From: Nicolas Thill Date: Wed, 20 Aug 2008 22:00:41 +0000 (+0000) Subject: move more extra packages from ./trunk to ./packages X-Git-Tag: reboot~25747 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=89124c8a0ab1baeb926108bb8dd503c24a25b75d;p=openwrt%2Fstaging%2Fxback.git move more extra packages from ./trunk to ./packages SVN-Revision: 12359 --- diff --git a/package/aodv-uu/Makefile b/package/aodv-uu/Makefile deleted file mode 100644 index 9f55194e1f..0000000000 --- a/package/aodv-uu/Makefile +++ /dev/null @@ -1,105 +0,0 @@ -# -# Copyright (C) 2006-2008 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# -# $Id$ - -include $(TOPDIR)/rules.mk -include $(INCLUDE_DIR)/kernel.mk - -PKG_NAME:=aodv-uu -PKG_VERSION:=0.9.3 -PKG_RELEASE:=1 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=http://core.it.uu.se/core/files/ -PKG_MD5SUM:=05460543054449cb4b170252a7168c65 - -include $(INCLUDE_DIR)/package.mk - -define Package/aodv-uu/Default - TITLE:=Ad-hoc On-demand Distance Vector Routing - DEPENDS:=@BROKEN - URL:=http://core.it.uu.se/core/index.php/AODV-UU -endef - -define Package/aodv-uu/Default/description - AODV is the Ad-hoc On-demand Distance Vector routing protocol - implementation created at Uppsala University. -endef - -define Package/aodv-uu -$(call Package/aodv-uu/Default) - SECTION:=net - CATEGORY:=Network - TITLE+= (daemon) -endef - -define Package/aodv-uu/description -$(call Package/aodv-uu/Default/description) - This package contains the AODV userland daemon. -endef - -define KernelPackage/aodv-uu -$(call Package/aodv-uu/Default) - TITLE+= (kernel module) - FILES:=$(PKG_BUILD_DIR)/lnx/kaodv.$(LINUX_KMOD_SUFFIX) - SUBMENU:=Network Support - AUTOLOAD:=$(call AutoLoad,80,$(shell cat ./files/aodv-uu.modules)) -endef - -define KernelPackage/aodv-uu/description -$(call Package/aodv-uu/Default/description) - This package contains the AODV kernel module. -endef - -ifeq ($(CONFIG_LINUX_2_6),y) - define Build/Compile/linux26 - $(MAKE) -C $(LINUX_DIR) \ - ARCH="$(LINUX_KARCH)" \ - CROSS_COMPILE="$(TARGET_CROSS)" \ - PATCHLEVEL="$(LINUX_VERSION)" \ - KERNDIR="$(LINUX_DIR)" \ - SUBDIRS="$(PKG_BUILD_DIR)/lnx" \ - modules - endef -else - # We assume 2.4 builds are only for brcm-2.4 yet - define Build/Compile/linux24-brcm - $(call Build/Compile/Default,\ - KERNEL_DIR="$(LINUX_DIR)" \ - KCC="$(TARGET_CC)" \ - CFLAGS="$(TARGET_CFLAGS)" \ - kaodv-mips \ - ) - cp $(PKG_BUILD_DIR)/lnx/kaodv-mips.$(LINUX_KMOD_SUFFIX) $(PKG_BUILD_DIR)/lnx/kaodv.$(LINUX_KMOD_SUFFIX) - endef -endif - -define Build/Compile - $(call Build/Compile/linux26) - $(call Build/Compile/linux24-brcm) - $(call Build/Compile/Default,\ - KERNEL_DIR="$(LINUX_DIR)" \ - KCC="$(TARGET_CC)" \ - CFLAGS="$(TARGET_CFLAGS)" \ - aodvd \ - ) -endef - -define Package/aodv-uu/install - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/aodvd $(1)/usr/sbin -endef - -define Package/kmod-aodv-uu/install - $(INSTALL_DIR) $(1)/etc/modules.d - $(INSTALL_DATA) ./files/aodv-uu.modules $(1)/etc/modules.d/80-aodv-uu - $(INSTALL_DIR) $(1)/lib/modules/$(LINUX_VERSION) - $(CP) $(PKG_BUILD_DIR)/lnx/kaodv.$(LINUX_KMOD_SUFFIX) $(1)/lib/modules/$(LINUX_VERSION)/ -endef - -$(eval $(call BuildPackage,aodv-uu)) -$(eval $(call KernelPackage,aodv-uu)) diff --git a/package/aodv-uu/files/aodv-uu.modules b/package/aodv-uu/files/aodv-uu.modules deleted file mode 100644 index 809c4da690..0000000000 --- a/package/aodv-uu/files/aodv-uu.modules +++ /dev/null @@ -1 +0,0 @@ -kaodv diff --git a/package/aodv-uu/patches/001-normalize.patch b/package/aodv-uu/patches/001-normalize.patch deleted file mode 100644 index bdc6fdae4e..0000000000 --- a/package/aodv-uu/patches/001-normalize.patch +++ /dev/null @@ -1,64 +0,0 @@ -Index: aodv-uu-0.9.3/lnx/Makefile -=================================================================== ---- aodv-uu-0.9.3.orig/lnx/Makefile 2007-06-04 13:22:19.859836128 +0200 -+++ aodv-uu-0.9.3/lnx/Makefile 2007-06-04 13:22:19.932825032 +0200 -@@ -30,7 +30,7 @@ - KCFLAGS=-Wall -Wno-strict-aliasing -O2 $(KDEFS) $(KINC) $(XDEFS) - KCFLAGS_ARM=-Wall -O2 -D__KERNEL__ -DMODULE -nostdinc $(shell $(ARM_CC) -print-search-dirs | sed -ne 's/install: \(.*\)/-I \1include/gp') -I$(KERNEL_INC) - KCFLAGS_MIPS=-Wall -mips2 -O2 -fno-pic -mno-abicalls -mlong-calls -G0 -msoft-float -D__KERNEL__ -DMODULE -nostdinc $(shell $(MIPS_CC) -print-search-dirs | sed -ne 's/install: \(.*\)/-I \1include/gp') -I$(KERNEL_INC) $(XDEFS) -- -+endif - .PHONY: clean clean-2.4 clean-2.6 indent default - - # Check for kernel version -@@ -89,5 +89,3 @@ - etags *.c *.h - indent: - indent -kr -i8 -ts8 -sob -l80 -ss -ncs *.c *.h --endif -- -Index: aodv-uu-0.9.3/Makefile -=================================================================== ---- aodv-uu-0.9.3.orig/Makefile 2007-06-04 13:22:19.866835064 +0200 -+++ aodv-uu-0.9.3/Makefile 2007-06-04 13:22:19.932825032 +0200 -@@ -87,7 +87,7 @@ - mips: aodvd-mips kaodv-mips - - endian.h: -- $(CC) $(CFLAGS) -o endian endian.c -+ gcc -o endian endian.c - ./endian > endian.h - - $(OBJS): %.o: %.c Makefile -@@ -143,19 +143,18 @@ - @makedepend -Y./ -- $(DEFS) -- $(SRC) &>/dev/null - @makedepend -a -Y./ -- $(KDEFS) kaodv.c &>/dev/null - --install: default -- install -s -m 755 aodvd /usr/sbin/aodvd -- @if [ ! -d /lib/modules/$(KERNEL)/aodv ]; then \ -- mkdir /lib/modules/$(KERNEL)/aodv; \ -- fi -- -- @echo "Installing kernel module in /lib/modules/$(KERNEL)/aodv/"; -- @if [ -f ./kaodv.ko ]; then \ -- install -m 644 kaodv.ko /lib/modules/$(KERNEL)/aodv/kaodv.ko; \ -- else \ -- install -m 644 kaodv.o /lib/modules/$(KERNEL)/aodv/kaodv.o; \ -- fi -- /sbin/depmod -a -+install: install-aodvd install-kaodv -+ -+install-aodvd: -+ @echo "Installing aodv in $(DESTDIR)/usr/sbin"; -+ install -d -m0755 $(DESTDIR)/usr/sbin/ -+ install -m0755 aodvd $(DESTDIR)/usr/sbin/aodvd -+ -+install-kaodv: -+ @echo "Installing kernel module in $(DESTDIR)/lib/modules/$(KERNEL)/"; -+ install -d -m0644 $(DESTDIR)/lib/modules/$(KERNEL)/ -+ install -m 644 lnx/kaodv.$(KMOD_SUFFIX) $(DESTDIR)/lib/modules/$(KERNEL)/kaodv.$(KMOD_SUFFIX); -+ - uninstall: - rm -f /usr/sbin/aodvd - rm -rf /lib/modules/$(KERNEL)/aodv diff --git a/package/aodv-uu/patches/002-linux_2.6.19_ip_route_me_harder_change.patch b/package/aodv-uu/patches/002-linux_2.6.19_ip_route_me_harder_change.patch deleted file mode 100644 index 638de87ff7..0000000000 --- a/package/aodv-uu/patches/002-linux_2.6.19_ip_route_me_harder_change.patch +++ /dev/null @@ -1,49 +0,0 @@ -Index: aodv-uu-0.9.3/lnx/kaodv-mod.c -=================================================================== ---- aodv-uu-0.9.3.orig/lnx/kaodv-mod.c 2007-06-04 13:22:19.830840536 +0200 -+++ aodv-uu-0.9.3/lnx/kaodv-mod.c 2007-06-04 13:22:20.130794936 +0200 -@@ -19,7 +19,7 @@ - * Author: Erik Nordström, - * - *****************************************************************************/ --#include -+#include - #include - - #ifdef KERNEL26 -@@ -258,7 +258,11 @@ - if (!(*skb)) - return NF_STOLEN; - -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) -+ ip_route_me_harder(skb, RTN_UNSPEC); -+#else - ip_route_me_harder(skb); -+#endif - } - break; - case NF_IP_POST_ROUTING: -Index: aodv-uu-0.9.3/lnx/kaodv-queue.c -=================================================================== ---- aodv-uu-0.9.3.orig/lnx/kaodv-queue.c 2007-06-04 13:22:19.837839472 +0200 -+++ aodv-uu-0.9.3/lnx/kaodv-queue.c 2007-06-04 13:22:20.130794936 +0200 -@@ -29,6 +29,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -246,7 +247,11 @@ - if (!entry->skb) - goto next; - } -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) -+ ip_route_me_harder(&entry->skb, RTN_UNSPEC); -+#else - ip_route_me_harder(&entry->skb); -+#endif - - pkts++; - diff --git a/package/aodv-uu/patches/003-linux_2.6.19_security_netlink_recv_change.patch b/package/aodv-uu/patches/003-linux_2.6.19_security_netlink_recv_change.patch deleted file mode 100644 index 53d90643dc..0000000000 --- a/package/aodv-uu/patches/003-linux_2.6.19_security_netlink_recv_change.patch +++ /dev/null @@ -1,16 +0,0 @@ -Index: aodv-uu-0.9.3/lnx/kaodv-netlink.c -=================================================================== ---- aodv-uu-0.9.3.orig/lnx/kaodv-netlink.c 2007-06-04 13:22:19.810843576 +0200 -+++ aodv-uu-0.9.3/lnx/kaodv-netlink.c 2007-06-04 13:22:20.326765144 +0200 -@@ -284,7 +284,11 @@ - /* RCV_SKB_FAIL(-EINVAL); */ - - #ifdef KERNEL26 -+# if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) -+ if (security_netlink_recv(skb, CAP_NET_ADMIN)) -+# else - if (security_netlink_recv(skb)) -+# endif - RCV_SKB_FAIL(-EPERM); - #endif - //write_lock_bh(&queue_lock); diff --git a/package/aodv-uu/patches/004-linux_2.6.19_includes.patch b/package/aodv-uu/patches/004-linux_2.6.19_includes.patch deleted file mode 100644 index 8dc1adf013..0000000000 --- a/package/aodv-uu/patches/004-linux_2.6.19_includes.patch +++ /dev/null @@ -1,28 +0,0 @@ -Index: aodv-uu-0.9.3/main.c -=================================================================== ---- aodv-uu-0.9.3.orig/main.c 2007-06-04 13:22:19.782847832 +0200 -+++ aodv-uu-0.9.3/main.c 2007-06-04 13:22:20.513736720 +0200 -@@ -26,6 +26,8 @@ - #include - #include - #include -+#include -+#include - #include - #include - #include -Index: aodv-uu-0.9.3/nl.c -=================================================================== ---- aodv-uu-0.9.3.orig/nl.c 2007-06-04 13:22:19.789846768 +0200 -+++ aodv-uu-0.9.3/nl.c 2007-06-04 13:22:20.513736720 +0200 -@@ -33,6 +33,10 @@ - #include - #include - #include -+#include -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) -+#include -+#endif - - #include "defs.h" - #include "lnx/kaodv-netlink.h" diff --git a/package/aodv-uu/patches/005-linux_2.6.22_skbuff.patch b/package/aodv-uu/patches/005-linux_2.6.22_skbuff.patch deleted file mode 100644 index 0831c5f758..0000000000 --- a/package/aodv-uu/patches/005-linux_2.6.22_skbuff.patch +++ /dev/null @@ -1,164 +0,0 @@ -Index: aodv-uu-0.9.3/lnx/kaodv-compat.h -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ aodv-uu-0.9.3/lnx/kaodv-compat.h 2007-06-17 02:49:46.844217144 +0200 -@@ -0,0 +1,15 @@ -+#ifndef __KAODV_COMPAT_H -+#define __KAODV_COMPAT_H -+ -+#include -+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22) -+ -+#define ip_hdr(_skb) (_skb)->nh.iph -+#define skb_reset_network_header(_skb) do { \ -+ _skb->nh.iph = (struct iphdr *)_skb->data; \ -+ } while (0); -+ -+ -+#endif /* LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22) */ -+ -+#endif -Index: aodv-uu-0.9.3/lnx/kaodv-ipenc.c -=================================================================== ---- aodv-uu-0.9.3.orig/lnx/kaodv-ipenc.c 2007-06-17 02:31:56.448941960 +0200 -+++ aodv-uu-0.9.3/lnx/kaodv-ipenc.c 2007-06-17 02:45:50.420159064 +0200 -@@ -64,7 +64,7 @@ - if (skb->sk != NULL) - skb_set_owner_w(nskb, skb->sk); - -- iph = skb->nh.iph; -+ iph = ip_hdr(skb); - - skb_put(nskb, sizeof(struct min_ipenc_hdr)); - -@@ -78,7 +78,8 @@ - skb = nskb; - - /* Update pointers */ -- iph = skb->nh.iph = (struct iphdr *)skb->data; -+ skb_reset_network_header(skb); -+ iph = (struct iphdr *)skb->data; - - ipe = (struct min_ipenc_hdr *)(skb->data + (iph->ihl << 2)); - -@@ -99,8 +100,8 @@ - - ip_send_check(iph); - -- if (skb->nh.iph->id == 0) -- ip_select_ident(skb->nh.iph, skb->dst, NULL); -+ if (ip_hdr(skb)->id == 0) -+ ip_select_ident(ip_hdr(skb), skb->dst, NULL); - - return skb; - } -@@ -108,9 +109,7 @@ - struct sk_buff *ip_pkt_decapsulate(struct sk_buff *skb) - { - struct min_ipenc_hdr *ipe; -- /* skb->nh.iph is probably not set yet */ -- struct iphdr *iph = skb->nh.iph; -- -+ struct iphdr *iph = ip_hdr(skb); - - ipe = (struct min_ipenc_hdr *)((char *)iph + (iph->ihl << 2)); - -@@ -123,8 +122,9 @@ - skb->len - (iph->ihl << 2) - sizeof(struct min_ipenc_hdr)); - - skb_trim(skb, skb->len - sizeof(struct min_ipenc_hdr)); -- -- skb->nh.iph = iph = (struct iphdr *)skb->data; -+ -+ skb_reset_network_header(skb); -+ iph = (struct iphdr *)skb->data; - - iph->tot_len = htons((ntohs(iph->tot_len) - sizeof(struct min_ipenc_hdr))); - ip_send_check(iph); -Index: aodv-uu-0.9.3/lnx/kaodv-ipenc.h -=================================================================== ---- aodv-uu-0.9.3.orig/lnx/kaodv-ipenc.h 2007-06-17 02:44:13.881835120 +0200 -+++ aodv-uu-0.9.3/lnx/kaodv-ipenc.h 2007-06-17 02:44:16.549429584 +0200 -@@ -27,6 +27,7 @@ - #include - #include - #include -+#include "kaodv-compat.h" - - #define IPPROTO_MIPE 55 - -Index: aodv-uu-0.9.3/lnx/kaodv-mod.c -=================================================================== ---- aodv-uu-0.9.3.orig/lnx/kaodv-mod.c 2007-06-17 02:43:33.776931992 +0200 -+++ aodv-uu-0.9.3/lnx/kaodv-mod.c 2007-06-17 02:43:39.008136728 +0200 -@@ -120,7 +120,7 @@ - const struct net_device *out, - int (*okfn) (struct sk_buff *)) - { -- struct iphdr *iph = (*skb)->nh.iph; -+ struct iphdr *iph = ip_hdr(*skb); - struct expl_entry e; - struct in_addr ifaddr, bcaddr; - int res = 0; -@@ -188,7 +188,7 @@ - if (is_gateway && iph->protocol == IPPROTO_MIPE && - iph->daddr == ifaddr.s_addr) { - ip_pkt_decapsulate(*skb); -- iph = (*skb)->nh.iph; -+ iph = ip_hdr(*skb); - return NF_ACCEPT; - } - /* Ignore packets generated locally or that are for this -Index: aodv-uu-0.9.3/lnx/kaodv-mod.h -=================================================================== ---- aodv-uu-0.9.3.orig/lnx/kaodv-mod.h 2007-06-17 02:44:32.498005032 +0200 -+++ aodv-uu-0.9.3/lnx/kaodv-mod.h 2007-06-17 02:44:34.662675952 +0200 -@@ -5,6 +5,7 @@ - #include - #include - #include -+#include "kaodv-compat.h" - - /* Interface information */ - struct if_info { -Index: aodv-uu-0.9.3/lnx/kaodv-queue.c -=================================================================== ---- aodv-uu-0.9.3.orig/lnx/kaodv-queue.c 2007-06-17 02:45:01.513593992 +0200 -+++ aodv-uu-0.9.3/lnx/kaodv-queue.c 2007-06-17 02:45:11.534070648 +0200 -@@ -152,7 +152,7 @@ - { - int status = -EINVAL; - struct kaodv_queue_entry *entry; -- struct iphdr *iph = skb->nh.iph; -+ struct iphdr *iph = ip_hdr(skb); - - entry = kmalloc(sizeof(*entry), GFP_ATOMIC); - -Index: aodv-uu-0.9.3/lnx/kaodv-queue.h -=================================================================== ---- aodv-uu-0.9.3.orig/lnx/kaodv-queue.h 2007-06-17 02:44:50.537262648 +0200 -+++ aodv-uu-0.9.3/lnx/kaodv-queue.h 2007-06-17 02:44:53.629792512 +0200 -@@ -21,6 +21,7 @@ - *****************************************************************************/ - #ifndef _KAODV_QUEUE_H - #define _KAODV_QUEUE_H -+#include "kaodv-compat.h" - - #define KAODV_QUEUE_DROP 1 - #define KAODV_QUEUE_SEND 2 -Index: aodv-uu-0.9.3/lnx/kaodv-netlink.c -=================================================================== ---- aodv-uu-0.9.3.orig/lnx/kaodv-netlink.c 2007-06-17 02:47:48.927143264 +0200 -+++ aodv-uu-0.9.3/lnx/kaodv-netlink.c 2007-06-17 02:49:11.604574384 +0200 -@@ -338,8 +338,10 @@ - netlink_register_notifier(&kaodv_nl_notifier); - #if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,14)) - kaodvnl = netlink_kernel_create(NETLINK_AODV, kaodv_netlink_rcv_sk); --#else -+#elif (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22)) - kaodvnl = netlink_kernel_create(NETLINK_AODV, AODVGRP_MAX, kaodv_netlink_rcv_sk, THIS_MODULE); -+#else -+ kaodvnl = netlink_kernel_create(NETLINK_AODV, AODVGRP_MAX, kaodv_netlink_rcv_sk, NULL, THIS_MODULE); - #endif - if (kaodvnl == NULL) { - printk(KERN_ERR "kaodv_netlink: failed to create netlink socket\n"); diff --git a/package/gmp/Makefile b/package/gmp/Makefile deleted file mode 100644 index 59a826bdb0..0000000000 --- a/package/gmp/Makefile +++ /dev/null @@ -1,59 +0,0 @@ -# -# Copyright (C) 2006-2008 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# -# $Id$ - -include $(TOPDIR)/rules.mk - -PKG_NAME:=gmp -PKG_VERSION:=4.2.2 -PKG_RELEASE:=1 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 -PKG_SOURCE_URL:=@GNU/gmp -PKG_MD5SUM:=7ce52531644e6d12f16911b7e3151f3f - -include $(INCLUDE_DIR)/package.mk - -define Package/libgmp - SECTION:=libs - CATEGORY:=Libraries - TITLE:=GNU multiprecision arithmetic library - URL:=http://gmplib.org/ -endef - -define Package/libgmp/description - GMP is a free library for arbitrary precision arithmetic, operating on - signed integers, rational numbers, and floating point numbers. -endef - -TARGET_CFLAGS += $(FPIC) -CONFIGURE_VARS += CC="$(TARGET_CROSS)gcc" -CONFIGURE_ARGS += \ - --enable-shared \ - --enable-static \ - -define Build/Compile - $(call Build/Compile/Default, \ - DESTDIR="$(PKG_INSTALL_DIR)" \ - CC="$(TARGET_CC)" \ - all install \ - ) -endef - -define Build/InstallDev - mkdir -p $(1)/usr/include - $(CP) $(PKG_INSTALL_DIR)/usr/include/gmp* $(1)/usr/include/ - mkdir -p $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgmp.{a,so*} $(1)/usr/lib/ -endef - -define Package/libgmp/install - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgmp.so.* $(1)/usr/lib/ -endef - -$(eval $(call BuildPackage,libgmp)) diff --git a/package/ipsec-tools/Makefile b/package/ipsec-tools/Makefile deleted file mode 100644 index 0f24ae12ee..0000000000 --- a/package/ipsec-tools/Makefile +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2006 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# -# $Id$ - -include $(TOPDIR)/rules.mk -include $(INCLUDE_DIR)/kernel.mk - -PKG_NAME:=ipsec-tools -PKG_VERSION:=0.7 -PKG_RELEASE:=1 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 -PKG_SOURCE_URL:=@SF/ipsec-tools -PKG_MD5SUM:=c0a586924edde35264ecfe94ad1c261f - -include $(INCLUDE_DIR)/package.mk - -define Package/ipsec-tools - SECTION:=net - CATEGORY:=Network - DEPENDS:=@LINUX_2_6 +libopenssl - TITLE:=IPsec management tools - URL:=http://ipsec-tools.sourceforge.net/ -endef - -CONFIGURE_ARGS += \ - --enable-shared \ - --enable-static \ - --with-kernel-headers="$(LINUX_DIR)/include" \ - --without-readline \ - --with-openssl="$(STAGING_DIR)/usr" \ - --without-libradius \ - --without-libpam \ - --enable-dpd \ - --enable-hybrid \ - --enable-security-context=no \ - --enable-natt \ - --enable-adminport \ - --enable-ipv6 - -define Build/Configure - (cd $(PKG_BUILD_DIR); touch \ - configure.ac \ - aclocal.m4 \ - Makefile.in \ - config.h.in \ - configure \ - ); - $(call Build/Configure/Default) - echo "#undef HAVE_SHADOW_H" >> $(PKG_BUILD_DIR)/config.h -endef - -# override CFLAGS holding "-Werror" that break builds on compile warnings -define Build/Compile - $(MAKE) -C $(PKG_BUILD_DIR) \ - DESTDIR="$(PKG_INSTALL_DIR)" \ - CFLAGS="$(TARGET_CFLAGS)" \ - all install -endef - -define Package/ipsec-tools/install - $(INSTALL_DIR) $(1)/etc - $(INSTALL_CONF) $(PKG_BUILD_DIR)/src/racoon/samples/racoon.conf $(1)/etc/ - $(SED) 's|@sysconfdir_x@|/etc|g' $(1)/etc/racoon.conf - $(INSTALL_DIR) $(1)/etc/racoon - $(INSTALL_CONF) $(PKG_BUILD_DIR)/src/racoon/samples/psk.txt $(1)/etc/racoon/ - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libipsec.so.* $(1)/usr/lib/ - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libracoon.so.* $(1)/usr/lib/ - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/plainrsa-gen $(1)/usr/sbin/ - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/racoon $(1)/usr/sbin/ - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/racoonctl $(1)/usr/sbin/ - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/setkey $(1)/usr/sbin/ -endef - -define Package/ipsec-tools/conffiles -/etc/racoon.conf -/etc/racoon/psk.txt -endef - -$(eval $(call BuildPackage,ipsec-tools)) diff --git a/package/ipsec-tools/patches/001-no_libfl.patch b/package/ipsec-tools/patches/001-no_libfl.patch deleted file mode 100644 index 8abc9a07ed..0000000000 --- a/package/ipsec-tools/patches/001-no_libfl.patch +++ /dev/null @@ -1,26 +0,0 @@ -Index: ipsec-tools-0.6.6/src/racoon/cftoken.l -=================================================================== ---- ipsec-tools-0.6.6.orig/src/racoon/cftoken.l 2007-06-04 13:22:36.567296208 +0200 -+++ ipsec-tools-0.6.6/src/racoon/cftoken.l 2007-06-04 13:22:36.646284200 +0200 -@@ -105,6 +105,8 @@ - static int incstackp = 0; - - static int yy_first_time = 1; -+ -+int yywrap(void) { return 1; } - %} - - /* common seciton */ -Index: ipsec-tools-0.6.6/src/setkey/token.l -=================================================================== ---- ipsec-tools-0.6.6.orig/src/setkey/token.l 2007-06-04 13:22:36.575294992 +0200 -+++ ipsec-tools-0.6.6/src/setkey/token.l 2007-06-04 13:22:36.646284200 +0200 -@@ -84,6 +84,8 @@ - #ifndef SADB_X_EALG_AESCTR - #define SADB_X_EALG_AESCTR (-1) - #endif -+ -+int yywrap(void) { return 1; } - %} - - /* common section */ diff --git a/package/ipsec-tools/patches/002-configure_cppflags_typo.patch b/package/ipsec-tools/patches/002-configure_cppflags_typo.patch deleted file mode 100644 index 407c67ecee..0000000000 --- a/package/ipsec-tools/patches/002-configure_cppflags_typo.patch +++ /dev/null @@ -1,26 +0,0 @@ -Index: ipsec-tools-0.6.6/configure.ac -=================================================================== ---- ipsec-tools-0.6.6.orig/configure.ac 2007-06-04 13:22:36.540300312 +0200 -+++ ipsec-tools-0.6.6/configure.ac 2007-06-04 13:22:36.841254560 +0200 -@@ -183,7 +183,7 @@ - - if test "x$crypto_dir" != "x"; then - LIBS="$LIBS -L${crypto_dir}/lib" -- CPPFLAGS="-I${crypto_dir}/include $CPPLAGS" -+ CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS" - fi - AC_MSG_CHECKING(openssl version) - -Index: ipsec-tools-0.6.6/configure -=================================================================== ---- ipsec-tools-0.6.6.orig/configure 2007-06-04 13:22:36.547299248 +0200 -+++ ipsec-tools-0.6.6/configure 2007-06-04 13:22:36.850253192 +0200 -@@ -23687,7 +23687,7 @@ - - if test "x$crypto_dir" != "x"; then - LIBS="$LIBS -L${crypto_dir}/lib" -- CPPFLAGS="-I${crypto_dir}/include $CPPLAGS" -+ CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS" - fi - echo "$as_me:$LINENO: checking openssl version" >&5 - echo $ECHO_N "checking openssl version... $ECHO_C" >&6 diff --git a/package/ipsec-tools/patches/003-linux_2.6.19_rtnetlink_changes.diff b/package/ipsec-tools/patches/003-linux_2.6.19_rtnetlink_changes.diff deleted file mode 100644 index 52d092e6ce..0000000000 --- a/package/ipsec-tools/patches/003-linux_2.6.19_rtnetlink_changes.diff +++ /dev/null @@ -1,22 +0,0 @@ -Index: ipsec-tools-0.6.6/src/racoon/grabmyaddr.c -=================================================================== ---- ipsec-tools-0.6.6.orig/src/racoon/grabmyaddr.c 2007-06-04 13:22:36.521303200 +0200 -+++ ipsec-tools-0.6.6/src/racoon/grabmyaddr.c 2007-06-04 13:22:37.064220664 +0200 -@@ -77,10 +77,17 @@ - #ifdef __linux__ - #include - #include -+#include -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) -+# include -+#endif - #ifndef HAVE_GETIFADDRS - #define HAVE_GETIFADDRS - #define NEED_LINUX_GETIFADDRS - #endif -+#ifndef IFA_RTA -+# define IFA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg)))) -+#endif - #endif - - #ifndef HAVE_GETIFADDRS diff --git a/package/isakmpd/Makefile b/package/isakmpd/Makefile deleted file mode 100644 index 4214fdb96c..0000000000 --- a/package/isakmpd/Makefile +++ /dev/null @@ -1,51 +0,0 @@ -# -# Copyright (C) 2006 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# -# $Id$ - -include $(TOPDIR)/rules.mk - -PKG_NAME:=isakmpd -PKG_VERSION:=20041012 -PKG_RELEASE:=1 - -PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).orig.tar.gz -PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/main/i/isakmpd/ -PKG_MD5SUM:=e6d25a9e232fb186e1a48dc06453bd57 - -PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION).orig - -include $(INCLUDE_DIR)/package.mk -include $(INCLUDE_DIR)/kernel.mk - -define Package/isakmpd - SECTION:=net - CATEGORY:=Network - DEPENDS:=@LINUX_2_6 +libopenssl +keynote +libgmp - TITLE:=IPsec management tools - URL:=http://isakmpd.sourceforge.net/ -endef - -define Build/Compile - CFLAGS="$(TARGET_CFLAGS)" \ - $(MAKE) -C $(PKG_BUILD_DIR) \ - $(TARGET_CONFIGURE_OPTS) \ - LINUX_DIR="$(LINUX_DIR)" \ - EXTRA_CPPFLAGS="$(TARGET_CPPFLAGS) -I$(STAGING_DIR)/usr/include/openssl -I$(STAGING_DIR)/usr/include/keynote" \ - EXTRA_LDFLAGS="$(TARGET_LDFLAGS)" - - $(MAKE) -C $(PKG_BUILD_DIR) \ - DESTDIR="$(PKG_INSTALL_DIR)" \ - INSTALL="install -c" \ - install-bin -endef - -define Package/isakmpd/install - $(INSTALL_DIR) $(1)/usr/sbin - $(CP) $(PKG_INSTALL_DIR)/* $(1)/ -endef - -$(eval $(call BuildPackage,isakmpd)) diff --git a/package/isakmpd/patches/010-debian_3.patch b/package/isakmpd/patches/010-debian_3.patch deleted file mode 100644 index 0f50cf9c07..0000000000 --- a/package/isakmpd/patches/010-debian_3.patch +++ /dev/null @@ -1,1753 +0,0 @@ -Index: isakmpd-20041012.orig/dpd.c -=================================================================== ---- isakmpd-20041012.orig.orig/dpd.c 2007-06-04 13:22:39.088912864 +0200 -+++ isakmpd-20041012.orig/dpd.c 2007-06-04 13:22:39.282883376 +0200 -@@ -26,6 +26,7 @@ - - #include - #include -+#include - - #include "sysdep.h" - -@@ -174,6 +175,7 @@ - } - break; - default: -+ ; - } - - /* Mark handled. */ -@@ -223,6 +225,7 @@ - dpd_check_event, sa, &tv); - break; - default: -+ ; - } - if (!sa->dpd_event) - log_print("dpd_timer_reset: timer_add_event failed"); -Index: isakmpd-20041012.orig/ipsec.c -=================================================================== ---- isakmpd-20041012.orig.orig/ipsec.c 2007-06-04 13:22:39.093912104 +0200 -+++ isakmpd-20041012.orig/ipsec.c 2007-06-04 13:22:39.283883224 +0200 -@@ -1020,6 +1020,52 @@ - } - } - -+/* -+ * deal with a NOTIFY of INVALID_SPI -+ */ -+static void -+ipsec_invalid_spi (struct message *msg, struct payload *p) -+{ -+ struct sockaddr *dst; -+ int invspisz, off; -+ u_int32_t spi; -+ u_int16_t totsiz; -+ u_int8_t spisz; -+ -+ /* Any notification that make us do something should be protected */ -+ if(!TAILQ_FIRST (&msg->payload[ISAKMP_PAYLOAD_HASH])) -+ { -+ LOG_DBG ((LOG_SA, 40, -+ "ipsec_invalid_spi: missing HASH payload in INVALID_SPI" -+ " notification")); -+ return; -+ } -+ -+ /* -+ * get the invalid spi out of the variable sized notification data -+ * field, which is after the variable sized SPI field [which specifies -+ * the receiving entity's phase-1 SPI, not the invalid spi] -+ */ -+ totsiz = GET_ISAKMP_GEN_LENGTH (p->p); -+ spisz = GET_ISAKMP_NOTIFY_SPI_SZ (p->p); -+ off = ISAKMP_NOTIFY_SPI_OFF + spisz; -+ invspisz = totsiz - off; -+ -+ if (invspisz != sizeof spi) -+ { -+ LOG_DBG ((LOG_SA, 40, -+ "ipsec_invalid_spi: SPI size %d in INVALID_SPI " -+ "payload unsupported", spisz)); -+ return; -+ } -+ memcpy (&spi, p->p + off, sizeof spi); -+ -+ msg->transport->vtbl->get_dst (msg->transport, &dst); -+ -+ /* delete matching SPI's from this peer */ -+ ipsec_delete_spi_list (dst, 0, (u_int8_t *)&spi, 1, "INVALID_SPI"); -+} -+ - static int - ipsec_responder(struct message *msg) - { -@@ -1205,7 +1251,9 @@ - return dv != IPSEC_ENCAP_TUNNEL - && dv != IPSEC_ENCAP_TRANSPORT - && dv != IPSEC_ENCAP_UDP_ENCAP_TUNNEL -- && dv != IPSEC_ENCAP_UDP_ENCAP_TRANSPORT; -+ && dv != IPSEC_ENCAP_UDP_ENCAP_TRANSPORT -+ && dv != IPSEC_ENCAP_UDP_ENCAP_TUNNEL_DRAFT -+ && dv != IPSEC_ENCAP_UDP_ENCAP_TRANSPORT_DRAFT; - #else - return dv < IPSEC_ENCAP_TUNNEL - || dv > IPSEC_ENCAP_TRANSPORT; -@@ -1837,7 +1885,7 @@ - ipsec_get_id(char *section, int *id, struct sockaddr **addr, - struct sockaddr **mask, u_int8_t *tproto, u_int16_t *port) - { -- char *type, *address, *netmask; -+ char *type, *address, *netmask; - - type = conf_get_str(section, "ID-type"); - if (!type) { -Index: isakmpd-20041012.orig/GNUmakefile -=================================================================== ---- isakmpd-20041012.orig.orig/GNUmakefile 2007-06-04 13:22:39.099911192 +0200 -+++ isakmpd-20041012.orig/GNUmakefile 2007-06-04 13:22:39.283883224 +0200 -@@ -40,12 +40,12 @@ - # integrated, freebsd/netbsd means FreeBSD/NetBSD with KAME IPsec. - # darwin means MacOS X 10.2 and later with KAME IPsec. linux means Linux-2.5 - # and later with native IPSec support. --OS= openbsd -+#OS= openbsd - #OS= netbsd - #OS= freebsd - #OS= freeswan - #OS= darwin --#OS= linux -+OS= linux - - .CURDIR:= $(shell pwd) - VPATH= ${.CURDIR}/sysdep/${OS} -@@ -55,9 +55,10 @@ - ifndef BINDIR - BINDIR= /sbin - endif --ifndef LDSTATIC --LDSTATIC= -static --endif -+ -+#ifndef LDSTATIC -+#LDSTATIC= -static -+#endif - - SRCS= app.c attribute.c cert.c connection.c \ - constants.c conf.c cookie.c crypto.c dh.c doi.c exchange.c \ -@@ -131,11 +132,14 @@ - ifneq ($(findstring install,$(MAKECMDGOALS)),install) - # Skip 'regress' until the regress/ structure has gmake makefiles for it. - #SUBDIR:= regress --SUBDIR:= -+#SUBDIR:= apps/certpatch - mksubdirs: - $(foreach DIR, ${SUBDIR}, \ -- cd ${DIR}; ${MAKE} ${MAKEFLAGS} CFLAGS="${CFLAGS}" \ -- MKDEP="${MKDEP}" ${MAKECMDGOALS}) -+ cd ${.CURDIR}/${DIR}; ${MAKE} ${MAKECMDGOALS};) -+ -+# $(foreach DIR, ${SUBDIR}, \ -+# cd ${DIR}; ${MAKE} CFLAGS="${CFLAGS}" \ -+# MKDEP="${MKDEP}" ${MAKECMDGOALS}) - else - mksubdirs: - endif -@@ -173,7 +177,7 @@ - endif - - SRCS+= ${IPSEC_SRCS} ${X509} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \ -- $(ISAKMP_CFG) -+ $(ISAKMP_CFG) ${DPD} ${NAT_TRAVERSAL} - CFLAGS+= ${IPSEC_CFLAGS} - LDADD+= ${DESLIB} - DPADD+= ${DESLIBDEP} -Index: isakmpd-20041012.orig/exchange.h -=================================================================== ---- isakmpd-20041012.orig.orig/exchange.h 2007-06-04 13:22:39.104910432 +0200 -+++ isakmpd-20041012.orig/exchange.h 2007-06-04 13:22:39.283883224 +0200 -@@ -221,6 +221,8 @@ - #define EXCHANGE_FLAG_NAT_T_ENABLE 0x10 /* We are doing NAT-T. */ - #define EXCHANGE_FLAG_NAT_T_KEEPALIVE 0x20 /* We are the NAT:ed peer. */ - #define EXCHANGE_FLAG_DPD_CAP_PEER 0x40 /* Peer is DPD capable. */ -+#define EXCHANGE_FLAG_NAT_T_RFC 0x0080 /* Peer does RFC NAT-T. */ -+#define EXCHANGE_FLAG_NAT_T_DRAFT 0x0100 /* Peer does draft NAT-T.*/ - - extern int exchange_add_certs(struct message *); - extern void exchange_finalize(struct message *); -Index: isakmpd-20041012.orig/log.c -=================================================================== ---- isakmpd-20041012.orig.orig/log.c 2007-06-04 13:22:39.110909520 +0200 -+++ isakmpd-20041012.orig/log.c 2007-06-04 13:22:39.284883072 +0200 -@@ -79,7 +79,6 @@ - - struct packhdr { - struct pcap_pkthdr pcap;/* pcap file packet header */ -- u_int32_t sa_family; /* address family */ - union { - struct ip ip4; /* IPv4 header (w/o options) */ - struct ip6_hdr ip6; /* IPv6 header */ -@@ -97,7 +96,7 @@ - static u_int8_t *packet_buf = NULL; - - static int udp_cksum(struct packhdr *, const struct udphdr *, -- u_int16_t *); -+ u_int16_t *, int); - static u_int16_t in_cksum(const u_int16_t *, int); - #endif /* USE_DEBUG */ - -@@ -539,11 +538,9 @@ - udp.uh_ulen = htons(datalen); - - /* ip */ -- hdr.sa_family = htonl(src->sa_family); - switch (src->sa_family) { - default: - /* Assume IPv4. XXX Can 'default' ever happen here? */ -- hdr.sa_family = htonl(AF_INET); - hdr.ip.ip4.ip_src.s_addr = 0x02020202; - hdr.ip.ip4.ip_dst.s_addr = 0x01010101; - /* The rest of the setup is common to AF_INET. */ -@@ -584,9 +581,7 @@ - } - - /* Calculate UDP checksum. */ -- udp.uh_sum = udp_cksum(&hdr, &udp, (u_int16_t *) packet_buf); -- hdrlen += sizeof hdr.sa_family; -- -+ udp.uh_sum = udp_cksum(&hdr, &udp, (u_int16_t *) packet_buf, src->sa_family); - /* pcap file packet header */ - gettimeofday(&tv, 0); - hdr.pcap.ts.tv_sec = tv.tv_sec; -@@ -610,7 +605,7 @@ - - /* Copied from tcpdump/print-udp.c, mostly rewritten. */ - static int --udp_cksum(struct packhdr *hdr, const struct udphdr *u, u_int16_t *d) -+udp_cksum(struct packhdr *hdr, const struct udphdr *u, u_int16_t *d, int af) - { - struct ip *ip4; - struct ip6_hdr *ip6; -@@ -639,7 +634,7 @@ - - /* Setup pseudoheader. */ - memset(phu.pa, 0, sizeof phu); -- switch (ntohl(hdr->sa_family)) { -+ switch (af) { - case AF_INET: - ip4 = &hdr->ip.ip4; - memcpy(&phu.ip4p.src, &ip4->ip_src, sizeof(struct in_addr)); -@@ -664,7 +659,7 @@ - - /* IPv6 wants a 0xFFFF checksum "on error", not 0x0. */ - if (tlen < 0) -- return (ntohl(hdr->sa_family) == AF_INET ? 0 : 0xFFFF); -+ return (af == AF_INET ? 0 : 0xFFFF); - - sum = 0; - for (i = 0; i < hdrlen; i += 2) -Index: isakmpd-20041012.orig/nat_traversal.c -=================================================================== ---- isakmpd-20041012.orig.orig/nat_traversal.c 2007-06-04 13:22:39.115908760 +0200 -+++ isakmpd-20041012.orig/nat_traversal.c 2007-06-04 13:22:39.284883072 +0200 -@@ -1,4 +1,4 @@ --/* $OpenBSD: nat_traversal.c,v 1.7 2004/08/08 19:11:06 deraadt Exp $ */ -+/* $OpenBSD: nat_traversal.c,v 1.17 2006/06/14 14:03:33 hshoexer Exp $ */ - - /* - * Copyright (c) 2004 Håkan Olsson. All rights reserved. -@@ -48,40 +48,40 @@ - #include "util.h" - #include "virtual.h" - -+int disable_nat_t = 0; -+ - /* -- * XXX According to draft-ietf-ipsec-nat-t-ike-07.txt, the NAT-T -- * capability of the other peer is determined by a particular vendor ID -- * sent as the first message. This vendor ID string is supposed to be a -- * MD5 hash of "RFC XXXX", where XXXX is the future RFC number. -+ * NAT-T capability of the other peer is determined by a particular vendor -+ * ID sent in the first message. This vendor ID string is supposed to be a -+ * MD5 hash of "RFC 3947". - * - * These seem to be the "well" known variants of this string in use by - * products today. - */ --static const char *isakmp_nat_t_cap_text[] = { -- "draft-ietf-ipsec-nat-t-ike-00", /* V1 (XXX: may be obsolete) */ -- "draft-ietf-ipsec-nat-t-ike-02\n", /* V2 */ -- "draft-ietf-ipsec-nat-t-ike-03", /* V3 */ --#ifdef notyet -- "RFC XXXX", --#endif -+ -+static struct nat_t_cap isakmp_nat_t_cap[] = { -+ { VID_DRAFT_V2_N, EXCHANGE_FLAG_NAT_T_DRAFT, -+ "draft-ietf-ipsec-nat-t-ike-02\n", NULL, 0 }, -+ { VID_DRAFT_V3, EXCHANGE_FLAG_NAT_T_DRAFT, -+ "draft-ietf-ipsec-nat-t-ike-03", NULL, 0 }, -+ { VID_RFC3947, EXCHANGE_FLAG_NAT_T_RFC, -+ "RFC 3947", NULL, 0 }, - }; - -+#define NUMNATTCAP (sizeof isakmp_nat_t_cap / sizeof isakmp_nat_t_cap[0]) -+ - /* In seconds. Recommended in draft-ietf-ipsec-udp-encaps-09. */ - #define NAT_T_KEEPALIVE_INTERVAL 20 - --/* The MD5 hashes of the above strings is put in this array. */ --static char **nat_t_hashes; --static size_t nat_t_hashsize; -- - static int nat_t_setup_hashes(void); --static int nat_t_add_vendor_payload(struct message *, char *); -+static int nat_t_add_vendor_payload(struct message *, struct nat_t_cap *); - static int nat_t_add_nat_d(struct message *, struct sockaddr *); - static int nat_t_match_nat_d_payload(struct message *, struct sockaddr *); - - void - nat_t_init(void) - { -- nat_t_hashes = (char **)NULL; -+ nat_t_setup_hashes(); - } - - /* Generate the NAT-T capability marker hashes. Executed only once. */ -@@ -89,7 +89,7 @@ - nat_t_setup_hashes(void) - { - struct hash *hash; -- int n = sizeof isakmp_nat_t_cap_text / sizeof isakmp_nat_t_cap_text[0]; -+ int n = NUMNATTCAP; - int i; - - /* The draft says to use MD5. */ -@@ -100,56 +100,49 @@ - "could not find MD5 hash structure!"); - return -1; - } -- nat_t_hashsize = hash->hashsize; - -- /* Allocate one more than is necessary, i.e NULL terminated. */ -- nat_t_hashes = (char **)calloc((size_t)(n + 1), sizeof(char *)); -- if (!nat_t_hashes) { -- log_error("nat_t_setup_hashes: calloc (%lu,%lu) failed", -- (unsigned long)n, (unsigned long)sizeof(char *)); -- return -1; -- } -- -- /* Populate with hashes. */ -+ /* Populate isakmp_nat_t_cap with hashes. */ - for (i = 0; i < n; i++) { -- nat_t_hashes[i] = (char *)malloc(nat_t_hashsize); -- if (!nat_t_hashes[i]) { -+ isakmp_nat_t_cap[i].hashsize = hash->hashsize; -+ isakmp_nat_t_cap[i].hash = (char *)malloc(hash->hashsize); -+ if (!isakmp_nat_t_cap[i].hash) { - log_error("nat_t_setup_hashes: malloc (%lu) failed", -- (unsigned long)nat_t_hashsize); -+ (unsigned long)hash->hashsize); - goto errout; - } - - hash->Init(hash->ctx); - hash->Update(hash->ctx, -- (unsigned char *)isakmp_nat_t_cap_text[i], -- strlen(isakmp_nat_t_cap_text[i])); -- hash->Final(nat_t_hashes[i], hash->ctx); -+ (unsigned char *)isakmp_nat_t_cap[i].text, -+ strlen(isakmp_nat_t_cap[i].text)); -+ hash->Final(isakmp_nat_t_cap[i].hash, hash->ctx); - - LOG_DBG((LOG_EXCHANGE, 50, "nat_t_setup_hashes: " -- "MD5(\"%s\") (%lu bytes)", isakmp_nat_t_cap_text[i], -- (unsigned long)nat_t_hashsize)); -+ "MD5(\"%s\") (%lu bytes)", isakmp_nat_t_cap[i].text, -+ (unsigned long)hash->hashsize)); - LOG_DBG_BUF((LOG_EXCHANGE, 50, "nat_t_setup_hashes", -- nat_t_hashes[i], nat_t_hashsize)); -+ isakmp_nat_t_cap[i].hash, hash->hashsize)); - } - - return 0; - -- errout: -+errout: - for (i = 0; i < n; i++) -- if (nat_t_hashes[i]) -- free(nat_t_hashes[i]); -- free(nat_t_hashes); -- nat_t_hashes = NULL; -+ if (isakmp_nat_t_cap[i].hash) -+ free(isakmp_nat_t_cap[i].hash); - return -1; - } - - /* Add one NAT-T VENDOR payload. */ - static int --nat_t_add_vendor_payload(struct message *msg, char *hash) -+nat_t_add_vendor_payload(struct message *msg, struct nat_t_cap *cap) - { -- size_t buflen = nat_t_hashsize + ISAKMP_GEN_SZ; -+ size_t buflen = cap->hashsize + ISAKMP_GEN_SZ; - u_int8_t *buf; - -+ if (disable_nat_t) -+ return 0; -+ - buf = malloc(buflen); - if (!buf) { - log_error("nat_t_add_vendor_payload: malloc (%lu) failed", -@@ -158,12 +151,11 @@ - } - - SET_ISAKMP_GEN_LENGTH(buf, buflen); -- memcpy(buf + ISAKMP_VENDOR_ID_OFF, hash, nat_t_hashsize); -+ memcpy(buf + ISAKMP_VENDOR_ID_OFF, cap->hash, cap->hashsize); - if (message_add_payload(msg, ISAKMP_PAYLOAD_VENDOR, buf, buflen, 1)) { - free(buf); - return -1; - } -- - return 0; - } - -@@ -171,16 +163,14 @@ - int - nat_t_add_vendor_payloads(struct message *msg) - { -- int i = 0; -+ int i; - -- if (!nat_t_hashes) -- if (nat_t_setup_hashes()) -- return 0; /* XXX should this be an error? */ -+ if (disable_nat_t) -+ return 0; - -- while (nat_t_hashes[i]) -- if (nat_t_add_vendor_payload(msg, nat_t_hashes[i++])) -+ for (i = 0; i < NUMNATTCAP; i++) -+ if (nat_t_add_vendor_payload(msg, &isakmp_nat_t_cap[i])) - return -1; -- - return 0; - } - -@@ -192,36 +182,31 @@ - { - u_int8_t *pbuf = p->p; - size_t vlen; -- int i = 0; -+ int i; - -- /* Already checked? */ -- if (p->flags & PL_MARK || -- msg->exchange->flags & EXCHANGE_FLAG_NAT_T_CAP_PEER) -+ if (disable_nat_t) - return; - -- if (!nat_t_hashes) -- if (nat_t_setup_hashes()) -- return; -- - vlen = GET_ISAKMP_GEN_LENGTH(pbuf) - ISAKMP_GEN_SZ; -- if (vlen != nat_t_hashsize) { -- LOG_DBG((LOG_EXCHANGE, 50, "nat_t_check_vendor_payload: " -- "bad size %lu != %lu", (unsigned long)vlen, -- (unsigned long)nat_t_hashsize)); -- return; -- } - -- while (nat_t_hashes[i]) -- if (memcmp(nat_t_hashes[i++], pbuf + ISAKMP_GEN_SZ, -+ for (i = 0; i < NUMNATTCAP; i++) { -+ if (vlen != isakmp_nat_t_cap[i].hashsize) { -+ LOG_DBG((LOG_EXCHANGE, 50, "nat_t_check_vendor_payload: " -+ "bad size %lu != %lu", (unsigned long)vlen, -+ (unsigned long)isakmp_nat_t_cap[i].hashsize)); -+ continue; -+ } -+ if (memcmp(isakmp_nat_t_cap[i].hash, pbuf + ISAKMP_GEN_SZ, - vlen) == 0) { - /* This peer is NAT-T capable. */ - msg->exchange->flags |= EXCHANGE_FLAG_NAT_T_CAP_PEER; -+ msg->exchange->flags |= isakmp_nat_t_cap[i].flags; - LOG_DBG((LOG_EXCHANGE, 10, - "nat_t_check_vendor_payload: " - "NAT-T capable peer detected")); - p->flags |= PL_MARK; -- return; - } -+ } - - return; - } -@@ -233,10 +218,8 @@ - { - struct ipsec_exch *ie = (struct ipsec_exch *)msg->exchange->data; - struct hash *hash; -- struct prf *prf; - u_int8_t *res; - in_port_t port; -- int prf_type = PRF_HMAC; /* XXX */ - - hash = hash_get(ie->hash->type); - if (hash == NULL) { -@@ -244,31 +227,25 @@ - return NULL; - } - -- prf = prf_alloc(prf_type, hash->type, msg->exchange->cookies, -- ISAKMP_HDR_COOKIES_LEN); -- if(!prf) { -- log_print("nat_t_generate_nat_d_hash: prf_alloc failed"); -- return NULL; -- } -+ *hashlen = hash->hashsize; - -- *hashlen = prf->blocksize; - res = (u_int8_t *)malloc((unsigned long)*hashlen); - if (!res) { - log_print("nat_t_generate_nat_d_hash: malloc (%lu) failed", - (unsigned long)*hashlen); -- prf_free(prf); - *hashlen = 0; - return NULL; - } - - port = sockaddr_port(sa); -- memset(res, 0, *hashlen); -- -- prf->Update(prf->prfctx, sockaddr_addrdata(sa), sockaddr_addrlen(sa)); -- prf->Update(prf->prfctx, (unsigned char *)&port, sizeof port); -- prf->Final(res, prf->prfctx); -- prf_free (prf); -+ bzero(res, *hashlen); - -+ hash->Init(hash->ctx); -+ hash->Update(hash->ctx, msg->exchange->cookies, -+ sizeof msg->exchange->cookies); -+ hash->Update(hash->ctx, sockaddr_addrdata(sa), sockaddr_addrlen(sa)); -+ hash->Update(hash->ctx, (unsigned char *)&port, sizeof port); -+ hash->Final(res, hash->ctx); - return res; - } - -@@ -276,6 +253,7 @@ - static int - nat_t_add_nat_d(struct message *msg, struct sockaddr *sa) - { -+ int ret; - u_int8_t *hbuf, *buf; - size_t hbuflen, buflen; - -@@ -298,11 +276,19 @@ - memcpy(buf + ISAKMP_NAT_D_DATA_OFF, hbuf, hbuflen); - free(hbuf); - -- if (message_add_payload(msg, ISAKMP_PAYLOAD_NAT_D, buf, buflen, 1)) { -+ if (msg->exchange->flags & EXCHANGE_FLAG_NAT_T_RFC) -+ ret = message_add_payload(msg, ISAKMP_PAYLOAD_NAT_D, buf, -+ buflen, 1); -+ else if (msg->exchange->flags & EXCHANGE_FLAG_NAT_T_DRAFT) -+ ret = message_add_payload(msg, ISAKMP_PAYLOAD_NAT_D_DRAFT, -+ buf, buflen, 1); -+ else -+ ret = -1; -+ -+ if (ret) { - free(buf); - return -1; - } -- - return 0; - } - -@@ -312,14 +298,14 @@ - { - struct sockaddr *sa; - -- msg->transport->vtbl->get_src(msg->transport, &sa); -+ /* Remote address first. */ -+ msg->transport->vtbl->get_dst(msg->transport, &sa); - if (nat_t_add_nat_d(msg, sa)) - return -1; - -- msg->transport->vtbl->get_dst(msg->transport, &sa); -+ msg->transport->vtbl->get_src(msg->transport, &sa); - if (nat_t_add_nat_d(msg, sa)) - return -1; -- - return 0; - } - -@@ -336,8 +322,8 @@ - * If there are no NAT-D payloads in the message, return "found" - * as this will avoid NAT-T (see nat_t_exchange_check_nat_d()). - */ -- p = payload_first(msg, ISAKMP_PAYLOAD_NAT_D); -- if (!p) -+ if ((p = payload_first(msg, ISAKMP_PAYLOAD_NAT_D_DRAFT)) == NULL && -+ (p = payload_first(msg, ISAKMP_PAYLOAD_NAT_D)) == NULL) - return 1; - - hbuf = nat_t_generate_nat_d_hash(msg, sa, &hbuflen); -Index: isakmpd-20041012.orig/udp_encap.c -=================================================================== ---- isakmpd-20041012.orig.orig/udp_encap.c 2007-06-04 13:22:39.121907848 +0200 -+++ isakmpd-20041012.orig/udp_encap.c 2007-06-04 13:22:39.284883072 +0200 -@@ -61,6 +61,11 @@ - - #define UDP_SIZE 65536 - -+#if defined(USE_NAT_TRAVERSAL) && defined (LINUX_IPSEC) -+#include -+#include -+#endif -+ - /* If a system doesn't have SO_REUSEPORT, SO_REUSEADDR will have to do. */ - #ifndef SO_REUSEPORT - #define SO_REUSEPORT SO_REUSEADDR -@@ -134,6 +139,18 @@ - if (sysdep_cleartext(s, laddr->sa_family) == -1) - goto err; - -+#if defined(USE_NAT_TRAVERSAL) && defined (LINUX_IPSEC) -+ { -+#ifndef SOL_UDP -+#define SOL_UDP 17 -+#endif -+ int option = UDP_ENCAP_ESPINUDP; -+ if(setsockopt(s, SOL_UDP, UDP_ENCAP, &option, -+ sizeof (option)) < 0) -+ goto err; -+ } -+#endif -+ - /* Wildcard address ? */ - switch (laddr->sa_family) { - case AF_INET: -Index: isakmpd-20041012.orig/apps/Makefile -=================================================================== ---- isakmpd-20041012.orig.orig/apps/Makefile 2007-06-04 13:22:39.126907088 +0200 -+++ isakmpd-20041012.orig/apps/Makefile 2007-06-04 13:22:39.285882920 +0200 -@@ -31,4 +31,4 @@ - - SUBDIR= certpatch - --.include -+#.include -Index: isakmpd-20041012.orig/apps/certpatch/GNUmakefile -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ isakmpd-20041012.orig/apps/certpatch/GNUmakefile 2007-06-04 13:22:39.285882920 +0200 -@@ -0,0 +1,55 @@ -+# $OpenBSD: Makefile,v 1.7 2003/06/03 14:35:00 ho Exp $ -+# $EOM: Makefile,v 1.6 2000/03/28 21:22:06 ho Exp $ -+ -+# -+# Copyright (c) 1999 Niels Provos. All rights reserved. -+# Copyright (c) 2001 Niklas Hallqvist. All rights reserved. -+# -+# Redistribution and use in source and binary forms, with or without -+# modification, are permitted provided that the following conditions -+# are met: -+# 1. Redistributions of source code must retain the above copyright -+# notice, this list of conditions and the following disclaimer. -+# 2. Redistributions in binary form must reproduce the above copyright -+# notice, this list of conditions and the following disclaimer in the -+# documentation and/or other materials provided with the distribution. -+# -+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+# -+ -+# -+# This code was written under funding by Ericsson Radio Systems. -+# -+ -+PROG= certpatch -+SRCS= certpatch.c -+BINDIR?= /usr/sbin -+TOPSRC= ${.CURDIR}../.. -+TOPOBJ!= cd ${TOPSRC}; printf "all:\n\t@pwd\n" |${MAKE} -f- -+OS= linux -+FEATURES!= awk '/^FEATURES=/ { print $$0 }' ${.CURDIR}/../../Makefile | sed 's/FEATURES=.//' -+.PATH: ${TOPSRC} ${TOPSRC}/sysdep/${OS} ${TOPOBJ} -+CFLAGS+= -I${TOPSRC} -I${TOPSRC}/sysdep/${OS} -I${TOPOBJ} -Wall -+LDFLAGS+= -lcrypto -lssl -lgmp -+MAN= certpatch.8 -+ -+CFLAGS+= -DMP_FLAVOUR=MP_FLAVOUR_GMP -+LDADD+= -lgmp -+DPADD+= ${LIBGMP} -+ -+# Override LIBSYSDEPDIR definition from Makefile.sysdep -+LIBSYSDEPDIR= ${TOPSRC}/sysdep/common/libsysdep -+ -+all: ${PROG} -+ -+clean: -+ rm -f ${PROG} -Index: isakmpd-20041012.orig/pf_key_v2.c -=================================================================== ---- isakmpd-20041012.orig.orig/pf_key_v2.c 2007-06-04 13:22:39.137905416 +0200 -+++ isakmpd-20041012.orig/pf_key_v2.c 2007-06-04 13:22:39.287882616 +0200 -@@ -1055,6 +1055,10 @@ - #endif - #if defined (USE_NAT_TRAVERSAL) && defined (SADB_X_EXT_UDPENCAP) - struct sadb_x_udpencap udpencap; -+#elif defined (USE_NAT_TRAVERSAL) && defined (SADB_X_EXT_NAT_T_TYPE) -+ struct sadb_x_nat_t_type nat_t_type; -+ struct sadb_x_nat_t_port nat_t_sport; -+ struct sadb_x_nat_t_port nat_t_dport; - #endif - #ifdef USE_DEBUG - char *addr_str; -@@ -1273,10 +1277,15 @@ - log_print("pf_key_v2_set_spi: invalid proto %d", proto->proto); - goto cleanup; - } -- if (incoming) -+ if (incoming) { - sa->transport->vtbl->get_src(sa->transport, &dst); -- else -+ sa->transport->vtbl->get_dst(sa->transport, &src); -+ } -+ else { - sa->transport->vtbl->get_dst(sa->transport, &dst); -+ sa->transport->vtbl->get_src(sa->transport, &src); -+ } -+ - #ifdef KAME - msg.sadb_msg_seq = (incoming ? - pf_key_v2_seq_by_sa(proto->spi[incoming], sizeof ssa.sadb_sa_spi, -@@ -1319,12 +1328,13 @@ - ssa.sadb_sa_flags = 0; - #ifdef SADB_X_SAFLAGS_TUNNEL - if (iproto->encap_mode == IPSEC_ENCAP_TUNNEL || -- iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TUNNEL) -+ iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TUNNEL || -+ iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TUNNEL_DRAFT) - ssa.sadb_sa_flags = SADB_X_SAFLAGS_TUNNEL; - #endif - --#if defined (USE_NAT_TRAVERSAL) && defined (SADB_X_EXT_UDPENCAP) - if (isakmp_sa->flags & SA_FLAG_NAT_T_ENABLE) { -+#if defined (USE_NAT_TRAVERSAL) && defined (SADB_X_EXT_UDPENCAP) - memset(&udpencap, 0, sizeof udpencap); - ssa.sadb_sa_flags |= SADB_X_SAFLAGS_UDPENCAP; - udpencap.sadb_x_udpencap_exttype = SADB_X_EXT_UDPENCAP; -@@ -1334,8 +1344,40 @@ - if (pf_key_v2_msg_add(update, (struct sadb_ext *)&udpencap, 0) - == -1) - goto cleanup; -- } -+#elif defined (USE_NAT_TRAVERSAL) && defined (SADB_X_EXT_NAT_T_TYPE) -+#ifndef UDP_ENCAP_ESPINUDP -+#define UDP_ENCAP_ESPINUDP 2 -+#endif -+ memset(&nat_t_type, 0, sizeof nat_t_type); -+ memset(&nat_t_sport, 0, sizeof nat_t_sport); -+ memset(&nat_t_dport, 0, sizeof nat_t_dport); -+ -+ /* type = draft-udp-encap-06 */ -+ nat_t_type.sadb_x_nat_t_type_len = sizeof nat_t_type / PF_KEY_V2_CHUNK; -+ nat_t_type.sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; -+ nat_t_type.sadb_x_nat_t_type_type = UDP_ENCAP_ESPINUDP; -+ if(pf_key_v2_msg_add(update, (struct sadb_ext *)&nat_t_type, 0) == -1) -+ goto cleanup; -+ -+ /* source port */ -+ nat_t_sport.sadb_x_nat_t_port_len = sizeof nat_t_sport / -+ PF_KEY_V2_CHUNK; -+ nat_t_sport.sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT; -+ nat_t_sport.sadb_x_nat_t_port_port = sockaddr_port(src); -+ if(pf_key_v2_msg_add(update, (struct sadb_ext *)&nat_t_sport, 0) == -1) -+ goto cleanup; -+ -+ /* destination port */ -+ nat_t_dport.sadb_x_nat_t_port_len = sizeof nat_t_dport / -+ PF_KEY_V2_CHUNK; -+ nat_t_dport.sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT; -+ nat_t_dport.sadb_x_nat_t_port_port = sockaddr_port(dst); -+ if(pf_key_v2_msg_add(update, (struct sadb_ext *)&nat_t_dport, 0) == -1) -+ goto cleanup; -+ -+ /* original address (transport mode checksum missing info) goes here */ - #endif -+ } - - if (pf_key_v2_msg_add(update, (struct sadb_ext *)&ssa, 0) == -1) - goto cleanup; -@@ -1395,10 +1437,6 @@ - /* - * Setup the ADDRESS extensions. - */ -- if (incoming) -- sa->transport->vtbl->get_dst(sa->transport, &src); -- else -- sa->transport->vtbl->get_src(sa->transport, &src); - len = sizeof *addr + PF_KEY_V2_ROUND(sysdep_sa_len(src)); - addr = calloc(1, len); - if (!addr) -@@ -2167,7 +2205,7 @@ - pf_key_v2_msg_free(ret); - return -1; - --#elif defined (SADB_X_SPDADD) && defined (SADB_X_SPDDELETE) -+#elif defined (SADB_X_SPDUPDATE) && defined (SADB_X_SPDDELETE) - struct sadb_msg msg; - struct sadb_x_policy *policy = 0; - struct sadb_x_ipsecrequest *ipsecrequest; -@@ -2181,7 +2219,7 @@ - struct sockaddr_in *ip4_sa; - struct sockaddr_in6 *ip6_sa; - -- msg.sadb_msg_type = delete ? SADB_X_SPDDELETE : SADB_X_SPDADD; -+ msg.sadb_msg_type = delete ? SADB_X_SPDDELETE : SADB_X_SPDUPDATE; - msg.sadb_msg_satype = SADB_SATYPE_UNSPEC; - msg.sadb_msg_seq = 0; - flow = pf_key_v2_msg_new(&msg, 0); -Index: isakmpd-20041012.orig/isakmp_num.cst -=================================================================== ---- isakmpd-20041012.orig.orig/isakmp_num.cst 2007-06-04 13:22:39.143904504 +0200 -+++ isakmpd-20041012.orig/isakmp_num.cst 2007-06-04 13:22:39.287882616 +0200 -@@ -57,15 +57,18 @@ - KD 17 # RFC 3547, Key Download - SEQ 18 # RFC 3547, Sequence Number - POP 19 # RFC 3547, Proof of possession -- RESERVED_MIN 20 -+ NAT_D 20 # RFC 3947, NAT Discovery payload -+ NAT_OA 21 # RFC 3947, NAT Original Address payload -+ RESERVED_MIN 22 - RESERVED_MAX 127 - PRIVATE_MIN 128 - # XXX values from draft-ietf-ipsec-nat-t-ike-01,02,03. Later drafts specify - # XXX NAT_D as payload 15 and NAT_OA as 16, but these are allocated by RFC - # XXX 3547 as seen above. -- NAT_D 130 # NAT Discovery payload -- NAT_OA 131 # NAT Original Address payload -+ NAT_D_DRAFT 130 # NAT Discovery payload -+ NAT_OA_DRAFT 131 # NAT Original Address payload - PRIVATE_MAX 255 -+ MAX 255 - . - - # ISAKMP exchange types. -Index: isakmpd-20041012.orig/ipsec_num.cst -=================================================================== ---- isakmpd-20041012.orig.orig/ipsec_num.cst 2007-06-04 13:22:39.149903592 +0200 -+++ isakmpd-20041012.orig/ipsec_num.cst 2007-06-04 13:22:39.287882616 +0200 -@@ -62,10 +62,10 @@ - IPSEC_ENCAP - TUNNEL 1 - TRANSPORT 2 -- FUTURE_UDP_ENCAP_TUNNEL 3 # XXX Not yet assigned -- FUTURE_UDP_ENCAP_TRANSPORT 4 # XXX Not yet assigned -- UDP_ENCAP_TUNNEL 61443 # draft-ietf-ipsec-nat-t-ike -- UDP_ENCAP_TRANSPORT 61443 # draft-ietf-ipsec-nat-t-ike -+ UDP_ENCAP_TUNNEL 3 -+ UDP_ENCAP_TRANSPORT 4 -+ UDP_ENCAP_TUNNEL_DRAFT 61443 # draft-ietf-ipsec-nat-t-ike -+ UDP_ENCAP_TRANSPORT_DRAFT 61443 # draft-ietf-ipsec-nat-t-ike - . - - # IPSEC authentication algorithm. -Index: isakmpd-20041012.orig/nat_traversal.h -=================================================================== ---- isakmpd-20041012.orig.orig/nat_traversal.h 2007-06-04 13:22:39.154902832 +0200 -+++ isakmpd-20041012.orig/nat_traversal.h 2007-06-04 13:22:39.287882616 +0200 -@@ -1,4 +1,4 @@ --/* $OpenBSD: nat_traversal.h,v 1.2 2004/06/21 23:27:10 ho Exp $ */ -+/* $OpenBSD: nat_traversal.h,v 1.4 2005/07/25 15:03:47 hshoexer Exp $ */ - - /* - * Copyright (c) 2004 Håkan Olsson. All rights reserved. -@@ -27,6 +27,24 @@ - #ifndef _NAT_TRAVERSAL_H_ - #define _NAT_TRAVERSAL_H_ - -+#define VID_DRAFT_V2 0 -+#define VID_DRAFT_V2_N 1 -+#define VID_DRAFT_V3 2 -+#define VID_RFC3947 3 -+ -+struct nat_t_cap { -+ int id; -+ u_int32_t flags; -+ const char *text; -+ char *hash; -+ size_t hashsize; -+}; -+ -+/* -+ * Set if -T is given on the command line to disable NAT-T support. -+ */ -+extern int disable_nat_t; -+ - void nat_t_init(void); - int nat_t_add_vendor_payloads(struct message *); - void nat_t_check_vendor_payload(struct message *, struct payload *); -Index: isakmpd-20041012.orig/message.c -=================================================================== ---- isakmpd-20041012.orig.orig/message.c 2007-06-04 13:22:39.160901920 +0200 -+++ isakmpd-20041012.orig/message.c 2007-06-04 13:22:39.288882464 +0200 -@@ -112,6 +112,7 @@ - message_validate_hash, message_validate_sig, message_validate_nonce, - message_validate_notify, message_validate_delete, - message_validate_vendor, message_validate_attribute, -+ message_validate_nat_d, message_validate_nat_oa, - message_validate_nat_d, message_validate_nat_oa - }; - -@@ -120,7 +121,7 @@ - isakmp_id_fld, isakmp_cert_fld, isakmp_certreq_fld, isakmp_hash_fld, - isakmp_sig_fld, isakmp_nonce_fld, isakmp_notify_fld, isakmp_delete_fld, - isakmp_vendor_fld, isakmp_attribute_fld, isakmp_nat_d_fld, -- isakmp_nat_oa_fld -+ isakmp_nat_oa_fld, isakmp_nat_d_fld, isakmp_nat_oa_fld - }; - - /* -@@ -138,7 +139,8 @@ - ISAKMP_PAYLOAD_SAK, ISAKMP_PAYLOAD_SAT, ISAKMP_PAYLOAD_KD, - ISAKMP_PAYLOAD_SEQ, ISAKMP_PAYLOAD_POP - #endif -- ISAKMP_PAYLOAD_NAT_D, ISAKMP_PAYLOAD_NAT_OA -+ ISAKMP_PAYLOAD_NAT_D, ISAKMP_PAYLOAD_NAT_OA, -+ ISAKMP_PAYLOAD_NAT_D_DRAFT, ISAKMP_PAYLOAD_NAT_OA_DRAFT - }; - - static u_int8_t payload_map[256]; -@@ -347,8 +349,8 @@ - } - /* Ignore most private payloads. */ - if (next >= ISAKMP_PAYLOAD_PRIVATE_MIN && -- next != ISAKMP_PAYLOAD_NAT_D && -- next != ISAKMP_PAYLOAD_NAT_OA) { -+ next != ISAKMP_PAYLOAD_NAT_D_DRAFT && -+ next != ISAKMP_PAYLOAD_NAT_OA_DRAFT) { - LOG_DBG((LOG_MESSAGE, 30, "message_parse_payloads: " - "private next payload type %s in payload of " - "type %d ignored", -@@ -460,8 +462,10 @@ - return ISAKMP_ATTRIBUTE_SZ; - #if defined (USE_NAT_TRAVERSAL) - case ISAKMP_PAYLOAD_NAT_D: -+ case ISAKMP_PAYLOAD_NAT_D_DRAFT: - return ISAKMP_NAT_D_SZ; - case ISAKMP_PAYLOAD_NAT_OA: -+ case ISAKMP_PAYLOAD_NAT_OA_DRAFT: - return ISAKMP_NAT_OA_SZ; - #endif - /* Not yet supported and any other unknown payloads. */ -Index: isakmpd-20041012.orig/policy.c -=================================================================== ---- isakmpd-20041012.orig.orig/policy.c 2007-06-04 13:22:39.165901160 +0200 -+++ isakmpd-20041012.orig/policy.c 2007-06-04 13:22:39.289882312 +0200 -@@ -511,7 +511,10 @@ - break; - } - #if defined (USE_NAT_TRAVERSAL) -- else if (decode_16(value) == IPSEC_ENCAP_UDP_ENCAP_TUNNEL) -+ else if (decode_16(value) == -+ IPSEC_ENCAP_UDP_ENCAP_TUNNEL || -+ decode_16(value) == -+ IPSEC_ENCAP_UDP_ENCAP_TUNNEL_DRAFT) - switch (proto->proto) { - case IPSEC_PROTO_IPSEC_AH: - ah_encapsulation = "udp-encap-tunnel"; -@@ -1932,7 +1935,7 @@ - void - policy_init(void) - { -- char *ptr, *policy_file; -+ char *ptr, *policy_file, *use_keynote; - char **asserts; - size_t sz, len; - int fd, i; -@@ -1940,10 +1943,11 @@ - LOG_DBG((LOG_POLICY, 30, "policy_init: initializing")); - - /* Do we want to use the policy modules? */ -- if (ignore_policy || -- strncmp("yes", conf_get_str("General", "Use-Keynote"), 3)) -- return; -- -+ use_keynote = conf_get_str("General", "Use-Keynote"); -+ if (ignore_policy || -+ (use_keynote && strncmp("yes", use_keynote, 3))) -+ return; -+ - /* Get policy file from configuration. */ - policy_file = conf_get_str("General", "Policy-file"); - if (!policy_file) -Index: isakmpd-20041012.orig/ike_phase_1.c -=================================================================== ---- isakmpd-20041012.orig.orig/ike_phase_1.c 2007-06-04 13:22:39.170900400 +0200 -+++ isakmpd-20041012.orig/ike_phase_1.c 2007-06-04 13:22:39.290882160 +0200 -@@ -1040,9 +1040,9 @@ - - /* Compare expected/desired and received remote ID */ - if (bcmp(rid, payload->p + ISAKMP_ID_DATA_OFF, sz)) { -- free(rid); - log_print("ike_phase_1_recv_ID: " -- "received remote ID other than expected %s", p); -+ "received remote ID other than expected %s - %s", p, payload->p); -+ free(rid); - return -1; - } - free(rid); -Index: isakmpd-20041012.orig/x509.c -=================================================================== ---- isakmpd-20041012.orig.orig/x509.c 2007-06-04 13:22:39.176899488 +0200 -+++ isakmpd-20041012.orig/x509.c 2007-06-04 13:22:39.290882160 +0200 -@@ -910,7 +910,11 @@ - X509_STORE_CTX_init(&csc, x509_cas, cert, NULL); - #if OPENSSL_VERSION_NUMBER >= 0x00907000L - /* XXX See comment in x509_read_crls_from_dir. */ -+#if OPENSSL_VERSION_NUMBER >= 0x00908000L -+ if (x509_cas->param->flags & X509_V_FLAG_CRL_CHECK) { -+#else - if (x509_cas->flags & X509_V_FLAG_CRL_CHECK) { -+#endif - X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK); - X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK_ALL); - } -Index: isakmpd-20041012.orig/sysdep/linux/sysdep.c -=================================================================== ---- isakmpd-20041012.orig.orig/sysdep/linux/sysdep.c 2007-06-04 13:22:39.182898576 +0200 -+++ isakmpd-20041012.orig/sysdep/linux/sysdep.c 2007-06-04 13:22:39.291882008 +0200 -@@ -169,22 +169,22 @@ - return 0; - - if (!(af == AF_INET || af == AF_INET6)) -- { -+ { - log_print ("sysdep_cleartext: unsupported protocol family %d", af); - return -1; - } - - if (setsockopt (fd, af == AF_INET ? IPPROTO_IP : IPPROTO_IPV6, -- af == AF_INET ? IP_IPSEC_POLICY : IPV6_IPSEC_POLICY, -- &pol_in, sizeof pol_in) < 0 || -+ af == AF_INET ? IP_IPSEC_POLICY : IPV6_IPSEC_POLICY, -+ &pol_in, sizeof pol_in) < 0 || - setsockopt (fd, af == AF_INET ? IPPROTO_IP : IPPROTO_IPV6, -- af == AF_INET ? IP_IPSEC_POLICY : IPV6_IPSEC_POLICY, -- &pol_out, sizeof pol_out) < 0) -- { -+ af == AF_INET ? IP_IPSEC_POLICY : IPV6_IPSEC_POLICY, -+ &pol_out, sizeof pol_out) < 0) -+ { - log_error ("sysdep_cleartext: " -- "setsockopt (%d, IPPROTO_IP%s, IP%s_IPSEC_POLICY, ...) " -- "failed", fd, af == AF_INET ? "" : "V6", -- af == AF_INET ? "" : "V6"); -+ "setsockopt (%d, IPPROTO_IP%s, IP%s_IPSEC_POLICY, ...) " -+ "failed", fd, af == AF_INET ? "" : "V6", -+ af == AF_INET ? "" : "V6"); - return -1; - } - return 0; -Index: isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep -=================================================================== ---- isakmpd-20041012.orig.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.187897816 +0200 -+++ isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.291882008 +0200 -@@ -33,13 +33,13 @@ - LDADD+= -lgmp ${LIBSYSDEP} ${LIBCRYPTO} - DPADD+= ${LIBGMP} ${LIBSYSDEP} - --CFLAGS+= -DUSE_OLD_SOCKADDR -DHAVE_PCAP \ -- -DNEED_SYSDEP_APP -DMP_FLAVOUR=MP_FLAVOUR_GMP \ -- -I/usr/src/linux/include -I${.CURDIR}/sysdep/common \ -+CFLAGS+= -DHAVE_GETNAMEINFO -DUSE_OLD_SOCKADDR -DHAVE_PCAP \ -+ -DNEED_SYSDEP_APP -DMP_FLAVOUR=MP_FLAVOUR_GMP -DUSE_AES \ -+ -I${.CURDIR}/sysdep/linux/include -I${.CURDIR}/sysdep/common \ - -I/usr/include/openssl - - FEATURES= debug tripledes blowfish cast ec aggressive x509 policy --FEATURES+= des aes -+FEATURES+= dpd nat_traversal isakmp_cfg des aes - - IPSEC_SRCS= pf_key_v2.c - IPSEC_CFLAGS= -DUSE_PF_KEY_V2 -@@ -51,7 +51,7 @@ - # hack libsysdep.a dependenc - ${LIBSYSDEPDIR}/.depend ${LIBSYSDEP}: - cd ${LIBSYSDEPDIR} && \ -- ${MAKE} --no-print-directory ${MAKEFLAGS} \ -+ ${MAKE} --no-print-directory \ - CFLAGS="${CFLAGS}" MKDEP="${MKDEP}" ${MAKECMDGOALS} - - ifeq ($(findstring clean,$(MAKECMDGOALS)),clean) -Index: isakmpd-20041012.orig/sysdep/linux/include/bitstring.h -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ isakmpd-20041012.orig/sysdep/linux/include/bitstring.h 2007-06-04 13:22:39.291882008 +0200 -@@ -0,0 +1,132 @@ -+/* $OpenBSD: bitstring.h,v 1.4 2002/06/19 02:50:10 millert Exp $ */ -+/* $NetBSD: bitstring.h,v 1.5 1997/05/14 15:49:55 pk Exp $ */ -+ -+/* -+ * Copyright (c) 1989, 1993 -+ * The Regents of the University of California. All rights reserved. -+ * -+ * This code is derived from software contributed to Berkeley by -+ * Paul Vixie. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * This product includes software developed by the University of -+ * California, Berkeley and its contributors. -+ * 4. Neither the name of the University nor the names of its contributors -+ * may be used to endorse or promote products derived from this software -+ * without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * @(#)bitstring.h 8.1 (Berkeley) 7/19/93 -+ */ -+ -+#ifndef _BITSTRING_H_ -+#define _BITSTRING_H_ -+ -+/* modified for SV/AT and bitstring bugfix by M.R.Murphy, 11oct91 -+ * bitstr_size changed gratuitously, but shorter -+ * bit_alloc spelling error fixed -+ * the following were efficient, but didn't work, they've been made to -+ * work, but are no longer as efficient :-) -+ * bit_nclear, bit_nset, bit_ffc, bit_ffs -+ */ -+typedef unsigned char bitstr_t; -+ -+/* internal macros */ -+ /* byte of the bitstring bit is in */ -+#define _bit_byte(bit) \ -+ ((bit) >> 3) -+ -+ /* mask for the bit within its byte */ -+#define _bit_mask(bit) \ -+ (1 << ((bit)&0x7)) -+ -+/* external macros */ -+ /* bytes in a bitstring of nbits bits */ -+#define bitstr_size(nbits) \ -+ (((nbits) + 7) >> 3) -+ -+ /* allocate a bitstring */ -+#define bit_alloc(nbits) \ -+ (bitstr_t *)calloc((size_t)bitstr_size(nbits), sizeof(bitstr_t)) -+ -+ /* allocate a bitstring on the stack */ -+#define bit_decl(name, nbits) \ -+ ((name)[bitstr_size(nbits)]) -+ -+ /* is bit N of bitstring name set? */ -+#define bit_test(name, bit) \ -+ ((name)[_bit_byte(bit)] & _bit_mask(bit)) -+ -+ /* set bit N of bitstring name */ -+#define bit_set(name, bit) \ -+ ((name)[_bit_byte(bit)] |= _bit_mask(bit)) -+ -+ /* clear bit N of bitstring name */ -+#define bit_clear(name, bit) \ -+ ((name)[_bit_byte(bit)] &= ~_bit_mask(bit)) -+ -+ /* clear bits start ... stop in bitstring */ -+#define bit_nclear(name, start, stop) do { \ -+ register bitstr_t *_name = name; \ -+ register int _start = start, _stop = stop; \ -+ while (_start <= _stop) { \ -+ bit_clear(_name, _start); \ -+ _start++; \ -+ } \ -+} while(0) -+ -+ /* set bits start ... stop in bitstring */ -+#define bit_nset(name, start, stop) do { \ -+ register bitstr_t *_name = name; \ -+ register int _start = start, _stop = stop; \ -+ while (_start <= _stop) { \ -+ bit_set(_name, _start); \ -+ _start++; \ -+ } \ -+} while(0) -+ -+ /* find first bit clear in name */ -+#define bit_ffc(name, nbits, value) do { \ -+ register bitstr_t *_name = name; \ -+ register int _bit, _nbits = nbits, _value = -1; \ -+ for (_bit = 0; _bit < _nbits; ++_bit) \ -+ if (!bit_test(_name, _bit)) { \ -+ _value = _bit; \ -+ break; \ -+ } \ -+ *(value) = _value; \ -+} while(0) -+ -+ /* find first bit set in name */ -+#define bit_ffs(name, nbits, value) do { \ -+ register bitstr_t *_name = name; \ -+ register int _bit, _nbits = nbits, _value = -1; \ -+ for (_bit = 0; _bit < _nbits; ++_bit) \ -+ if (bit_test(_name, _bit)) { \ -+ _value = _bit; \ -+ break; \ -+ } \ -+ *(value) = _value; \ -+} while(0) -+ -+#endif /* !_BITSTRING_H_ */ -Index: isakmpd-20041012.orig/sysdep/linux/include/sys/queue.h -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ isakmpd-20041012.orig/sysdep/linux/include/sys/queue.h 2007-06-04 13:22:39.292881856 +0200 -@@ -0,0 +1,453 @@ -+/* -+ * Copyright (c) 1991, 1993 -+ * The Regents of the University of California. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * This product includes software developed by the University of -+ * California, Berkeley and its contributors. -+ * 4. Neither the name of the University nor the names of its contributors -+ * may be used to endorse or promote products derived from this software -+ * without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * @(#)queue.h 8.5 (Berkeley) 8/20/94 -+ * $FreeBSD: src/sys/sys/queue.h,v 1.45 2001/12/11 11:49:58 sheldonh Exp $ -+ */ -+ -+#ifndef _SYS_QUEUE_H_ -+#define _SYS_QUEUE_H_ -+ -+//#include /* for __offsetof */ -+ -+/* -+ * This file defines four types of data structures: singly-linked lists, -+ * singly-linked tail queues, lists and tail queues. -+ * -+ * A singly-linked list is headed by a single forward pointer. The elements -+ * are singly linked for minimum space and pointer manipulation overhead at -+ * the expense of O(n) removal for arbitrary elements. New elements can be -+ * added to the list after an existing element or at the head of the list. -+ * Elements being removed from the head of the list should use the explicit -+ * macro for this purpose for optimum efficiency. A singly-linked list may -+ * only be traversed in the forward direction. Singly-linked lists are ideal -+ * for applications with large datasets and few or no removals or for -+ * implementing a LIFO queue. -+ * -+ * A singly-linked tail queue is headed by a pair of pointers, one to the -+ * head of the list and the other to the tail of the list. The elements are -+ * singly linked for minimum space and pointer manipulation overhead at the -+ * expense of O(n) removal for arbitrary elements. New elements can be added -+ * to the list after an existing element, at the head of the list, or at the -+ * end of the list. Elements being removed from the head of the tail queue -+ * should use the explicit macro for this purpose for optimum efficiency. -+ * A singly-linked tail queue may only be traversed in the forward direction. -+ * Singly-linked tail queues are ideal for applications with large datasets -+ * and few or no removals or for implementing a FIFO queue. -+ * -+ * A list is headed by a single forward pointer (or an array of forward -+ * pointers for a hash table header). The elements are doubly linked -+ * so that an arbitrary element can be removed without a need to -+ * traverse the list. New elements can be added to the list before -+ * or after an existing element or at the head of the list. A list -+ * may only be traversed in the forward direction. -+ * -+ * A tail queue is headed by a pair of pointers, one to the head of the -+ * list and the other to the tail of the list. The elements are doubly -+ * linked so that an arbitrary element can be removed without a need to -+ * traverse the list. New elements can be added to the list before or -+ * after an existing element, at the head of the list, or at the end of -+ * the list. A tail queue may be traversed in either direction. -+ * -+ * For details on the use of these macros, see the queue(3) manual page. -+ * -+ * -+ * SLIST LIST STAILQ TAILQ -+ * _HEAD + + + + -+ * _HEAD_INITIALIZER + + + + -+ * _ENTRY + + + + -+ * _INIT + + + + -+ * _EMPTY + + + + -+ * _FIRST + + + + -+ * _NEXT + + + + -+ * _PREV - - - + -+ * _LAST - - + + -+ * _FOREACH + + + + -+ * _FOREACH_REVERSE - - - + -+ * _INSERT_HEAD + + + + -+ * _INSERT_BEFORE - + - + -+ * _INSERT_AFTER + + + + -+ * _INSERT_TAIL - - + + -+ * _REMOVE_HEAD + - + - -+ * _REMOVE + + + + -+ * -+ */ -+ -+/* -+ * Singly-linked List declarations. -+ */ -+#define SLIST_HEAD(name, type) \ -+struct name { \ -+ struct type *slh_first; /* first element */ \ -+} -+ -+#define SLIST_HEAD_INITIALIZER(head) \ -+ { NULL } -+ -+#define SLIST_ENTRY(type) \ -+struct { \ -+ struct type *sle_next; /* next element */ \ -+} -+ -+/* -+ * Singly-linked List functions. -+ */ -+#define SLIST_EMPTY(head) ((head)->slh_first == NULL) -+ -+#define SLIST_FIRST(head) ((head)->slh_first) -+ -+#define SLIST_FOREACH(var, head, field) \ -+ for ((var) = SLIST_FIRST((head)); \ -+ (var); \ -+ (var) = SLIST_NEXT((var), field)) -+ -+#define SLIST_INIT(head) do { \ -+ SLIST_FIRST((head)) = NULL; \ -+} while (0) -+ -+#define SLIST_INSERT_AFTER(slistelm, elm, field) do { \ -+ SLIST_NEXT((elm), field) = SLIST_NEXT((slistelm), field); \ -+ SLIST_NEXT((slistelm), field) = (elm); \ -+} while (0) -+ -+#define SLIST_INSERT_HEAD(head, elm, field) do { \ -+ SLIST_NEXT((elm), field) = SLIST_FIRST((head)); \ -+ SLIST_FIRST((head)) = (elm); \ -+} while (0) -+ -+#define SLIST_NEXT(elm, field) ((elm)->field.sle_next) -+ -+#define SLIST_REMOVE(head, elm, type, field) do { \ -+ if (SLIST_FIRST((head)) == (elm)) { \ -+ SLIST_REMOVE_HEAD((head), field); \ -+ } \ -+ else { \ -+ struct type *curelm = SLIST_FIRST((head)); \ -+ while (SLIST_NEXT(curelm, field) != (elm)) \ -+ curelm = SLIST_NEXT(curelm, field); \ -+ SLIST_NEXT(curelm, field) = \ -+ SLIST_NEXT(SLIST_NEXT(curelm, field), field); \ -+ } \ -+} while (0) -+ -+#define SLIST_REMOVE_HEAD(head, field) do { \ -+ SLIST_FIRST((head)) = SLIST_NEXT(SLIST_FIRST((head)), field); \ -+} while (0) -+ -+/* -+ * Singly-linked Tail queue declarations. -+ */ -+#define STAILQ_HEAD(name, type) \ -+struct name { \ -+ struct type *stqh_first;/* first element */ \ -+ struct type **stqh_last;/* addr of last next element */ \ -+} -+ -+#define STAILQ_HEAD_INITIALIZER(head) \ -+ { NULL, &(head).stqh_first } -+ -+#define STAILQ_ENTRY(type) \ -+struct { \ -+ struct type *stqe_next; /* next element */ \ -+} -+ -+/* -+ * Singly-linked Tail queue functions. -+ */ -+#define STAILQ_EMPTY(head) ((head)->stqh_first == NULL) -+ -+#define STAILQ_FIRST(head) ((head)->stqh_first) -+ -+#define STAILQ_FOREACH(var, head, field) \ -+ for((var) = STAILQ_FIRST((head)); \ -+ (var); \ -+ (var) = STAILQ_NEXT((var), field)) -+ -+#define STAILQ_INIT(head) do { \ -+ STAILQ_FIRST((head)) = NULL; \ -+ (head)->stqh_last = &STAILQ_FIRST((head)); \ -+} while (0) -+ -+#define STAILQ_INSERT_AFTER(head, tqelm, elm, field) do { \ -+ if ((STAILQ_NEXT((elm), field) = STAILQ_NEXT((tqelm), field)) == NULL)\ -+ (head)->stqh_last = &STAILQ_NEXT((elm), field); \ -+ STAILQ_NEXT((tqelm), field) = (elm); \ -+} while (0) -+ -+#define STAILQ_INSERT_HEAD(head, elm, field) do { \ -+ if ((STAILQ_NEXT((elm), field) = STAILQ_FIRST((head))) == NULL) \ -+ (head)->stqh_last = &STAILQ_NEXT((elm), field); \ -+ STAILQ_FIRST((head)) = (elm); \ -+} while (0) -+ -+#define STAILQ_INSERT_TAIL(head, elm, field) do { \ -+ STAILQ_NEXT((elm), field) = NULL; \ -+ *(head)->stqh_last = (elm); \ -+ (head)->stqh_last = &STAILQ_NEXT((elm), field); \ -+} while (0) -+ -+#define STAILQ_LAST(head, type, field) \ -+ (STAILQ_EMPTY(head) ? \ -+ NULL : \ -+ ((struct type *) \ -+ ((char *)((head)->stqh_last) - __offsetof(struct type, field)))) -+ -+#define STAILQ_NEXT(elm, field) ((elm)->field.stqe_next) -+ -+#define STAILQ_REMOVE(head, elm, type, field) do { \ -+ if (STAILQ_FIRST((head)) == (elm)) { \ -+ STAILQ_REMOVE_HEAD(head, field); \ -+ } \ -+ else { \ -+ struct type *curelm = STAILQ_FIRST((head)); \ -+ while (STAILQ_NEXT(curelm, field) != (elm)) \ -+ curelm = STAILQ_NEXT(curelm, field); \ -+ if ((STAILQ_NEXT(curelm, field) = \ -+ STAILQ_NEXT(STAILQ_NEXT(curelm, field), field)) == NULL)\ -+ (head)->stqh_last = &STAILQ_NEXT((curelm), field);\ -+ } \ -+} while (0) -+ -+#define STAILQ_REMOVE_HEAD(head, field) do { \ -+ if ((STAILQ_FIRST((head)) = \ -+ STAILQ_NEXT(STAILQ_FIRST((head)), field)) == NULL) \ -+ (head)->stqh_last = &STAILQ_FIRST((head)); \ -+} while (0) -+ -+#define STAILQ_REMOVE_HEAD_UNTIL(head, elm, field) do { \ -+ if ((STAILQ_FIRST((head)) = STAILQ_NEXT((elm), field)) == NULL) \ -+ (head)->stqh_last = &STAILQ_FIRST((head)); \ -+} while (0) -+ -+/* -+ * List declarations. -+ */ -+#define LIST_HEAD(name, type) \ -+struct name { \ -+ struct type *lh_first; /* first element */ \ -+} -+ -+#define LIST_HEAD_INITIALIZER(head) \ -+ { NULL } -+ -+#define LIST_ENTRY(type) \ -+struct { \ -+ struct type *le_next; /* next element */ \ -+ struct type **le_prev; /* address of previous next element */ \ -+} -+ -+/* -+ * List functions. -+ */ -+ -+#define LIST_EMPTY(head) ((head)->lh_first == NULL) -+ -+#define LIST_FIRST(head) ((head)->lh_first) -+ -+#define LIST_FOREACH(var, head, field) \ -+ for ((var) = LIST_FIRST((head)); \ -+ (var); \ -+ (var) = LIST_NEXT((var), field)) -+ -+#define LIST_INIT(head) do { \ -+ LIST_FIRST((head)) = NULL; \ -+} while (0) -+ -+#define LIST_INSERT_AFTER(listelm, elm, field) do { \ -+ if ((LIST_NEXT((elm), field) = LIST_NEXT((listelm), field)) != NULL)\ -+ LIST_NEXT((listelm), field)->field.le_prev = \ -+ &LIST_NEXT((elm), field); \ -+ LIST_NEXT((listelm), field) = (elm); \ -+ (elm)->field.le_prev = &LIST_NEXT((listelm), field); \ -+} while (0) -+ -+#define LIST_INSERT_BEFORE(listelm, elm, field) do { \ -+ (elm)->field.le_prev = (listelm)->field.le_prev; \ -+ LIST_NEXT((elm), field) = (listelm); \ -+ *(listelm)->field.le_prev = (elm); \ -+ (listelm)->field.le_prev = &LIST_NEXT((elm), field); \ -+} while (0) -+ -+#define LIST_INSERT_HEAD(head, elm, field) do { \ -+ if ((LIST_NEXT((elm), field) = LIST_FIRST((head))) != NULL) \ -+ LIST_FIRST((head))->field.le_prev = &LIST_NEXT((elm), field);\ -+ LIST_FIRST((head)) = (elm); \ -+ (elm)->field.le_prev = &LIST_FIRST((head)); \ -+} while (0) -+ -+#define LIST_NEXT(elm, field) ((elm)->field.le_next) -+ -+#define LIST_REMOVE(elm, field) do { \ -+ if (LIST_NEXT((elm), field) != NULL) \ -+ LIST_NEXT((elm), field)->field.le_prev = \ -+ (elm)->field.le_prev; \ -+ *(elm)->field.le_prev = LIST_NEXT((elm), field); \ -+} while (0) -+ -+/* -+ * Tail queue declarations. -+ */ -+#define TAILQ_HEAD(name, type) \ -+struct name { \ -+ struct type *tqh_first; /* first element */ \ -+ struct type **tqh_last; /* addr of last next element */ \ -+} -+ -+#define TAILQ_HEAD_INITIALIZER(head) \ -+ { NULL, &(head).tqh_first } -+ -+#define TAILQ_ENTRY(type) \ -+struct { \ -+ struct type *tqe_next; /* next element */ \ -+ struct type **tqe_prev; /* address of previous next element */ \ -+} -+ -+/* -+ * Tail queue functions. -+ */ -+#define TAILQ_EMPTY(head) ((head)->tqh_first == NULL) -+ -+#define TAILQ_FIRST(head) ((head)->tqh_first) -+ -+#define TAILQ_FOREACH(var, head, field) \ -+ for ((var) = TAILQ_FIRST((head)); \ -+ (var); \ -+ (var) = TAILQ_NEXT((var), field)) -+ -+#define TAILQ_FOREACH_REVERSE(var, head, headname, field) \ -+ for ((var) = TAILQ_LAST((head), headname); \ -+ (var); \ -+ (var) = TAILQ_PREV((var), headname, field)) -+ -+#define TAILQ_INIT(head) do { \ -+ TAILQ_FIRST((head)) = NULL; \ -+ (head)->tqh_last = &TAILQ_FIRST((head)); \ -+} while (0) -+ -+#define TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \ -+ if ((TAILQ_NEXT((elm), field) = TAILQ_NEXT((listelm), field)) != NULL)\ -+ TAILQ_NEXT((elm), field)->field.tqe_prev = \ -+ &TAILQ_NEXT((elm), field); \ -+ else \ -+ (head)->tqh_last = &TAILQ_NEXT((elm), field); \ -+ TAILQ_NEXT((listelm), field) = (elm); \ -+ (elm)->field.tqe_prev = &TAILQ_NEXT((listelm), field); \ -+} while (0) -+ -+#define TAILQ_INSERT_BEFORE(listelm, elm, field) do { \ -+ (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \ -+ TAILQ_NEXT((elm), field) = (listelm); \ -+ *(listelm)->field.tqe_prev = (elm); \ -+ (listelm)->field.tqe_prev = &TAILQ_NEXT((elm), field); \ -+} while (0) -+ -+#define TAILQ_INSERT_HEAD(head, elm, field) do { \ -+ if ((TAILQ_NEXT((elm), field) = TAILQ_FIRST((head))) != NULL) \ -+ TAILQ_FIRST((head))->field.tqe_prev = \ -+ &TAILQ_NEXT((elm), field); \ -+ else \ -+ (head)->tqh_last = &TAILQ_NEXT((elm), field); \ -+ TAILQ_FIRST((head)) = (elm); \ -+ (elm)->field.tqe_prev = &TAILQ_FIRST((head)); \ -+} while (0) -+ -+#define TAILQ_INSERT_TAIL(head, elm, field) do { \ -+ TAILQ_NEXT((elm), field) = NULL; \ -+ (elm)->field.tqe_prev = (head)->tqh_last; \ -+ *(head)->tqh_last = (elm); \ -+ (head)->tqh_last = &TAILQ_NEXT((elm), field); \ -+} while (0) -+ -+#define TAILQ_LAST(head, headname) \ -+ (*(((struct headname *)((head)->tqh_last))->tqh_last)) -+ -+#define TAILQ_NEXT(elm, field) ((elm)->field.tqe_next) -+ -+#define TAILQ_PREV(elm, headname, field) \ -+ (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last)) -+ -+#define TAILQ_REMOVE(head, elm, field) do { \ -+ if ((TAILQ_NEXT((elm), field)) != NULL) \ -+ TAILQ_NEXT((elm), field)->field.tqe_prev = \ -+ (elm)->field.tqe_prev; \ -+ else \ -+ (head)->tqh_last = (elm)->field.tqe_prev; \ -+ *(elm)->field.tqe_prev = TAILQ_NEXT((elm), field); \ -+} while (0) -+ -+ -+#ifdef _KERNEL -+ -+/* -+ * XXX insque() and remque() are an old way of handling certain queues. -+ * They bogusly assumes that all queue heads look alike. -+ */ -+ -+struct quehead { -+ struct quehead *qh_link; -+ struct quehead *qh_rlink; -+}; -+ -+#ifdef __GNUC__ -+ -+static __inline void -+insque(void *a, void *b) -+{ -+ struct quehead *element = (struct quehead *)a, -+ *head = (struct quehead *)b; -+ -+ element->qh_link = head->qh_link; -+ element->qh_rlink = head; -+ head->qh_link = element; -+ element->qh_link->qh_rlink = element; -+} -+ -+static __inline void -+remque(void *a) -+{ -+ struct quehead *element = (struct quehead *)a; -+ -+ element->qh_link->qh_rlink = element->qh_rlink; -+ element->qh_rlink->qh_link = element->qh_link; -+ element->qh_rlink = 0; -+} -+ -+#else /* !