+
+ # The mkdir below is for installation on OpenBSD pre 2.7
+ install:
+Index: isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep
+===================================================================
+--- isakmpd-20041012.orig.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.291882008 +0200
++++ isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.722816496 +0200
+@@ -25,18 +25,18 @@
+ # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ #
+
+-LIBGMP:= /usr/lib/libgmp.a
+-LIBCRYPTO:= /usr/lib/libcrypto.a
++LIBGMP:=
++LIBCRYPTO:= -lcrypto
+ LIBSYSDEPDIR:= ${.CURDIR}/sysdep/common/libsysdep
+ LIBSYSDEP:= ${LIBSYSDEPDIR}/libsysdep.a
+
+-LDADD+= -lgmp ${LIBSYSDEP} ${LIBCRYPTO}
++LDADD+= $(EXTRA_LDFLAGS) -lgmp ${LIBSYSDEP} ${LIBCRYPTO}
+ DPADD+= ${LIBGMP} ${LIBSYSDEP}
+
+ CFLAGS+= -DHAVE_GETNAMEINFO -DUSE_OLD_SOCKADDR -DHAVE_PCAP \
+ -DNEED_SYSDEP_APP -DMP_FLAVOUR=MP_FLAVOUR_GMP -DUSE_AES \
+ -I${.CURDIR}/sysdep/linux/include -I${.CURDIR}/sysdep/common \
+- -I/usr/include/openssl
++ $(EXTRA_CPPFLAGS)
+
+ FEATURES= debug tripledes blowfish cast ec aggressive x509 policy
+ FEATURES+= dpd nat_traversal isakmp_cfg des aes
+Index: isakmpd-20041012.orig/Makefile
+===================================================================
+--- isakmpd-20041012.orig.orig/Makefile 2007-06-04 13:22:39.028921984 +0200
++++ isakmpd-20041012.orig/Makefile 2007-06-04 13:22:39.723816344 +0200
+@@ -147,7 +147,6 @@
+ .ifdef USE_LIBCRYPTO
+ CFLAGS+= -DUSE_LIBCRYPTO
+ LDADD+= -lcrypto
+-DPADD+= ${LIBCRYPTO}
+ .endif
+
+ .ifdef USE_LIBDES
+Index: isakmpd-20041012.orig/apps/certpatch/Makefile
+===================================================================
+--- isakmpd-20041012.orig.orig/apps/certpatch/Makefile 2007-06-04 13:22:39.035920920 +0200
++++ isakmpd-20041012.orig/apps/certpatch/Makefile 2007-06-04 13:22:39.723816344 +0200
+@@ -40,7 +40,6 @@
+ .PATH: ${TOPSRC} ${TOPSRC}/sysdep/${OS} ${TOPOBJ}
+ CFLAGS+= -I${TOPSRC} -I${TOPSRC}/sysdep/${OS} -I${TOPOBJ} -Wall
+ LDADD+= -lcrypto
+-DPADD+= ${LIBCRYPTO}
+ MAN= certpatch.8
+
+ .if ${FEATURES:Mgmp} == "gmp"
+Index: isakmpd-20041012.orig/regress/crypto/Makefile
+===================================================================
+--- isakmpd-20041012.orig.orig/regress/crypto/Makefile 2007-06-04 13:22:39.041920008 +0200
++++ isakmpd-20041012.orig/regress/crypto/Makefile 2007-06-04 13:22:39.723816344 +0200
+@@ -13,7 +13,7 @@
+ -DUSE_TRIPLEDES -DUSE_CAST -DUSE_BLOWFISH -DUSE_DES \
+ -DUSE_AES
+ LDADD+= -lcrypto -ldes
+-DPADD+= ${LIBCRYPTO} ${LIBDES}
++DPADD+= ${LIBDES}
+ NOMAN=
+ DEBUG= -g
+
+Index: isakmpd-20041012.orig/regress/dh/Makefile
+===================================================================
+--- isakmpd-20041012.orig.orig/regress/dh/Makefile 2007-06-04 13:22:39.048918944 +0200
++++ isakmpd-20041012.orig/regress/dh/Makefile 2007-06-04 13:22:39.726815888 +0200
+@@ -15,7 +15,6 @@
+ -DUSE_EC
+ NOMAN=
+ LDADD+= -lcrypto
+-DPADD+= ${LIBCRYPTO}
+ DEBUG= -g
+
+ .if ${FEATURES:Mgmp} == "gmp"
+Index: isakmpd-20041012.orig/regress/group/Makefile
+===================================================================
+--- isakmpd-20041012.orig.orig/regress/group/Makefile 2007-06-04 13:22:39.054918032 +0200
++++ isakmpd-20041012.orig/regress/group/Makefile 2007-06-04 13:22:39.727815736 +0200
+@@ -15,7 +15,6 @@
+ -DUSE_EC
+ NOMAN=
+ LDADD+= -lcrypto
+-DPADD+= ${LIBCRYPTO}
+ DEBUG= -g
+
+ .if ${FEATURES:Mgmp} == "gmp"
+Index: isakmpd-20041012.orig/regress/rsakeygen/Makefile
+===================================================================
+--- isakmpd-20041012.orig.orig/regress/rsakeygen/Makefile 2007-06-04 13:22:39.060917120 +0200
++++ isakmpd-20041012.orig/regress/rsakeygen/Makefile 2007-06-04 13:22:39.727815736 +0200
+@@ -62,7 +62,6 @@
+ .ifdef USE_LIBCRYPTO
+ CFLAGS+= -DUSE_LIBCRYPTO
+ LDADD+= -lcrypto
+-DPADD+= ${LIBCRYPTO}
+ .endif
+
+ .if !defined (HAVE_DLOPEN) && !defined (USE_LIBCRYPTO)
+Index: isakmpd-20041012.orig/regress/x509/Makefile
+===================================================================
+--- isakmpd-20041012.orig.orig/regress/x509/Makefile 2007-06-04 13:22:39.068915904 +0200
++++ isakmpd-20041012.orig/regress/x509/Makefile 2007-06-04 13:22:39.727815736 +0200
+@@ -78,7 +78,6 @@
+ X509= x509.c
+ CFLAGS+= -DUSE_LIBCRYPTO
+ LDADD+= -lcrypto ${LIBLWRES}
+-DPADD+= ${LIBCRYPTO}
+ .endif
+
+ .if !defined (HAVE_DLOPEN) && !defined (USE_LIBCRYPTO) || !defined (USE_KEYNOTE)
--- /dev/null
+Index: isakmpd-20041012.orig/GNUmakefile
+===================================================================
+--- isakmpd-20041012.orig.orig/GNUmakefile 2007-06-04 13:22:39.722816496 +0200
++++ isakmpd-20041012.orig/GNUmakefile 2007-06-04 13:22:40.000774240 +0200
+@@ -76,13 +76,14 @@
+ isakmp_fld.c isakmp_fld.h
+ MAN= isakmpd.8 isakmpd.conf.5 isakmpd.policy.5
+
+-CFLAGS+= -O2 ${DEBUG} -Wall -DNEED_SYSDEP_APP \
++CFLAGS+= ${DEBUG} -Wall -DNEED_SYSDEP_APP \
+ -I${.CURDIR} -I${.CURDIR}/sysdep/${OS} -I. \
+
+ # Different debugging & profiling suggestions
+
+ # Include symbolic debugging info
+ DEBUG= -g
++CFLAGS+= -g
+
+ # Do execution time profiles
+ #CFLAGS+= -pg
+@@ -175,6 +176,14 @@
+ CFLAGS+= -DUSE_RAWKEY
+ endif
+
++ifdef USE_OPENSSL_MD5
++CFLAGS+= -DUSE_OPENSSL_MD5
++endif
++
++ifdef USE_OPENSSL_SHA1
++CFLAGS+= -DUSE_OPENSSL_SHA1
++endif
++
+ SRCS+= ${IPSEC_SRCS} ${X509} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \
+ $(ISAKMP_CFG) ${DPD} ${NAT_TRAVERSAL}
+ CFLAGS+= ${IPSEC_CFLAGS}
+Index: isakmpd-20041012.orig/sysdep/common/libsysdep/GNUmakefile
+===================================================================
+--- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/GNUmakefile 2007-06-04 13:22:38.959932472 +0200
++++ isakmpd-20041012.orig/sysdep/common/libsysdep/GNUmakefile 2007-06-04 13:22:40.000774240 +0200
+@@ -31,10 +31,18 @@
+ .CURDIR:= $(shell pwd)
+
+ LIB= sysdep
+-SRCS= arc4random.c blowfish.c cast.c md5.c sha1.c strlcat.c strlcpy.c
++SRCS= arc4random.c blowfish.c cast.c strlcat.c strlcpy.c
+ NOMAN=
+ CFLAGS+= -I${.CURDIR}/.. -I/usr/include/machine
+
++ifeq (,$(findstring USE_OPENSSL_MD5,$(CFLAGS)))
++SRCS+=md5.c
++endif
++
++ifeq (,$(findstring USE_OPENSSL_SHA1,$(CFLAGS)))
++SRCS+=sha1.c
++endif
++
+ lib${LIB}.a: ${SRCS:%.c=%.o}
+ ar cq $@ ${SRCS:%.c=%.o}
+
+Index: isakmpd-20041012.orig/sysdep/common/libsysdep/md5.c
+===================================================================
+--- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/md5.c 2007-06-04 13:22:38.964931712 +0200
++++ isakmpd-20041012.orig/sysdep/common/libsysdep/md5.c 2007-06-04 13:22:40.000774240 +0200
+@@ -5,6 +5,8 @@
+ * changes to accommodate it in the kernel by ji.
+ */
+
++#ifndef USE_OPENSSL_MD5
++
+ /* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
+ */
+
+@@ -390,3 +392,4 @@
+ #endif
+ #endif
+
++#endif /* USE_OPENSSL_MD5 */
+Index: isakmpd-20041012.orig/sysdep/common/libsysdep/sha1.c
+===================================================================
+--- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/sha1.c 2007-06-04 13:22:38.970930800 +0200
++++ isakmpd-20041012.orig/sysdep/common/libsysdep/sha1.c 2007-06-04 13:22:40.001774088 +0200
+@@ -1,5 +1,7 @@
+ /* $OpenBSD: sha1.c,v 1.2 2001/01/28 22:38:48 niklas Exp $ */
+
++#ifndef USE_OPENSSL_SHA1
++
+ /*
+ SHA-1 in C
+ By Steve Reid <steve@edmweb.com>
+@@ -171,3 +173,5 @@
+ SHA1Transform(context->state, context->buffer);
+ #endif
+ }
++
++#endif /* USE_OPENSSL_SHA1 */
+Index: isakmpd-20041012.orig/sysdep/common/md5.h
+===================================================================
+--- isakmpd-20041012.orig.orig/sysdep/common/md5.h 2007-06-04 13:22:38.976929888 +0200
++++ isakmpd-20041012.orig/sysdep/common/md5.h 2007-06-04 13:22:40.001774088 +0200
+@@ -1,5 +1,15 @@
+ /* $OpenBSD: md5.h,v 1.2 2001/01/28 22:38:47 niklas Exp $ */
+
++#ifdef USE_OPENSSL_MD5
++
++#include <openssl/md5.h>
++
++#define MD5Init MD5_Init
++#define MD5Update MD5_Update
++#define MD5Final MD5_Final
++
++#else /* USE_OPENSSL_MD5 */
++
+ /* GLOBAL.H - RSAREF types and constants
+ */
+
+@@ -71,3 +81,5 @@
+ void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *));
+
+ #define _MD5_H_
++
++#endif /* USE_OPENSSL_MD5 */
+Index: isakmpd-20041012.orig/sysdep/common/sha1.h
+===================================================================
+--- isakmpd-20041012.orig.orig/sysdep/common/sha1.h 2007-06-04 13:22:38.982928976 +0200
++++ isakmpd-20041012.orig/sysdep/common/sha1.h 2007-06-04 13:22:40.001774088 +0200
+@@ -1,5 +1,16 @@
+ /* $OpenBSD: sha1.h,v 1.2 2001/01/28 22:38:47 niklas Exp $ */
+
++#ifdef USE_OPENSSL_SHA1
++
++#include <openssl/sha.h>
++
++typedef SHA_CTX SHA1_CTX;
++#define SHA1Init SHA1_Init
++#define SHA1Update SHA1_Update
++#define SHA1Final SHA1_Final
++
++#else /* USE_OPENSSL_SHA1 */
++
+ /*
+ SHA-1 in C
+ By Steve Reid <steve@edmweb.com>
+@@ -16,3 +27,5 @@
+ void SHA1Init(SHA1_CTX* context);
+ void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int len);
+ void SHA1Final(unsigned char digest[20], SHA1_CTX* context);
++
++#endif /* USE_OPENSSL_SHA1 */
+Index: isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep
+===================================================================
+--- isakmpd-20041012.orig.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.722816496 +0200
++++ isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:40.001774088 +0200
+@@ -47,6 +47,8 @@
+ USE_LIBCRYPO= defined
+ HAVE_DLOPEN= defined
+ USE_KEYNOTE= defined
++USE_OPENSSL_MD5= defined
++USE_OPENSSL_SHA1= defined
+
+ # hack libsysdep.a dependenc
+ ${LIBSYSDEPDIR}/.depend ${LIBSYSDEP}:
--- /dev/null
+Index: isakmpd-20041012.orig/ipsec.c
+===================================================================
+--- isakmpd-20041012.orig.orig/ipsec.c 2007-06-04 13:22:39.283883224 +0200
++++ isakmpd-20041012.orig/ipsec.c 2007-06-04 13:22:40.247736696 +0200
+@@ -2176,9 +2176,10 @@
+ {
+ struct ipsec_proto *iproto = proto->data;
+
+- if (proto->sa->phase == 2 && section)
+- iproto->replay_window = conf_get_num(section, "ReplayWindow",
+- DEFAULT_REPLAY_WINDOW);
++ if (proto->sa->phase == 2)
++ iproto->replay_window = section ? conf_get_num(section,
++ "ReplayWindow", DEFAULT_REPLAY_WINDOW) :
++ DEFAULT_REPLAY_WINDOW;
+ }
+
+ /*
--- /dev/null
+Index: isakmpd-20041012.orig/sysdep/common/libsysdep/GNUmakefile
+===================================================================
+--- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/GNUmakefile 2007-06-04 13:22:40.000774240 +0200
++++ isakmpd-20041012.orig/sysdep/common/libsysdep/GNUmakefile 2007-06-04 13:22:40.431708728 +0200
+@@ -44,7 +44,7 @@
+ endif
+
+ lib${LIB}.a: ${SRCS:%.c=%.o}
+- ar cq $@ ${SRCS:%.c=%.o}
++ $(AR) cq $@ ${SRCS:%.c=%.o}
+
+ clean:
+ rm -f lib${LIB}.a ${SRCS:%.c=%.o}
--- /dev/null
+#
+# Copyright (C) 2006-2008 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+# $Id$
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=openswan
+PKG_VERSION:=2.4.10
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://www.openswan.org/download
+PKG_MD5SUM:=2b36785342c74d524d8d86bde89a445f
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/openswan/Default
+ TITLE:=Openswan
+ URL:=http://www.openswan.org/
+ DEPENDS:=@BROKEN
+endef
+
+define Package/openswan/Default/description
+ Openswan is an IPsec implementation for Linux.