__GNUC__ */ -+ -+void insque __P((void *a, void *b)); -+void remque __P((void *a)); -+ -+#endif /* __GNUC__ */ -+ -+#endif /* _KERNEL */ -+ -+#endif /* !_SYS_QUEUE_H_ */ -Index: isakmpd-20041012.orig/sysdep/common/pcap.h -=================================================================== ---- isakmpd-20041012.orig.orig/sysdep/common/pcap.h 2007-06-04 13:22:39.203895384 +0200 -+++ isakmpd-20041012.orig/sysdep/common/pcap.h 2007-06-04 13:22:39.292881856 +0200 -@@ -55,8 +55,13 @@ - u_int32_t linktype; /* data link type (DLT_*) */ - }; - -+struct pcap_timeval { -+ int32_t tv_sec; /* seconds */ -+ int32_t tv_usec; /* microseconds */ -+}; -+ - struct pcap_pkthdr { -- struct timeval ts; /* time stamp */ -+ struct pcap_timeval ts; /* time stamp */ - u_int32_t caplen; /* length of portion present */ - u_int32_t len; /* length this packet (off wire) */ - }; -Index: isakmpd-20041012.orig/sysdep/common/libsysdep/arc4random.c -=================================================================== ---- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/arc4random.c 2007-06-04 13:22:39.211894168 +0200 -+++ isakmpd-20041012.orig/sysdep/common/libsysdep/arc4random.c 2007-06-04 13:22:39.292881856 +0200 -@@ -78,7 +78,7 @@ - static void - arc4_stir(struct arc4_stream *as) - { -- int fd; -+ int fd, i; - struct { - struct timeval tv; - u_int8_t rnd[128 - sizeof(struct timeval)]; -Index: isakmpd-20041012.orig/x509v3.cnf -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ isakmpd-20041012.orig/x509v3.cnf 2007-06-04 13:22:39.293881704 +0200 -@@ -0,0 +1,26 @@ -+# default settings -+CERTPATHLEN = 1 -+CERTUSAGE = digitalSignature,keyCertSign -+CERTIP = 0.0.0.0 -+CERTFQDN = nohost.nodomain -+ -+# This section should be referenced when building an x509v3 CA -+# Certificate. -+# The default path length and the key usage can be overriden -+# modified by setting the CERTPATHLEN and CERTUSAGE environment -+# variables. -+[x509v3_CA] -+basicConstraints=critical,CA:true,pathlen:$ENV::CERTPATHLEN -+keyUsage=$ENV::CERTUSAGE -+ -+# This section should be referenced to add an IP Address -+# as an alternate subject name, needed by isakmpd -+# The address must be provided in the CERTIP environment variable -+[x509v3_IPAddr] -+subjectAltName=IP:$ENV::CERTIP -+ -+# This section should be referenced to add a FQDN hostname -+# as an alternate subject name, needed by isakmpd -+# The address must be provided in the CERTFQDN environment variable -+[x509v3_FQDN] -+subjectAltName=DNS:$ENV::CERTFQDN diff --git a/package/isakmpd/patches/020-standardize.patch b/package/isakmpd/patches/020-standardize.patch deleted file mode 100644 index 435782b637..0000000000 --- a/package/isakmpd/patches/020-standardize.patch +++ /dev/null @@ -1,154 +0,0 @@ -Index: isakmpd-20041012.orig/GNUmakefile -=================================================================== ---- isakmpd-20041012.orig.orig/GNUmakefile 2007-06-04 13:22:39.283883224 +0200 -+++ isakmpd-20041012.orig/GNUmakefile 2007-06-04 13:22:39.722816496 +0200 -@@ -168,7 +168,6 @@ - X509= x509.c - CFLAGS+= -DUSE_LIBCRYPTO - LDADD+= -lcrypto --DPADD+= ${LIBCRYPTO} - endif - - ifdef USE_RAWKEY -@@ -242,3 +241,16 @@ - - realcleandepend: - rm -f .depend tags -+ -+# Install rules -+install: install-bin install-man -+ -+install-bin: isakmpd -+ -mkdir -p $(DESTDIR)$(BINDIR) -+ $(INSTALL) $(INSTALL_OPTS) -m 755 isakmpd $(DESTDIR)$(BINDIR) -+ -+install-man: -+ -mkdir -p $(DESTDIR)$(MANDIR)/man8 -+ $(INSTALL) $(INSTALL_OPTS) -m 444 isakmpd.8 $(DESTDIR)$(MANDIR)/man8 -+ -mkdir -p $(DESTDIR)$(MANDIR)/man5 -+ $(INSTALL) $(INSTALL_OPTS) -m 444 isakmpd.conf.5 isakmpd.policy.5 $(DESTDIR)$(MANDIR)/man5 -Index: isakmpd-20041012.orig/samples/Makefile -=================================================================== ---- isakmpd-20041012.orig.orig/samples/Makefile 2007-06-04 13:22:39.015923960 +0200 -+++ isakmpd-20041012.orig/samples/Makefile 2007-06-04 13:22:39.722816496 +0200 -@@ -26,7 +26,7 @@ - # - - FILES= VPN-* policy singlehost-* --TARGETDIR= /usr/share/ipsec/isakmpd -+TARGETDIR= /usr/share/isakmpd/samples - - # The mkdir below is for installation on OpenBSD pre 2.7 - install: -Index: isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep -=================================================================== ---- isakmpd-20041012.orig.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.291882008 +0200 -+++ isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.722816496 +0200 -@@ -25,18 +25,18 @@ - # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - # - --LIBGMP:= /usr/lib/libgmp.a --LIBCRYPTO:= /usr/lib/libcrypto.a -+LIBGMP:= -+LIBCRYPTO:= -lcrypto - LIBSYSDEPDIR:= ${.CURDIR}/sysdep/common/libsysdep - LIBSYSDEP:= ${LIBSYSDEPDIR}/libsysdep.a - --LDADD+= -lgmp ${LIBSYSDEP} ${LIBCRYPTO} -+LDADD+= $(EXTRA_LDFLAGS) -lgmp ${LIBSYSDEP} ${LIBCRYPTO} - DPADD+= ${LIBGMP} ${LIBSYSDEP} - - CFLAGS+= -DHAVE_GETNAMEINFO -DUSE_OLD_SOCKADDR -DHAVE_PCAP \ - -DNEED_SYSDEP_APP -DMP_FLAVOUR=MP_FLAVOUR_GMP -DUSE_AES \ - -I${.CURDIR}/sysdep/linux/include -I${.CURDIR}/sysdep/common \ -- -I/usr/include/openssl -+ $(EXTRA_CPPFLAGS) - - FEATURES= debug tripledes blowfish cast ec aggressive x509 policy - FEATURES+= dpd nat_traversal isakmp_cfg des aes -Index: isakmpd-20041012.orig/Makefile -=================================================================== ---- isakmpd-20041012.orig.orig/Makefile 2007-06-04 13:22:39.028921984 +0200 -+++ isakmpd-20041012.orig/Makefile 2007-06-04 13:22:39.723816344 +0200 -@@ -147,7 +147,6 @@ - .ifdef USE_LIBCRYPTO - CFLAGS+= -DUSE_LIBCRYPTO - LDADD+= -lcrypto --DPADD+= ${LIBCRYPTO} - .endif - - .ifdef USE_LIBDES -Index: isakmpd-20041012.orig/apps/certpatch/Makefile -=================================================================== ---- isakmpd-20041012.orig.orig/apps/certpatch/Makefile 2007-06-04 13:22:39.035920920 +0200 -+++ isakmpd-20041012.orig/apps/certpatch/Makefile 2007-06-04 13:22:39.723816344 +0200 -@@ -40,7 +40,6 @@ - .PATH: ${TOPSRC} ${TOPSRC}/sysdep/${OS} ${TOPOBJ} - CFLAGS+= -I${TOPSRC} -I${TOPSRC}/sysdep/${OS} -I${TOPOBJ} -Wall - LDADD+= -lcrypto --DPADD+= ${LIBCRYPTO} - MAN= certpatch.8 - - .if ${FEATURES:Mgmp} == "gmp" -Index: isakmpd-20041012.orig/regress/crypto/Makefile -=================================================================== ---- isakmpd-20041012.orig.orig/regress/crypto/Makefile 2007-06-04 13:22:39.041920008 +0200 -+++ isakmpd-20041012.orig/regress/crypto/Makefile 2007-06-04 13:22:39.723816344 +0200 -@@ -13,7 +13,7 @@ - -DUSE_TRIPLEDES -DUSE_CAST -DUSE_BLOWFISH -DUSE_DES \ - -DUSE_AES - LDADD+= -lcrypto -ldes --DPADD+= ${LIBCRYPTO} ${LIBDES} -+DPADD+= ${LIBDES} - NOMAN= - DEBUG= -g - -Index: isakmpd-20041012.orig/regress/dh/Makefile -=================================================================== ---- isakmpd-20041012.orig.orig/regress/dh/Makefile 2007-06-04 13:22:39.048918944 +0200 -+++ isakmpd-20041012.orig/regress/dh/Makefile 2007-06-04 13:22:39.726815888 +0200 -@@ -15,7 +15,6 @@ - -DUSE_EC - NOMAN= - LDADD+= -lcrypto --DPADD+= ${LIBCRYPTO} - DEBUG= -g - - .if ${FEATURES:Mgmp} == "gmp" -Index: isakmpd-20041012.orig/regress/group/Makefile -=================================================================== ---- isakmpd-20041012.orig.orig/regress/group/Makefile 2007-06-04 13:22:39.054918032 +0200 -+++ isakmpd-20041012.orig/regress/group/Makefile 2007-06-04 13:22:39.727815736 +0200 -@@ -15,7 +15,6 @@ - -DUSE_EC - NOMAN= - LDADD+= -lcrypto --DPADD+= ${LIBCRYPTO} - DEBUG= -g - - .if ${FEATURES:Mgmp} == "gmp" -Index: isakmpd-20041012.orig/regress/rsakeygen/Makefile -=================================================================== ---- isakmpd-20041012.orig.orig/regress/rsakeygen/Makefile 2007-06-04 13:22:39.060917120 +0200 -+++ isakmpd-20041012.orig/regress/rsakeygen/Makefile 2007-06-04 13:22:39.727815736 +0200 -@@ -62,7 +62,6 @@ - .ifdef USE_LIBCRYPTO - CFLAGS+= -DUSE_LIBCRYPTO - LDADD+= -lcrypto --DPADD+= ${LIBCRYPTO} - .endif - - .if !defined (HAVE_DLOPEN) && !defined (USE_LIBCRYPTO) -Index: isakmpd-20041012.orig/regress/x509/Makefile -=================================================================== ---- isakmpd-20041012.orig.orig/regress/x509/Makefile 2007-06-04 13:22:39.068915904 +0200 -+++ isakmpd-20041012.orig/regress/x509/Makefile 2007-06-04 13:22:39.727815736 +0200 -@@ -78,7 +78,6 @@ - X509= x509.c - CFLAGS+= -DUSE_LIBCRYPTO - LDADD+= -lcrypto ${LIBLWRES} --DPADD+= ${LIBCRYPTO} - .endif - - .if !defined (HAVE_DLOPEN) && !defined (USE_LIBCRYPTO) || !defined (USE_KEYNOTE) diff --git a/package/isakmpd/patches/030-openssl_hashes.patch b/package/isakmpd/patches/030-openssl_hashes.patch deleted file mode 100644 index f50afc598e..0000000000 --- a/package/isakmpd/patches/030-openssl_hashes.patch +++ /dev/null @@ -1,161 +0,0 @@ -Index: isakmpd-20041012.orig/GNUmakefile -=================================================================== ---- isakmpd-20041012.orig.orig/GNUmakefile 2007-06-04 13:22:39.722816496 +0200 -+++ isakmpd-20041012.orig/GNUmakefile 2007-06-04 13:22:40.000774240 +0200 -@@ -76,13 +76,14 @@ - isakmp_fld.c isakmp_fld.h - MAN= isakmpd.8 isakmpd.conf.5 isakmpd.policy.5 - --CFLAGS+= -O2 ${DEBUG} -Wall -DNEED_SYSDEP_APP \ -+CFLAGS+= ${DEBUG} -Wall -DNEED_SYSDEP_APP \ - -I${.CURDIR} -I${.CURDIR}/sysdep/${OS} -I. \ - - # Different debugging & profiling suggestions - - # Include symbolic debugging info - DEBUG= -g -+CFLAGS+= -g - - # Do execution time profiles - #CFLAGS+= -pg -@@ -175,6 +176,14 @@ - CFLAGS+= -DUSE_RAWKEY - endif - -+ifdef USE_OPENSSL_MD5 -+CFLAGS+= -DUSE_OPENSSL_MD5 -+endif -+ -+ifdef USE_OPENSSL_SHA1 -+CFLAGS+= -DUSE_OPENSSL_SHA1 -+endif -+ - SRCS+= ${IPSEC_SRCS} ${X509} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \ - $(ISAKMP_CFG) ${DPD} ${NAT_TRAVERSAL} - CFLAGS+= ${IPSEC_CFLAGS} -Index: isakmpd-20041012.orig/sysdep/common/libsysdep/GNUmakefile -=================================================================== ---- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/GNUmakefile 2007-06-04 13:22:38.959932472 +0200 -+++ isakmpd-20041012.orig/sysdep/common/libsysdep/GNUmakefile 2007-06-04 13:22:40.000774240 +0200 -@@ -31,10 +31,18 @@ - .CURDIR:= $(shell pwd) - - LIB= sysdep --SRCS= arc4random.c blowfish.c cast.c md5.c sha1.c strlcat.c strlcpy.c -+SRCS= arc4random.c blowfish.c cast.c strlcat.c strlcpy.c - NOMAN= - CFLAGS+= -I${.CURDIR}/.. -I/usr/include/machine - -+ifeq (,$(findstring USE_OPENSSL_MD5,$(CFLAGS))) -+SRCS+=md5.c -+endif -+ -+ifeq (,$(findstring USE_OPENSSL_SHA1,$(CFLAGS))) -+SRCS+=sha1.c -+endif -+ - lib${LIB}.a: ${SRCS:%.c=%.o} - ar cq $@ ${SRCS:%.c=%.o} - -Index: isakmpd-20041012.orig/sysdep/common/libsysdep/md5.c -=================================================================== ---- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/md5.c 2007-06-04 13:22:38.964931712 +0200 -+++ isakmpd-20041012.orig/sysdep/common/libsysdep/md5.c 2007-06-04 13:22:40.000774240 +0200 -@@ -5,6 +5,8 @@ - * changes to accommodate it in the kernel by ji. - */ - -+#ifndef USE_OPENSSL_MD5 -+ - /* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm - */ - -@@ -390,3 +392,4 @@ - #endif - #endif - -+#endif /* USE_OPENSSL_MD5 */ -Index: isakmpd-20041012.orig/sysdep/common/libsysdep/sha1.c -=================================================================== ---- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/sha1.c 2007-06-04 13:22:38.970930800 +0200 -+++ isakmpd-20041012.orig/sysdep/common/libsysdep/sha1.c 2007-06-04 13:22:40.001774088 +0200 -@@ -1,5 +1,7 @@ - /* $OpenBSD: sha1.c,v 1.2 2001/01/28 22:38:48 niklas Exp $ */ - -+#ifndef USE_OPENSSL_SHA1 -+ - /* - SHA-1 in C - By Steve Reid -@@ -171,3 +173,5 @@ - SHA1Transform(context->state, context->buffer); - #endif - } -+ -+#endif /* USE_OPENSSL_SHA1 */ -Index: isakmpd-20041012.orig/sysdep/common/md5.h -=================================================================== ---- isakmpd-20041012.orig.orig/sysdep/common/md5.h 2007-06-04 13:22:38.976929888 +0200 -+++ isakmpd-20041012.orig/sysdep/common/md5.h 2007-06-04 13:22:40.001774088 +0200 -@@ -1,5 +1,15 @@ - /* $OpenBSD: md5.h,v 1.2 2001/01/28 22:38:47 niklas Exp $ */ - -+#ifdef USE_OPENSSL_MD5 -+ -+#include -+ -+#define MD5Init MD5_Init -+#define MD5Update MD5_Update -+#define MD5Final MD5_Final -+ -+#else /* USE_OPENSSL_MD5 */ -+ - /* GLOBAL.H - RSAREF types and constants - */ - -@@ -71,3 +81,5 @@ - void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *)); - - #define _MD5_H_ -+ -+#endif /* USE_OPENSSL_MD5 */ -Index: isakmpd-20041012.orig/sysdep/common/sha1.h -=================================================================== ---- isakmpd-20041012.orig.orig/sysdep/common/sha1.h 2007-06-04 13:22:38.982928976 +0200 -+++ isakmpd-20041012.orig/sysdep/common/sha1.h 2007-06-04 13:22:40.001774088 +0200 -@@ -1,5 +1,16 @@ - /* $OpenBSD: sha1.h,v 1.2 2001/01/28 22:38:47 niklas Exp $ */ - -+#ifdef USE_OPENSSL_SHA1 -+ -+#include -+ -+typedef SHA_CTX SHA1_CTX; -+#define SHA1Init SHA1_Init -+#define SHA1Update SHA1_Update -+#define SHA1Final SHA1_Final -+ -+#else /* USE_OPENSSL_SHA1 */ -+ - /* - SHA-1 in C - By Steve Reid -@@ -16,3 +27,5 @@ - void SHA1Init(SHA1_CTX* context); - void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int len); - void SHA1Final(unsigned char digest[20], SHA1_CTX* context); -+ -+#endif /* USE_OPENSSL_SHA1 */ -Index: isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep -=================================================================== ---- isakmpd-20041012.orig.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.722816496 +0200 -+++ isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:40.001774088 +0200 -@@ -47,6 +47,8 @@ - USE_LIBCRYPO= defined - HAVE_DLOPEN= defined - USE_KEYNOTE= defined -+USE_OPENSSL_MD5= defined -+USE_OPENSSL_SHA1= defined - - # hack libsysdep.a dependenc - ${LIBSYSDEPDIR}/.depend ${LIBSYSDEP}: diff --git a/package/isakmpd/patches/040-security_fix.patch b/package/isakmpd/patches/040-security_fix.patch deleted file mode 100644 index d70a722452..0000000000 --- a/package/isakmpd/patches/040-security_fix.patch +++ /dev/null @@ -1,18 +0,0 @@ -Index: isakmpd-20041012.orig/ipsec.c -=================================================================== ---- isakmpd-20041012.orig.orig/ipsec.c 2007-06-04 13:22:39.283883224 +0200 -+++ isakmpd-20041012.orig/ipsec.c 2007-06-04 13:22:40.247736696 +0200 -@@ -2176,9 +2176,10 @@ - { - struct ipsec_proto *iproto = proto->data; - -- if (proto->sa->phase == 2 && section) -- iproto->replay_window = conf_get_num(section, "ReplayWindow", -- DEFAULT_REPLAY_WINDOW); -+ if (proto->sa->phase == 2) -+ iproto->replay_window = section ? conf_get_num(section, -+ "ReplayWindow", DEFAULT_REPLAY_WINDOW) : -+ DEFAULT_REPLAY_WINDOW; - } - - /* diff --git a/package/isakmpd/patches/050-ar_cross.patch b/package/isakmpd/patches/050-ar_cross.patch deleted file mode 100644 index 2bac048db3..0000000000 --- a/package/isakmpd/patches/050-ar_cross.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: isakmpd-20041012.orig/sysdep/common/libsysdep/GNUmakefile -=================================================================== ---- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/GNUmakefile 2007-06-04 13:22:40.000774240 +0200 -+++ isakmpd-20041012.orig/sysdep/common/libsysdep/GNUmakefile 2007-06-04 13:22:40.431708728 +0200 -@@ -44,7 +44,7 @@ - endif - - lib${LIB}.a: ${SRCS:%.c=%.o} -- ar cq $@ ${SRCS:%.c=%.o} -+ $(AR) cq $@ ${SRCS:%.c=%.o} - - clean: - rm -f lib${LIB}.a ${SRCS:%.c=%.o} diff --git a/package/keynote/Makefile b/package/keynote/Makefile deleted file mode 100644 index 5b27257b4a..0000000000 --- a/package/keynote/Makefile +++ /dev/null @@ -1,55 +0,0 @@ -# -# Copyright (C) 2006 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# -# $Id$ - -include $(TOPDIR)/rules.mk - -PKG_NAME:=keynote -PKG_VERSION:=2.3 -PKG_RELEASE:=2 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 -PKG_SOURCE_URL:=http://downloads.openwrt.org/sources/ -PKG_MD5SUM:=b569066ac2ba1356c2112b118a7d74d0 - -include $(INCLUDE_DIR)/package.mk - -define Package/keynote - SECTION:=net - CATEGORY:=Network - DEPENDS:=@LINUX_2_6 +libopenssl - TITLE:=Simple and flexible trust-management system - URL:=http://www1.cs.columbia.edu/~angelos/keynote.html -endef - -define Package/keynote/description - KeyNote is a simple and flexible trust-management system designed to work - well for a variety of large- and small- scale Internet-based applications. - It provides a single, unified language for both local policies and - credentials. -endef - -CONFIGURE_ARGS += \ - --enable-static \ - --enable-shared - -MAKE_FLAGS += \ - CFLAGS="$(TARGET_CFLAGS)" - -define Build/InstallDev - mkdir -p $(1)/usr/include/keynote - $(CP) $(PKG_BUILD_DIR)/{assertion,header,keynote,signature}.h $(1)/usr/include/keynote/ - mkdir -p $(1)/usr/lib - $(CP) $(PKG_BUILD_DIR)/libkeynote.a $(1)/usr/lib/ -endef - -define Package/keynote/install - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/keynote $(1)/usr/sbin/ -endef - -$(eval $(call BuildPackage,keynote)) diff --git a/package/keynote/patches/001-build.patch b/package/keynote/patches/001-build.patch deleted file mode 100644 index 88db37230b..0000000000 --- a/package/keynote/patches/001-build.patch +++ /dev/null @@ -1,345 +0,0 @@ -Index: keynote-2.3/configure.in -=================================================================== ---- keynote-2.3.orig/configure.in 2007-06-04 13:22:41.284579072 +0200 -+++ keynote-2.3/configure.in 2007-06-04 13:22:41.389563112 +0200 -@@ -21,19 +21,13 @@ - AC_PATH_PROG(ECHO, echo, /bin/echo) - AC_PATH_PROG(SED, sed, /usr/bin/sed) - --dnl Checks for libraries. --LIBS="-L/usr/lib -L/usr/local/lib -L/usr/ssl/lib -L/usr/openssl/lib\ -- -L/usr/local/ssl/lib -L/usr/local/openssl/lib -L/usr/pkg/lib -L/pkg/lib" -- - AC_CHECK_LIB(m, floor, LIBS="$LIBS -lm") - AC_CHECK_LIB(rsaref, RSAPrivateDecrypt, LIBS="$LIBS -lrsaref") - AC_CHECK_LIB(crypto, i2a_ASN1_STRING, LIBS="$LIBS -lcrypto") - AC_CHECK_LIB(RSAglue, RSA_ref_private_encrypt, LIBS="$LIBS -lRSAglue") - - dnl Checks for header files. --CPPFLAGS="-I/usr/include -I/usr/local/include -I/usr/ssl/include\ -- -I/usr/local/ssl/include -I/usr/openssl/include -I/usr/pkg/include\ -- -I/usr/local/openssl/include -I/pkg/include" -+CPPFLAGS="-I/usr/include/openssl" - - AC_HEADER_STDC - AC_HEADER_TIME -Index: keynote-2.3/keynote-keygen.c -=================================================================== ---- keynote-2.3.orig/keynote-keygen.c 2007-06-04 13:22:41.290578160 +0200 -+++ keynote-2.3/keynote-keygen.c 2007-06-04 13:22:41.389563112 +0200 -@@ -161,7 +161,7 @@ - if (strlen(algname) + 2 > prlen) - { - fprintf(stderr, "Parameter ``print-length'' should be larger " -- "than the length of AlgorithmName (%d)\n", strlen(algname)); -+ "than the length of AlgorithmName (%lu)\n", strlen(algname)); - exit(-1); - } - -Index: keynote-2.3/keynote.l -=================================================================== ---- keynote-2.3.orig/keynote.l 2007-06-04 13:22:41.295577400 +0200 -+++ keynote-2.3/keynote.l 2007-06-04 13:22:41.390562960 +0200 -@@ -61,7 +61,8 @@ - static struct lex_list *keynote_lex_list = (struct lex_list *) NULL; - static int keynote_max_lex_list = 32; - static int keynote_lex_counter = 0; --static int first_tok = 0; -+extern int first_tok; -+int first_tok = 0; - %} - digit [0-9] - specnumber [1-9][0-9]* -@@ -766,7 +767,7 @@ - if (0) - { - yyunput(0, NULL); -- yy_flex_realloc(0, NULL); -+ yy_flex_realloc(NULL, 0); - } - - return en; -Index: keynote-2.3/keynote-ver.l -=================================================================== ---- keynote-2.3.orig/keynote-ver.l 2007-06-04 13:22:41.301576488 +0200 -+++ keynote-2.3/keynote-ver.l 2007-06-04 13:22:41.390562960 +0200 -@@ -267,7 +267,7 @@ - if (0) - { - yyunput(0, NULL); -- yy_flex_realloc(0, NULL); -+ yy_flex_realloc(NULL, 0); - } - } - -Index: keynote-2.3/keynote-ver.y -=================================================================== ---- keynote-2.3.orig/keynote-ver.y 2007-06-04 13:22:41.306575728 +0200 -+++ keynote-2.3/keynote-ver.y 2007-06-04 13:22:41.390562960 +0200 -@@ -49,7 +49,7 @@ - return keynote_errno; - free($1); - } -- -+ ; - expr: VSTRING EQ STRING { int i = kn_add_action(sessid, $1, $3, 0); - - if (i != 0) -@@ -64,6 +64,7 @@ - free($1); - free($3); - } expr -+ ; - %% - void - kverror(char *s) -Index: keynote-2.3/keynote.y -=================================================================== ---- keynote-2.3.orig/keynote.y 2007-06-04 13:22:41.311574968 +0200 -+++ keynote-2.3/keynote.y 2007-06-04 13:22:41.391562808 +0200 -@@ -73,8 +73,7 @@ - %} - %% - --grammarswitch: LOCINI { keynote_exceptionflag = keynote_donteval = 0; } -- localinit -+grammarswitch: LOCINI { keynote_exceptionflag = keynote_donteval = 0; } localinit - | ACTSTR { keynote_exceptionflag = keynote_donteval = 0; } program - | KEYPRE { keynote_exceptionflag = keynote_donteval = 0; } - keypredicate -@@ -91,17 +90,17 @@ - STRING { keynote_lex_remove($3); - keynote_privkey = $3; - } -- -+ ; - keypredicate: /* Nothing */ { keynote_returnvalue = 0; - return 0; - } - | notemptykeypredicate { keynote_returnvalue = $1; - return 0; - } -- -+ ; - notemptykeypredicate: key { $$ = $1; } - | keyexp { $$ = $1; } -- -+ ; - keyexp: notemptykeypredicate AND { if (($1 == 0) && !keynote_justrecord) - keynote_donteval = 1; - } notemptykeypredicate -@@ -138,7 +137,7 @@ - else - $$ = 0; - } /* K-th */ -- -+ ; - keylist: key - { /* Don't do anything if we're just recording */ - if (!keynote_justrecord && !keynote_donteval) -@@ -155,7 +154,7 @@ - - keylistcount++; - } -- -+ ; - key: str { - if (keynote_donteval) - $$ = 0; -@@ -193,10 +192,10 @@ - } - } - } -- -+ ; - localinit: /* Nothing */ - | localconstants -- -+ ; - localconstants: VARIABLE EQQ STRING - { - int i; -@@ -265,12 +264,12 @@ - if (i != RESULT_TRUE) - return -1; - } localconstants -- -+ ; - program: prog { - keynote_returnvalue = $1; - return 0; - } -- -+ ; - prog: /* Nada */ { $$ = 0; } - | notemptyprog { - /* -@@ -285,7 +284,7 @@ - else - $$ = $4; - } -- -+ ; - notemptyprog: expr HINT afterhint - { - if (checkexception($1)) -@@ -300,7 +299,7 @@ - else - $$ = 0; - } -- -+ ; - afterhint: str { if (keynote_exceptionflag || keynote_donteval) - $$ = 0; - else -@@ -315,7 +314,7 @@ - } - } - | OPENBLOCK prog CLOSEBLOCK { $$ = $2; } -- -+ ; - - expr: OPENPAREN expr CLOSEPAREN { $$ = $2; } - | expr AND { if ($1 == 0) -@@ -334,19 +333,19 @@ - | stringexp { $$ = $1; } - | TRUE { $$ = 1; } - | FALSE { $$ = 0; } -- -+ ; - numexp: numex LT numex { $$ = $1 < $3; } - | numex GT numex { $$ = $1 > $3; } - | numex EQ numex { $$ = $1 == $3; } - | numex LE numex { $$ = $1 <= $3; } - | numex GE numex { $$ = $1 >= $3; } - | numex NE numex { $$ = $1 != $3; } -- -+ ; - floatexp: floatex LT floatex { $$ = $1 < $3; } - | floatex GT floatex { $$ = $1 > $3; } - | floatex LE floatex { $$ = $1 <= $3; } - | floatex GE floatex { $$ = $1 >= $3; } -- -+ ; - numex: numex PLUS numex { $$ = $1 + $3; } - | numex MINUS numex { $$ = $1 - $3; } - | numex MULT numex { $$ = $1 * $3; } -@@ -384,7 +383,7 @@ - free($2); - } - } -- -+ ; - floatex: floatex PLUS floatex { $$ = ($1 + $3); } - | floatex MINUS floatex { $$ = ($1 - $3); } - | floatex MULT floatex { $$ = ($1 * $3); } -@@ -418,7 +417,7 @@ - free($2); - } - } -- -+ ; - stringexp: str EQ str { - if (keynote_exceptionflag || keynote_donteval) - $$ = 0; -@@ -529,9 +528,9 @@ - if (i == 0) - { - #if !defined(HAVE_SNPRINTF) -- sprintf(grp, "%d", preg.re_nsub); -+ sprintf(grp, "%d", (int)preg.re_nsub); - #else /* !HAVE_SNPRINTF */ -- snprintf(grp, 3, "%d", preg.re_nsub); -+ snprintf(grp, 3, "%d", (int)preg.re_nsub); - #endif /* !HAVE_SNPRINTF */ - if (keynote_env_add("_0", grp, &keynote_temp_list, - 1, 0) != RESULT_TRUE) -@@ -579,7 +578,7 @@ - } - } - } -- -+ ; - str: str DOTT str { if (keynote_exceptionflag || keynote_donteval) - $$ = (char *) NULL; - else -@@ -605,7 +604,7 @@ - } - } - | strnotconcat { $$ = $1; } -- -+ ; - strnotconcat: STRING { $$ = $1; } - | OPENPAREN str CLOSEPAREN { $$ = $2; } - | VARIABLE { if (keynote_exceptionflag || keynote_donteval) -@@ -660,6 +659,7 @@ - return -1; - } - } -+ ; - %% - - /* -Index: keynote-2.3/Makefile.in -=================================================================== ---- keynote-2.3.orig/Makefile.in 2007-06-04 13:22:41.317574056 +0200 -+++ keynote-2.3/Makefile.in 2007-06-04 13:22:41.391562808 +0200 -@@ -41,7 +41,8 @@ - YACCFLAGS = -d -p kn -b k - LEXFLAGS2 = -Pkv -s -i - LEXFLAGS = -Cr -Pkn -s -i --CFLAGS = -O2 -Wall # -g -+CFLAGS = -O2 -Wall -fno-strict-aliasing # -g -+LDFLAGS = @LDFLAGS@ - RMFLAGS2 = -rf - RMFLAGS = -f - NROFFFLAGS = -mandoc -@@ -83,7 +84,7 @@ - $(RANLIB) $(TARGET) - - $(TARGET2): $(TARGET) $(OBJS2) -- $(CC) $(CFLAGS) -o $(TARGET2) $(OBJS2) $(LIBS) -+ $(CC) $(CFLAGS) -o $(TARGET2) $(OBJS2) $(LDFLAGS) $(LIBS) - - k.tab.c: keynote.y header.h keynote.h assertion.h config.h - $(YACC) $(YACCFLAGS) keynote.y -Index: keynote-2.3/signature.c -=================================================================== ---- keynote-2.3.orig/signature.c 2007-06-04 13:22:41.323573144 +0200 -+++ keynote-2.3/signature.c 2007-06-04 13:22:41.392562656 +0200 -@@ -515,7 +515,7 @@ - kk = dc->dec_key; - if (keytype == KEYNOTE_PRIVATE_KEY) - { -- if (d2i_DSAPrivateKey((DSA **) &kk, &decoded, len) == (DSA *) NULL) -+ if (d2i_DSAPrivateKey((DSA **) &kk, (const unsigned char **) &decoded, len) == (DSA *) NULL) - { - if (ptr != (unsigned char *) NULL) - free(ptr); -@@ -526,7 +526,7 @@ - } - else - { -- if (d2i_DSAPublicKey((DSA **) &kk, &decoded, len) == (DSA *) NULL) -+ if (d2i_DSAPublicKey((DSA **) &kk, (const unsigned char **) &decoded, len) == (DSA *) NULL) - { - if (ptr != (unsigned char *) NULL) - free(ptr); -@@ -556,7 +556,7 @@ - kk = dc->dec_key; - if (keytype == KEYNOTE_PRIVATE_KEY) - { -- if (d2i_RSAPrivateKey((RSA **) &kk, &decoded, len) == (RSA *) NULL) -+ if (d2i_RSAPrivateKey((RSA **) &kk, (const unsigned char **) &decoded, len) == (RSA *) NULL) - { - if (ptr != (unsigned char *) NULL) - free(ptr); -@@ -567,7 +567,7 @@ - } - else - { -- if (d2i_RSAPublicKey((RSA **) &kk, &decoded, len) == (RSA *) NULL) -+ if (d2i_RSAPublicKey((RSA **) &kk, (const unsigned char **) &decoded, len) == (RSA *) NULL) - { - if (ptr != (unsigned char *) NULL) - free(ptr); diff --git a/package/keynote/patches/002-cross_compile.patch b/package/keynote/patches/002-cross_compile.patch deleted file mode 100644 index 050efbd75b..0000000000 --- a/package/keynote/patches/002-cross_compile.patch +++ /dev/null @@ -1,588 +0,0 @@ -Index: keynote-2.3/configure -=================================================================== ---- keynote-2.3.orig/configure 2007-06-04 13:22:41.259582872 +0200 -+++ keynote-2.3/configure 2007-06-04 13:22:41.658522224 +0200 -@@ -889,52 +889,10 @@ - done - test -n "$YACC" || YACC="yacc" - --for ac_prog in openssl ssleay --do --# Extract the first word of "$ac_prog", so it can be a program name with args. --set dummy $ac_prog; ac_word=$2 --echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:898: checking for $ac_word" >&5 --if eval "test \"`echo '$''{'ac_cv_path_SSLEAY'+set}'`\" = set"; then -- echo $ac_n "(cached) $ac_c" 1>&6 --else -- case "$SSLEAY" in -- /*) -- ac_cv_path_SSLEAY="$SSLEAY" # Let the user override the test with a path. -- ;; -- ?:/*) -- ac_cv_path_SSLEAY="$SSLEAY" # Let the user override the test with a dos path. -- ;; -- *) -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -- ac_dummy="\ -- $PATH:/usr/local/bin:/usr/local/ssl/sbin:/usr/local/ssl/bin:/usr/ssl/bin:/usr/ssl/sbin:/usr/sbin:/usr/openssl/bin:/usr/openssl/bin:/usr/local/openssl/bin:/usr/local/openssl/sbin" -- for ac_dir in $ac_dummy; do -- test -z "$ac_dir" && ac_dir=. -- if test -f $ac_dir/$ac_word; then -- ac_cv_path_SSLEAY="$ac_dir/$ac_word" -- break -- fi -- done -- IFS="$ac_save_ifs" -- ;; --esac --fi --SSLEAY="$ac_cv_path_SSLEAY" --if test -n "$SSLEAY"; then -- echo "$ac_t""$SSLEAY" 1>&6 --else -- echo "$ac_t""no" 1>&6 --fi -- --test -n "$SSLEAY" && break --done --test -n "$SSLEAY" || SSLEAY="/usr/local/bin/ssleay" -- - # Extract the first word of "rm", so it can be a program name with args. - set dummy rm; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:938: checking for $ac_word" >&5 -+echo "configure:896: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_path_RM'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -970,7 +928,7 @@ - # Extract the first word of "ar", so it can be a program name with args. - set dummy ar; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:974: checking for $ac_word" >&5 -+echo "configure:932: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_path_AR'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -1006,7 +964,7 @@ - # Extract the first word of "nroff", so it can be a program name with args. - set dummy nroff; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:1010: checking for $ac_word" >&5 -+echo "configure:968: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_path_NROFF'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -1042,7 +1000,7 @@ - # Extract the first word of "tar", so it can be a program name with args. - set dummy tar; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:1046: checking for $ac_word" >&5 -+echo "configure:1004: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_path_TAR'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -1078,7 +1036,7 @@ - # Extract the first word of "true", so it can be a program name with args. - set dummy true; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:1082: checking for $ac_word" >&5 -+echo "configure:1040: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_path_TRUE'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -1114,7 +1072,7 @@ - # Extract the first word of "mkdir", so it can be a program name with args. - set dummy mkdir; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:1118: checking for $ac_word" >&5 -+echo "configure:1076: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_path_MKDIR'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -1150,7 +1108,7 @@ - # Extract the first word of "tr", so it can be a program name with args. - set dummy tr; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:1154: checking for $ac_word" >&5 -+echo "configure:1112: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_path_TR'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -1186,7 +1144,7 @@ - # Extract the first word of "echo", so it can be a program name with args. - set dummy echo; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:1190: checking for $ac_word" >&5 -+echo "configure:1148: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_path_ECHO'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -1222,7 +1180,7 @@ - # Extract the first word of "sed", so it can be a program name with args. - set dummy sed; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:1226: checking for $ac_word" >&5 -+echo "configure:1184: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_path_SED'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -1256,11 +1214,8 @@ - fi - - --LIBS="-L/usr/lib -L/usr/local/lib -L/usr/ssl/lib -L/usr/openssl/lib\ -- -L/usr/local/ssl/lib -L/usr/local/openssl/lib -L/usr/pkg/lib -L/pkg/lib" -- - echo $ac_n "checking for floor in -lm""... $ac_c" 1>&6 --echo "configure:1264: checking for floor in -lm" >&5 -+echo "configure:1219: checking for floor in -lm" >&5 - ac_lib_var=`echo m'_'floor | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1268,7 +1223,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lm $LIBS" - cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then -+if { (eval echo configure:1238: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1300,7 +1255,7 @@ - fi - - echo $ac_n "checking for RSAPrivateDecrypt in -lrsaref""... $ac_c" 1>&6 --echo "configure:1304: checking for RSAPrivateDecrypt in -lrsaref" >&5 -+echo "configure:1259: checking for RSAPrivateDecrypt in -lrsaref" >&5 - ac_lib_var=`echo rsaref'_'RSAPrivateDecrypt | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1308,7 +1263,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lrsaref $LIBS" - cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then -+if { (eval echo configure:1278: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1340,7 +1295,7 @@ - fi - - echo $ac_n "checking for i2a_ASN1_STRING in -lcrypto""... $ac_c" 1>&6 --echo "configure:1344: checking for i2a_ASN1_STRING in -lcrypto" >&5 -+echo "configure:1299: checking for i2a_ASN1_STRING in -lcrypto" >&5 - ac_lib_var=`echo crypto'_'i2a_ASN1_STRING | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1348,7 +1303,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lcrypto $LIBS" - cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then -+if { (eval echo configure:1318: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1380,7 +1335,7 @@ - fi - - echo $ac_n "checking for RSA_ref_private_encrypt in -lRSAglue""... $ac_c" 1>&6 --echo "configure:1384: checking for RSA_ref_private_encrypt in -lRSAglue" >&5 -+echo "configure:1339: checking for RSA_ref_private_encrypt in -lRSAglue" >&5 - ac_lib_var=`echo RSAglue'_'RSA_ref_private_encrypt | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1388,7 +1343,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lRSAglue $LIBS" - cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then -+if { (eval echo configure:1358: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1420,12 +1375,9 @@ - fi - - --CPPFLAGS="-I/usr/include -I/usr/local/include -I/usr/ssl/include\ -- -I/usr/local/ssl/include -I/usr/openssl/include -I/usr/pkg/include\ -- -I/usr/local/openssl/include -I/pkg/include" - - echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 --echo "configure:1429: checking how to run the C preprocessor" >&5 -+echo "configure:1381: checking how to run the C preprocessor" >&5 - # On Suns, sometimes $CPP names a directory. - if test -n "$CPP" && test -d "$CPP"; then - CPP= -@@ -1440,13 +1392,13 @@ - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. - cat > conftest.$ac_ext < - Syntax Error - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:1450: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+{ (eval echo configure:1402: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } - ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - : -@@ -1457,13 +1409,13 @@ - rm -rf conftest* - CPP="${CC-cc} -E -traditional-cpp" - cat > conftest.$ac_ext < - Syntax Error - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:1467: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+{ (eval echo configure:1419: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } - ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - : -@@ -1474,13 +1426,13 @@ - rm -rf conftest* - CPP="${CC-cc} -nologo -E" - cat > conftest.$ac_ext < - Syntax Error - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:1484: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+{ (eval echo configure:1436: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } - ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - : -@@ -1505,12 +1457,12 @@ - echo "$ac_t""$CPP" 1>&6 - - echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 --echo "configure:1509: checking for ANSI C header files" >&5 -+echo "configure:1461: checking for ANSI C header files" >&5 - if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext < - #include -@@ -1518,7 +1470,7 @@ - #include - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:1522: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+{ (eval echo configure:1474: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } - ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* -@@ -1535,7 +1487,7 @@ - if test $ac_cv_header_stdc = yes; then - # SunOS 4.x string.h does not declare mem*, contrary to ANSI. - cat > conftest.$ac_ext < - EOF -@@ -1553,7 +1505,7 @@ - if test $ac_cv_header_stdc = yes; then - # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. - cat > conftest.$ac_ext < - EOF -@@ -1574,7 +1526,7 @@ - : - else - cat > conftest.$ac_ext < - #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -@@ -1585,7 +1537,7 @@ - exit (0); } - - EOF --if { (eval echo configure:1589: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null -+if { (eval echo configure:1541: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null - then - : - else -@@ -1609,12 +1561,12 @@ - fi - - echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6 --echo "configure:1613: checking whether time.h and sys/time.h may both be included" >&5 -+echo "configure:1565: checking whether time.h and sys/time.h may both be included" >&5 - if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext < - #include -@@ -1623,7 +1575,7 @@ - struct tm *tp; - ; return 0; } - EOF --if { (eval echo configure:1627: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:1579: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_header_time=yes - else -@@ -1647,17 +1599,17 @@ - do - ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 --echo "configure:1651: checking for $ac_hdr" >&5 -+echo "configure:1603: checking for $ac_hdr" >&5 - if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext < - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:1661: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+{ (eval echo configure:1613: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } - ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* -@@ -1687,17 +1639,17 @@ - do - ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 --echo "configure:1691: checking for $ac_hdr" >&5 -+echo "configure:1643: checking for $ac_hdr" >&5 - if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext < - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:1701: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+{ (eval echo configure:1653: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } - ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* -@@ -1726,12 +1678,12 @@ - - - echo $ac_n "checking for working const""... $ac_c" 1>&6 --echo "configure:1730: checking for working const" >&5 -+echo "configure:1682: checking for working const" >&5 - if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:1736: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_c_const=yes - else -@@ -1801,12 +1753,12 @@ - fi - - echo $ac_n "checking for u_int""... $ac_c" 1>&6 --echo "configure:1805: checking for u_int" >&5 -+echo "configure:1757: checking for u_int" >&5 - if eval "test \"`echo '$''{'ac_cv_type_u_int'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext < - #if STDC_HEADERS -@@ -1834,12 +1786,12 @@ - fi - - echo $ac_n "checking for u_char""... $ac_c" 1>&6 --echo "configure:1838: checking for u_char" >&5 -+echo "configure:1790: checking for u_char" >&5 - if eval "test \"`echo '$''{'ac_cv_type_u_char'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext < - #if STDC_HEADERS -@@ -1870,12 +1822,12 @@ - for ac_func in regcomp open close read _open _close _read strchr memcpy - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:1874: checking for $ac_func" >&5 -+echo "configure:1826: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then -+if { (eval echo configure:1854: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -1925,12 +1877,12 @@ - for ac_func in strcasecmp strncasecmp stricmp strnicmp snprintf __b64_ntop - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:1929: checking for $ac_func" >&5 -+echo "configure:1881: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then -+if { (eval echo configure:1909: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -1980,12 +1932,12 @@ - for ac_func in getopt - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:1984: checking for $ac_func" >&5 -+echo "configure:1936: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then -+if { (eval echo configure:1964: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -2172,7 +2124,6 @@ - s%@CC@%$CC%g - s%@RANLIB@%$RANLIB%g - s%@YACC@%$YACC%g --s%@SSLEAY@%$SSLEAY%g - s%@RM@%$RM%g - s%@AR@%$AR%g - s%@NROFF@%$NROFF%g -Index: keynote-2.3/configure.in -=================================================================== ---- keynote-2.3.orig/configure.in 2007-06-04 13:22:41.389563112 +0200 -+++ keynote-2.3/configure.in 2007-06-04 13:22:41.658522224 +0200 -@@ -9,8 +9,8 @@ - AC_PROG_CC - AC_PROG_RANLIB - AC_PROG_YACC --AC_PATH_PROGS(SSLEAY, openssl ssleay, /usr/local/bin/ssleay, \ -- $PATH:/usr/local/bin:/usr/local/ssl/sbin:/usr/local/ssl/bin:/usr/ssl/bin:/usr/ssl/sbin:/usr/sbin:/usr/openssl/bin:/usr/openssl/bin:/usr/local/openssl/bin:/usr/local/openssl/sbin) -+dnl AC_PATH_PROGS(SSLEAY, openssl ssleay, /usr/local/bin/ssleay, \ -+dnl $PATH:/usr/local/bin:/usr/local/ssl/sbin:/usr/local/ssl/bin:/usr/ssl/bin:/usr/ssl/sbin:/usr/sbin:/usr/openssl/bin:/usr/openssl/bin:/usr/local/openssl/bin:/usr/local/openssl/sbin) - AC_PATH_PROG(RM, rm, /bin/rm) - AC_PATH_PROG(AR, ar, /usr/bin/ar) - AC_PATH_PROG(NROFF, nroff, /usr/bin/nroff) -@@ -27,7 +27,7 @@ - AC_CHECK_LIB(RSAglue, RSA_ref_private_encrypt, LIBS="$LIBS -lRSAglue") - - dnl Checks for header files. --CPPFLAGS="-I/usr/include/openssl" -+dnl CPPFLAGS="-I/usr/include/openssl" - - AC_HEADER_STDC - AC_HEADER_TIME diff --git a/package/openswan/Makefile b/package/openswan/Makefile deleted file mode 100644 index 6b6821dcfc..0000000000 --- a/package/openswan/Makefile +++ /dev/null @@ -1,96 +0,0 @@ -# -# Copyright (C) 2006-2008 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# -# $Id$ - -include $(TOPDIR)/rules.mk -include $(INCLUDE_DIR)/kernel.mk - -PKG_NAME:=openswan -PKG_VERSION:=2.4.10 -PKG_RELEASE:=1 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=http://www.openswan.org/download -PKG_MD5SUM:=2b36785342c74d524d8d86bde89a445f - -include $(INCLUDE_DIR)/package.mk - -define Package/openswan/Default - TITLE:=Openswan - URL:=http://www.openswan.org/ - DEPENDS:=@BROKEN -endef - -define Package/openswan/Default/description - Openswan is an IPsec implementation for Linux. -endef - -define Package/openswan -$(call Package/openswan/Default) - SECTION:=net - CATEGORY:=Network - DEPENDS+= +kmod-openswan +libgmp +ip - TITLE+= (daemon) - URL:=http://www.openswan.org/ -endef - -define Package/openswan/description -$(call Package/openswan/Default/description) - This package contains the Openswan user-land daemon. -endef - -define KernelPackage/openswan -$(call Package/openswan/Default) - SUBMENU:=Network Support - TITLE+= (kernel module) - FILES:=$(PKG_BUILD_DIR)/modobj*/ipsec.$(LINUX_KMOD_SUFFIX) -endef - -define KernelPackage/openswan/description -$(call Package/openswan/Default/description) - This package contains the Openswan kernel module. -endef - -TARGET_CPPFLAGS = \ - -I$(STAGING_DIR)/usr/include \ - -I$(LINUX_DIR)/include - -TARGET_LDFLAGS = \ - -L$(STAGING_DIR)/usr/lib - -OPENSWAN_MAKE := $(MAKE) -C $(PKG_BUILD_DIR) \ - $(TARGET_CONFIGURE_OPTS) \ - LINUX_RELEASE="$(LINUX_RELEASE)" \ - KERNELSRC="$(LINUX_DIR)" \ - ARCH="$(LINUX_KARCH)" \ - CROSS_COMPILE="$(TARGET_CROSS)" \ - USERCOMPILE="$(TARGET_CFLAGS) -I$(PKG_BUILD_DIR)/linux/include $(TARGET_CPPFLAGS) $(TARGET_LDFLAGS)" \ - IPSECDIR="/usr/lib/ipsec" \ - INC_USRLOCAL="/usr" \ - INC_RCDEFAULT="/etc/init.d" \ - MODPROBE="/sbin/insmod" \ - LDFLAGS="$(TARGET_LDFLAGS)" \ - DESTDIR="$(PKG_INSTALL_DIR)" - -define Build/Compile - $(OPENSWAN_MAKE) \ - programs module install -endef - -define Package/openswan/install - $(CP) $(PKG_INSTALL_DIR)/* $(1) - $(INSTALL_DIR) $(1)/etc/init.d - $(CP) ./files/ipsec.init $(1)/etc/init.d/ipsec - rm -rf $(1)/usr/share - rm -rf $(1)/usr/man - rm -rf $(1)/var - rm -rf $(1)/etc/rc.d - find $(1) -name \*.old | xargs rm -rf -endef - -$(eval $(call BuildPackage,openswan)) -$(eval $(call KernelPackage,openswan)) diff --git a/package/openswan/files/ipsec.init b/package/openswan/files/ipsec.init deleted file mode 100755 index 33c416351d..0000000000 --- a/package/openswan/files/ipsec.init +++ /dev/null @@ -1,158 +0,0 @@ -#!/bin/sh /etc/rc.common -# IPsec startup and shutdown script -# Copyright (C) 1998, 1999, 2001 Henry Spencer. -# Copyright (C) 2002 Michael Richardson -# Copyright (C) 2006 OpenWrt.org -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: setup.in,v 1.122.6.1 2005/07/25 19:17:03 ken Exp $ -# -# ipsec init.d script for starting and stopping -# the IPsec security subsystem (KLIPS and Pluto). -# -# This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec) -# and is also accessible as "ipsec setup" (the preferred route for human -# invocation). -# -# The startup and shutdown times are a difficult compromise (in particular, -# it is almost impossible to reconcile them with the insanely early/late -# times of NFS filesystem startup/shutdown). Startup is after startup of -# syslog and pcmcia support; shutdown is just before shutdown of syslog. -# -# chkconfig: 2345 47 76 -# description: IPsec provides encrypted and authenticated communications; \ -# KLIPS is the kernel half of it, Pluto is the user-level management daemon. - -START=60 -script_init() { - me='ipsec setup' # for messages - - # where the private directory and the config files are - IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/libexec/ipsec}" - IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/lib/ipsec}" - IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}" - IPSEC_CONFS="${IPSEC_CONFS-/etc}" - - if test " $IPSEC_DIR" = " " # if we were not called by the ipsec command - then - # we must establish a suitable PATH ourselves - PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin - export PATH - - IPSEC_DIR="$IPSEC_LIBDIR" - export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR - fi - - # Check that the ipsec command is available. - found= - for dir in `echo $PATH | tr ':' ' '` - do - if test -f $dir/ipsec -a -x $dir/ipsec - then - found=yes - break # NOTE BREAK OUT - fi - done - if ! test "$found" - then - echo "cannot find ipsec command -- \`$1' aborted" | - logger -s -p daemon.error -t ipsec_setup - exit 1 - fi - - # Pick up IPsec configuration (until we have done this, successfully, we - # do not know where errors should go, hence the explicit "daemon.error"s.) - # Note the "--export", which exports the variables created. - eval `ipsec _confread $config --optional --varprefix IPSEC --export --type config setup` - - if test " $IPSEC_confreadstatus" != " " - then - case $1 in - stop|--stop|_autostop) - echo "$IPSEC_confreadstatus -- \`$1' may not work" | - logger -s -p daemon.error -t ipsec_setup;; - - *) echo "$IPSEC_confreadstatus -- \`$1' aborted" | - logger -s -p daemon.error -t ipsec_setup; - exit 1;; - esac - fi - - IPSEC_confreadsection=${IPSEC_confreadsection:-setup} - export IPSEC_confreadsection - - IPSECsyslog=${IPSECsyslog-daemon.error} - export IPSECsyslog - - # misc setup - umask 022 - - mkdir -p /var/run/pluto -} - -script_command() { - if [ "${USER}" != "root" ] - then - echo "permission denied (must be superuser)" | - logger -s -p $IPSECsyslog -t ipsec_setup 2>&1 - exit 1 - fi - # make sure all required directories exist - if [ ! -d /var/run/pluto ] - then - mkdir -p /var/run/pluto - fi - if [ ! -d /var/lock/subsys ] - then - mkdir -p /var/lock/subsys - fi - tmp=/var/run/pluto/ipsec_setup.st - outtmp=/var/run/pluto/ipsec_setup.out - ( - ipsec _realsetup $1 - echo "$?" >$tmp - ) > ${outtmp} 2>&1 - st=$? - if test -f $tmp - then - st=`cat $tmp` - rm -f $tmp - fi - if [ -f ${outtmp} ]; then - cat ${outtmp} | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1 - rm -f ${outtmp} - fi -} - - -start() { - script_init start "$@" - script_command start "$@" -} - -stop() { - script_init stop "$@" - script_command stop "$@" -} - -restart() { - script_init stop "$@" - script_command stop "$@" - script_command start "$@" -} - -status() { - script_init status "$@" - ipsec _realsetup status -} -EXTRA_COMMANDS=status -EXTRA_HELP=" status Show the status of the service" diff --git a/package/openswan/patches/110-scripts.patch b/package/openswan/patches/110-scripts.patch deleted file mode 100644 index d605ceaba4..0000000000 --- a/package/openswan/patches/110-scripts.