+endef
+
+define Package/openswan
+$(call Package/openswan/Default)
+ SECTION:=net
+ CATEGORY:=Network
+ DEPENDS+= +kmod-openswan +libgmp +ip
+ TITLE+= (daemon)
+ URL:=http://www.openswan.org/
+endef
+
+define Package/openswan/description
+$(call Package/openswan/Default/description)
+ This package contains the Openswan user-land daemon.
+endef
+
+define KernelPackage/openswan
+$(call Package/openswan/Default)
+ SUBMENU:=Network Support
+ TITLE+= (kernel module)
+ FILES:=$(PKG_BUILD_DIR)/modobj*/ipsec.$(LINUX_KMOD_SUFFIX)
+endef
+
+define KernelPackage/openswan/description
+$(call Package/openswan/Default/description)
+ This package contains the Openswan kernel module.
+endef
+
+TARGET_CPPFLAGS = \
+ -I$(STAGING_DIR)/usr/include \
+ -I$(LINUX_DIR)/include
+
+TARGET_LDFLAGS = \
+ -L$(STAGING_DIR)/usr/lib
+
+OPENSWAN_MAKE := $(MAKE) -C $(PKG_BUILD_DIR) \
+ $(TARGET_CONFIGURE_OPTS) \
+ LINUX_RELEASE="$(LINUX_RELEASE)" \
+ KERNELSRC="$(LINUX_DIR)" \
+ ARCH="$(LINUX_KARCH)" \
+ CROSS_COMPILE="$(TARGET_CROSS)" \
+ USERCOMPILE="$(TARGET_CFLAGS) -I$(PKG_BUILD_DIR)/linux/include $(TARGET_CPPFLAGS) $(TARGET_LDFLAGS)" \
+ IPSECDIR="/usr/lib/ipsec" \
+ INC_USRLOCAL="/usr" \
+ INC_RCDEFAULT="/etc/init.d" \
+ MODPROBE="/sbin/insmod" \
+ LDFLAGS="$(TARGET_LDFLAGS)" \
+ DESTDIR="$(PKG_INSTALL_DIR)"
+
+define Build/Compile
+ $(OPENSWAN_MAKE) \
+ programs module install
+endef
+
+define Package/openswan/install
+ $(CP) $(PKG_INSTALL_DIR)/* $(1)
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(CP) ./files/ipsec.init $(1)/etc/init.d/ipsec
+ rm -rf $(1)/usr/share
+ rm -rf $(1)/usr/man
+ rm -rf $(1)/var
+ rm -rf $(1)/etc/rc.d
+ find $(1) -name \*.old | xargs rm -rf
+endef
+
+$(eval $(call BuildPackage,openswan))
+$(eval $(call KernelPackage,openswan))
--- /dev/null
+#!/bin/sh /etc/rc.common
+# IPsec startup and shutdown script
+# Copyright (C) 1998, 1999, 2001 Henry Spencer.
+# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
+# Copyright (C) 2006 OpenWrt.org
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# for more details.
+#
+# RCSID $Id: setup.in,v 1.122.6.1 2005/07/25 19:17:03 ken Exp $
+#
+# ipsec init.d script for starting and stopping
+# the IPsec security subsystem (KLIPS and Pluto).
+#
+# This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
+# and is also accessible as "ipsec setup" (the preferred route for human
+# invocation).
+#
+# The startup and shutdown times are a difficult compromise (in particular,
+# it is almost impossible to reconcile them with the insanely early/late
+# times of NFS filesystem startup/shutdown). Startup is after startup of
+# syslog and pcmcia support; shutdown is just before shutdown of syslog.
+#
+# chkconfig: 2345 47 76
+# description: IPsec provides encrypted and authenticated communications; \
+# KLIPS is the kernel half of it, Pluto is the user-level management daemon.
+
+START=60
+script_init() {
+ me='ipsec setup' # for messages
+
+ # where the private directory and the config files are
+ IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/libexec/ipsec}"
+ IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/lib/ipsec}"
+ IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}"
+ IPSEC_CONFS="${IPSEC_CONFS-/etc}"
+
+ if test " $IPSEC_DIR" = " " # if we were not called by the ipsec command
+ then
+ # we must establish a suitable PATH ourselves
+ PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
+ export PATH
+
+ IPSEC_DIR="$IPSEC_LIBDIR"
+ export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
+ fi
+
+ # Check that the ipsec command is available.
+ found=
+ for dir in `echo $PATH | tr ':' ' '`
+ do
+ if test -f $dir/ipsec -a -x $dir/ipsec
+ then
+ found=yes
+ break # NOTE BREAK OUT
+ fi
+ done
+ if ! test "$found"
+ then
+ echo "cannot find ipsec command -- \`$1' aborted" |
+ logger -s -p daemon.error -t ipsec_setup
+ exit 1
+ fi
+
+ # Pick up IPsec configuration (until we have done this, successfully, we
+ # do not know where errors should go, hence the explicit "daemon.error"s.)
+ # Note the "--export", which exports the variables created.
+ eval `ipsec _confread $config --optional --varprefix IPSEC --export --type config setup`
+
+ if test " $IPSEC_confreadstatus" != " "
+ then
+ case $1 in
+ stop|--stop|_autostop)
+ echo "$IPSEC_confreadstatus -- \`$1' may not work" |
+ logger -s -p daemon.error -t ipsec_setup;;
+
+ *) echo "$IPSEC_confreadstatus -- \`$1' aborted" |
+ logger -s -p daemon.error -t ipsec_setup;
+ exit 1;;
+ esac
+ fi
+
+ IPSEC_confreadsection=${IPSEC_confreadsection:-setup}
+ export IPSEC_confreadsection
+
+ IPSECsyslog=${IPSECsyslog-daemon.error}
+ export IPSECsyslog
+
+ # misc setup
+ umask 022
+
+ mkdir -p /var/run/pluto
+}
+
+script_command() {
+ if [ "${USER}" != "root" ]
+ then
+ echo "permission denied (must be superuser)" |
+ logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
+ exit 1
+ fi
+ # make sure all required directories exist
+ if [ ! -d /var/run/pluto ]
+ then
+ mkdir -p /var/run/pluto
+ fi
+ if [ ! -d /var/lock/subsys ]
+ then
+ mkdir -p /var/lock/subsys
+ fi
+ tmp=/var/run/pluto/ipsec_setup.st
+ outtmp=/var/run/pluto/ipsec_setup.out
+ (
+ ipsec _realsetup $1
+ echo "$?" >$tmp
+ ) > ${outtmp} 2>&1
+ st=$?
+ if test -f $tmp
+ then
+ st=`cat $tmp`
+ rm -f $tmp
+ fi
+ if [ -f ${outtmp} ]; then
+ cat ${outtmp} | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
+ rm -f ${outtmp}
+ fi
+}
+
+
+start() {
+ script_init start "$@"
+ script_command start "$@"
+}
+
+stop() {
+ script_init stop "$@"
+ script_command stop "$@"
+}
+
+restart() {
+ script_init stop "$@"
+ script_command stop "$@"
+ script_command start "$@"
+}
+
+status() {
+ script_init status "$@"
+ ipsec _realsetup status
+}
+EXTRA_COMMANDS=status
+EXTRA_HELP=" status Show the status of the service"
--- /dev/null
+diff -urN openswan.old/programs/loggerfix openswan.dev/programs/loggerfix
+--- openswan.old/programs/loggerfix 1970-01-01 01:00:00.000000000 +0100
++++ openswan.dev/programs/loggerfix 2006-10-08 20:41:08.000000000 +0200
+@@ -0,0 +1,5 @@
++#!/bin/sh
++# use filename instead of /dev/null to log, but dont log to flash or ram
++# pref. log to nfs mount
++echo "$*" >> /dev/null
++exit 0
+diff -urN openswan.old/programs/_plutorun/_plutorun.in openswan.dev/programs/_plutorun/_plutorun.in
+--- openswan.old/programs/_plutorun/_plutorun.in 2006-10-08 20:43:21.000000000 +0200
++++ openswan.dev/programs/_plutorun/_plutorun.in 2006-10-08 20:41:08.000000000 +0200
+@@ -147,7 +147,7 @@
+ exit 1
+ fi
+ else
+- if test ! -w "`dirname $stderrlog`"
++ if test ! -w "`echo $stderrlog | sed -r 's/(^.*\/)(.*$)/\1/'`"
+ then
+ echo Cannot write to directory to create \"$stderrlog\".
+ exit 1
+diff -urN openswan.old/programs/_realsetup/_realsetup.in openswan.dev/programs/_realsetup/_realsetup.in
+--- openswan.old/programs/_realsetup/_realsetup.in 2006-10-08 20:43:21.000000000 +0200
++++ openswan.dev/programs/_realsetup/_realsetup.in 2006-10-08 20:41:08.000000000 +0200
+@@ -232,7 +232,7 @@
+
+ # misc pre-Pluto setup
+
+- perform test -d `dirname $subsyslock` "&&" touch $subsyslock
++ perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock
+
+ if test " $IPSECforwardcontrol" = " yes"
+ then
--- /dev/null
+Index: openswan-2.4.8/programs/ranbits/ranbits.c
+===================================================================
+--- openswan-2.4.8.orig/programs/ranbits/ranbits.c 2007-06-04 13:22:49.835279168 +0200
++++ openswan-2.4.8/programs/ranbits/ranbits.c 2007-06-04 13:22:51.648003592 +0200
+@@ -29,7 +29,7 @@
+ #include <openswan.h>
+
+ #ifndef DEVICE
+-#define DEVICE "/dev/random"
++#define DEVICE "/dev/urandom"
+ #endif
+ #ifndef QDEVICE
+ #define QDEVICE "/dev/urandom"
+Index: openswan-2.4.8/programs/rsasigkey/rsasigkey.c
+===================================================================
+--- openswan-2.4.8.orig/programs/rsasigkey/rsasigkey.c 2007-06-04 13:22:49.842278104 +0200
++++ openswan-2.4.8/programs/rsasigkey/rsasigkey.c 2007-06-04 13:22:51.649003440 +0200
+@@ -31,7 +31,7 @@
+ #include <gmp.h>
+
+ #ifndef DEVICE
+-#define DEVICE "/dev/random"
++#define DEVICE "/dev/urandom"
+ #endif
+ #ifndef MAXBITS
+ #define MAXBITS 20000
+Index: openswan-2.4.8/programs/starter/files.h
+===================================================================
+--- openswan-2.4.8.orig/programs/starter/files.h 2007-06-04 13:22:49.850276888 +0200
++++ openswan-2.4.8/programs/starter/files.h 2007-06-04 13:22:51.649003440 +0200
+@@ -36,7 +36,7 @@
+
+ #define MY_PID_FILE "/var/run/pluto/ipsec-starter.pid"
+
+-#define DEV_RANDOM "/dev/random"
++#define DEV_RANDOM "/dev/urandom"
+ #define DEV_URANDOM "/dev/urandom"
+
+ #define PROC_IPSECVERSION "/proc/net/ipsec_version"
--- /dev/null
+#
+# Copyright (C) 2006 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+# $Id$
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=shfs
+PKG_VERSION:=0.35
+PKG_RELEASE:=2
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=@SF/shfs
+PKG_MD5SUM:=016f49d71bc32eee2b5d11fc1600cfbe
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/shfs/Default
+ TITLE:=ShFS
+ URL:=http://shfs.sourceforge.net/
+endef
+
+define Package/shfs/Default/description
+ ShFS is a simple and easy to use Linux kernel module which allows you to
+ mount remote filesystems using a plain shell (SSH) connection. When using
+ ShFS, you can access all remote files just like the local ones, only the
+ access is governed through the transport security of SSH.
+endef
+
+define KernelPackage/shfs
+$(call Package/shfs/Default)
+ TITLE+= (kernel module)
+ DEPENDS:=@LINUX_2_4
+ FILES:=$(PKG_INSTALL_DIR)/lib/modules/$(LINUX_VERSION)/kernel/fs/shfs/shfs.$(LINUX_KMOD_SUFFIX)
+ SUBMENU:=Filesystems
+ AUTOLOAD:=$(call AutoLoad,40,shfs)
+endef
+
+define KernelPackage/shfs/description
+$(call Package/shfs/Default/description)
+ This package contains the ShFS kernel module.
+endef
+
+define Package/shfs-utils
+$(call Package/shfs/Default)
+ SECTION:=utils
+ CATEGORY:=Utilities
+ DEPENDS+=+kmod-shfs
+ TITLE+= (utilities)
+endef
+
+define Package/shfs-utils/description
+$(call Package/shfs/Default/description)
+ This package contains the ShFS utilities.
+endef
+
+define Build/Compile
+ $(MAKE) -C $(PKG_BUILD_DIR) \
+ ARCH="$(LINUX_KARCH)" \
+ CROSS_COMPILE="$(TARGET_CROSS)" \
+ OFLAGS="$(TARGET_CFLAGS)" \
+ CC="$(TARGET_CC)" \
+ LINKER="$(TARGET_CC)" \
+ KERNEL="$(LINUX_VERSION)" \
+ KERNEL_SOURCES="$(LINUX_DIR)" \
+ ROOT="$(PKG_INSTALL_DIR)" \
+ module module-install
+ $(MAKE) -C $(PKG_BUILD_DIR) \
+ OFLAGS="$(TARGET_CFLAGS)" \
+ CC="$(TARGET_CC)" \
+ LINKER="$(TARGET_CC)" \
+ KERNEL_SOURCES="$(LINUX_DIR)" \
+ ROOT="$(PKG_INSTALL_DIR)" \
+ utils utils-install
+endef
+
+define Package/shfs-utils/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/shfs{,u}mount $(1)/usr/bin/
+ $(INSTALL_DIR) $(1)/sbin
+ ln -sf /usr/bin/shfsmount $(1)/sbin/mount.shfs
+endef
+
+$(eval $(call KernelPackage,shfs))
+$(eval $(call BuildPackage,shfs-utils))
--- /dev/null
+Index: shfs-0.35/shfs/Linux-2.4/Makefile
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.4/Makefile 2007-06-04 13:22:58.143016200 +0200
++++ shfs-0.35/shfs/Linux-2.4/Makefile 2007-06-04 13:22:58.209006168 +0200
+@@ -1,3 +1,13 @@
++#
++# the original Makefile was trashed and replaced by this one
++# The main reason is that loadable modules should be built with
++# the same compile flags the kernel was built with, so we'd better
++# let the kernel tree build the module for us, like that :
++#
++# make -C $(KERNEL_DIR) SUBDIRS="$(shell pwd)" modules
++# make -C $(KERNEL_DIR) SUBDIRS="$(shell pwd)" modules_install
++#
++
+ ifndef KERNEL
+ KERNEL=$(shell uname -r)
+ endif
+@@ -10,67 +20,29 @@
+ KERNEL_SOURCES=${MODULESDIR}/build
+ endif
+
+-ifeq (${MODVERSIONS},detect)
+- ifeq ($(shell test -e ${KERNEL_SOURCES}/include/linux/modversions.h; echo $$?),0)
+- MODVERSIONS=yes
+- endif
+-endif
+-
+-ifeq (${MODVERSIONS},yes)
+-MVER=-DMODVERSIONS -DEXPORT_SYMTAB
+-endif
+-
+-LINVER=linux-${KERNEL}
+-
+-ALL_TARGETS := shfs.o
+-
+-SEARCHDIRS := -I- -I. -I${KERNEL_SOURCES}/include #-I/usr/src/linux/include/
++all: all-y
+
+-CC := gcc
+-CFLAGS = -O2 -fomit-frame-pointer -fno-strict-aliasing -pipe -Wall ${SEARCHDIRS} -DMODULE ${MVER} -D__KERNEL__ -DLINUX
+-LINKER := ld
+-LDFLAGS = -r
+-LOADLIBES :=
++O_TARGET := shfs.o
+
+-all: ${ALL_TARGETS}
++shfs-objs := dcache.o dir.o fcache.o file.o inode.o ioctl.o proc.o shell.o symlink.o
+
+-%.o: %.c $(wildcard *.h)
+- ${CC} ${CFLAGS} -c $< -o $@
++obj-y := $(shfs-objs)
++obj-m := $(O_TARGET)
+
+-shfs.o: dcache.o dir.o fcache.o file.o inode.o ioctl.o proc.o shell.o symlink.o
+- ${LINKER} ${LDFLAGS} -o $@ ${filter-out %.a %.so, $^} ${LOADLIBES}
+-
+-tidy:
+- ${RM} core dcache.o dir.o fcache.o file.o inode.o ioctl.o proc.o shell.o symlink.o
+-
+-clean: tidy patch-clean
+- ${RM} shfs.o
++-include $(TOPDIR)/Rules.make
+
++all-y:
++ make -C ${KERNEL_SOURCES} TOPDIR="${KERNEL_SOURCES}" SUBDIRS="$(shell pwd)" modules
++
+ install: shfs.o
+ rm -f ${MODULESDIR}/kernel/fs/shfs/shfs.o
+ install -m644 -b -D shfs.o ${MODULESDIR}/kernel/fs/shfs/shfs.o
+- if [ -x /sbin/depmod -a "${ROOT}" = "/" ]; then /sbin/depmod -aq; fi
+
+ uninstall:
+ rm -rf ${MODULESDIR}/kernel/fs/shfs
+- if [ -x /sbin/depmod -a "${ROOT}" = "/" ]; then /sbin/depmod -aq; fi
+
+-patch:
+- rm -rf ${LINVER} ${LINVER}.orig; mkdir ${LINVER};
+- for i in Documentation fs/shfs include/linux; do \
+- mkdir -p ${LINVER}/$$i; \
+- done
+- cp ${KERNEL_SOURCES}/Documentation/Configure.help ${LINVER}/Documentation
+- cp ${KERNEL_SOURCES}/fs/{Makefile,Config.in} ${LINVER}/fs
+- cp -r ${LINVER} ${LINVER}.orig
+- cp ../../Changelog *.c shfs_debug.h proc.h ${LINVER}/fs/shfs/
+- cp shfs.h shfs_fs* ${LINVER}/include/linux/
+- (cd ${LINVER}; patch -p1 <../kernel-config.diff)
+- find . -type f -name "*.orig" -print | xargs rm -f
+- diff -urN ${LINVER}.orig ${LINVER} >${LINVER}.diff; true
+-
+-patch-clean:
+- rm -rf ${LINVER} ${LINVER}.orig;
+- rm -f ${LINVER}.diff
+-
+-.PHONY : all tidy clean install uninstall patch patch-clean
++clean:
++ rm -f core *.o *.a *.s
++
++shfs.o: $(shfs-objs)
++
--- /dev/null
+Index: shfs-0.35/shfs/Linux-2.6/inode.c
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.091024104 +0200
++++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.397977440 +0200
+@@ -337,12 +337,21 @@
+ return -EINVAL;
+ }
+
++#ifdef NEW_VFS_DENTRY_API
++static int
++shfs_get_sb(struct file_system_type *fs_type,
++ int flags, const char *dev_name, void *data, struct vfsmount *mnt)
++{
++ return get_sb_nodev(fs_type, flags, data, shfs_read_super, mnt);
++}
++#else
+ static struct super_block *
+ shfs_get_sb(struct file_system_type *fs_type,
+ int flags, const char *dev_name, void *data)
+ {
+ return get_sb_nodev(fs_type, flags, data, shfs_read_super);
+ }
++#endif
+
+ static struct file_system_type sh_fs_type = {
+ .owner = THIS_MODULE,
+Index: shfs-0.35/shfs/Linux-2.6/file.c
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.6/file.c 2007-06-04 13:22:58.096023344 +0200
++++ shfs-0.35/shfs/Linux-2.6/file.c 2007-06-04 13:22:58.397977440 +0200
+@@ -199,7 +199,7 @@
+ }
+
+ static int
+-shfs_file_flush(struct file *f)
++do_file_flush(struct file *f)
+ {
+ struct dentry *dentry = f->f_dentry;
+ struct shfs_sb_info *info = info_from_dentry(dentry);
+@@ -222,6 +222,16 @@
+ }
+
+ static int
++#ifdef FLUSH_HAS_LOCK_OWNER
++shfs_file_flush(struct file *f, fl_owner_t id)
++#else
++shfs_file_flush(struct file *f)
++#endif
++{
++ return do_file_flush(f);
++}
++
++static int
+ shfs_file_release(struct inode *inode, struct file *f)
+ {
+ struct dentry *dentry = f->f_dentry;
+@@ -311,7 +321,7 @@
+ DEBUG("\n");
+ written = generic_file_write(f, buf, count, offset);
+ if (written > 0) {
+- result = shfs_file_flush(f);
++ result = do_file_flush(f);
+ written = result < 0 ? result: written;
+ }
+
+Index: shfs-0.35/shfs/Linux-2.6/proc.c
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.6/proc.c 2007-06-04 13:22:58.102022432 +0200
++++ shfs-0.35/shfs/Linux-2.6/proc.c 2007-06-04 13:22:58.398977288 +0200
+@@ -570,6 +570,16 @@
+ return result;
+ }
+
++#ifdef NEW_VFS_DENTRY_API
++int
++shfs_statfs(struct dentry *dentry, struct kstatfs *attr)
++{
++ struct shfs_sb_info *info = info_from_sb(dentry->d_sb);
++
++ DEBUG("\n");
++ return info->fops.statfs(info, attr);
++}
++#else
+ int
+ shfs_statfs(struct super_block *sb, struct kstatfs *attr)
+ {
+@@ -578,4 +588,5 @@
+ DEBUG("\n");
+ return info->fops.statfs(info, attr);
+ }
++#endif
+
+Index: shfs-0.35/shfs/Linux-2.6/shfs_fs.h
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.107021672 +0200
++++ shfs-0.35/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.398977288 +0200
+@@ -9,6 +9,12 @@
+
+ #include <linux/ioctl.h>
+ #include <linux/pagemap.h>
++#include <linux/version.h>
++
++#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,17)
++#define NEW_VFS_DENTRY_API
++#define FLUSH_HAS_LOCK_OWNER
++#endif
+
+ #define SHFS_MAX_AGE(info) (((info)->ttl * HZ) / 1000)
+ #define SOCKBUF_SIZE (SHFS_PATH_MAX * 10)
+@@ -101,7 +107,12 @@
+ void set_garbage(struct shfs_sb_info *info, int write, int count);
+ int get_name(struct dentry *d, char *name);
+ int shfs_notify_change(struct dentry *dentry, struct iattr *attr);
++
++#ifdef NEW_VFS_DENTRY_API
++int shfs_statfs(struct dentry *dentry, struct kstatfs *attr);
++#else
+ int shfs_statfs(struct super_block *sb, struct kstatfs *attr);
++#endif
+
+ /* shfs/inode.c */
+ void shfs_set_inode_attr(struct inode *inode, struct shfs_fattr *fattr);
+Index: shfs-0.35/shfs/Linux-2.6/symlink.c
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.6/symlink.c 2007-06-04 13:22:58.113020760 +0200
++++ shfs-0.35/shfs/Linux-2.6/symlink.c 2007-06-04 13:22:58.398977288 +0200
+@@ -41,7 +41,7 @@
+ return result;
+ }
+
+-static int
++static void *
+ shfs_follow_link(struct dentry *dentry, struct nameidata *nd)
+ {
+ struct shfs_sb_info *info = info_from_dentry(dentry);
+@@ -61,7 +61,7 @@
+ DEBUG("%s\n", real_name);
+ result = vfs_follow_link(nd, real_name);
+ error:
+- return result;
++ return NULL;
+ }
+
+ struct inode_operations shfs_symlink_inode_operations = {
+Index: shfs-0.35/shfs/Linux-2.6/dcache.c
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.6/dcache.c 2007-06-04 13:22:58.121019544 +0200
++++ shfs-0.35/shfs/Linux-2.6/dcache.c 2007-06-04 13:22:58.398977288 +0200
+@@ -68,7 +68,7 @@
+ spin_lock(&dcache_lock);
+ next = parent->d_subdirs.next;
+ while (next != &parent->d_subdirs) {
+- dentry = list_entry(next, struct dentry, d_child);
++ dentry = list_entry(next, struct dentry, d_u.d_child);
+ dentry->d_fsdata = NULL;
+ shfs_age_dentry(info, dentry);
+ next = next->next;
+@@ -101,7 +101,7 @@
+ spin_lock(&dcache_lock);
+ next = parent->d_subdirs.next;
+ while (next != &parent->d_subdirs) {
+- dent = list_entry(next, struct dentry, d_child);
++ dent = list_entry(next, struct dentry, d_u.d_child);
+ if ((unsigned long)dent->d_fsdata == fpos) {
+ if (dent->d_inode)
+ dget_locked(dent);
--- /dev/null
+Index: shfs-0.35/shfs/Linux-2.6/inode.c
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.397977440 +0200
++++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.637940960 +0200
+@@ -8,6 +8,7 @@
+ #include <linux/modversions.h>
+ #endif
+
++#include <linux/version.h>
+ #include <linux/kernel.h>
+ #include <linux/module.h>
+ #include <linux/init.h>
+@@ -118,6 +119,9 @@
+ }
+ KMEM_FREE("inode", inode_cache, i);
+ out:
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,13))
++ truncate_inode_pages(&inode->i_data, 0);
++#endif
+ clear_inode(inode);
+ }
+
--- /dev/null
+Index: shfs-0.35/shfs/Linux-2.6/dir.c
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.6/dir.c 2007-06-04 13:22:58.041031704 +0200
++++ shfs-0.35/shfs/Linux-2.6/dir.c 2007-06-04 13:22:58.822912840 +0200
+@@ -19,6 +19,8 @@
+ #include "shfs_debug.h"
+ #include "proc.h"
+
++static struct dentry_operations shfs_dentry_operations;
++
+ static int
+ shfs_dir_open(struct inode *inode, struct file *filp)
+ {
+Index: shfs-0.35/shfs/Linux-2.6/shfs_fs.h
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.398977288 +0200
++++ shfs-0.35/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.823912688 +0200
+@@ -56,7 +56,6 @@
+ #define ROUND_TO_MINS(x) do { (x).tv_sec = ((x).tv_sec / 60) * 60; (x).tv_nsec = 0; } while (0)
+
+ /* shfs/dir.c */
+-extern struct dentry_operations shfs_dentry_operations;
+ extern struct file_operations shfs_dir_operations;
+ extern struct inode_operations shfs_dir_inode_operations;
+ extern void shfs_new_dentry(struct dentry *dentry);
--- /dev/null
+Index: shfs-0.35/shfs/Linux-2.6/fcache.c
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.6/fcache.c 2007-06-04 13:22:57.997038392 +0200
++++ shfs-0.35/shfs/Linux-2.6/fcache.c 2007-06-04 13:22:59.019882896 +0200
+@@ -100,7 +100,11 @@
+ VERBOSE("dir in file cache?\n");
+ return -EINVAL;
+ }
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ p = (struct shfs_inode_info *)inode->i_private;
++#else
+ p = (struct shfs_inode_info *)inode->u.generic_ip;
++#endif
+ if (!p) {
+ VERBOSE("inode without info\n");
+ return -EINVAL;
+@@ -127,7 +131,11 @@
+ VERBOSE("dir in file cache?\n");
+ return -EINVAL;
+ }
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ p = (struct shfs_inode_info *)inode->i_private;
++#else
+ p = (struct shfs_inode_info *)inode->u.generic_ip;
++#endif
+ if (!p) {
+ VERBOSE("inode without info\n");
+ return -EINVAL;
+@@ -160,7 +168,11 @@
+ if (result == 0) {
+ struct shfs_inode_info *p;
+
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ p = (struct shfs_inode_info *)f->f_dentry->d_inode->i_private;
++#else
+ p = (struct shfs_inode_info *)f->f_dentry->d_inode->u.generic_ip;
++#endif
+ if (!p) {
+ VERBOSE("inode without info\n");
+ return -EINVAL;
+@@ -184,7 +196,11 @@
+ return -EINVAL;
+ }
+ DEBUG("ino: %lu\n", inode->i_ino);
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ p = (struct shfs_inode_info *)inode->i_private;
++#else
+ p = (struct shfs_inode_info *)inode->u.generic_ip;
++#endif
+ if (!p) {
+ VERBOSE("inode without info\n");
+ return -EINVAL;
+@@ -226,7 +242,11 @@
+ VERBOSE("dir in file cache?\n");
+ return -EINVAL;
+ }
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ p = (struct shfs_inode_info *)inode->i_private;
++#else
+ p = (struct shfs_inode_info *)inode->u.generic_ip;
++#endif
+ if (!p) {
+ VERBOSE("inode without info\n");
+ return -EINVAL;
+@@ -327,7 +347,11 @@
+ VERBOSE("dir in file cache?\n");
+ return -EINVAL;
+ }
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ p = (struct shfs_inode_info *)inode->i_private;
++#else
+ p = (struct shfs_inode_info *)inode->u.generic_ip;
++#endif
+ if (!p) {
+ VERBOSE("inode without info\n");
+ return -EINVAL;
+Index: shfs-0.35/shfs/Linux-2.6/inode.c
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.637940960 +0200
++++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-04 13:22:59.020882744 +0200
+@@ -36,7 +36,11 @@
+ shfs_set_inode_attr(struct inode *inode, struct shfs_fattr *fattr)
+ {
+ struct shfs_sb_info *info = info_from_inode(inode);
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ struct shfs_inode_info *i = inode->i_private;
++#else
+ struct shfs_inode_info *i = inode->u.generic_ip;
++#endif
+ struct timespec last_time = inode->i_mtime;
+ loff_t last_size = inode->i_size;
+
+@@ -53,7 +57,9 @@
+ inode->i_ctime = fattr->f_ctime;
+ inode->i_atime = fattr->f_atime;
+ inode->i_mtime = fattr->f_mtime;
++#ifdef STRUCT_INODE_HAS_I_BLKSIZE
+ inode->i_blksize= fattr->f_blksize;
++#endif
+ inode->i_blocks = fattr->f_blocks;
+ inode->i_size = fattr->f_size;
+
+@@ -76,7 +82,11 @@
+ if (!inode)
+ return NULL;
+ inode->i_ino = fattr->f_ino;
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ i = inode->i_private = (struct shfs_inode_info *)KMEM_ALLOC("inode", inode_cache, GFP_KERNEL);
++#else
+ i = inode->u.generic_ip = (struct shfs_inode_info *)KMEM_ALLOC("inode", inode_cache, GFP_KERNEL);