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff -urN openswan.old/programs/loggerfix openswan.dev/programs/loggerfix ---- openswan.old/programs/loggerfix 1970-01-01 01:00:00.000000000 +0100 -+++ openswan.dev/programs/loggerfix 2006-10-08 20:41:08.000000000 +0200 -@@ -0,0 +1,5 @@ -+#!/bin/sh -+# use filename instead of /dev/null to log, but dont log to flash or ram -+# pref. log to nfs mount -+echo "$*" >> /dev/null -+exit 0 -diff -urN openswan.old/programs/_plutorun/_plutorun.in openswan.dev/programs/_plutorun/_plutorun.in ---- openswan.old/programs/_plutorun/_plutorun.in 2006-10-08 20:43:21.000000000 +0200 -+++ openswan.dev/programs/_plutorun/_plutorun.in 2006-10-08 20:41:08.000000000 +0200 -@@ -147,7 +147,7 @@ - exit 1 - fi - else -- if test ! -w "`dirname $stderrlog`" -+ if test ! -w "`echo $stderrlog | sed -r 's/(^.*\/)(.*$)/\1/'`" - then - echo Cannot write to directory to create \"$stderrlog\". - exit 1 -diff -urN openswan.old/programs/_realsetup/_realsetup.in openswan.dev/programs/_realsetup/_realsetup.in ---- openswan.old/programs/_realsetup/_realsetup.in 2006-10-08 20:43:21.000000000 +0200 -+++ openswan.dev/programs/_realsetup/_realsetup.in 2006-10-08 20:41:08.000000000 +0200 -@@ -232,7 +232,7 @@ - - # misc pre-Pluto setup - -- perform test -d `dirname $subsyslock` "&&" touch $subsyslock -+ perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock - - if test " $IPSECforwardcontrol" = " yes" - then diff --git a/package/openswan/patches/120-use_dev_urandom.patch b/package/openswan/patches/120-use_dev_urandom.patch deleted file mode 100644 index 6bbcbf1647..0000000000 --- a/package/openswan/patches/120-use_dev_urandom.patch +++ /dev/null @@ -1,39 +0,0 @@ -Index: openswan-2.4.8/programs/ranbits/ranbits.c -=================================================================== ---- openswan-2.4.8.orig/programs/ranbits/ranbits.c 2007-06-04 13:22:49.835279168 +0200 -+++ openswan-2.4.8/programs/ranbits/ranbits.c 2007-06-04 13:22:51.648003592 +0200 -@@ -29,7 +29,7 @@ - #include - - #ifndef DEVICE --#define DEVICE "/dev/random" -+#define DEVICE "/dev/urandom" - #endif - #ifndef QDEVICE - #define QDEVICE "/dev/urandom" -Index: openswan-2.4.8/programs/rsasigkey/rsasigkey.c -=================================================================== ---- openswan-2.4.8.orig/programs/rsasigkey/rsasigkey.c 2007-06-04 13:22:49.842278104 +0200 -+++ openswan-2.4.8/programs/rsasigkey/rsasigkey.c 2007-06-04 13:22:51.649003440 +0200 -@@ -31,7 +31,7 @@ - #include - - #ifndef DEVICE --#define DEVICE "/dev/random" -+#define DEVICE "/dev/urandom" - #endif - #ifndef MAXBITS - #define MAXBITS 20000 -Index: openswan-2.4.8/programs/starter/files.h -=================================================================== ---- openswan-2.4.8.orig/programs/starter/files.h 2007-06-04 13:22:49.850276888 +0200 -+++ openswan-2.4.8/programs/starter/files.h 2007-06-04 13:22:51.649003440 +0200 -@@ -36,7 +36,7 @@ - - #define MY_PID_FILE "/var/run/pluto/ipsec-starter.pid" - --#define DEV_RANDOM "/dev/random" -+#define DEV_RANDOM "/dev/urandom" - #define DEV_URANDOM "/dev/urandom" - - #define PROC_IPSECVERSION "/proc/net/ipsec_version" diff --git a/package/shfs/Makefile b/package/shfs/Makefile deleted file mode 100644 index fd507217aa..0000000000 --- a/package/shfs/Makefile +++ /dev/null @@ -1,89 +0,0 @@ -# -# Copyright (C) 2006 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# -# $Id$ - -include $(TOPDIR)/rules.mk -include $(INCLUDE_DIR)/kernel.mk - -PKG_NAME:=shfs -PKG_VERSION:=0.35 -PKG_RELEASE:=2 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=@SF/shfs -PKG_MD5SUM:=016f49d71bc32eee2b5d11fc1600cfbe - -include $(INCLUDE_DIR)/package.mk - -define Package/shfs/Default - TITLE:=ShFS - URL:=http://shfs.sourceforge.net/ -endef - -define Package/shfs/Default/description - ShFS is a simple and easy to use Linux kernel module which allows you to - mount remote filesystems using a plain shell (SSH) connection. When using - ShFS, you can access all remote files just like the local ones, only the - access is governed through the transport security of SSH. -endef - -define KernelPackage/shfs -$(call Package/shfs/Default) - TITLE+= (kernel module) - DEPENDS:=@LINUX_2_4 - FILES:=$(PKG_INSTALL_DIR)/lib/modules/$(LINUX_VERSION)/kernel/fs/shfs/shfs.$(LINUX_KMOD_SUFFIX) - SUBMENU:=Filesystems - AUTOLOAD:=$(call AutoLoad,40,shfs) -endef - -define KernelPackage/shfs/description -$(call Package/shfs/Default/description) - This package contains the ShFS kernel module. -endef - -define Package/shfs-utils -$(call Package/shfs/Default) - SECTION:=utils - CATEGORY:=Utilities - DEPENDS+=+kmod-shfs - TITLE+= (utilities) -endef - -define Package/shfs-utils/description -$(call Package/shfs/Default/description) - This package contains the ShFS utilities. -endef - -define Build/Compile - $(MAKE) -C $(PKG_BUILD_DIR) \ - ARCH="$(LINUX_KARCH)" \ - CROSS_COMPILE="$(TARGET_CROSS)" \ - OFLAGS="$(TARGET_CFLAGS)" \ - CC="$(TARGET_CC)" \ - LINKER="$(TARGET_CC)" \ - KERNEL="$(LINUX_VERSION)" \ - KERNEL_SOURCES="$(LINUX_DIR)" \ - ROOT="$(PKG_INSTALL_DIR)" \ - module module-install - $(MAKE) -C $(PKG_BUILD_DIR) \ - OFLAGS="$(TARGET_CFLAGS)" \ - CC="$(TARGET_CC)" \ - LINKER="$(TARGET_CC)" \ - KERNEL_SOURCES="$(LINUX_DIR)" \ - ROOT="$(PKG_INSTALL_DIR)" \ - utils utils-install -endef - -define Package/shfs-utils/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/shfs{,u}mount $(1)/usr/bin/ - $(INSTALL_DIR) $(1)/sbin - ln -sf /usr/bin/shfsmount $(1)/sbin/mount.shfs -endef - -$(eval $(call KernelPackage,shfs)) -$(eval $(call BuildPackage,shfs-utils)) diff --git a/package/shfs/patches/100-kmod_build.patch b/package/shfs/patches/100-kmod_build.patch deleted file mode 100644 index 16f198c4f6..0000000000 --- a/package/shfs/patches/100-kmod_build.patch +++ /dev/null @@ -1,100 +0,0 @@ -Index: shfs-0.35/shfs/Linux-2.4/Makefile -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.4/Makefile 2007-06-04 13:22:58.143016200 +0200 -+++ shfs-0.35/shfs/Linux-2.4/Makefile 2007-06-04 13:22:58.209006168 +0200 -@@ -1,3 +1,13 @@ -+# -+# the original Makefile was trashed and replaced by this one -+# The main reason is that loadable modules should be built with -+# the same compile flags the kernel was built with, so we'd better -+# let the kernel tree build the module for us, like that : -+# -+# make -C $(KERNEL_DIR) SUBDIRS="$(shell pwd)" modules -+# make -C $(KERNEL_DIR) SUBDIRS="$(shell pwd)" modules_install -+# -+ - ifndef KERNEL - KERNEL=$(shell uname -r) - endif -@@ -10,67 +20,29 @@ - KERNEL_SOURCES=${MODULESDIR}/build - endif - --ifeq (${MODVERSIONS},detect) -- ifeq ($(shell test -e ${KERNEL_SOURCES}/include/linux/modversions.h; echo $$?),0) -- MODVERSIONS=yes -- endif --endif -- --ifeq (${MODVERSIONS},yes) --MVER=-DMODVERSIONS -DEXPORT_SYMTAB --endif -- --LINVER=linux-${KERNEL} -- --ALL_TARGETS := shfs.o -- --SEARCHDIRS := -I- -I. -I${KERNEL_SOURCES}/include #-I/usr/src/linux/include/ -+all: all-y - --CC := gcc --CFLAGS = -O2 -fomit-frame-pointer -fno-strict-aliasing -pipe -Wall ${SEARCHDIRS} -DMODULE ${MVER} -D__KERNEL__ -DLINUX --LINKER := ld --LDFLAGS = -r --LOADLIBES := -+O_TARGET := shfs.o - --all: ${ALL_TARGETS} -+shfs-objs := dcache.o dir.o fcache.o file.o inode.o ioctl.o proc.o shell.o symlink.o - --%.o: %.c $(wildcard *.h) -- ${CC} ${CFLAGS} -c $< -o $@ -+obj-y := $(shfs-objs) -+obj-m := $(O_TARGET) - --shfs.o: dcache.o dir.o fcache.o file.o inode.o ioctl.o proc.o shell.o symlink.o -- ${LINKER} ${LDFLAGS} -o $@ ${filter-out %.a %.so, $^} ${LOADLIBES} -- --tidy: -- ${RM} core dcache.o dir.o fcache.o file.o inode.o ioctl.o proc.o shell.o symlink.o -- --clean: tidy patch-clean -- ${RM} shfs.o -+-include $(TOPDIR)/Rules.make - -+all-y: -+ make -C ${KERNEL_SOURCES} TOPDIR="${KERNEL_SOURCES}" SUBDIRS="$(shell pwd)" modules -+ - install: shfs.o - rm -f ${MODULESDIR}/kernel/fs/shfs/shfs.o - install -m644 -b -D shfs.o ${MODULESDIR}/kernel/fs/shfs/shfs.o -- if [ -x /sbin/depmod -a "${ROOT}" = "/" ]; then /sbin/depmod -aq; fi - - uninstall: - rm -rf ${MODULESDIR}/kernel/fs/shfs -- if [ -x /sbin/depmod -a "${ROOT}" = "/" ]; then /sbin/depmod -aq; fi - --patch: -- rm -rf ${LINVER} ${LINVER}.orig; mkdir ${LINVER}; -- for i in Documentation fs/shfs include/linux; do \ -- mkdir -p ${LINVER}/$$i; \ -- done -- cp ${KERNEL_SOURCES}/Documentation/Configure.help ${LINVER}/Documentation -- cp ${KERNEL_SOURCES}/fs/{Makefile,Config.in} ${LINVER}/fs -- cp -r ${LINVER} ${LINVER}.orig -- cp ../../Changelog *.c shfs_debug.h proc.h ${LINVER}/fs/shfs/ -- cp shfs.h shfs_fs* ${LINVER}/include/linux/ -- (cd ${LINVER}; patch -p1 <../kernel-config.diff) -- find . -type f -name "*.orig" -print | xargs rm -f -- diff -urN ${LINVER}.orig ${LINVER} >${LINVER}.diff; true -- --patch-clean: -- rm -rf ${LINVER} ${LINVER}.orig; -- rm -f ${LINVER}.diff -- --.PHONY : all tidy clean install uninstall patch patch-clean -+clean: -+ rm -f core *.o *.a *.s -+ -+shfs.o: $(shfs-objs) -+ diff --git a/package/shfs/patches/101-shfs_0.35_2.6.18_dentry.patch b/package/shfs/patches/101-shfs_0.35_2.6.18_dentry.patch deleted file mode 100644 index e7754b037d..0000000000 --- a/package/shfs/patches/101-shfs_0.35_2.6.18_dentry.patch +++ /dev/null @@ -1,166 +0,0 @@ -Index: shfs-0.35/shfs/Linux-2.6/inode.c -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.091024104 +0200 -+++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.397977440 +0200 -@@ -337,12 +337,21 @@ - return -EINVAL; - } - -+#ifdef NEW_VFS_DENTRY_API -+static int -+shfs_get_sb(struct file_system_type *fs_type, -+ int flags, const char *dev_name, void *data, struct vfsmount *mnt) -+{ -+ return get_sb_nodev(fs_type, flags, data, shfs_read_super, mnt); -+} -+#else - static struct super_block * - shfs_get_sb(struct file_system_type *fs_type, - int flags, const char *dev_name, void *data) - { - return get_sb_nodev(fs_type, flags, data, shfs_read_super); - } -+#endif - - static struct file_system_type sh_fs_type = { - .owner = THIS_MODULE, -Index: shfs-0.35/shfs/Linux-2.6/file.c -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.6/file.c 2007-06-04 13:22:58.096023344 +0200 -+++ shfs-0.35/shfs/Linux-2.6/file.c 2007-06-04 13:22:58.397977440 +0200 -@@ -199,7 +199,7 @@ - } - - static int --shfs_file_flush(struct file *f) -+do_file_flush(struct file *f) - { - struct dentry *dentry = f->f_dentry; - struct shfs_sb_info *info = info_from_dentry(dentry); -@@ -222,6 +222,16 @@ - } - - static int -+#ifdef FLUSH_HAS_LOCK_OWNER -+shfs_file_flush(struct file *f, fl_owner_t id) -+#else -+shfs_file_flush(struct file *f) -+#endif -+{ -+ return do_file_flush(f); -+} -+ -+static int - shfs_file_release(struct inode *inode, struct file *f) - { - struct dentry *dentry = f->f_dentry; -@@ -311,7 +321,7 @@ - DEBUG("\n"); - written = generic_file_write(f, buf, count, offset); - if (written > 0) { -- result = shfs_file_flush(f); -+ result = do_file_flush(f); - written = result < 0 ? result: written; - } - -Index: shfs-0.35/shfs/Linux-2.6/proc.c -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.6/proc.c 2007-06-04 13:22:58.102022432 +0200 -+++ shfs-0.35/shfs/Linux-2.6/proc.c 2007-06-04 13:22:58.398977288 +0200 -@@ -570,6 +570,16 @@ - return result; - } - -+#ifdef NEW_VFS_DENTRY_API -+int -+shfs_statfs(struct dentry *dentry, struct kstatfs *attr) -+{ -+ struct shfs_sb_info *info = info_from_sb(dentry->d_sb); -+ -+ DEBUG("\n"); -+ return info->fops.statfs(info, attr); -+} -+#else - int - shfs_statfs(struct super_block *sb, struct kstatfs *attr) - { -@@ -578,4 +588,5 @@ - DEBUG("\n"); - return info->fops.statfs(info, attr); - } -+#endif - -Index: shfs-0.35/shfs/Linux-2.6/shfs_fs.h -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.107021672 +0200 -+++ shfs-0.35/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.398977288 +0200 -@@ -9,6 +9,12 @@ - - #include - #include -+#include -+ -+#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,17) -+#define NEW_VFS_DENTRY_API -+#define FLUSH_HAS_LOCK_OWNER -+#endif - - #define SHFS_MAX_AGE(info) (((info)->ttl * HZ) / 1000) - #define SOCKBUF_SIZE (SHFS_PATH_MAX * 10) -@@ -101,7 +107,12 @@ - void set_garbage(struct shfs_sb_info *info, int write, int count); - int get_name(struct dentry *d, char *name); - int shfs_notify_change(struct dentry *dentry, struct iattr *attr); -+ -+#ifdef NEW_VFS_DENTRY_API -+int shfs_statfs(struct dentry *dentry, struct kstatfs *attr); -+#else - int shfs_statfs(struct super_block *sb, struct kstatfs *attr); -+#endif - - /* shfs/inode.c */ - void shfs_set_inode_attr(struct inode *inode, struct shfs_fattr *fattr); -Index: shfs-0.35/shfs/Linux-2.6/symlink.c -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.6/symlink.c 2007-06-04 13:22:58.113020760 +0200 -+++ shfs-0.35/shfs/Linux-2.6/symlink.c 2007-06-04 13:22:58.398977288 +0200 -@@ -41,7 +41,7 @@ - return result; - } - --static int -+static void * - shfs_follow_link(struct dentry *dentry, struct nameidata *nd) - { - struct shfs_sb_info *info = info_from_dentry(dentry); -@@ -61,7 +61,7 @@ - DEBUG("%s\n", real_name); - result = vfs_follow_link(nd, real_name); - error: -- return result; -+ return NULL; - } - - struct inode_operations shfs_symlink_inode_operations = { -Index: shfs-0.35/shfs/Linux-2.6/dcache.c -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.6/dcache.c 2007-06-04 13:22:58.121019544 +0200 -+++ shfs-0.35/shfs/Linux-2.6/dcache.c 2007-06-04 13:22:58.398977288 +0200 -@@ -68,7 +68,7 @@ - spin_lock(&dcache_lock); - next = parent->d_subdirs.next; - while (next != &parent->d_subdirs) { -- dentry = list_entry(next, struct dentry, d_child); -+ dentry = list_entry(next, struct dentry, d_u.d_child); - dentry->d_fsdata = NULL; - shfs_age_dentry(info, dentry); - next = next->next; -@@ -101,7 +101,7 @@ - spin_lock(&dcache_lock); - next = parent->d_subdirs.next; - while (next != &parent->d_subdirs) { -- dent = list_entry(next, struct dentry, d_child); -+ dent = list_entry(next, struct dentry, d_u.d_child); - if ((unsigned long)dent->d_fsdata == fpos) { - if (dent->d_inode) - dget_locked(dent); diff --git a/package/shfs/patches/102-shfs_0.35_clean_inode_clear.patch b/package/shfs/patches/102-shfs_0.35_clean_inode_clear.patch deleted file mode 100644 index f12fc96509..0000000000 --- a/package/shfs/patches/102-shfs_0.35_clean_inode_clear.patch +++ /dev/null @@ -1,22 +0,0 @@ -Index: shfs-0.35/shfs/Linux-2.6/inode.c -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.397977440 +0200 -+++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.637940960 +0200 -@@ -8,6 +8,7 @@ - #include - #endif - -+#include - #include - #include - #include -@@ -118,6 +119,9 @@ - } - KMEM_FREE("inode", inode_cache, i); - out: -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,13)) -+ truncate_inode_pages(&inode->i_data, 0); -+#endif - clear_inode(inode); - } - diff --git a/package/shfs/patches/103-shfs_0.35_gcc4.patch b/package/shfs/patches/103-shfs_0.35_gcc4.patch deleted file mode 100644 index e4c13882c4..0000000000 --- a/package/shfs/patches/103-shfs_0.35_gcc4.patch +++ /dev/null @@ -1,25 +0,0 @@ -Index: shfs-0.35/shfs/Linux-2.6/dir.c -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.6/dir.c 2007-06-04 13:22:58.041031704 +0200 -+++ shfs-0.35/shfs/Linux-2.6/dir.c 2007-06-04 13:22:58.822912840 +0200 -@@ -19,6 +19,8 @@ - #include "shfs_debug.h" - #include "proc.h" - -+static struct dentry_operations shfs_dentry_operations; -+ - static int - shfs_dir_open(struct inode *inode, struct file *filp) - { -Index: shfs-0.35/shfs/Linux-2.6/shfs_fs.h -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.398977288 +0200 -+++ shfs-0.35/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.823912688 +0200 -@@ -56,7 +56,6 @@ - #define ROUND_TO_MINS(x) do { (x).tv_sec = ((x).tv_sec / 60) * 60; (x).tv_nsec = 0; } while (0) - - /* shfs/dir.c */ --extern struct dentry_operations shfs_dentry_operations; - extern struct file_operations shfs_dir_operations; - extern struct inode_operations shfs_dir_inode_operations; - extern void shfs_new_dentry(struct dentry *dentry); diff --git a/package/shfs/patches/104-shfs_0.35_inode_and_fs.patch b/package/shfs/patches/104-shfs_0.35_inode_and_fs.patch deleted file mode 100644 index 0953e6b0aa..0000000000 --- a/package/shfs/patches/104-shfs_0.35_inode_and_fs.patch +++ /dev/null @@ -1,377 +0,0 @@ -Index: shfs-0.35/shfs/Linux-2.6/fcache.c -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.6/fcache.c 2007-06-04 13:22:57.997038392 +0200 -+++ shfs-0.35/shfs/Linux-2.6/fcache.c 2007-06-04 13:22:59.019882896 +0200 -@@ -100,7 +100,11 @@ - VERBOSE("dir in file cache?\n"); - return -EINVAL; - } -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ p = (struct shfs_inode_info *)inode->i_private; -+#else - p = (struct shfs_inode_info *)inode->u.generic_ip; -+#endif - if (!p) { - VERBOSE("inode without info\n"); - return -EINVAL; -@@ -127,7 +131,11 @@ - VERBOSE("dir in file cache?\n"); - return -EINVAL; - } -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ p = (struct shfs_inode_info *)inode->i_private; -+#else - p = (struct shfs_inode_info *)inode->u.generic_ip; -+#endif - if (!p) { - VERBOSE("inode without info\n"); - return -EINVAL; -@@ -160,7 +168,11 @@ - if (result == 0) { - struct shfs_inode_info *p; - -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ p = (struct shfs_inode_info *)f->f_dentry->d_inode->i_private; -+#else - p = (struct shfs_inode_info *)f->f_dentry->d_inode->u.generic_ip; -+#endif - if (!p) { - VERBOSE("inode without info\n"); - return -EINVAL; -@@ -184,7 +196,11 @@ - return -EINVAL; - } - DEBUG("ino: %lu\n", inode->i_ino); -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ p = (struct shfs_inode_info *)inode->i_private; -+#else - p = (struct shfs_inode_info *)inode->u.generic_ip; -+#endif - if (!p) { - VERBOSE("inode without info\n"); - return -EINVAL; -@@ -226,7 +242,11 @@ - VERBOSE("dir in file cache?\n"); - return -EINVAL; - } -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ p = (struct shfs_inode_info *)inode->i_private; -+#else - p = (struct shfs_inode_info *)inode->u.generic_ip; -+#endif - if (!p) { - VERBOSE("inode without info\n"); - return -EINVAL; -@@ -327,7 +347,11 @@ - VERBOSE("dir in file cache?\n"); - return -EINVAL; - } -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ p = (struct shfs_inode_info *)inode->i_private; -+#else - p = (struct shfs_inode_info *)inode->u.generic_ip; -+#endif - if (!p) { - VERBOSE("inode without info\n"); - return -EINVAL; -Index: shfs-0.35/shfs/Linux-2.6/inode.c -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.637940960 +0200 -+++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-04 13:22:59.020882744 +0200 -@@ -36,7 +36,11 @@ - shfs_set_inode_attr(struct inode *inode, struct shfs_fattr *fattr) - { - struct shfs_sb_info *info = info_from_inode(inode); -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ struct shfs_inode_info *i = inode->i_private; -+#else - struct shfs_inode_info *i = inode->u.generic_ip; -+#endif - struct timespec last_time = inode->i_mtime; - loff_t last_size = inode->i_size; - -@@ -53,7 +57,9 @@ - inode->i_ctime = fattr->f_ctime; - inode->i_atime = fattr->f_atime; - inode->i_mtime = fattr->f_mtime; -+#ifdef STRUCT_INODE_HAS_I_BLKSIZE - inode->i_blksize= fattr->f_blksize; -+#endif - inode->i_blocks = fattr->f_blocks; - inode->i_size = fattr->f_size; - -@@ -76,7 +82,11 @@ - if (!inode) - return NULL; - inode->i_ino = fattr->f_ino; -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ i = inode->i_private = (struct shfs_inode_info *)KMEM_ALLOC("inode", inode_cache, GFP_KERNEL); -+#else - i = inode->u.generic_ip = (struct shfs_inode_info *)KMEM_ALLOC("inode", inode_cache, GFP_KERNEL); -+#endif - if (!i) - return NULL; - i->cache = NULL; -@@ -108,7 +118,11 @@ - struct shfs_inode_info *i; - - DEBUG("ino: %lu\n", inode->i_ino); -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ i = (struct shfs_inode_info *)inode->i_private; -+#else - i = (struct shfs_inode_info *)inode->u.generic_ip; -+#endif - if (!i) { - VERBOSE("invalid inode\n"); - goto out; -@@ -176,7 +190,11 @@ - { - struct shfs_sb_info *info = info_from_dentry(dentry); - struct inode *inode = dentry->d_inode; -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ struct shfs_inode_info *i = (struct shfs_inode_info *)inode->i_private; -+#else - struct shfs_inode_info *i = (struct shfs_inode_info *)inode->u.generic_ip; -+#endif - int result; - - DEBUG("%s\n", dentry->d_name.name); -Index: shfs-0.35/shfs/Linux-2.6/dir.c -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.6/dir.c 2007-06-04 13:22:58.822912840 +0200 -+++ shfs-0.35/shfs/Linux-2.6/dir.c 2007-06-04 13:22:59.020882744 +0200 -@@ -302,8 +302,13 @@ - - shfs_invalid_dir_cache(dir); - result = shfs_instantiate(dentry); -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ if (forced_write && dentry->d_inode && dentry->d_inode->i_private) -+ ((struct shfs_inode_info *)dentry->d_inode->i_private)->unset_write_on_close = 1; -+#else - if (forced_write && dentry->d_inode && dentry->d_inode->u.generic_ip) - ((struct shfs_inode_info *)dentry->d_inode->u.generic_ip)->unset_write_on_close = 1; -+#endif - return result; - } - -Index: shfs-0.35/shfs/Linux-2.6/file.c -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.6/file.c 2007-06-04 13:22:58.397977440 +0200 -+++ shfs-0.35/shfs/Linux-2.6/file.c 2007-06-04 13:22:59.020882744 +0200 -@@ -90,7 +90,11 @@ - struct dentry *dentry = f->f_dentry; - struct shfs_sb_info *info = info_from_dentry(dentry); - struct inode *inode = p->mapping->host; -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ struct shfs_inode_info *i = (struct shfs_inode_info *)inode->i_private; -+#else - struct shfs_inode_info *i = (struct shfs_inode_info *)inode->u.generic_ip; -+#endif - char *buffer = kmap(p) + offset; - int written = 0, result; - unsigned count = to - offset; -@@ -252,8 +256,13 @@ - } - } - /* if file was forced to be writeable, change attrs back on close */ -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ if (dentry->d_inode && dentry->d_inode->i_private) { -+ if (((struct shfs_inode_info *)dentry->d_inode->i_private)->unset_write_on_close) { -+#else - if (dentry->d_inode && dentry->d_inode->u.generic_ip) { - if (((struct shfs_inode_info *)dentry->d_inode->u.generic_ip)->unset_write_on_close) { -+#endif - char name[SHFS_PATH_MAX]; - - if (get_name(dentry, name) < 0) -@@ -302,7 +311,8 @@ - goto error; - } - if (result != 0) { -- copy_to_user(buf, (char *)page, result); -+ if (copy_to_user(buf, (char *)page, result)) -+ goto error; - *ppos += result; - } - error: -@@ -315,11 +325,15 @@ - static ssize_t - shfs_slow_write(struct file *f, const char *buf, size_t count, loff_t *offset) - { -- int written = 0; -+ ssize_t written = 0; - int result; - - DEBUG("\n"); -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ written = do_sync_write(f, buf, count, offset); -+#else - written = generic_file_write(f, buf, count, offset); -+#endif - if (written > 0) { - result = do_file_flush(f); - written = result < 0 ? result: written; -@@ -330,14 +344,23 @@ - - struct file_operations shfs_file_operations = { - .llseek = generic_file_llseek, -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ .read = do_sync_read, -+ .write = do_sync_write, -+#else - .read = generic_file_read, - .write = generic_file_write, -+#endif - .ioctl = shfs_ioctl, - .mmap = generic_file_mmap, - .open = shfs_file_open, - .flush = shfs_file_flush, - .release = shfs_file_release, - .fsync = shfs_file_sync, -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ .aio_read = generic_file_aio_read, -+ .aio_write = generic_file_aio_write, -+#endif - }; - - struct file_operations shfs_slow_operations = { -Index: shfs-0.35/shfs/Linux-2.6/proc.c -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.6/proc.c 2007-06-04 13:22:58.398977288 +0200 -+++ shfs-0.35/shfs/Linux-2.6/proc.c 2007-06-04 13:22:59.021882592 +0200 -@@ -149,7 +149,12 @@ - { - struct file *f = info->sock; - mm_segment_t fs; -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ ssize_t result = 0; -+ loff_t begin; -+#else - int c, result = 0; -+#endif - unsigned long flags, sigpipe; - sigset_t old_set; - -@@ -161,7 +166,9 @@ - return result; - } - -+#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)) - c = count; -+#endif - - fs = get_fs(); - set_fs(get_ds()); -@@ -173,6 +180,16 @@ - SIGRECALC; - SIGUNLOCK(flags); - -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ begin = f->f_pos; -+ result = do_sync_write(f, buffer, count, &f->f_pos); -+ -+ if (result < 0) { -+ DEBUG("error: %d\n", result); -+ fput(f); -+ info->sock = NULL; -+ } -+#else - do { - struct iovec vec[1]; - -@@ -190,6 +207,7 @@ - buffer += result; - c -= result; - } while (c > 0); -+#endif - - SIGLOCK(flags); - if (result == -EPIPE && !sigpipe) { -@@ -204,7 +222,11 @@ - - DEBUG(">%d\n", result); - if (result < 0) -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ set_garbage(info, 1, count - (f->f_pos - begin)); -+#else - set_garbage(info, 1, c); -+#endif - else - result = count; - return result; -@@ -222,6 +244,9 @@ - int c, result = 0; - unsigned long flags, sigpipe; - sigset_t old_set; -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ loff_t begin; -+#endif - - if (!f) - return -EIO; -@@ -256,6 +281,20 @@ - fs = get_fs(); - set_fs(get_ds()); - -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ begin = f->f_pos; -+ result = do_sync_read(f, buffer, c, &f->f_pos); -+ -+ if (!result) { -+ /* peer has closed socket */ -+ result = -EIO; -+ } -+ if (result < 0) { -+ DEBUG("error: %d\n", result); -+ fput(f); -+ info->sock = NULL; -+ } -+#else - do { - struct iovec vec[1]; - -@@ -277,6 +316,7 @@ - buffer += result; - c -= result; - } while (c > 0); -+#endif - - SIGLOCK(flags); - if (result == -EPIPE && !sigpipe) { -@@ -291,7 +331,11 @@ - - DEBUG("<%d\n", result); - if (result < 0) -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ set_garbage(info, 0, count - (f->f_pos - begin)); -+#else - set_garbage(info, 0, c); -+#endif - else - result = count; - return result; -@@ -316,8 +360,10 @@ - return result; - } - while (1) { -+#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)) - struct iovec vec[1]; - -+#endif - nl = memchr(BUFFER, '\n', LEN); - if (nl) { - *nl = '\0'; -@@ -348,9 +394,13 @@ - fs = get_fs(); - set_fs(get_ds()); - -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) -+ result = do_sync_read(f, BUFFER+LEN, c, &f->f_pos); -+#else - vec[0].iov_base = BUFFER+LEN; - vec[0].iov_len = c; - result = f->f_op->readv(f, (const struct iovec *)&vec, 1, &f->f_pos); -+#endif - SIGLOCK(flags); - if (result == -EPIPE && !sigpipe) { - sigdelset(¤t->pending.signal, SIGPIPE); diff --git a/package/shfs/patches/105-space_chars.patch b/package/shfs/patches/105-space_chars.patch deleted file mode 100644 index 03ad8328c6..0000000000 --- a/package/shfs/patches/105-space_chars.patch +++ /dev/null @@ -1,70 +0,0 @@ -Index: shfs-0.35/shfs/Linux-2.4/shell.c -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.4/shell.c 2007-06-04 13:22:57.970042496 +0200 -+++ shfs-0.35/shfs/Linux-2.4/shell.c 2007-06-04 13:22:59.249847936 +0200 -@@ -213,6 +213,7 @@ - int c = 0; - int is_space = 1; - int device = 0; -+ char *start = s; - - while (*s) { - if (c == DIR_COLS) -@@ -227,17 +228,20 @@ - s++; - } - *s = '\0'; -+ start = s+1; - is_space = 1; -+ } else { -+ if (c != DIR_NAME) -+ start = s+1; - } - } else { - if (is_space) { - /* (b)lock/(c)haracter device hack */ -- col[c++] = s; -+ col[c++] = start; - is_space = 0; - if ((c-1 == DIR_PERM) && ((*s == 'b')||(*s == 'c'))) { - device = 1; - } -- - } - } - s++; -Index: shfs-0.35/shfs/Linux-2.6/shell.c -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.6/shell.c 2007-06-04 13:22:57.977041432 +0200 -+++ shfs-0.35/shfs/Linux-2.6/shell.c 2007-06-04 13:22:59.249847936 +0200 -@@ -225,6 +225,7 @@ - int c = 0; - int is_space = 1; - int device = 0; -+ char *start = s; - - while (*s) { - if (c == DIR_COLS) -@@ -239,17 +240,20 @@ - s++; - } - *s = '\0'; -+ start = s+1; - is_space = 1; -+ } else { -+ if (c != DIR_NAME) -+ start = s+1; - } - } else { - if (is_space) { - /* (b)lock/(c)haracter device hack */ -- col[c++] = s; -+ col[c++] = start; - is_space = 0; - if ((c-1 == DIR_PERM) && ((*s == 'b')||(*s == 'c'))) { - device = 1; - } -- - } - } - s++; diff --git a/package/shfs/patches/106-uidgid32.patch b/package/shfs/patches/106-uidgid32.patch deleted file mode 100644 index 60510a28d3..0000000000 --- a/package/shfs/patches/106-uidgid32.patch +++ /dev/null @@ -1,38 +0,0 @@ -Index: shfs-0.35/shfs/Linux-2.4/shfs_fs_sb.h -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.4/shfs_fs_sb.h 2007-06-04 13:22:57.941046904 +0200 -+++ shfs-0.35/shfs/Linux-2.4/shfs_fs_sb.h 2007-06-04 13:22:59.448817688 +0200 -@@ -38,10 +38,10 @@ - struct shfs_fileops fops; - int version; - int ttl; -- __kernel_uid_t uid; -- __kernel_gid_t gid; -- __kernel_mode_t root_mode; -- __kernel_mode_t fmask; -+ uid_t uid; -+ gid_t gid; -+ mode_t root_mode; -+ mode_t fmask; - char mount_point[SHFS_PATH_MAX]; - struct semaphore sock_sem; /* next 4 vars are guarded */ - struct file *sock; -Index: shfs-0.35/shfs/Linux-2.6/shfs_fs_sb.h -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.6/shfs_fs_sb.h 2007-06-04 13:22:57.949045688 +0200 -+++ shfs-0.35/shfs/Linux-2.6/shfs_fs_sb.h 2007-06-04 13:22:59.449817536 +0200 -@@ -38,10 +38,10 @@ - struct shfs_fileops fops; - int version; - int ttl; -- __kernel_uid_t uid; -- __kernel_gid_t gid; -- __kernel_mode_t root_mode; -- __kernel_mode_t fmask; -+ uid_t uid; -+ gid_t gid; -+ mode_t root_mode; -+ mode_t fmask; - char mount_point[SHFS_PATH_MAX]; - struct semaphore sock_sem; /* next 4 vars are guarded */ - struct file *sock; diff --git a/package/shfs/patches/107-df.patch b/package/shfs/patches/107-df.patch deleted file mode 100644 index ca2c9d079a..0000000000 --- a/package/shfs/patches/107-df.patch +++ /dev/null @@ -1,38 +0,0 @@ -Index: shfs-0.35/shfs/Linux-2.4/shell.c -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.4/shell.c 2007-06-04 13:22:59.249847936 +0200 -+++ shfs-0.35/shfs/Linux-2.4/shell.c 2007-06-04 13:22:59.643788048 +0200 -@@ -961,11 +961,11 @@ - - s = info->sockbuf; - if ((p = strsep(&s, " "))) -- attr->f_blocks = simple_strtoull(p, NULL, 10); -+ attr->f_blocks = simple_strtoull(p, NULL, 10) >> 2; - if ((p = strsep(&s, " "))) -- attr->f_bfree = attr->f_blocks - simple_strtoull(p, NULL, 10); -+ attr->f_bfree = attr->f_blocks - (simple_strtoull(p, NULL, 10) >> 2); - if ((p = strsep(&s, " "))) -- attr->f_bavail = simple_strtoull(p, NULL, 10); -+ attr->f_bavail = simple_strtoull(p, NULL, 10) >> 2; - - result = sock_readln(info, info->sockbuf, SOCKBUF_SIZE); - if (result < 0) -Index: shfs-0.35/shfs/Linux-2.6/shell.c -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.6/shell.c 2007-06-04 13:22:59.249847936 +0200 -+++ shfs-0.35/shfs/Linux-2.6/shell.c 2007-06-04 13:22:59.643788048 +0200 -@@ -974,11 +974,11 @@ - - s = info->sockbuf; - if ((p = strsep(&s, " "))) -- attr->f_blocks = simple_strtoull(p, NULL, 10); -+ attr->f_blocks = simple_strtoull(p, NULL, 10) >> 2; - if ((p = strsep(&s, " "))) -- attr->f_bfree = attr->f_blocks - simple_strtoull(p, NULL, 10); -+ attr->f_bfree = attr->f_blocks - (simple_strtoull(p, NULL, 10) >> 2); - if ((p = strsep(&s, " "))) -- attr->f_bavail = simple_strtoull(p, NULL, 10); -+ attr->f_bavail = simple_strtoull(p, NULL, 10) >> 2; - - result = sock_readln(info, info->sockbuf, SOCKBUF_SIZE); - if (result < 0) diff --git a/package/shfs/patches/108-no_update_mtab.patch b/package/shfs/patches/108-no_update_mtab.patch deleted file mode 100644 index 9b4a9aeeb0..0000000000 --- a/package/shfs/patches/108-no_update_mtab.patch +++ /dev/null @@ -1,28 +0,0 @@ -Index: shfs-0.35/shfsmount/shfsmount.c -=================================================================== ---- shfs-0.35.orig/shfsmount/shfsmount.c 2007-06-04 13:22:57.883055720 +0200 -+++ shfs-0.35/shfsmount/shfsmount.c 2007-06-04 13:22:59.838758408 +0200 -@@ -74,7 +74,7 @@ - static int have_uid = 0; - - /* do not update /etc/mtab */ --static int nomtab = 0; -+static int nomtab = 1; - - /* preserve owner of files */ - static int preserve = 0; -Index: shfs-0.35/shfsmount/shfsumount.c -=================================================================== ---- shfs-0.35.orig/shfsmount/shfsumount.c 2007-06-04 13:22:57.890054656 +0200 -+++ shfs-0.35/shfsmount/shfsumount.c 2007-06-04 13:22:59.838758408 +0200 -@@ -67,10 +67,6 @@ - FILE *new_mtab; - struct mntent *ment; - -- if ((fd = open(MOUNTED"~", O_RDWR|O_CREAT|O_EXCL, 0600)) == -1) { -- fprintf(stderr, "Can't get "MOUNTED"~ lock file"); -- return 0; -- } - close(fd); - if ((mtab = setmntent(MOUNTED, "r")) == NULL) { - fprintf(stderr, "Can't open " MOUNTED ": %s\n", strerror(errno)); diff --git a/package/shfs/patches/109-linux_2.6.22.patch b/package/shfs/patches/109-linux_2.6.22.patch deleted file mode 100644 index c91e0526d0..0000000000 --- a/package/shfs/patches/109-linux_2.6.22.patch +++ /dev/null @@ -1,26 +0,0 @@ -Index: shfs-0.35/shfs/Linux-2.6/dir.c -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.6/dir.c 2007-06-17 04:08:32.449815896 +0200 -+++ shfs-0.35/shfs/Linux-2.6/dir.c 2007-06-17 04:08:41.766399560 +0200 -@@ -13,6 +13,7 @@ - #include - #include - #include -+#include - - #include "shfs_fs.h" - #include "shfs_fs_i.h" -Index: shfs-0.35/shfs/Linux-2.6/inode.c -=================================================================== ---- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-17 04:09:01.961329464 +0200 -+++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-17 04:13:08.501849608 +0200 -@@ -15,6 +15,9 @@ - #include - #include - #include -+#include -+#include -+#include - - #include "shfs_fs.h" - #include "shfs_fs_sb.h" diff --git a/package/strongswan/Makefile b/package/strongswan/Makefile deleted file mode 100644 index 65a77bef5d..0000000000 --- a/package/strongswan/Makefile +++ /dev/null @@ -1,98 +0,0 @@ -# -# Copyright (C) 2006 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# -# $Id$ - -include $(TOPDIR)/rules.mk -include $(INCLUDE_DIR)/kernel.mk - -PKG_NAME:=strongswan -PKG_VERSION:=2.8.2 -PKG_RELEASE:=2 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 -PKG_SOURCE_URL:=http://download.strongswan.org/ -PKG_MD5SUM:=57427f5b48123851a73b10d78dd4f8d6 - -include $(INCLUDE_DIR)/package.mk - -define Package/strongswan/Default - TITLE:=strongSwan - DEPENDS:=@LINUX_2_4 - URL:=http://www.strongswan.org/ -endef - -define Package/strongswan/Default/description - strongSwan is an IPsec implementation for Linux. -endef - -define Package/strongswan -$(call Package/strongswan/Default) - SECTION:=net - CATEGORY:=Network - DEPENDS:=+kmod-strongswan +libgmp @LINUX_2_4 - TITLE+= (daemon) -endef - -define Package/strongswan/description -$(call Package/strongswan/Default/description) - This package contains the strongSwan user-land daemon. -endef - -define KernelPackage/strongswan -$(call Package/strongswan/Default) - SUBMENU:=Network Support - TITLE+= (kernel module) - DEPENDS:=@LINUX_2_4 - FILES:=$(PKG_BUILD_DIR)/linux/net/ipsec/ipsec.$(LINUX_KMOD_SUFFIX) - AUTOLOAD:=$(call AutoLoad,50,ipsec) -endef - -define KernelPackage/strongswan/description -$(call Package/strongswan/Default/description) - This package contains the strongSwan kernel module. -endef - -PKG_MAKE_OPTS:= \ - LINUX_RELEASE="$(LINUX_RELEASE)" \ - KERNELSRC="$(LINUX_DIR)" \ - ARCH="$(LINUX_KARCH)" \ - CROSS_COMPILE="$(TARGET_CROSS)" \ - USERCOMPILE="$(TARGET_CFLAGS) -I./linux/include $(TARGET_CPPFLAGS) $(TARGET_LDFLAGS)" \ - IPSECDIR="/usr/lib/ipsec" \ - INC_USRLOCAL="/usr" \ - -define Build/Compile - $(MAKE) -C $(PKG_BUILD_DIR) \ - $(TARGET_CONFIGURE_OPTS) \ - $(PKG_MAKE_OPTS) \ - LDFLAGS="$(TARGET_LDFLAGS)" \ - DESTDIR="$(PKG_INSTALL_DIR)" \ - programs module install -endef - -define Package/strongswan/install - $(CP) $(PKG_INSTALL_DIR)/* $(1) - $(INSTALL_DIR) $(1)/etc/init.d - $(INSTALL_DIR) $(1)/etc/config - $(INSTALL_DIR) $(1)/etc/cron.tick - $(INSTALL_DIR) $(1)/etc/hotplug.d/iface - $(INSTALL_DIR) $(1)/etc/hotplug.d/button - $(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec - $(INSTALL_BIN) ./files/ipsec.cron $(1)/etc/cron.tick/ipsec-wakeup - $(INSTALL_BIN) ./files/ipsec.iface $(1)/etc/hotplug.d/iface/65-ipsec - $(INSTALL_BIN) ./files/ipsec.button $(1)/etc/hotplug.d/button/65-ipsec - $(INSTALL_DATA) ./files/ipsec.config $(1)/etc/config/ipsec - $(INSTALL_DATA) ./files/ipsec.conf $(1)/etc/ipsec.conf - rm -rf $(1)/usr/share - rm -rf $(1)/usr/man - rm -rf $(1)/var - rm -rf $(1)/etc/rc.d - find $(1) -name \*.old | xargs rm -rf -endef - -$(eval $(call BuildPackage,strongswan)) -$(eval $(call KernelPackage,strongswan)) diff --git a/package/strongswan/files/ipsec.button b/package/strongswan/files/ipsec.button deleted file mode 100644 index 9bd9023560..0000000000 --- a/package/strongswan/files/ipsec.button +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh - -# snarf the code that loads the config values -# since we also load the functions, might as well save the shell calls -. /etc/init.d/ipsec - -[ -n "$IPSEC_RESET_BUTTON" -a "$BUTTON" = "$IPSEC_RESET_BUTTON" ] || exit - -if [ ! -e /var/run/pluto.pid ] ; then - - [ "$ACTION" = "pressed" ] && start - -else - - if [ "$ACTION" = "pressed" ] ; then - - stop - - elif [ "$ACTION" = "released" ] ; then - - while [ -e /var/run/pluto.pid ] ; do - sleep 1 - done - - while ps auxww | grep ipsec | grep -v grep ; do - sleep 1 - done - - start - - fi - -fi - diff --git a/package/strongswan/files/ipsec.conf b/package/strongswan/files/ipsec.conf deleted file mode 100644 index 8f59008831..0000000000 --- a/package/strongswan/files/ipsec.conf +++ /dev/null @@ -1,34 +0,0 @@ - -version 2.0 - -config setup - interfaces=%defaultroute - nat_traversal=yes # required on both ends - uniqueids=yes # makes sense on client, not server - hidetos=no - -conn %default - authby=rsasig - keyingtries=3 - keyexchange=ike - left=%defaultroute - leftrsasigkey=%cert - rightrsasigkey=%cert - dpdtimeout=30 # keepalive must arrive within - dpddelay=5 # secs before keepalives start - compress=no # breaks double nat installations - pfs=yes - -conn sample - leftca=%same - leftcert=my.certificate.crt - leftsourceip=192.168.10.1 - leftsubnet=192.168.10.0/24 - right=my.vpn.concentrator.net. - rightca=%same - rightid="C=??, ST=??, O=??, OU=??, CN=my.vpn.concentrator.net, E=root@concentrator.net" - rightsourceip=192.168.11.1 - rightsubnet=192.168.11.0/24 - dpdaction=hold - auto=start - diff --git a/package/strongswan/files/ipsec.config b/package/strongswan/files/ipsec.config deleted file mode 100644 index b4865e40b5..0000000000 --- a/package/strongswan/files/ipsec.config +++ /dev/null @@ -1,21 +0,0 @@ - -# Configure button/light behavior here. -config device - option reset_button ses - option status_start ses_orange - option status_valid ses_white - -# iptables setup for traffic to/from this host -config filter - option rule_in input_rule - option dest_in ACCEPT - option rule_out output_rule - option dest_out ACCEPT - -# iptables setup for traffic to/from another host -config forward - option rule_in forwarding_rule - option dest_in forwarding_vpn_in - option rule_out forwarding_rule - option dest_out forwarding_vpn_out - diff --git a/package/strongswan/files/ipsec.cron b/package/strongswan/files/ipsec.cron deleted file mode 100644 index d8c7dccfa8..0000000000 --- a/package/strongswan/files/ipsec.cron +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -/usr/sbin/ipsec wakeup diff --git a/package/strongswan/files/ipsec.iface b/package/strongswan/files/ipsec.iface deleted file mode 100644 index 0716bf79bc..0000000000 --- a/package/strongswan/files/ipsec.iface +++ /dev/null @@ -1,8 +0,0 @@ -NAME=ipsec -CTLFILE="/var/run/pluto.ctl" - -[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] || exit - -[ -e "$CTLFILE" ] || exit - -/etc/init.d/ipsec update diff --git a/package/strongswan/files/ipsec.init b/package/strongswan/files/ipsec.init deleted file mode 100644 index 4e8b8a2166..0000000000 --- a/package/strongswan/files/ipsec.init +++ /dev/null @@ -1,101 +0,0 @@ -#!/bin/sh /etc/rc.common - -START=65 - -config_cb() { - local cfg="$CONFIG_SECTION" - local cfgt - config_get cfgt "$cfg" TYPE - - case "$cfgt" in - device) - config_get IPSEC_RESET_BUTTON $cfg reset_button - config_get IPSEC_STATUS_LED_START $cfg status_start - config_get IPSEC_STATUS_LED_VALID $cfg status_valid - ;; - filter) - config_get IPSEC_UPDOWN_RULE_IN $cfg rule_in - config_get IPSEC_UPDOWN_DEST_IN $cfg dest_in - config_get IPSEC_UPDOWN_RULE_OUT $cfg rule_out - config_get IPSEC_UPDOWN_DEST_OUT $cfg dest_out - ;; - forward) - config_get IPSEC_UPDOWN_FWD_RULE_IN $cfg rule_in - config_get IPSEC_UPDOWN_FWD_DEST_IN $cfg dest_in - config_get IPSEC_UPDOWN_FWD_RULE_OUT $cfg rule_out - config_get IPSEC_UPDOWN_FWD_DEST_OUT $cfg dest_out - ;; - *) - ;; - esac -} - -config_load ipsec - -export IPSEC_RESET_BUTTON -export IPSEC_STATUS_LED_START -export IPSEC_STATUS_LED_VALID - -export IPSEC_UPDOWN_RULE_IN -export IPSEC_UPDOWN_DEST_IN -export IPSEC_UPDOWN_RULE_OUT -export IPSEC_UPDOWN_DEST_OUT - -export IPSEC_UPDOWN_FWD_RULE_IN -export IPSEC_UPDOWN_FWD_DEST_IN -export IPSEC_UPDOWN_FWD_RULE_OUT -export IPSEC_UPDOWN_FWD_DEST_OUT - - -start() { - - [ -f /etc/ipsec.conf ] || exit - [ -e /var/run/starter.pid ] && exit - - /usr/sbin/ipsec _showstatus start - - # stuff the dnsmasq cache in case dns is on our own subnet - for peer in `grep left= /etc/ipsec.conf | \ - cut -f 1 -d% | cut -f 2 -d=` ; do - ping -c 1 $peer > /dev/null 2>&1 - done - - /usr/sbin/ipsec start || exit - - # work around broken routing behavior: - # a route to the local wan segment will appear - # the need was removed in the patched _updown script - - while ! route -n | grep -q ipsec ; do sleep 1 ; done - - defint=`route -n | awk '/^0.0.0.0/{print $8}'` - defnet=`route -n | grep $defint | awk '!/^0.0.0.0/{print $1}'` - dnmask=`route -n | grep $defint | awk '!/^0.0.0.0/{print $3}'` - tundev=`route -n | grep $defnet | awk '/ipsec/{print $8}'` - - route del -net $defnet netmask $dnmask dev $tundev -} - - -stop() { - - /usr/sbin/ipsec stop 2> /dev/null - - # wait until the shutdown actually happens - while [ -e /var/run/starter.pid ] ; do - if [ -d /proc/`cat /var/run/starter.pid` ] ; then - sleep 1 - else - rm /var/run/starter.pid - fi - done - - # kill any lingering processes - while ps auxww | grep -q ipsec | grep -v init.d; do - kill `ps auxww | grep -v init.d | awk '/\/ipsec\//{print $1}'` 2> /dev/null - sleep 1 - done - - ipsec _showstatus stop -} - diff --git a/package/strongswan/patches/100-ar-fixes.patch b/package/strongswan/patches/100-ar-fixes.patch deleted file mode 100644 index 2e9d7800eb..0000000000 --- a/package/strongswan/patches/100-ar-fixes.patch +++ /dev/null @@ -1,81 +0,0 @@ -Index: strongswan-2.8.2/lib/libcrypto/libaes/Makefile -=================================================================== ---- strongswan-2.8.2.orig/lib/libcrypto/libaes/Makefile 2007-06-04 13:23:04.777007680 +0200 -+++ strongswan-2.8.2/lib/libcrypto/libaes/Makefile 2007-06-04 13:23:04.873992936 +0200 -@@ -25,10 +25,8 @@ - - $(BLIB): $(LIBOBJ) - /bin/rm -f $(BLIB) -- ar cr $(BLIB) $(LIBOBJ) -- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \ -- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \ -- else exit 0; fi; fi -+ $(AR) cr $(BLIB) $(LIBOBJ) -+ $(RANLIB) $(BLIB) - - testx: test_main_mac.o $(BLIB) - $(CC) -o $@ $^ -Index: strongswan-2.8.2/lib/libcrypto/libblowfish/Makefile -=================================================================== ---- strongswan-2.8.2.orig/lib/libcrypto/libblowfish/Makefile 2007-06-04 13:23:04.783006768 +0200 -+++ strongswan-2.8.2/lib/libcrypto/libblowfish/Makefile 2007-06-04 13:23:04.873992936 +0200 -@@ -58,7 +58,7 @@ - lib: $(LIB) - - $(LIB): $(LIBOBJ) -- $(AR) $(LIB) $(LIBOBJ) -+ $(AR) -r $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) - - # elf -Index: strongswan-2.8.2/lib/libcrypto/libserpent/Makefile -=================================================================== ---- strongswan-2.8.2.orig/lib/libcrypto/libserpent/Makefile 2007-06-04 13:23:04.790005704 +0200 -+++ strongswan-2.8.2/lib/libcrypto/libserpent/Makefile 2007-06-04 13:23:04.873992936 +0200 -@@ -8,10 +8,8 @@ - - $(BLIB): $(LIBOBJ) - /bin/rm -f $(BLIB) -- ar cr $(BLIB) $(LIBOBJ) -- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \ -- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \ -- else exit 0; fi; fi -+ $(AR) cr $(BLIB) $(LIBOBJ) -+ $(RANLIB) $(BLIB) - - test: test_main.o $(BLIB) - $(CC) -o $@ $^ -Index: strongswan-2.8.2/lib/libcrypto/libsha2/Makefile -=================================================================== ---- strongswan-2.8.2.orig/lib/libcrypto/libsha2/Makefile 2007-06-04 13:23:04.796004792 +0200 -+++ strongswan-2.8.2/lib/libcrypto/libsha2/Makefile 2007-06-04 13:23:04.874992784 +0200 -@@ -9,10 +9,8 @@ - - $(BLIB): $(LIBOBJ) - /bin/rm -f $(BLIB) -- ar cr $(BLIB) $(LIBOBJ) -- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \ -- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \ -- else exit 0; fi; fi -+ $(AR) cr $(BLIB) $(LIBOBJ) -+ $(RANLIB) $(BLIB) - - test: test_main.o $(BLIB) - $(CC) -o $@ $^ -Index: strongswan-2.8.2/lib/libcrypto/libtwofish/Makefile -=================================================================== ---- strongswan-2.8.2.orig/lib/libcrypto/libtwofish/Makefile 2007-06-04 13:23:04.804003576 +0200 -+++ strongswan-2.8.2/lib/libcrypto/libtwofish/Makefile 2007-06-04 13:23:04.874992784 +0200 -@@ -9,10 +9,8 @@ - - $(BLIB): $(LIBOBJ) - /bin/rm -f $(BLIB) -- ar cr $(BLIB) $(LIBOBJ) -- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \ -- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \ -- else exit 0; fi; fi -+ $(AR) cr $(BLIB) $(LIBOBJ) -+ $(RANLIB) $(BLIB) - - test: test_main.o $(BLIB) - $(CC) -o $@ $^ diff --git a/package/strongswan/patches/110-make-ipsec.patch b/package/strongswan/patches/110-make-ipsec.patch deleted file mode 100644 index 0d2a4e6fb1..0000000000 --- a/package/strongswan/patches/110-make-ipsec.patch +++ /dev/null @@ -1,11 +0,0 @@ -Index: strongswan-2.8.2/programs/ipsec/Makefile -=================================================================== ---- strongswan-2.8.2.orig/programs/ipsec/Makefile 2007-06-04 13:23:04.756010872 +0200 -+++ strongswan-2.8.2/programs/ipsec/Makefile 2007-06-04 13:23:05.227939128 +0200 -@@ -24,5 +24,5 @@ - include ../Makefile.program - - install:: ipsec -- @$(INSTALL) $(INSTBINFLAGS) ipsec $(RCDIR)/ipsec -+ @$(INSTALL) $(INSTBINFLAGS) -D ipsec $(RCDIR)/ipsec - diff --git a/package/strongswan/patches/120-make-pluto.patch b/package/strongswan/patches/120-make-pluto.patch deleted file mode 100644 index e0dd813bb7..0000000000 --- a/package/strongswan/patches/120-make-pluto.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: strongswan-2.8.2/programs/pluto/alg/Makefile -=================================================================== ---- strongswan-2.8.2.orig/programs/pluto/alg/Makefile 2007-06-04 13:23:04.734014216 +0200 -+++ strongswan-2.8.2/programs/pluto/alg/Makefile 2007-06-04 13:23:05.416910400 +0200 -@@ -20,7 +20,7 @@ - include Config.ike_alg - - LIBCRYPTO:=../../../lib/libcrypto --ALLFLAGS=$(CPPFLAGS) $(CFLAGS) -I .. -I- -I ../../../linux/include -I $(LIBCRYPTO) -+ALLFLAGS=$(CPPFLAGS) $(CFLAGS) -I .. -I- -I ../../../linux/include -I $(LIBCRYPTO) $(USERCOMPILE) - LIBALG := libalg.o - - all : $(LIBALG) diff --git a/package/strongswan/patches/130-make-starter.patch b/package/strongswan/patches/130-make-starter.patch deleted file mode 100644 index 93888ab6b6..0000000000 --- a/package/strongswan/patches/130-make-starter.patch +++ /dev/null @@ -1,21 +0,0 @@ -Index: strongswan-2.8.2/programs/starter/Makefile -=================================================================== ---- strongswan-2.8.2.orig/programs/starter/Makefile 2007-06-04 13:23:04.711017712 +0200 -+++ strongswan-2.8.2/programs/starter/Makefile 2007-06-04 13:23:06.227787128 +0200 -@@ -16,7 +16,6 @@ - FREESWANSRCDIR?