++#endif
+ if (!i)
+ return NULL;
+ i->cache = NULL;
+@@ -108,7 +118,11 @@
+ struct shfs_inode_info *i;
+
+ DEBUG("ino: %lu\n", inode->i_ino);
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ i = (struct shfs_inode_info *)inode->i_private;
++#else
+ i = (struct shfs_inode_info *)inode->u.generic_ip;
++#endif
+ if (!i) {
+ VERBOSE("invalid inode\n");
+ goto out;
+@@ -176,7 +190,11 @@
+ {
+ struct shfs_sb_info *info = info_from_dentry(dentry);
+ struct inode *inode = dentry->d_inode;
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ struct shfs_inode_info *i = (struct shfs_inode_info *)inode->i_private;
++#else
+ struct shfs_inode_info *i = (struct shfs_inode_info *)inode->u.generic_ip;
++#endif
+ int result;
+
+ DEBUG("%s\n", dentry->d_name.name);
+Index: shfs-0.35/shfs/Linux-2.6/dir.c
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.6/dir.c 2007-06-04 13:22:58.822912840 +0200
++++ shfs-0.35/shfs/Linux-2.6/dir.c 2007-06-04 13:22:59.020882744 +0200
+@@ -302,8 +302,13 @@
+
+ shfs_invalid_dir_cache(dir);
+ result = shfs_instantiate(dentry);
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ if (forced_write && dentry->d_inode && dentry->d_inode->i_private)
++ ((struct shfs_inode_info *)dentry->d_inode->i_private)->unset_write_on_close = 1;
++#else
+ if (forced_write && dentry->d_inode && dentry->d_inode->u.generic_ip)
+ ((struct shfs_inode_info *)dentry->d_inode->u.generic_ip)->unset_write_on_close = 1;
++#endif
+ return result;
+ }
+
+Index: shfs-0.35/shfs/Linux-2.6/file.c
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.6/file.c 2007-06-04 13:22:58.397977440 +0200
++++ shfs-0.35/shfs/Linux-2.6/file.c 2007-06-04 13:22:59.020882744 +0200
+@@ -90,7 +90,11 @@
+ struct dentry *dentry = f->f_dentry;
+ struct shfs_sb_info *info = info_from_dentry(dentry);
+ struct inode *inode = p->mapping->host;
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ struct shfs_inode_info *i = (struct shfs_inode_info *)inode->i_private;
++#else
+ struct shfs_inode_info *i = (struct shfs_inode_info *)inode->u.generic_ip;
++#endif
+ char *buffer = kmap(p) + offset;
+ int written = 0, result;
+ unsigned count = to - offset;
+@@ -252,8 +256,13 @@
+ }
+ }
+ /* if file was forced to be writeable, change attrs back on close */
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ if (dentry->d_inode && dentry->d_inode->i_private) {
++ if (((struct shfs_inode_info *)dentry->d_inode->i_private)->unset_write_on_close) {
++#else
+ if (dentry->d_inode && dentry->d_inode->u.generic_ip) {
+ if (((struct shfs_inode_info *)dentry->d_inode->u.generic_ip)->unset_write_on_close) {
++#endif
+ char name[SHFS_PATH_MAX];
+
+ if (get_name(dentry, name) < 0)
+@@ -302,7 +311,8 @@
+ goto error;
+ }
+ if (result != 0) {
+- copy_to_user(buf, (char *)page, result);
++ if (copy_to_user(buf, (char *)page, result))
++ goto error;
+ *ppos += result;
+ }
+ error:
+@@ -315,11 +325,15 @@
+ static ssize_t
+ shfs_slow_write(struct file *f, const char *buf, size_t count, loff_t *offset)
+ {
+- int written = 0;
++ ssize_t written = 0;
+ int result;
+
+ DEBUG("\n");
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ written = do_sync_write(f, buf, count, offset);
++#else
+ written = generic_file_write(f, buf, count, offset);
++#endif
+ if (written > 0) {
+ result = do_file_flush(f);
+ written = result < 0 ? result: written;
+@@ -330,14 +344,23 @@
+
+ struct file_operations shfs_file_operations = {
+ .llseek = generic_file_llseek,
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ .read = do_sync_read,
++ .write = do_sync_write,
++#else
+ .read = generic_file_read,
+ .write = generic_file_write,
++#endif
+ .ioctl = shfs_ioctl,
+ .mmap = generic_file_mmap,
+ .open = shfs_file_open,
+ .flush = shfs_file_flush,
+ .release = shfs_file_release,
+ .fsync = shfs_file_sync,
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ .aio_read = generic_file_aio_read,
++ .aio_write = generic_file_aio_write,
++#endif
+ };
+
+ struct file_operations shfs_slow_operations = {
+Index: shfs-0.35/shfs/Linux-2.6/proc.c
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.6/proc.c 2007-06-04 13:22:58.398977288 +0200
++++ shfs-0.35/shfs/Linux-2.6/proc.c 2007-06-04 13:22:59.021882592 +0200
+@@ -149,7 +149,12 @@
+ {
+ struct file *f = info->sock;
+ mm_segment_t fs;
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ ssize_t result = 0;
++ loff_t begin;
++#else
+ int c, result = 0;
++#endif
+ unsigned long flags, sigpipe;
+ sigset_t old_set;
+
+@@ -161,7 +166,9 @@
+ return result;
+ }
+
++#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19))
+ c = count;
++#endif
+
+ fs = get_fs();
+ set_fs(get_ds());
+@@ -173,6 +180,16 @@
+ SIGRECALC;
+ SIGUNLOCK(flags);
+
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ begin = f->f_pos;
++ result = do_sync_write(f, buffer, count, &f->f_pos);
++
++ if (result < 0) {
++ DEBUG("error: %d\n", result);
++ fput(f);
++ info->sock = NULL;
++ }
++#else
+ do {
+ struct iovec vec[1];
+
+@@ -190,6 +207,7 @@
+ buffer += result;
+ c -= result;
+ } while (c > 0);
++#endif
+
+ SIGLOCK(flags);
+ if (result == -EPIPE && !sigpipe) {
+@@ -204,7 +222,11 @@
+
+ DEBUG(">%d\n", result);
+ if (result < 0)
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ set_garbage(info, 1, count - (f->f_pos - begin));
++#else
+ set_garbage(info, 1, c);
++#endif
+ else
+ result = count;
+ return result;
+@@ -222,6 +244,9 @@
+ int c, result = 0;
+ unsigned long flags, sigpipe;
+ sigset_t old_set;
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ loff_t begin;
++#endif
+
+ if (!f)
+ return -EIO;
+@@ -256,6 +281,20 @@
+ fs = get_fs();
+ set_fs(get_ds());
+
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ begin = f->f_pos;
++ result = do_sync_read(f, buffer, c, &f->f_pos);
++
++ if (!result) {
++ /* peer has closed socket */
++ result = -EIO;
++ }
++ if (result < 0) {
++ DEBUG("error: %d\n", result);
++ fput(f);
++ info->sock = NULL;
++ }
++#else
+ do {
+ struct iovec vec[1];
+
+@@ -277,6 +316,7 @@
+ buffer += result;
+ c -= result;
+ } while (c > 0);
++#endif
+
+ SIGLOCK(flags);
+ if (result == -EPIPE && !sigpipe) {
+@@ -291,7 +331,11 @@
+
+ DEBUG("<%d\n", result);
+ if (result < 0)
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ set_garbage(info, 0, count - (f->f_pos - begin));
++#else
+ set_garbage(info, 0, c);
++#endif
+ else
+ result = count;
+ return result;
+@@ -316,8 +360,10 @@
+ return result;
+ }
+ while (1) {
++#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19))
+ struct iovec vec[1];
+
++#endif
+ nl = memchr(BUFFER, '\n', LEN);
+ if (nl) {
+ *nl = '\0';
+@@ -348,9 +394,13 @@
+ fs = get_fs();
+ set_fs(get_ds());
+
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
++ result = do_sync_read(f, BUFFER+LEN, c, &f->f_pos);
++#else
+ vec[0].iov_base = BUFFER+LEN;
+ vec[0].iov_len = c;
+ result = f->f_op->readv(f, (const struct iovec *)&vec, 1, &f->f_pos);
++#endif
+ SIGLOCK(flags);
+ if (result == -EPIPE && !sigpipe) {
+ sigdelset(¤t->pending.signal, SIGPIPE);
--- /dev/null
+Index: shfs-0.35/shfs/Linux-2.4/shell.c
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.4/shell.c 2007-06-04 13:22:57.970042496 +0200
++++ shfs-0.35/shfs/Linux-2.4/shell.c 2007-06-04 13:22:59.249847936 +0200
+@@ -213,6 +213,7 @@
+ int c = 0;
+ int is_space = 1;
+ int device = 0;
++ char *start = s;
+
+ while (*s) {
+ if (c == DIR_COLS)
+@@ -227,17 +228,20 @@
+ s++;
+ }
+ *s = '\0';
++ start = s+1;
+ is_space = 1;
++ } else {
++ if (c != DIR_NAME)
++ start = s+1;
+ }
+ } else {
+ if (is_space) {
+ /* (b)lock/(c)haracter device hack */
+- col[c++] = s;
++ col[c++] = start;
+ is_space = 0;
+ if ((c-1 == DIR_PERM) && ((*s == 'b')||(*s == 'c'))) {
+ device = 1;
+ }
+-
+ }
+ }
+ s++;
+Index: shfs-0.35/shfs/Linux-2.6/shell.c
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.6/shell.c 2007-06-04 13:22:57.977041432 +0200
++++ shfs-0.35/shfs/Linux-2.6/shell.c 2007-06-04 13:22:59.249847936 +0200
+@@ -225,6 +225,7 @@
+ int c = 0;
+ int is_space = 1;
+ int device = 0;
++ char *start = s;
+
+ while (*s) {
+ if (c == DIR_COLS)
+@@ -239,17 +240,20 @@
+ s++;
+ }
+ *s = '\0';
++ start = s+1;
+ is_space = 1;
++ } else {
++ if (c != DIR_NAME)
++ start = s+1;
+ }
+ } else {
+ if (is_space) {
+ /* (b)lock/(c)haracter device hack */
+- col[c++] = s;
++ col[c++] = start;
+ is_space = 0;
+ if ((c-1 == DIR_PERM) && ((*s == 'b')||(*s == 'c'))) {
+ device = 1;
+ }
+-
+ }
+ }
+ s++;
--- /dev/null
+Index: shfs-0.35/shfs/Linux-2.4/shfs_fs_sb.h
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.4/shfs_fs_sb.h 2007-06-04 13:22:57.941046904 +0200
++++ shfs-0.35/shfs/Linux-2.4/shfs_fs_sb.h 2007-06-04 13:22:59.448817688 +0200
+@@ -38,10 +38,10 @@
+ struct shfs_fileops fops;
+ int version;
+ int ttl;
+- __kernel_uid_t uid;
+- __kernel_gid_t gid;
+- __kernel_mode_t root_mode;
+- __kernel_mode_t fmask;
++ uid_t uid;
++ gid_t gid;
++ mode_t root_mode;
++ mode_t fmask;
+ char mount_point[SHFS_PATH_MAX];
+ struct semaphore sock_sem; /* next 4 vars are guarded */
+ struct file *sock;
+Index: shfs-0.35/shfs/Linux-2.6/shfs_fs_sb.h
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.6/shfs_fs_sb.h 2007-06-04 13:22:57.949045688 +0200
++++ shfs-0.35/shfs/Linux-2.6/shfs_fs_sb.h 2007-06-04 13:22:59.449817536 +0200
+@@ -38,10 +38,10 @@
+ struct shfs_fileops fops;
+ int version;
+ int ttl;
+- __kernel_uid_t uid;
+- __kernel_gid_t gid;
+- __kernel_mode_t root_mode;
+- __kernel_mode_t fmask;
++ uid_t uid;
++ gid_t gid;
++ mode_t root_mode;
++ mode_t fmask;
+ char mount_point[SHFS_PATH_MAX];
+ struct semaphore sock_sem; /* next 4 vars are guarded */
+ struct file *sock;
--- /dev/null
+Index: shfs-0.35/shfs/Linux-2.4/shell.c
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.4/shell.c 2007-06-04 13:22:59.249847936 +0200
++++ shfs-0.35/shfs/Linux-2.4/shell.c 2007-06-04 13:22:59.643788048 +0200
+@@ -961,11 +961,11 @@
+
+ s = info->sockbuf;
+ if ((p = strsep(&s, " ")))
+- attr->f_blocks = simple_strtoull(p, NULL, 10);
++ attr->f_blocks = simple_strtoull(p, NULL, 10) >> 2;
+ if ((p = strsep(&s, " ")))
+- attr->f_bfree = attr->f_blocks - simple_strtoull(p, NULL, 10);
++ attr->f_bfree = attr->f_blocks - (simple_strtoull(p, NULL, 10) >> 2);
+ if ((p = strsep(&s, " ")))
+- attr->f_bavail = simple_strtoull(p, NULL, 10);
++ attr->f_bavail = simple_strtoull(p, NULL, 10) >> 2;
+
+ result = sock_readln(info, info->sockbuf, SOCKBUF_SIZE);
+ if (result < 0)
+Index: shfs-0.35/shfs/Linux-2.6/shell.c
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.6/shell.c 2007-06-04 13:22:59.249847936 +0200
++++ shfs-0.35/shfs/Linux-2.6/shell.c 2007-06-04 13:22:59.643788048 +0200
+@@ -974,11 +974,11 @@
+
+ s = info->sockbuf;
+ if ((p = strsep(&s, " ")))
+- attr->f_blocks = simple_strtoull(p, NULL, 10);
++ attr->f_blocks = simple_strtoull(p, NULL, 10) >> 2;
+ if ((p = strsep(&s, " ")))
+- attr->f_bfree = attr->f_blocks - simple_strtoull(p, NULL, 10);
++ attr->f_bfree = attr->f_blocks - (simple_strtoull(p, NULL, 10) >> 2);
+ if ((p = strsep(&s, " ")))
+- attr->f_bavail = simple_strtoull(p, NULL, 10);
++ attr->f_bavail = simple_strtoull(p, NULL, 10) >> 2;
+
+ result = sock_readln(info, info->sockbuf, SOCKBUF_SIZE);
+ if (result < 0)
--- /dev/null
+Index: shfs-0.35/shfsmount/shfsmount.c
+===================================================================
+--- shfs-0.35.orig/shfsmount/shfsmount.c 2007-06-04 13:22:57.883055720 +0200
++++ shfs-0.35/shfsmount/shfsmount.c 2007-06-04 13:22:59.838758408 +0200
+@@ -74,7 +74,7 @@
+ static int have_uid = 0;
+
+ /* do not update /etc/mtab */
+-static int nomtab = 0;
++static int nomtab = 1;
+
+ /* preserve owner of files */
+ static int preserve = 0;
+Index: shfs-0.35/shfsmount/shfsumount.c
+===================================================================
+--- shfs-0.35.orig/shfsmount/shfsumount.c 2007-06-04 13:22:57.890054656 +0200
++++ shfs-0.35/shfsmount/shfsumount.c 2007-06-04 13:22:59.838758408 +0200
+@@ -67,10 +67,6 @@
+ FILE *new_mtab;
+ struct mntent *ment;
+
+- if ((fd = open(MOUNTED"~", O_RDWR|O_CREAT|O_EXCL, 0600)) == -1) {
+- fprintf(stderr, "Can't get "MOUNTED"~ lock file");
+- return 0;
+- }
+ close(fd);
+ if ((mtab = setmntent(MOUNTED, "r")) == NULL) {
+ fprintf(stderr, "Can't open " MOUNTED ": %s\n", strerror(errno));
--- /dev/null
+Index: shfs-0.35/shfs/Linux-2.6/dir.c
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.6/dir.c 2007-06-17 04:08:32.449815896 +0200
++++ shfs-0.35/shfs/Linux-2.6/dir.c 2007-06-17 04:08:41.766399560 +0200
+@@ -13,6 +13,7 @@
+ #include <asm/uaccess.h>
+ #include <linux/smp_lock.h>
+ #include <linux/stat.h>
++#include <linux/jiffies.h>
+
+ #include "shfs_fs.h"
+ #include "shfs_fs_i.h"
+Index: shfs-0.35/shfs/Linux-2.6/inode.c
+===================================================================
+--- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-17 04:09:01.961329464 +0200
++++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-17 04:13:08.501849608 +0200
+@@ -15,6 +15,9 @@
+ #include <asm/uaccess.h>
+ #include <linux/file.h>
+ #include <linux/smp_lock.h>
++#include <linux/jiffies.h>
++#include <linux/sched.h>
++#include <asm/current.h>
+
+ #include "shfs_fs.h"
+ #include "shfs_fs_sb.h"
--- /dev/null
+#
+# Copyright (C) 2006 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+# $Id$
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=strongswan
+PKG_VERSION:=2.8.2
+PKG_RELEASE:=2
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:=http://download.strongswan.org/
+PKG_MD5SUM:=57427f5b48123851a73b10d78dd4f8d6
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/strongswan/Default
+ TITLE:=strongSwan
+ DEPENDS:=@LINUX_2_4
+ URL:=http://www.strongswan.org/
+endef
+
+define Package/strongswan/Default/description
+ strongSwan is an IPsec implementation for Linux.
+endef
+
+define Package/strongswan
+$(call Package/strongswan/Default)
+ SECTION:=net
+ CATEGORY:=Network
+ DEPENDS:=+kmod-strongswan +libgmp @LINUX_2_4
+ TITLE+= (daemon)
+endef
+
+define Package/strongswan/description
+$(call Package/strongswan/Default/description)
+ This package contains the strongSwan user-land daemon.
+endef
+
+define KernelPackage/strongswan
+$(call Package/strongswan/Default)
+ SUBMENU:=Network Support
+ TITLE+= (kernel module)
+ DEPENDS:=@LINUX_2_4
+ FILES:=$(PKG_BUILD_DIR)/linux/net/ipsec/ipsec.$(LINUX_KMOD_SUFFIX)
+ AUTOLOAD:=$(call AutoLoad,50,ipsec)
+endef
+
+define KernelPackage/strongswan/description
+$(call Package/strongswan/Default/description)
+ This package contains the strongSwan kernel module.
+endef
+
+PKG_MAKE_OPTS:= \
+ LINUX_RELEASE="$(LINUX_RELEASE)" \
+ KERNELSRC="$(LINUX_DIR)" \
+ ARCH="$(LINUX_KARCH)" \
+ CROSS_COMPILE="$(TARGET_CROSS)" \
+ USERCOMPILE="$(TARGET_CFLAGS) -I./linux/include $(TARGET_CPPFLAGS) $(TARGET_LDFLAGS)" \
+ IPSECDIR="/usr/lib/ipsec" \
+ INC_USRLOCAL="/usr" \
+
+define Build/Compile
+ $(MAKE) -C $(PKG_BUILD_DIR) \
+ $(TARGET_CONFIGURE_OPTS) \
+ $(PKG_MAKE_OPTS) \
+ LDFLAGS="$(TARGET_LDFLAGS)" \
+ DESTDIR="$(PKG_INSTALL_DIR)" \
+ programs module install
+endef
+
+define Package/strongswan/install
+ $(CP) $(PKG_INSTALL_DIR)/* $(1)
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_DIR) $(1)/etc/cron.tick
+ $(INSTALL_DIR) $(1)/etc/hotplug.d/iface
+ $(INSTALL_DIR) $(1)/etc/hotplug.d/button
+ $(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec
+ $(INSTALL_BIN) ./files/ipsec.cron $(1)/etc/cron.tick/ipsec-wakeup
+ $(INSTALL_BIN) ./files/ipsec.iface $(1)/etc/hotplug.d/iface/65-ipsec
+ $(INSTALL_BIN) ./files/ipsec.button $(1)/etc/hotplug.d/button/65-ipsec
+ $(INSTALL_DATA) ./files/ipsec.config $(1)/etc/config/ipsec
+ $(INSTALL_DATA) ./files/ipsec.conf $(1)/etc/ipsec.conf
+ rm -rf $(1)/usr/share
+ rm -rf $(1)/usr/man
+ rm -rf $(1)/var
+ rm -rf $(1)/etc/rc.d
+ find $(1) -name \*.old | xargs rm -rf
+endef
+
+$(eval $(call BuildPackage,strongswan))
+$(eval $(call KernelPackage,strongswan))
--- /dev/null
+#!/bin/sh
+
+# snarf the code that loads the config values
+# since we also load the functions, might as well save the shell calls
+. /etc/init.d/ipsec
+
+[ -n "$IPSEC_RESET_BUTTON" -a "$BUTTON" = "$IPSEC_RESET_BUTTON" ] || exit
+
+if [ ! -e /var/run/pluto.pid ] ; then
+
+ [ "$ACTION" = "pressed" ] && start
+
+else
+
+ if [ "$ACTION" = "pressed" ] ; then
+
+ stop
+
+ elif [ "$ACTION" = "released" ] ; then
+
+ while [ -e /var/run/pluto.pid ] ; do
+ sleep 1
+ done
+
+ while ps auxww | grep ipsec | grep -v grep ; do
+ sleep 1
+ done
+
+ start
+
+ fi
+
+fi
+
--- /dev/null
+
+version 2.0
+
+config setup
+ interfaces=%defaultroute
+ nat_traversal=yes # required on both ends
+ uniqueids=yes # makes sense on client, not server
+ hidetos=no
+
+conn %default
+ authby=rsasig
+ keyingtries=3
+ keyexchange=ike
+ left=%defaultroute
+ leftrsasigkey=%cert
+ rightrsasigkey=%cert
+ dpdtimeout=30 # keepalive must arrive within
+ dpddelay=5 # secs before keepalives start
+ compress=no # breaks double nat installations
+ pfs=yes
+
+conn sample
+ leftca=%same
+ leftcert=my.certificate.crt
+ leftsourceip=192.168.10.1
+ leftsubnet=192.168.10.0/24
+ right=my.vpn.concentrator.net.
+ rightca=%same
+ rightid="C=??, ST=??, O=??, OU=??, CN=my.vpn.concentrator.net, E=root@concentrator.net"
+ rightsourceip=192.168.11.1
+ rightsubnet=192.168.11.0/24
+ dpdaction=hold
+ auto=start
+
--- /dev/null
+
+# Configure button/light behavior here.
+config device
+ option reset_button ses
+ option status_start ses_orange
+ option status_valid ses_white
+
+# iptables setup for traffic to/from this host
+config filter
+ option rule_in input_rule
+ option dest_in ACCEPT
+ option rule_out output_rule
+ option dest_out ACCEPT
+
+# iptables setup for traffic to/from another host
+config forward
+ option rule_in forwarding_rule
+ option dest_in forwarding_vpn_in
+ option rule_out forwarding_rule
+ option dest_out forwarding_vpn_out
+
--- /dev/null
+#!/bin/sh
+/usr/sbin/ipsec wakeup
--- /dev/null
+NAME=ipsec
+CTLFILE="/var/run/pluto.ctl"
+
+[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] || exit
+
+[ -e "$CTLFILE" ] || exit
+
+/etc/init.d/ipsec update
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+START=65
+
+config_cb() {
+ local cfg="$CONFIG_SECTION"
+ local cfgt
+ config_get cfgt "$cfg" TYPE
+
+ case "$cfgt" in
+ device)
+ config_get IPSEC_RESET_BUTTON $cfg reset_button
+ config_get IPSEC_STATUS_LED_START $cfg status_start
+ config_get IPSEC_STATUS_LED_VALID $cfg status_valid
+ ;;
+ filter)
+ config_get IPSEC_UPDOWN_RULE_IN $cfg rule_in
+ config_get IPSEC_UPDOWN_DEST_IN $cfg dest_in
+ config_get IPSEC_UPDOWN_RULE_OUT $cfg rule_out
+ config_get IPSEC_UPDOWN_DEST_OUT $cfg dest_out
+ ;;
+ forward)
+ config_get IPSEC_UPDOWN_FWD_RULE_IN $cfg rule_in
+ config_get IPSEC_UPDOWN_FWD_DEST_IN $cfg dest_in
+ config_get IPSEC_UPDOWN_FWD_RULE_OUT $cfg rule_out
+ config_get IPSEC_UPDOWN_FWD_DEST_OUT $cfg dest_out
+ ;;
+ *)
+ ;;
+ esac
+}
+
+config_load ipsec
+
+export IPSEC_RESET_BUTTON
+export IPSEC_STATUS_LED_START
+export IPSEC_STATUS_LED_VALID
+
+export IPSEC_UPDOWN_RULE_IN
+export IPSEC_UPDOWN_DEST_IN
+export IPSEC_UPDOWN_RULE_OUT
+export IPSEC_UPDOWN_DEST_OUT
+
+export IPSEC_UPDOWN_FWD_RULE_IN
+export IPSEC_UPDOWN_FWD_DEST_IN
+export IPSEC_UPDOWN_FWD_RULE_OUT
+export IPSEC_UPDOWN_FWD_DEST_OUT
+
+
+start() {
+
+ [ -f /etc/ipsec.conf ] || exit
+ [ -e /var/run/starter.pid ] && exit
+
+ /usr/sbin/ipsec _showstatus start
+
+ # stuff the dnsmasq cache in case dns is on our own subnet
+ for peer in `grep left= /etc/ipsec.conf | \
+ cut -f 1 -d% | cut -f 2 -d=` ; do
+ ping -c 1 $peer > /dev/null 2>&1
+ done
+
+ /usr/sbin/ipsec start || exit
+
+ # work around broken routing behavior:
+ # a route to the local wan segment will appear
+ # the need was removed in the patched _updown script
+
+ while ! route -n | grep -q ipsec ; do sleep 1 ; done
+
+ defint=`route -n | awk '/^0.0.0.0/{print $8}'`
+ defnet=`route -n | grep $defint | awk '!/^0.0.0.0/{print $1}'`
+ dnmask=`route -n | grep $defint | awk '!/^0.0.0.0/{print $3}'`
+ tundev=`route -n | grep $defnet | awk '/ipsec/{print $8}'`
+
+ route del -net $defnet netmask $dnmask dev $tundev
+}
+
+
+stop() {
+
+ /usr/sbin/ipsec stop 2> /dev/null
+
+ # wait until the shutdown actually happens
+ while [ -e /var/run/starter.pid ] ; do
+ if [ -d /proc/`cat /var/run/starter.pid` ] ; then
+ sleep 1
+ else
+ rm /var/run/starter.pid
+ fi
+ done
+
+ # kill any lingering processes
+ while ps auxww | grep -q ipsec | grep -v init.d; do
+ kill `ps auxww | grep -v init.d | awk '/\/ipsec\//{print $1}'` 2> /dev/null
+ sleep 1
+ done
+
+ ipsec _showstatus stop
+}
+
--- /dev/null
+Index: strongswan-2.8.2/lib/libcrypto/libaes/Makefile
+===================================================================
+--- strongswan-2.8.2.orig/lib/libcrypto/libaes/Makefile 2007-06-04 13:23:04.777007680 +0200
++++ strongswan-2.8.2/lib/libcrypto/libaes/Makefile 2007-06-04 13:23:04.873992936 +0200
+@@ -25,10 +25,8 @@
+
+ $(BLIB): $(LIBOBJ)
+ /bin/rm -f $(BLIB)
+- ar cr $(BLIB) $(LIBOBJ)
+- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
+- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
+- else exit 0; fi; fi
++ $(AR) cr $(BLIB) $(LIBOBJ)
++ $(RANLIB) $(BLIB)
+
+ testx: test_main_mac.o $(BLIB)
+ $(CC) -o $@ $^
+Index: strongswan-2.8.2/lib/libcrypto/libblowfish/Makefile
+===================================================================
+--- strongswan-2.8.2.orig/lib/libcrypto/libblowfish/Makefile 2007-06-04 13:23:04.783006768 +0200
++++ strongswan-2.8.2/lib/libcrypto/libblowfish/Makefile 2007-06-04 13:23:04.873992936 +0200
+@@ -58,7 +58,7 @@
+ lib: $(LIB)
+
+ $(LIB): $(LIBOBJ)
+- $(AR) $(LIB) $(LIBOBJ)
++ $(AR) -r $(LIB) $(LIBOBJ)
+ $(RANLIB) $(LIB)
+
+ # elf
+Index: strongswan-2.8.2/lib/libcrypto/libserpent/Makefile
+===================================================================
+--- strongswan-2.8.2.orig/lib/libcrypto/libserpent/Makefile 2007-06-04 13:23:04.790005704 +0200
++++ strongswan-2.8.2/lib/libcrypto/libserpent/Makefile 2007-06-04 13:23:04.873992936 +0200
+@@ -8,10 +8,8 @@
+
+ $(BLIB): $(LIBOBJ)
+ /bin/rm -f $(BLIB)
+- ar cr $(BLIB) $(LIBOBJ)
+- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
+- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
+- else exit 0; fi; fi
++ $(AR) cr $(BLIB) $(LIBOBJ)
++ $(RANLIB) $(BLIB)
+
+ test: test_main.o $(BLIB)
+ $(CC) -o $@ $^
+Index: strongswan-2.8.2/lib/libcrypto/libsha2/Makefile
+===================================================================
+--- strongswan-2.8.2.orig/lib/libcrypto/libsha2/Makefile 2007-06-04 13:23:04.796004792 +0200
++++ strongswan-2.8.2/lib/libcrypto/libsha2/Makefile 2007-06-04 13:23:04.874992784 +0200
+@@ -9,10 +9,8 @@
+
+ $(BLIB): $(LIBOBJ)
+ /bin/rm -f $(BLIB)
+- ar cr $(BLIB) $(LIBOBJ)
+- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
+- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
+- else exit 0; fi; fi
++ $(AR) cr $(BLIB) $(LIBOBJ)
++ $(RANLIB) $(BLIB)
+
+ test: test_main.o $(BLIB)
+ $(CC) -o $@ $^
+Index: strongswan-2.8.2/lib/libcrypto/libtwofish/Makefile
+===================================================================
+--- strongswan-2.8.2.orig/lib/libcrypto/libtwofish/Makefile 2007-06-04 13:23:04.804003576 +0200
++++ strongswan-2.8.2/lib/libcrypto/libtwofish/Makefile 2007-06-04 13:23:04.874992784 +0200
+@@ -9,10 +9,8 @@
+
+ $(BLIB): $(LIBOBJ)
+ /bin/rm -f $(BLIB)
+- ar cr $(BLIB) $(LIBOBJ)
+- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
+- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
+- else exit 0; fi; fi
++ $(AR) cr $(BLIB) $(LIBOBJ)
++ $(RANLIB) $(BLIB)
+
+ test: test_main.o $(BLIB)
+ $(CC) -o $@ $^
--- /dev/null
+Index: strongswan-2.8.2/programs/ipsec/Makefile
+===================================================================
+--- strongswan-2.8.2.orig/programs/ipsec/Makefile 2007-06-04 13:23:04.756010872 +0200
++++ strongswan-2.8.2/programs/ipsec/Makefile 2007-06-04 13:23:05.227939128 +0200
+@@ -24,5 +24,5 @@
+ include ../Makefile.program
+
+ install:: ipsec
+- @$(INSTALL) $(INSTBINFLAGS) ipsec $(RCDIR)/ipsec
++ @$(INSTALL) $(INSTBINFLAGS) -D ipsec $(RCDIR)/ipsec
+
--- /dev/null
+Index: strongswan-2.8.2/programs/pluto/alg/Makefile
+===================================================================
+--- strongswan-2.8.2.orig/programs/pluto/alg/Makefile 2007-06-04 13:23:04.734014216 +0200
++++ strongswan-2.8.2/programs/pluto/alg/Makefile 2007-06-04 13:23:05.416910400 +0200
+@@ -20,7 +20,7 @@
+ include Config.ike_alg
+
+ LIBCRYPTO:=../../../lib/libcrypto
+-ALLFLAGS=$(CPPFLAGS) $(CFLAGS) -I .. -I- -I ../../../linux/include -I $(LIBCRYPTO)
++ALLFLAGS=$(CPPFLAGS) $(CFLAGS) -I .. -I- -I ../../../linux/include -I $(LIBCRYPTO) $(USERCOMPILE)
+ LIBALG := libalg.o
+
+ all : $(LIBALG)
--- /dev/null
+Index: strongswan-2.8.2/programs/starter/Makefile
+===================================================================
+--- strongswan-2.8.2.orig/programs/starter/Makefile 2007-06-04 13:23:04.711017712 +0200
++++ strongswan-2.8.2/programs/starter/Makefile 2007-06-04 13:23:06.227787128 +0200
+@@ -16,7 +16,6 @@
+ FREESWANSRCDIR?=$(shell cd ../..; pwd)
+ include ${FREESWANSRCDIR}/Makefile.inc
+
+-LD=$(CC)
+ RM=rm
+ LEX=flex
+ BISON=bison
+@@ -59,7 +58,7 @@
+ all: starter
+
+ starter: $(OBJS) $(FREESWANLIB)
+- $(LD) $(LDFLAGS) -o starter $(OBJS) $(LIBS)
++ $(CC) $(LDFLAGS) -o starter $(OBJS) $(LIBS)
+
+ lex.yy.c: parser.tab.c parser.l parser.y parser.h
+ $(LEX) parser.l
--- /dev/null
+Index: strongswan-2.8.2/programs/Makefile
+===================================================================
+--- strongswan-2.8.2.orig/programs/Makefile 2007-06-04 13:23:04.661025312 +0200
++++ strongswan-2.8.2/programs/Makefile 2007-06-04 13:23:06.414758704 +0200
+@@ -22,7 +22,7 @@
+ SUBDIRS+=_realsetup _secretcensor _startklips _updown _updown_espmark
+ SUBDIRS+=auto barf ipsec look manual ranbits secrets starter
+ SUBDIRS+=rsasigkey send-pr setup showdefaults showhostkey calcgoo mailkey
+-SUBDIRS+=ikeping examples openac scepclient
++SUBDIRS+=ikeping examples openac scepclient _showstatus wakeup
+
+ ifeq ($(USE_LWRES),true)
+ SUBDIRS+=lwdnsq
+Index: strongswan-2.8.2/programs/_showstatus/Makefile
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ strongswan-2.8.2/programs/_showstatus/Makefile 2007-06-04 13:23:06.414758704 +0200
+@@ -0,0 +1,22 @@
++# Makefile for miscelaneous programs
++# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
++#
++# This program is free software; you can redistribute it and/or modify it
++# under the terms of the GNU General Public License as published by the
++# Free Software Foundation; either version 2 of the License, or (at your
++# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++# for more details.
++#
++# RCSID $Id: Makefile,v 1.3 2006/04/17 06:48:49 as Exp $
++
++FREESWANSRCDIR=../..
++include ${FREESWANSRCDIR}/Makefile.inc
++
++PROGRAM=_showstatus
++PROGRAMDIR=${LIBDIR}
++
++include ../Makefile.program
+Index: strongswan-2.8.2/programs/_showstatus/_showstatus.8
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ strongswan-2.8.2/programs/_showstatus/_showstatus.8 2007-06-04 13:23:06.414758704 +0200
+@@ -0,0 +1,23 @@
++.TH _showstatus 8 "03 Feb 2007"
++.\"
++.\" RCSID $Id: _showstatus.8
++.\"
++.SH NAME
++ipsec _showstatus \- give state feedback via led or other method
++.SH SYNOPSIS
++.I _showstatus
++is invoked by _updown to trigger led's, or other distribution
++or platform specific behavior. Presently, the SES button is
++supported as a status light on OpenWRT platforms. The button
++is configurable by environment variable:
++-B IPSEC_STATUS_LED_START
++defaults to ses_orange, and
++-B IPSEC_STATUS_LED_VALID
++defaults to ses_white.
++.SH "SEE ALSO"
++ipsec(8), ipsec_updown(8).
++.SH HISTORY
++Man page written for the Linux strongSwan project <http://www.strongswan.org/>
++by Kevin Cody Jr. Original manpage for _updown by Michael Richardson.
++Original program written by Henry Spencer. Extended for the Linux strongSwan
++project <http://www.strongswan.org/> by Andreas Steffen.
+Index: strongswan-2.8.2/programs/_showstatus/_showstatus.in
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ strongswan-2.8.2/programs/_showstatus/_showstatus.in 2007-06-04 13:23:06.414758704 +0200
+@@ -0,0 +1,70 @@
++#! /bin/sh
++#
++# Copyright (C) 2007 Kevin Cody Jr. <kcody@vegaresearch.com>
++#
++# This program is free software; you can redistribute it and/or modify it
++# under the terms of the GNU General Public License as published by the
++# Free Software Foundation; either version 2 of the License, or (at your
++# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++# for more details.
++#
++# RCSID $Id: _showstatus.in
++
++
++LED_START=$IPSEC_STATUS_LED_START
++LED_VALID=$IPSEC_STATUS_LED_VALID
++
++[ -z "$LED_START" ] && LED_START="ses_orange"
++[ -z "$LED_VALID" ] && LED_VALID="ses_white"
++
++
++setled() {
++ led=$1
++ st=$2
++
++ [ -n "$led" -a -n "$st" ] || return
++
++ if [ -w "/proc/diag/led/$led" ] ; then
++ echo "$st" > "/proc/diag/led/$led"
++ fi
++
++ # integrate other led control methods here
++
++}
++
++
++case "$1" in
++ 'start')
++ [ -n "$LED_VALID" ] && setled "$LED_START" 1
++ [ -z "$LED_VALID" ] && setled "$LED_START" f
++ setled "$LED_VALID" 0
++ ;;
++ 'stop')
++ setled "$LED_START" 0
++ setled "$LED_VALID" 0
++ ;;
++ 'valid')
++ setled "$LED_VALID" 1
++ ;;
++ 'invalid')
++ setled "$LED_VALID" 0
++ ;;
++ 'up')
++ [ -n "$LED_VALID" ] && setled "$LED_START" 0
++ [ -z "$LED_VALID" ] && setled "$LED_START" 1
++ setled "$LED_VALID" 1
++ ;;
++ 'down')
++ [ -n "$LED_VALID" ] && setled "$LED_START" 1
++ [ -z "$LED_VALID" ] && setled "$LED_START" f
++ setled "$LED_VALID" f
++ ;;
++ *)
++ echo "$0: unknown status $status" >&2
++ ;;
++esac
++
+Index: strongswan-2.8.2/programs/wakeup/Makefile
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ strongswan-2.8.2/programs/wakeup/Makefile 2007-06-04 13:23:06.415758552 +0200
+@@ -0,0 +1,22 @@
++# Makefile for miscelaneous programs
++# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
++#
++# This program is free software; you can redistribute it and/or modify it
++# under the terms of the GNU General Public License as published by the
++# Free Software Foundation; either version 2 of the License, or (at your
++# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++# for more details.
++#
++# RCSID $Id: Makefile,v 1.3 2006/04/17 06:48:49 as Exp $
++
++FREESWANSRCDIR=../..
++include ${FREESWANSRCDIR}/Makefile.inc
++
++PROGRAM=wakeup
++PROGRAMDIR=${LIBDIR}
++
++include ../Makefile.program
+Index: strongswan-2.8.2/programs/wakeup/wakeup.8
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ strongswan-2.8.2/programs/wakeup/wakeup.8 2007-06-04 13:23:06.415758552 +0200
+@@ -0,0 +1,16 @@
++.TH wakeup 8 "03 Feb 2007"
++.\"
++.\" RCSID $Id: wakeup.8
++.\"
++.SH NAME
++ipsec wakeup \- stalled and down connection detection
++.SH SYNOPSIS
++.I wakeup
++is invoked by cron and checks ipsec status, whacking as necessary.
++.SH "SEE ALSO"
++ipsec(8), ipsec_whack(8).
++.SH HISTORY
++Man page written for the Linux strongSwan project <http://www.strongswan.org/>
++by Kevin Cody Jr. Original manpage for _updown by Michael Richardson.
++Original program written by Henry Spencer. Extended for the Linux strongSwan
++project <http://www.strongswan.org/> by Andreas Steffen.
+Index: strongswan-2.8.2/programs/wakeup/wakeup.in
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ strongswan-2.8.2/programs/wakeup/wakeup.in 2007-06-04 13:23:06.415758552 +0200
+@@ -0,0 +1,38 @@
++#! /bin/sh
++# wakeup script
++#
++# Copyright (C) 2007 Kevin Cody Jr. <kcody@vegaresearch.com>
++#
++# This program is free software; you can redistribute it and/or modify it
++# under the terms of the GNU General Public License as published by the
++# Free Software Foundation; either version 2 of the License, or (at your
++# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++# for more details.
++#
++
++# only applicable when ipsec is running
++[ -e /var/run/pluto.pid ] || exit
++
++# loop through any erouted tunnels in the HOLD state
++for f in `ipsec status | awk '/erouted HOLD/{ print $2 }' | cut -f1 -d\: | cut -f2 -d\"` ; do
++
++ # only whack if no pending events at all exists
++ ipsec status | grep STATE | grep -q $f ||
++ ipsec whack --name $f --initiate --asynchronous
++
++done
++
++# loop through any tunnels that don't quite exist
++for f in `ipsec status | awk '/prospective erouted/{ print $2 }' | cut -f1 -d: | grep -v \# | cut -f2 -d\"` ; do
++
++ ipsec status | grep STATE_QUICK | grep -q $f || {
++ ipsec status | grep STATE_MAIN | grep -q $f && ipsec down $f
++ ipsec up $f
++ }
++
++done
++
--- /dev/null
+Index: strongswan-2.8.2/programs/_updown/_updown.8
+===================================================================
+--- strongswan-2.8.2.orig/programs/_updown/_updown.8 2007-06-04 13:23:04.632029720 +0200
++++ strongswan-2.8.2/programs/_updown/_updown.8 2007-06-04 13:23:06.656721920 +0200
+@@ -8,8 +8,23 @@
+ .I _updown
+ is invoked by pluto when it has brought up a new connection. This script
+ is used to insert the appropriate routing entries for IPsec operation.
+-It can also be used to insert and delete dynamic iptables firewall rules.
+-The interface to the script is documented in the pluto man page.
++It also inserts and deletes dynamic iptables firewall rules. IMPORTANT!
++By default, it will ACCEPT as appropriate on the INPUT, OUTPUT, FORWARD
++tables. Most distributions will want to change that to provide more
++flexibility in their firewall configuration.
++The script looks for the environment variables
++.B IPSEC_UPDOWN_RULE_IN
++for the iptables table it should insert into,
++.B IPSEC_UPDOWN_DEST_IN
++for where the rule should -j jump to,
++.B IPSEC_UPDOWN_RULE_OUT
++.B IPSEC_UPDOWN_DEST_OUT
++for the same on outgoing packets, and
++.B IPSEC_UPDOWN_FWD_RULE_IN
++.B IPSEC_UPDOWN_FWD_DEST_IN
++.B IPSEC_UPDOWN_FWD_RULE_OUT
++.B IPSEC_UPDOWN_FWD_DEST_OUT
++respectively for packets being forwarded to/from the local networks.
+ .SH "SEE ALSO"
+ ipsec(8), ipsec_pluto(8).
+ .SH HISTORY
+Index: strongswan-2.8.2/programs/_updown/_updown.in
+===================================================================
+--- strongswan-2.8.2.orig/programs/_updown/_updown.in 2007-06-04 13:23:04.642028200 +0200
++++ strongswan-2.8.2/programs/_updown/_updown.in 2007-06-04 13:23:06.657721768 +0200
+@@ -5,6 +5,7 @@
+ # Copyright (C) 2003-2004 Tuomo Soini
+ # Copyright (C) 2002-2004 Michael Richardson
+ # Copyright (C) 2005-2006 Andreas Steffen <andreas.steffen@strongswan.org>
++# Copyright (C) 2007 Kevin Cody Jr <kcody@vegaresearch.com>
+ #
+ # This program is free software; you can redistribute it and/or modify it
+ # under the terms of the GNU General Public License as published by the
+@@ -118,20 +119,61 @@
+ # restricted on the peer side.
+ #
+
+-# uncomment to log VPN connections
+-VPN_LOGGING=1
+-#
++# set to /bin/true to silence log messages
++LOGGER=logger
++
+ # tag put in front of each log entry:
+ TAG=vpn
+-#
++
+ # syslog facility and priority used:
+-FAC_PRIO=local0.notice
+-#
+-# to create a special vpn logging file, put the following line into
+-# the syslog configuration file /etc/syslog.conf:
+-#
+-# local0.notice -/var/log/vpn
+-#
++FAC_PRIO=authpriv.info
++
++
++# in the presence of KLIPS and ipsecN interfaces do not use IPSEC_POLICY
++if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ] ; then
++ IPSEC_POLICY_IN=""
++ IPSEC_POLICY_OUT=""
++else
++ IPSEC_POLICY="-m policy --pol ipsec --proto esp --reqid $PLUTO_REQID"
++ IPSEC_POLICY_IN="$IPSEC_POLICY --dir in"
++ IPSEC_POLICY_OUT="$IPSEC_POLICY --dir out"
++fi
++
++# are there port numbers?
++if [ "$PLUTO_MY_PORT" != 0 ] ; then
++ S_MY_PORT="--sport $PLUTO_MY_PORT"
++ D_MY_PORT="--dport $PLUTO_MY_PORT"
++fi
++
++if [ "$PLUTO_PEER_PORT" != 0 ] ; then
++ S_PEER_PORT="--sport $PLUTO_PEER_PORT"
++ D_PEER_PORT="--dport $PLUTO_PEER_PORT"
++fi
++
++# import firewall behavior
++IPT_RULE_IN=$IPSEC_UPDOWN_RULE_IN
++IPT_DEST_IN=$IPSEC_UPDOWN_DEST_IN
++IPT_RULE_OUT=$IPSEC_UPDOWN_RULE_OUT
++IPT_DEST_OUT=$IPSEC_UPDOWN_DEST_OUT
++
++# import forwarding behavior
++FWD_RULE_IN=$IPSEC_UPDOWN_FWD_RULE_IN
++FWD_DEST_IN=$IPSEC_UPDOWN_FWD_DEST_IN
++FWD_RULE_OUT=$IPSEC_UPDOWN_FWD_RULE_OUT
++FWD_DEST_OUT=$IPSEC_UPDOWN_FWD_DEST_OUT
++
++# default firewall behavior
++[ -z "$IPT_RULE_IN" ] && IPT_RULE_IN=INPUT
++[ -z "$IPT_DEST_IN" ] && IPT_DEST_IN=ACCEPT
++[ -z "$IPT_RULE_OUT" ] && IPT_RULE_OUT=OUTPUT
++[ -z "$IPT_DEST_OUT" ] && IPT_DEST_OUT=ACCEPT
++
++# default forwarding behavior
++[ -z "$FWD_RULE_IN" ] && FWD_RULE_IN=FORWARD
++[ -z "$FWD_DEST_IN" ] && FWD_DEST_IN=ACCEPT
++[ -z "$FWD_RULE_OUT" ] && FWD_RULE_OUT=FORWARD
++[ -z "$FWD_DEST_OUT" ] && FWD_DEST_OUT=ACCEPT
++
+
+ # check interface version
+ case "$PLUTO_VERSION" in
+@@ -150,8 +192,6 @@
+ case "$1:$*" in
+ ':') # no parameters
+ ;;
+-iptables:iptables) # due to (left/right)firewall; for default script only
+- ;;
+ custom:*) # custom parameters (see above CAUTION comment)
+ ;;
+ *) echo "$0: unknown parameters \`$*'" >&2
+@@ -159,345 +199,307 @@
+ ;;
+ esac
+
++
+ # utility functions for route manipulation
+ # Meddling with this stuff should not be necessary and requires great care.
++
+ uproute() {
+ doroute add
+ ip route flush cache
+ }
++
+ downroute() {
+ doroute delete
+ ip route flush cache
+ }
+
++upfirewall() {
++ in_rule=$1
++ in_dest=$2
++ out_rule=$3
++ out_dest=$4
++
++ [ -n "$in_rule" -a -n "$in_dest" ] && \
++ iptables -I $in_rule 1 \
++ -i $PLUTO_INTERFACE \
++ -p $PLUTO_MY_PROTOCOL \
++ -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
++ -d $PLUTO_MY_CLIENT $D_MY_PORT \
++ $IPSEC_POLICY_IN \
++ -j $in_dest
++
++ [ -n "$out_rule" -a -n "$out_dest" ] && \
++ iptables -I $out_rule 1 \
++ -o $PLUTO_INTERFACE \
++ -p $PLUTO_PEER_PROTOCOL \
++ -s $PLUTO_MY_CLIENT $S_MY_PORT \
++ -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
++ $IPSEC_POLICY_OUT \
++ -j $out_dest
++
++}
++
++downfirewall() {
++ in_rule=$1
++ in_dest=$2
++ out_rule=$3
++ out_dest=$4
++
++ [ -n "$in_rule" -a -n "$in_dest" ] && \
++ iptables -D $in_rule \
++ -i $PLUTO_INTERFACE \
++ -p $PLUTO_MY_PROTOCOL \
++ -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
++ -d $PLUTO_MY_CLIENT $D_MY_PORT \
++ $IPSEC_POLICY_IN \
++ -j $in_dest
++
++ [ -n "$out_rule" -a -n "$out_dest" ] && \
++ iptables -D $out_rule \
++ -o $PLUTO_INTERFACE \
++ -p $PLUTO_PEER_PROTOCOL \
++ -s $PLUTO_MY_CLIENT $S_MY_PORT \
++ -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
++ $IPSEC_POLICY_OUT \
++ -j $out_dest
++
++}
++
+ addsource() {
+ st=0
+- if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local
+- then
++
++ if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local ; then
++
+ it="ip addr add ${PLUTO_MY_SOURCEIP%/*}/32 dev $PLUTO_INTERFACE"
+ oops="`eval $it 2>&1`"
+ st=$?
+- if test " $oops" = " " -a " $st" != " 0"
+- then
++
++ if [ " $oops" = " " -a " $st" != " 0" ] ; then
+ oops="silent error, exit status $st"
+ fi
+- if test " $oops" != " " -o " $st" != " 0"
+- then
++
++ if [ " $oops" != " " -o " $st" != " 0" ] ; then
+ echo "$0: addsource \`$it' failed ($oops)" >&2
+ fi
+ fi
++
+ return $st
+ }
+
+ doroute() {
+ st=0
+ parms="$PLUTO_PEER_CLIENT"
++ parms2="dev $PLUTO_INTERFACE"
+
+- parms2=
+- if [ -n "$PLUTO_NEXT_HOP" ]
+- then
+- parms2="via $PLUTO_NEXT_HOP"
+- fi
+- parms2="$parms2 dev $PLUTO_INTERFACE"
+-
+- if [ -z "$PLUTO_MY_SOURCEIP" ]
+- then
+- if [ -f /etc/sysconfig/defaultsource ]
+- then
+- . /etc/sysconfig/defaultsource
+- fi
++ if [ -z "$PLUTO_MY_SOURCEIP" ] ; then
+
+- if [ -f /etc/conf.d/defaultsource ]
+- then
+- . /etc/conf.d/defaultsource
+- fi
++ [ -f /etc/sysconfig/defaultsource ] && \
++ . /etc/sysconfig/defaultsource
++
++ [ -f /etc/conf.d/defaultsource ] && \
++ . /etc/conf.d/defaultsource
++
++ [ -n "$DEFAULTSOURCE" ] && \
++ PLUTO_MY_SOURCEIP=$DEFAULTSOURCE
+
+- if [ -n "$DEFAULTSOURCE" ]
+- then
+- PLUTO_MY_SOURCEIP=$DEFAULTSOURCE
+- fi
+ fi
+
+ parms3=
+- if test "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP"
+- then
++ if [ "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP" ] ; then
+ addsource
+ parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*}"
+ fi
+
+- case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
+- "0.0.0.0/0.0.0.0")
++ if [ "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" = \
++ "0.0.0.0/0.0.0.0" ] ; then
+ # opportunistic encryption work around
+ # need to provide route that eclipses default, without
+ # replacing it.
+- it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
+- ip route $1 128.0.0.0/1 $parms2 $parms3"
+- ;;
+- *) it="ip route $1 $parms $parms2 $parms3"
+- ;;
+- esac
++ it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
++ ip route $1 128.0.0.0/1 $parms2 $parms3"
++ else
++ it="ip route $1 $parms $parms2 $parms3"
++ fi
++
+ oops="`eval $it 2>&1`"
+ st=$?
+- if test " $oops" = " " -a " $st" != " 0"
+- then
+- oops="silent error, exit status $st"
+- fi
+- if test " $oops" != " " -o " $st" != " 0"
+- then
+- echo "$0: doroute \`$it' failed ($oops)" >&2
++
++ if [ " $oops" = " " -a " $st" != " 0" ] ; then
++ oops="silent error, exit status $st"
+ fi
++
++ if [ " $oops" != " " -o " $st" != " 0" ] ; then
++ echo "$0: doroute \`$it' failed ($oops)" >&2
++ fi
++
+ return $st
+ }
+-
+-# in the presence of KLIPS and ipsecN interfaces do not use IPSEC_POLICY
+-if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ]
+-then
+- IPSEC_POLICY_IN=""
+- IPSEC_POLICY_OUT=""
+-else
+- IPSEC_POLICY="-m policy --pol ipsec --proto esp --reqid $PLUTO_REQID"
+- IPSEC_POLICY_IN="$IPSEC_POLICY --dir in"
+- IPSEC_POLICY_OUT="$IPSEC_POLICY --dir out"
+-fi
+
+-# are there port numbers?
+-if [ "$PLUTO_MY_PORT" != 0 ]
+-then
+- S_MY_PORT="--sport $PLUTO_MY_PORT"
+- D_MY_PORT="--dport $PLUTO_MY_PORT"
+-fi
+-if [ "$PLUTO_PEER_PORT" != 0 ]
+-then
+- S_PEER_PORT="--sport $PLUTO_PEER_PORT"
+- D_PEER_PORT="--dport $PLUTO_PEER_PORT"
+-fi
++dologentry() {
++ action=$1
++
++ if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] ; then
++ rem="$PLUTO_PEER"
++ else
++ rem="$PLUTO_PEER_CLIENT == $PLUTO_PEER"
++ fi
++
++ if [ "$PLUTO_MY_CLIENT" == "$PLUTO_ME/32" ] ; then
++ loc="$PLUTO_ME"
++ else
++ loc="$PLUTO_ME == $PLUTO_MY_CLIENT"
++ fi
++
++ $LOGGER -t $TAG -p $FAC_PRIO "$action $rem -- $loc ($PLUTO_PEER_ID)"
++}
++
+
+ # the big choice
++
+ case "$PLUTO_VERB:$1" in
+ prepare-host:*|prepare-client:*)
+ # delete possibly-existing route (preliminary to adding a route)
+- case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
+- "0.0.0.0/0.0.0.0")
+- # need to provide route that eclipses default, without
++
++ if [ "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" = \
++ "0.0.0.0/0.0.0.0" ] ; then
++ # need to remove the route that eclipses default, without
+ # replacing it.
+- parms1="0.0.0.0/1"
+- parms2="128.0.0.0/1"
+- it="ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1"
+- oops="`ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1`"
+- ;;
+- *)
+- parms="$PLUTO_PEER_CLIENT"
+- it="ip route delete $parms 2>&1"
+- oops="`ip route delete $parms 2>&1`"
+- ;;
+- esac
+- status="$?"
+- if test " $oops" = " " -a " $status" != " 0"
+- then
+- oops="silent error, exit status $status"
++ it="( ip route delete 0.0.0.0/1 ;
++ ip route delete 128.0.0.0/1 )"
++ else
++ it="ip route delete $PLUTO_PEER_CLIENT"
++ fi
++
++ oops="`$it 2>&1`"
++ st="$?"
++
++ if [ " $oops" = " " -a " $st" != " 0" ] ; then
++ oops="silent error, exit status $st"
+ fi
++
+ case "$oops" in
+ *'RTNETLINK answers: No such process'*)
+ # This is what route (currently -- not documented!) gives
+ # for "could not find such a route".
+ oops=
+- status=0
++ st=0
+ ;;
+ esac
+- if test " $oops" != " " -o " $status" != " 0"
+- then
++
++ if [ " $oops" != " " -o " $st" != " 0" ] ; then
+ echo "$0: \`$it' failed ($oops)" >&2
+ fi
+- exit $status
++
++ exit $st
++
+ ;;
+ route-host:*|route-client:*)
+ # connection to me or my client subnet being routed
++
++ ipsec _showstatus valid
+ uproute
++
+ ;;
+ unroute-host:*|unroute-client:*)
+ # connection to me or my client subnet being unrouted
++
++ ipsec _showstatus invalid
+ downroute
++
+ ;;
+-up-host:)
++up-host:*)
+ # connection to me coming up
+- # If you are doing a custom version, firewall commands go here.
++
++ ipsec _showstatus up
++ upfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT
++ dologentry "VPN-UP"
++
+ ;;
+-down-host:)
++down-host:*)
+ # connection to me going down
+- # If you are doing a custom version, firewall commands go here.
+- ;;
+-up-client:)
+- # connection to my client subnet coming up
+- # If you are doing a custom version, firewall commands go here.
+- ;;
+-down-client:)
+- # connection to my client subnet going down
+- # If you are doing a custom version, firewall commands go here.
++
++ ipsec _showstatus down
++ downfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT
++ dologentry "VPN-DN"
++
+ ;;
+-up-host:iptables)
+- # connection to me, with (left/right)firewall=yes, coming up
+- # This is used only by the default updown script, not by your custom
+- # ones, so do not mess with it; see CAUTION comment up at top.
+- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
+- -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
+- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+- -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
+- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT
+- #
+- # log IPsec host connection setup
+- if [ $VPN_LOGGING ]
+- then
+- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
+- then
+- logger -t $TAG -p $FAC_PRIO \
+- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME"
+- else
+- logger -t $TAG -p $FAC_PRIO \
+- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
+- fi
+- fi
+- ;;
+-down-host:iptables)
+- # connection to me, with (left/right)firewall=yes, going down
+- # This is used only by the default updown script, not by your custom
+- # ones, so do not mess with it; see CAUTION comment up at top.
+- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
+- -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
+- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+- -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
+- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT
+- #
+- # log IPsec host connection teardown
+- if [ $VPN_LOGGING ]
+- then
+- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
+- then
+- logger -t $TAG -p $FAC_PRIO -- \
+- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME"
+- else
+- logger -t $TAG -p $FAC_PRIO -- \
+- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
+- fi
+- fi
+- ;;
+-up-client:iptables)
+- # connection to client subnet, with (left/right)firewall=yes, coming up
+- # This is used only by the default updown script, not by your custom
+- # ones, so do not mess with it; see CAUTION comment up at top.
+- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
+- then
+- iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
+- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \
+- $IPSEC_POLICY_OUT -j ACCEPT
+- iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
+- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
+- $IPSEC_POLICY_IN -j ACCEPT
++up-client:*)
++ # connection to client subnet coming up
++
++ ipsec _showstatus up
++
++ if [ "$PLUTO_MY_CLIENT" != "$PLUTO_ME/32" -a \
++ "$PLUTO_MY_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] ; then
++ upfirewall $FWD_RULE_IN $FWD_DEST_IN $FWD_RULE_OUT $FWD_DEST_OUT
+ fi
+- #
++
+ # a virtual IP requires an INPUT and OUTPUT rule on the host
+ # or sometimes host access via the internal IP is needed
+- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
+- then
+- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
+- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
+- $IPSEC_POLICY_IN -j ACCEPT
+- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
+- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \
+- $IPSEC_POLICY_OUT -j ACCEPT
+- fi
+- #
+- # log IPsec client connection setup
+- if [ $VPN_LOGGING ]
+- then
+- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
+- then
+- logger -t $TAG -p $FAC_PRIO \
+- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
+- else
+- logger -t $TAG -p $FAC_PRIO \
+- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
+- fi
+- fi
+- ;;
+-down-client:iptables)
+- # connection to client subnet, with (left/right)firewall=yes, going down
+- # This is used only by the default updown script, not by your custom
+- # ones, so do not mess with it; see CAUTION comment up at top.
+- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
+- then
+- iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
+- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \
+- $IPSEC_POLICY_OUT -j ACCEPT
+- iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
+- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
+- $IPSEC_POLICY_IN -j ACCEPT
++ if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] ; then
++ upfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT
++ fi
++
++ dologentry "VPN-UP"
++
++ ;;
++down-client:*)
++ # connection to client subnet going down
++
++ ipsec _showstatus down
++
++ if [ "$PLUTO_MY_CLIENT" != "$PLUTO_ME/32" -a \
++ "$PLUTO_MY_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] ; then
++ downfirewall $FWD_RULE_IN $FWD_DEST_IN $FWD_RULE_OUT $FWD_DEST_OUT
+ fi
+- #
++
+ # a virtual IP requires an INPUT and OUTPUT rule on the host
+ # or sometimes host access via the internal IP is needed
+- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
+- then
+- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
+- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
+- $IPSEC_POLICY_IN -j ACCEPT
+- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
+- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \
+- $IPSEC_POLICY_OUT -j ACCEPT
+- fi
+- #
+- # log IPsec client connection teardown
+- if [ $VPN_LOGGING ]
+- then
+- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
+- then
+- logger -t $TAG -p $FAC_PRIO -- \
+- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
+- else
+- logger -t $TAG -p $FAC_PRIO -- \
+- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
+- fi
++ if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] ; then
++ downfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT
+ fi
++
++ dologentry "VPN-DN"
++
+ ;;
+-#
+-# IPv6
+-#
+ prepare-host-v6:*|prepare-client-v6:*)
++
+ ;;
+ route-host-v6:*|route-client-v6:*)
+ # connection to me or my client subnet being routed
++
+ #uproute_v6
++
+ ;;
+ unroute-host-v6:*|unroute-client-v6:*)
+ # connection to me or my client subnet being unrouted
++
+ #downroute_v6
++
+ ;;
+ up-host-v6:*)
+ # connection to me coming up
+ # If you are doing a custom version, firewall commands go here.
++
+ ;;
+ down-host-v6:*)
+ # connection to me going down
+ # If you are doing a custom version, firewall commands go here.
++
+ ;;
+ up-client-v6:)
+ # connection to my client subnet coming up
+ # If you are doing a custom version, firewall commands go here.
++
+ ;;
+ down-client-v6:)
+ # connection to my client subnet going down
+ # If you are doing a custom version, firewall commands go here.
++
+ ;;
+-*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
++*)
++ echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
+ exit 1
++
+ ;;
+ esac
++
--- /dev/null
+Index: strongswan-2.8.2/Makefile.inc
+===================================================================
+--- strongswan-2.8.2.orig/Makefile.inc 2007-06-04 13:23:04.604033976 +0200
++++ strongswan-2.8.2/Makefile.inc 2007-06-04 13:23:06.855691672 +0200
+@@ -123,7 +123,7 @@
+ # With a non-null DESTDIR, INC_RCDEFAULT will be used unless one of the
+ # INC_RCDIRS directories has been pre-created under DESTDIR.
+ INC_RCDIRS=/etc/rc.d/init.d /etc/rc.d /etc/init.d /sbin/init.d
+-INC_RCDEFAULT=/etc/rc.d/init.d
++INC_RCDEFAULT=/etc/init.d
+
+ # RCDIR is where boot/shutdown scripts go; FINALRCDIR is where they think
+ # will finally be (so utils/Makefile can create a symlink in BINDIR to the
+Index: strongswan-2.8.2/programs/showhostkey/showhostkey.in
+===================================================================
+--- strongswan-2.8.2.orig/programs/showhostkey/showhostkey.in 2007-06-04 13:23:04.612032760 +0200
++++ strongswan-2.8.2/programs/showhostkey/showhostkey.in 2007-06-04 13:23:06.855691672 +0200
+@@ -62,7 +62,7 @@
+ exit 1
+ fi
+
+-host="`hostname --fqdn`"
++host="`cat /proc/sys/kernel/hostname`"
+
+ awk ' BEGIN {
+ inkey = 0
--- /dev/null
+Index: strongswan-2.8.2/linux/net/ipsec/alg/Makefile.alg_cryptoapi
+===================================================================
+--- strongswan-2.8.2.orig/linux/net/ipsec/alg/Makefile.alg_cryptoapi 2007-06-04 13:23:04.583037168 +0200
++++ strongswan-2.8.2/linux/net/ipsec/alg/Makefile.alg_cryptoapi 2007-06-04 13:23:07.053661576 +0200
+@@ -1,10 +1,10 @@
+ MOD_CRYPTOAPI := ipsec_cryptoapi.o
+
+ ifneq ($(wildcard $(TOPDIR)/include/linux/crypto.h),)
+-ALG_MODULES += $(MOD_CRYPTOAPI)
+-obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += $(MOD_CRYPTOAPI)
+-static_init-func-$(CONFIG_IPSEC_ALG_CRYPTOAPI)+= ipsec_cryptoapi_init
+-alg_obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += ipsec_alg_cryptoapi.o
++#ALG_MODULES += $(MOD_CRYPTOAPI)
++#obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += $(MOD_CRYPTOAPI)
++#static_init-func-$(CONFIG_IPSEC_ALG_CRYPTOAPI)+= ipsec_cryptoapi_init
++#alg_obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += ipsec_alg_cryptoapi.o
+ else
+ $(warning "Linux CryptoAPI (2.4.22+ or 2.6.x) not found, not building ipsec_cryptoapi.o")
+ endif
--- /dev/null
+Index: strongswan-2.8.2/programs/starter/klips.c
+===================================================================
+--- strongswan-2.8.2.orig/programs/starter/klips.c 2007-06-04 13:23:04.544043096 +0200
++++ strongswan-2.8.2/programs/starter/klips.c 2007-06-04 13:23:07.238633456 +0200
+@@ -44,7 +44,7 @@
+ unsetenv("MODPATH");
+ unsetenv("MODULECONF");
+ system("depmod -a >/dev/null 2>&1");
+- system("modprobe -qv ipsec");
++ system("insmod -qv ipsec");
+ }
+ if (stat(PROC_IPSECVERSION, &stb) == 0)
+ {
+@@ -62,11 +62,11 @@
+ /* make sure that all available crypto algorithms are loaded */
+ if (stat(PROC_MODULES, &stb) == 0)
+ {
+- system("modprobe -qv ipsec_aes");
+- system("modprobe -qv ipsec_serpent");
+- system("modprobe -qv ipsec_twofish");
+- system("modprobe -qv ipsec_blowfish");
+- system("modprobe -qv ipsec_sha2");
++ system("insmod -qv ipsec_aes");
++ system("insmod -qv ipsec_serpent");
++ system("insmod -qv ipsec_twofish");
++ system("insmod -qv ipsec_blowfish");
++ system("insmod -qv ipsec_sha2");
+ }
+
+ starter_klips_clear();
+Index: strongswan-2.8.2/programs/starter/netkey.c
+===================================================================
+--- strongswan-2.8.2.orig/programs/starter/netkey.c 2007-06-04 13:23:04.551042032 +0200
++++ strongswan-2.8.2/programs/starter/netkey.c 2007-06-04 13:23:07.238633456 +0200
+@@ -36,7 +36,7 @@
+ /* af_key module makes the netkey proc interface visible */
+ if (stat(PROC_MODULES, &stb) == 0)
+ {
+- system("modprobe -qv af_key");
++ system("insmod -qv af_key");
+ }
+
+ /* now test again */
+@@ -52,11 +52,11 @@
+ /* make sure that all required IPsec modules are loaded */
+ if (stat(PROC_MODULES, &stb) == 0)
+ {
+- system("modprobe -qv ah4");
+- system("modprobe -qv esp4");
+- system("modprobe -qv ipcomp");
+- system("modprobe -qv xfrm4_tunnel");
+- system("modprobe -qv xfrm_user");
++ system("insmod -qv ah4");
++ system("insmod -qv esp4");
++ system("insmod -qv ipcomp");
++ system("insmod -qv xfrm4_tunnel");
++ system("insmod -qv xfrm_user");
+ }
+
+ DBG(DBG_CONTROL,
+Index: strongswan-2.8.2/programs/_startklips/_startklips.in
+===================================================================
+--- strongswan-2.8.2.orig/programs/_startklips/_startklips.in 2007-06-04 13:23:04.560040664 +0200
++++ strongswan-2.8.2/programs/_startklips/_startklips.in 2007-06-04 13:23:07.238633456 +0200
+@@ -249,7 +249,7 @@
+
+ if test ! -f $ipsecversion && test ! -f $netkey
+ then
+- modprobe -v af_key
++ insmod -v af_key
+ fi
+
+ if test -f $netkey
+@@ -257,11 +257,11 @@
+ klips=false
+ if test -f $modules
+ then
+- modprobe -qv ah4
+- modprobe -qv esp4
+- modprobe -qv ipcomp
+- modprobe -qv xfrm4_tunnel
+- modprobe -qv xfrm_user
++ insmod -qv ah4
++ insmod -qv esp4
++ insmod -qv ipcomp
++ insmod -qv xfrm4_tunnel
++ insmod -qv xfrm_user
+ fi
+ fi
+
+@@ -272,7 +272,7 @@
+ setmodule
+ unset MODPATH MODULECONF # no user overrides!
+ depmod -a >/dev/null 2>&1
+- modprobe -v ipsec
++ insmod -v ipsec
+ fi
+ if test ! -f $ipsecversion
+ then
+@@ -288,7 +288,7 @@
+ do
+ if test -f $moduleinstplace/alg/ipsec_$alg.o
+ then
+- modprobe ipsec_$alg
++ insmod ipsec_$alg
+ fi
+ done
+ fi
--- /dev/null
+Index: strongswan-2.8.2/programs/Makefile
+===================================================================
+--- strongswan-2.8.2.orig/programs/Makefile 2007-06-04 13:23:06.414758704 +0200
++++ strongswan-2.8.2/programs/Makefile 2007-06-04 13:23:07.444602144 +0200
+@@ -17,12 +17,10 @@
+ FREESWANSRCDIR=..
+ include ${FREESWANSRCDIR}/Makefile.inc
+
+-SUBDIRS=spi eroute spigrp tncfg klipsdebug pf_key proc pluto
+-SUBDIRS+=_confread _copyright _include _keycensor _plutoload _plutorun
+-SUBDIRS+=_realsetup _secretcensor _startklips _updown _updown_espmark
+-SUBDIRS+=auto barf ipsec look manual ranbits secrets starter
+-SUBDIRS+=rsasigkey send-pr setup showdefaults showhostkey calcgoo mailkey
+-SUBDIRS+=ikeping examples openac scepclient _showstatus wakeup
++SUBDIRS=_copyright _updown _showstatus wakeup examples
++SUBDIRS+=barf calcgoo eroute ikeping klipsdebug look mailkey manual
++SUBDIRS+=openac pf_key pluto proc ranbits rsasigkey scepclient secrets
++SUBDIRS+=showdefaults showhostkey spi spigrp starter tncfg ipsec
+
+ ifeq ($(USE_LWRES),true)
+ SUBDIRS+=lwdnsq
projects / openwrt / svn-archive / archive.git / commitdiff