=$(shell cd ../..; pwd) - include ${FREESWANSRCDIR}/Makefile.inc - --LD=$(CC) - RM=rm - LEX=flex - BISON=bison -@@ -59,7 +58,7 @@ - all: starter - - starter: $(OBJS) $(FREESWANLIB) -- $(LD) $(LDFLAGS) -o starter $(OBJS) $(LIBS) -+ $(CC) $(LDFLAGS) -o starter $(OBJS) $(LIBS) - - lex.yy.c: parser.tab.c parser.l parser.y parser.h - $(LEX) parser.l diff --git a/package/strongswan/patches/200-wakeup-showstatus.patch b/package/strongswan/patches/200-wakeup-showstatus.patch deleted file mode 100644 index 731f83c2e0..0000000000 --- a/package/strongswan/patches/200-wakeup-showstatus.patch +++ /dev/null @@ -1,234 +0,0 @@ -Index: strongswan-2.8.2/programs/Makefile -=================================================================== ---- strongswan-2.8.2.orig/programs/Makefile 2007-06-04 13:23:04.661025312 +0200 -+++ strongswan-2.8.2/programs/Makefile 2007-06-04 13:23:06.414758704 +0200 -@@ -22,7 +22,7 @@ - SUBDIRS+=_realsetup _secretcensor _startklips _updown _updown_espmark - SUBDIRS+=auto barf ipsec look manual ranbits secrets starter - SUBDIRS+=rsasigkey send-pr setup showdefaults showhostkey calcgoo mailkey --SUBDIRS+=ikeping examples openac scepclient -+SUBDIRS+=ikeping examples openac scepclient _showstatus wakeup - - ifeq ($(USE_LWRES),true) - SUBDIRS+=lwdnsq -Index: strongswan-2.8.2/programs/_showstatus/Makefile -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ strongswan-2.8.2/programs/_showstatus/Makefile 2007-06-04 13:23:06.414758704 +0200 -@@ -0,0 +1,22 @@ -+# Makefile for miscelaneous programs -+# Copyright (C) 2002 Michael Richardson -+# -+# This program is free software; you can redistribute it and/or modify it -+# under the terms of the GNU General Public License as published by the -+# Free Software Foundation; either version 2 of the License, or (at your -+# option) any later version. See . -+# -+# This program is distributed in the hope that it will be useful, but -+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+# for more details. -+# -+# RCSID $Id: Makefile,v 1.3 2006/04/17 06:48:49 as Exp $ -+ -+FREESWANSRCDIR=../.. -+include ${FREESWANSRCDIR}/Makefile.inc -+ -+PROGRAM=_showstatus -+PROGRAMDIR=${LIBDIR} -+ -+include ../Makefile.program -Index: strongswan-2.8.2/programs/_showstatus/_showstatus.8 -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ strongswan-2.8.2/programs/_showstatus/_showstatus.8 2007-06-04 13:23:06.414758704 +0200 -@@ -0,0 +1,23 @@ -+.TH _showstatus 8 "03 Feb 2007" -+.\" -+.\" RCSID $Id: _showstatus.8 -+.\" -+.SH NAME -+ipsec _showstatus \- give state feedback via led or other method -+.SH SYNOPSIS -+.I _showstatus -+is invoked by _updown to trigger led's, or other distribution -+or platform specific behavior. Presently, the SES button is -+supported as a status light on OpenWRT platforms. The button -+is configurable by environment variable: -+-B IPSEC_STATUS_LED_START -+defaults to ses_orange, and -+-B IPSEC_STATUS_LED_VALID -+defaults to ses_white. -+.SH "SEE ALSO" -+ipsec(8), ipsec_updown(8). -+.SH HISTORY -+Man page written for the Linux strongSwan project -+by Kevin Cody Jr. Original manpage for _updown by Michael Richardson. -+Original program written by Henry Spencer. Extended for the Linux strongSwan -+project by Andreas Steffen. -Index: strongswan-2.8.2/programs/_showstatus/_showstatus.in -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ strongswan-2.8.2/programs/_showstatus/_showstatus.in 2007-06-04 13:23:06.414758704 +0200 -@@ -0,0 +1,70 @@ -+#! /bin/sh -+# -+# Copyright (C) 2007 Kevin Cody Jr. -+# -+# This program is free software; you can redistribute it and/or modify it -+# under the terms of the GNU General Public License as published by the -+# Free Software Foundation; either version 2 of the License, or (at your -+# option) any later version. See . -+# -+# This program is distributed in the hope that it will be useful, but -+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+# for more details. -+# -+# RCSID $Id: _showstatus.in -+ -+ -+LED_START=$IPSEC_STATUS_LED_START -+LED_VALID=$IPSEC_STATUS_LED_VALID -+ -+[ -z "$LED_START" ] && LED_START="ses_orange" -+[ -z "$LED_VALID" ] && LED_VALID="ses_white" -+ -+ -+setled() { -+ led=$1 -+ st=$2 -+ -+ [ -n "$led" -a -n "$st" ] || return -+ -+ if [ -w "/proc/diag/led/$led" ] ; then -+ echo "$st" > "/proc/diag/led/$led" -+ fi -+ -+ # integrate other led control methods here -+ -+} -+ -+ -+case "$1" in -+ 'start') -+ [ -n "$LED_VALID" ] && setled "$LED_START" 1 -+ [ -z "$LED_VALID" ] && setled "$LED_START" f -+ setled "$LED_VALID" 0 -+ ;; -+ 'stop') -+ setled "$LED_START" 0 -+ setled "$LED_VALID" 0 -+ ;; -+ 'valid') -+ setled "$LED_VALID" 1 -+ ;; -+ 'invalid') -+ setled "$LED_VALID" 0 -+ ;; -+ 'up') -+ [ -n "$LED_VALID" ] && setled "$LED_START" 0 -+ [ -z "$LED_VALID" ] && setled "$LED_START" 1 -+ setled "$LED_VALID" 1 -+ ;; -+ 'down') -+ [ -n "$LED_VALID" ] && setled "$LED_START" 1 -+ [ -z "$LED_VALID" ] && setled "$LED_START" f -+ setled "$LED_VALID" f -+ ;; -+ *) -+ echo "$0: unknown status $status" >&2 -+ ;; -+esac -+ -Index: strongswan-2.8.2/programs/wakeup/Makefile -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ strongswan-2.8.2/programs/wakeup/Makefile 2007-06-04 13:23:06.415758552 +0200 -@@ -0,0 +1,22 @@ -+# Makefile for miscelaneous programs -+# Copyright (C) 2002 Michael Richardson -+# -+# This program is free software; you can redistribute it and/or modify it -+# under the terms of the GNU General Public License as published by the -+# Free Software Foundation; either version 2 of the License, or (at your -+# option) any later version. See . -+# -+# This program is distributed in the hope that it will be useful, but -+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+# for more details. -+# -+# RCSID $Id: Makefile,v 1.3 2006/04/17 06:48:49 as Exp $ -+ -+FREESWANSRCDIR=../.. -+include ${FREESWANSRCDIR}/Makefile.inc -+ -+PROGRAM=wakeup -+PROGRAMDIR=${LIBDIR} -+ -+include ../Makefile.program -Index: strongswan-2.8.2/programs/wakeup/wakeup.8 -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ strongswan-2.8.2/programs/wakeup/wakeup.8 2007-06-04 13:23:06.415758552 +0200 -@@ -0,0 +1,16 @@ -+.TH wakeup 8 "03 Feb 2007" -+.\" -+.\" RCSID $Id: wakeup.8 -+.\" -+.SH NAME -+ipsec wakeup \- stalled and down connection detection -+.SH SYNOPSIS -+.I wakeup -+is invoked by cron and checks ipsec status, whacking as necessary. -+.SH "SEE ALSO" -+ipsec(8), ipsec_whack(8). -+.SH HISTORY -+Man page written for the Linux strongSwan project -+by Kevin Cody Jr. Original manpage for _updown by Michael Richardson. -+Original program written by Henry Spencer. Extended for the Linux strongSwan -+project by Andreas Steffen. -Index: strongswan-2.8.2/programs/wakeup/wakeup.in -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ strongswan-2.8.2/programs/wakeup/wakeup.in 2007-06-04 13:23:06.415758552 +0200 -@@ -0,0 +1,38 @@ -+#! /bin/sh -+# wakeup script -+# -+# Copyright (C) 2007 Kevin Cody Jr. -+# -+# This program is free software; you can redistribute it and/or modify it -+# under the terms of the GNU General Public License as published by the -+# Free Software Foundation; either version 2 of the License, or (at your -+# option) any later version. See . -+# -+# This program is distributed in the hope that it will be useful, but -+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+# for more details. -+# -+ -+# only applicable when ipsec is running -+[ -e /var/run/pluto.pid ] || exit -+ -+# loop through any erouted tunnels in the HOLD state -+for f in `ipsec status | awk '/erouted HOLD/{ print $2 }' | cut -f1 -d\: | cut -f2 -d\"` ; do -+ -+ # only whack if no pending events at all exists -+ ipsec status | grep STATE | grep -q $f || -+ ipsec whack --name $f --initiate --asynchronous -+ -+done -+ -+# loop through any tunnels that don't quite exist -+for f in `ipsec status | awk '/prospective erouted/{ print $2 }' | cut -f1 -d: | grep -v \# | cut -f2 -d\"` ; do -+ -+ ipsec status | grep STATE_QUICK | grep -q $f || { -+ ipsec status | grep STATE_MAIN | grep -q $f && ipsec down $f -+ ipsec up $f -+ } -+ -+done -+ diff --git a/package/strongswan/patches/210-updown.patch b/package/strongswan/patches/210-updown.patch deleted file mode 100644 index d546625316..0000000000 --- a/package/strongswan/patches/210-updown.patch +++ /dev/null @@ -1,662 +0,0 @@ -Index: strongswan-2.8.2/programs/_updown/_updown.8 -=================================================================== ---- strongswan-2.8.2.orig/programs/_updown/_updown.8 2007-06-04 13:23:04.632029720 +0200 -+++ strongswan-2.8.2/programs/_updown/_updown.8 2007-06-04 13:23:06.656721920 +0200 -@@ -8,8 +8,23 @@ - .I _updown - is invoked by pluto when it has brought up a new connection. This script - is used to insert the appropriate routing entries for IPsec operation. --It can also be used to insert and delete dynamic iptables firewall rules. --The interface to the script is documented in the pluto man page. -+It also inserts and deletes dynamic iptables firewall rules. IMPORTANT! -+By default, it will ACCEPT as appropriate on the INPUT, OUTPUT, FORWARD -+tables. Most distributions will want to change that to provide more -+flexibility in their firewall configuration. -+The script looks for the environment variables -+.B IPSEC_UPDOWN_RULE_IN -+for the iptables table it should insert into, -+.B IPSEC_UPDOWN_DEST_IN -+for where the rule should -j jump to, -+.B IPSEC_UPDOWN_RULE_OUT -+.B IPSEC_UPDOWN_DEST_OUT -+for the same on outgoing packets, and -+.B IPSEC_UPDOWN_FWD_RULE_IN -+.B IPSEC_UPDOWN_FWD_DEST_IN -+.B IPSEC_UPDOWN_FWD_RULE_OUT -+.B IPSEC_UPDOWN_FWD_DEST_OUT -+respectively for packets being forwarded to/from the local networks. - .SH "SEE ALSO" - ipsec(8), ipsec_pluto(8). - .SH HISTORY -Index: strongswan-2.8.2/programs/_updown/_updown.in -=================================================================== ---- strongswan-2.8.2.orig/programs/_updown/_updown.in 2007-06-04 13:23:04.642028200 +0200 -+++ strongswan-2.8.2/programs/_updown/_updown.in 2007-06-04 13:23:06.657721768 +0200 -@@ -5,6 +5,7 @@ - # Copyright (C) 2003-2004 Tuomo Soini - # Copyright (C) 2002-2004 Michael Richardson - # Copyright (C) 2005-2006 Andreas Steffen -+# Copyright (C) 2007 Kevin Cody Jr - # - # This program is free software; you can redistribute it and/or modify it - # under the terms of the GNU General Public License as published by the -@@ -118,20 +119,61 @@ - # restricted on the peer side. - # - --# uncomment to log VPN connections --VPN_LOGGING=1 --# -+# set to /bin/true to silence log messages -+LOGGER=logger -+ - # tag put in front of each log entry: - TAG=vpn --# -+ - # syslog facility and priority used: --FAC_PRIO=local0.notice --# --# to create a special vpn logging file, put the following line into --# the syslog configuration file /etc/syslog.conf: --# --# local0.notice -/var/log/vpn --# -+FAC_PRIO=authpriv.info -+ -+ -+# in the presence of KLIPS and ipsecN interfaces do not use IPSEC_POLICY -+if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ] ; then -+ IPSEC_POLICY_IN="" -+ IPSEC_POLICY_OUT="" -+else -+ IPSEC_POLICY="-m policy --pol ipsec --proto esp --reqid $PLUTO_REQID" -+ IPSEC_POLICY_IN="$IPSEC_POLICY --dir in" -+ IPSEC_POLICY_OUT="$IPSEC_POLICY --dir out" -+fi -+ -+# are there port numbers? -+if [ "$PLUTO_MY_PORT" != 0 ] ; then -+ S_MY_PORT="--sport $PLUTO_MY_PORT" -+ D_MY_PORT="--dport $PLUTO_MY_PORT" -+fi -+ -+if [ "$PLUTO_PEER_PORT" != 0 ] ; then -+ S_PEER_PORT="--sport $PLUTO_PEER_PORT" -+ D_PEER_PORT="--dport $PLUTO_PEER_PORT" -+fi -+ -+# import firewall behavior -+IPT_RULE_IN=$IPSEC_UPDOWN_RULE_IN -+IPT_DEST_IN=$IPSEC_UPDOWN_DEST_IN -+IPT_RULE_OUT=$IPSEC_UPDOWN_RULE_OUT -+IPT_DEST_OUT=$IPSEC_UPDOWN_DEST_OUT -+ -+# import forwarding behavior -+FWD_RULE_IN=$IPSEC_UPDOWN_FWD_RULE_IN -+FWD_DEST_IN=$IPSEC_UPDOWN_FWD_DEST_IN -+FWD_RULE_OUT=$IPSEC_UPDOWN_FWD_RULE_OUT -+FWD_DEST_OUT=$IPSEC_UPDOWN_FWD_DEST_OUT -+ -+# default firewall behavior -+[ -z "$IPT_RULE_IN" ] && IPT_RULE_IN=INPUT -+[ -z "$IPT_DEST_IN" ] && IPT_DEST_IN=ACCEPT -+[ -z "$IPT_RULE_OUT" ] && IPT_RULE_OUT=OUTPUT -+[ -z "$IPT_DEST_OUT" ] && IPT_DEST_OUT=ACCEPT -+ -+# default forwarding behavior -+[ -z "$FWD_RULE_IN" ] && FWD_RULE_IN=FORWARD -+[ -z "$FWD_DEST_IN" ] && FWD_DEST_IN=ACCEPT -+[ -z "$FWD_RULE_OUT" ] && FWD_RULE_OUT=FORWARD -+[ -z "$FWD_DEST_OUT" ] && FWD_DEST_OUT=ACCEPT -+ - - # check interface version - case "$PLUTO_VERSION" in -@@ -150,8 +192,6 @@ - case "$1:$*" in - ':') # no parameters - ;; --iptables:iptables) # due to (left/right)firewall; for default script only -- ;; - custom:*) # custom parameters (see above CAUTION comment) - ;; - *) echo "$0: unknown parameters \`$*'" >&2 -@@ -159,345 +199,307 @@ - ;; - esac - -+ - # utility functions for route manipulation - # Meddling with this stuff should not be necessary and requires great care. -+ - uproute() { - doroute add - ip route flush cache - } -+ - downroute() { - doroute delete - ip route flush cache - } - -+upfirewall() { -+ in_rule=$1 -+ in_dest=$2 -+ out_rule=$3 -+ out_dest=$4 -+ -+ [ -n "$in_rule" -a -n "$in_dest" ] && \ -+ iptables -I $in_rule 1 \ -+ -i $PLUTO_INTERFACE \ -+ -p $PLUTO_MY_PROTOCOL \ -+ -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ -+ -d $PLUTO_MY_CLIENT $D_MY_PORT \ -+ $IPSEC_POLICY_IN \ -+ -j $in_dest -+ -+ [ -n "$out_rule" -a -n "$out_dest" ] && \ -+ iptables -I $out_rule 1 \ -+ -o $PLUTO_INTERFACE \ -+ -p $PLUTO_PEER_PROTOCOL \ -+ -s $PLUTO_MY_CLIENT $S_MY_PORT \ -+ -d $PLUTO_PEER_CLIENT $D_PEER_PORT \ -+ $IPSEC_POLICY_OUT \ -+ -j $out_dest -+ -+} -+ -+downfirewall() { -+ in_rule=$1 -+ in_dest=$2 -+ out_rule=$3 -+ out_dest=$4 -+ -+ [ -n "$in_rule" -a -n "$in_dest" ] && \ -+ iptables -D $in_rule \ -+ -i $PLUTO_INTERFACE \ -+ -p $PLUTO_MY_PROTOCOL \ -+ -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ -+ -d $PLUTO_MY_CLIENT $D_MY_PORT \ -+ $IPSEC_POLICY_IN \ -+ -j $in_dest -+ -+ [ -n "$out_rule" -a -n "$out_dest" ] && \ -+ iptables -D $out_rule \ -+ -o $PLUTO_INTERFACE \ -+ -p $PLUTO_PEER_PROTOCOL \ -+ -s $PLUTO_MY_CLIENT $S_MY_PORT \ -+ -d $PLUTO_PEER_CLIENT $D_PEER_PORT \ -+ $IPSEC_POLICY_OUT \ -+ -j $out_dest -+ -+} -+ - addsource() { - st=0 -- if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local -- then -+ -+ if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local ; then -+ - it="ip addr add ${PLUTO_MY_SOURCEIP%/*}/32 dev $PLUTO_INTERFACE" - oops="`eval $it 2>&1`" - st=$? -- if test " $oops" = " " -a " $st" != " 0" -- then -+ -+ if [ " $oops" = " " -a " $st" != " 0" ] ; then - oops="silent error, exit status $st" - fi -- if test " $oops" != " " -o " $st" != " 0" -- then -+ -+ if [ " $oops" != " " -o " $st" != " 0" ] ; then - echo "$0: addsource \`$it' failed ($oops)" >&2 - fi - fi -+ - return $st - } - - doroute() { - st=0 - parms="$PLUTO_PEER_CLIENT" -+ parms2="dev $PLUTO_INTERFACE" - -- parms2= -- if [ -n "$PLUTO_NEXT_HOP" ] -- then -- parms2="via $PLUTO_NEXT_HOP" -- fi -- parms2="$parms2 dev $PLUTO_INTERFACE" -- -- if [ -z "$PLUTO_MY_SOURCEIP" ] -- then -- if [ -f /etc/sysconfig/defaultsource ] -- then -- . /etc/sysconfig/defaultsource -- fi -+ if [ -z "$PLUTO_MY_SOURCEIP" ] ; then - -- if [ -f /etc/conf.d/defaultsource ] -- then -- . /etc/conf.d/defaultsource -- fi -+ [ -f /etc/sysconfig/defaultsource ] && \ -+ . /etc/sysconfig/defaultsource -+ -+ [ -f /etc/conf.d/defaultsource ] && \ -+ . /etc/conf.d/defaultsource -+ -+ [ -n "$DEFAULTSOURCE" ] && \ -+ PLUTO_MY_SOURCEIP=$DEFAULTSOURCE - -- if [ -n "$DEFAULTSOURCE" ] -- then -- PLUTO_MY_SOURCEIP=$DEFAULTSOURCE -- fi - fi - - parms3= -- if test "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP" -- then -+ if [ "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP" ] ; then - addsource - parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*}" - fi - -- case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in -- "0.0.0.0/0.0.0.0") -+ if [ "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" = \ -+ "0.0.0.0/0.0.0.0" ] ; then - # opportunistic encryption work around - # need to provide route that eclipses default, without - # replacing it. -- it="ip route $1 0.0.0.0/1 $parms2 $parms3 && -- ip route $1 128.0.0.0/1 $parms2 $parms3" -- ;; -- *) it="ip route $1 $parms $parms2 $parms3" -- ;; -- esac -+ it="ip route $1 0.0.0.0/1 $parms2 $parms3 && -+ ip route $1 128.0.0.0/1 $parms2 $parms3" -+ else -+ it="ip route $1 $parms $parms2 $parms3" -+ fi -+ - oops="`eval $it 2>&1`" - st=$? -- if test " $oops" = " " -a " $st" != " 0" -- then -- oops="silent error, exit status $st" -- fi -- if test " $oops" != " " -o " $st" != " 0" -- then -- echo "$0: doroute \`$it' failed ($oops)" >&2 -+ -+ if [ " $oops" = " " -a " $st" != " 0" ] ; then -+ oops="silent error, exit status $st" - fi -+ -+ if [ " $oops" != " " -o " $st" != " 0" ] ; then -+ echo "$0: doroute \`$it' failed ($oops)" >&2 -+ fi -+ - return $st - } -- --# in the presence of KLIPS and ipsecN interfaces do not use IPSEC_POLICY --if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ] --then -- IPSEC_POLICY_IN="" -- IPSEC_POLICY_OUT="" --else -- IPSEC_POLICY="-m policy --pol ipsec --proto esp --reqid $PLUTO_REQID" -- IPSEC_POLICY_IN="$IPSEC_POLICY --dir in" -- IPSEC_POLICY_OUT="$IPSEC_POLICY --dir out" --fi - --# are there port numbers? --if [ "$PLUTO_MY_PORT" != 0 ] --then -- S_MY_PORT="--sport $PLUTO_MY_PORT" -- D_MY_PORT="--dport $PLUTO_MY_PORT" --fi --if [ "$PLUTO_PEER_PORT" != 0 ] --then -- S_PEER_PORT="--sport $PLUTO_PEER_PORT" -- D_PEER_PORT="--dport $PLUTO_PEER_PORT" --fi -+dologentry() { -+ action=$1 -+ -+ if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] ; then -+ rem="$PLUTO_PEER" -+ else -+ rem="$PLUTO_PEER_CLIENT == $PLUTO_PEER" -+ fi -+ -+ if [ "$PLUTO_MY_CLIENT" == "$PLUTO_ME/32" ] ; then -+ loc="$PLUTO_ME" -+ else -+ loc="$PLUTO_ME == $PLUTO_MY_CLIENT" -+ fi -+ -+ $LOGGER -t $TAG -p $FAC_PRIO "$action $rem -- $loc ($PLUTO_PEER_ID)" -+} -+ - - # the big choice -+ - case "$PLUTO_VERB:$1" in - prepare-host:*|prepare-client:*) - # delete possibly-existing route (preliminary to adding a route) -- case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in -- "0.0.0.0/0.0.0.0") -- # need to provide route that eclipses default, without -+ -+ if [ "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" = \ -+ "0.0.0.0/0.0.0.0" ] ; then -+ # need to remove the route that eclipses default, without - # replacing it. -- parms1="0.0.0.0/1" -- parms2="128.0.0.0/1" -- it="ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1" -- oops="`ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1`" -- ;; -- *) -- parms="$PLUTO_PEER_CLIENT" -- it="ip route delete $parms 2>&1" -- oops="`ip route delete $parms 2>&1`" -- ;; -- esac -- status="$?" -- if test " $oops" = " " -a " $status" != " 0" -- then -- oops="silent error, exit status $status" -+ it="( ip route delete 0.0.0.0/1 ; -+ ip route delete 128.0.0.0/1 )" -+ else -+ it="ip route delete $PLUTO_PEER_CLIENT" -+ fi -+ -+ oops="`$it 2>&1`" -+ st="$?" -+ -+ if [ " $oops" = " " -a " $st" != " 0" ] ; then -+ oops="silent error, exit status $st" - fi -+ - case "$oops" in - *'RTNETLINK answers: No such process'*) - # This is what route (currently -- not documented!) gives - # for "could not find such a route". - oops= -- status=0 -+ st=0 - ;; - esac -- if test " $oops" != " " -o " $status" != " 0" -- then -+ -+ if [ " $oops" != " " -o " $st" != " 0" ] ; then - echo "$0: \`$it' failed ($oops)" >&2 - fi -- exit $status -+ -+ exit $st -+ - ;; - route-host:*|route-client:*) - # connection to me or my client subnet being routed -+ -+ ipsec _showstatus valid - uproute -+ - ;; - unroute-host:*|unroute-client:*) - # connection to me or my client subnet being unrouted -+ -+ ipsec _showstatus invalid - downroute -+ - ;; --up-host:) -+up-host:*) - # connection to me coming up -- # If you are doing a custom version, firewall commands go here. -+ -+ ipsec _showstatus up -+ upfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT -+ dologentry "VPN-UP" -+ - ;; --down-host:) -+down-host:*) - # connection to me going down -- # If you are doing a custom version, firewall commands go here. -- ;; --up-client:) -- # connection to my client subnet coming up -- # If you are doing a custom version, firewall commands go here. -- ;; --down-client:) -- # connection to my client subnet going down -- # If you are doing a custom version, firewall commands go here. -+ -+ ipsec _showstatus down -+ downfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT -+ dologentry "VPN-DN" -+ - ;; --up-host:iptables) -- # connection to me, with (left/right)firewall=yes, coming up -- # This is used only by the default updown script, not by your custom -- # ones, so do not mess with it; see CAUTION comment up at top. -- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ -- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ -- -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT -- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ -- -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT -- # -- # log IPsec host connection setup -- if [ $VPN_LOGGING ] -- then -- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] -- then -- logger -t $TAG -p $FAC_PRIO \ -- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME" -- else -- logger -t $TAG -p $FAC_PRIO \ -- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" -- fi -- fi -- ;; --down-host:iptables) -- # connection to me, with (left/right)firewall=yes, going down -- # This is used only by the default updown script, not by your custom -- # ones, so do not mess with it; see CAUTION comment up at top. -- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ -- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ -- -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT -- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ -- -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT -- # -- # log IPsec host connection teardown -- if [ $VPN_LOGGING ] -- then -- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] -- then -- logger -t $TAG -p $FAC_PRIO -- \ -- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME" -- else -- logger -t $TAG -p $FAC_PRIO -- \ -- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" -- fi -- fi -- ;; --up-client:iptables) -- # connection to client subnet, with (left/right)firewall=yes, coming up -- # This is used only by the default updown script, not by your custom -- # ones, so do not mess with it; see CAUTION comment up at top. -- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] -- then -- iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ -- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \ -- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \ -- $IPSEC_POLICY_OUT -j ACCEPT -- iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ -- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ -- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \ -- $IPSEC_POLICY_IN -j ACCEPT -+up-client:*) -+ # connection to client subnet coming up -+ -+ ipsec _showstatus up -+ -+ if [ "$PLUTO_MY_CLIENT" != "$PLUTO_ME/32" -a \ -+ "$PLUTO_MY_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] ; then -+ upfirewall $FWD_RULE_IN $FWD_DEST_IN $FWD_RULE_OUT $FWD_DEST_OUT - fi -- # -+ - # a virtual IP requires an INPUT and OUTPUT rule on the host - # or sometimes host access via the internal IP is needed -- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] -- then -- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ -- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ -- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \ -- $IPSEC_POLICY_IN -j ACCEPT -- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ -- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \ -- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \ -- $IPSEC_POLICY_OUT -j ACCEPT -- fi -- # -- # log IPsec client connection setup -- if [ $VPN_LOGGING ] -- then -- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] -- then -- logger -t $TAG -p $FAC_PRIO \ -- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" -- else -- logger -t $TAG -p $FAC_PRIO \ -- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" -- fi -- fi -- ;; --down-client:iptables) -- # connection to client subnet, with (left/right)firewall=yes, going down -- # This is used only by the default updown script, not by your custom -- # ones, so do not mess with it; see CAUTION comment up at top. -- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] -- then -- iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ -- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \ -- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \ -- $IPSEC_POLICY_OUT -j ACCEPT -- iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ -- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ -- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \ -- $IPSEC_POLICY_IN -j ACCEPT -+ if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] ; then -+ upfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT -+ fi -+ -+ dologentry "VPN-UP" -+ -+ ;; -+down-client:*) -+ # connection to client subnet going down -+ -+ ipsec _showstatus down -+ -+ if [ "$PLUTO_MY_CLIENT" != "$PLUTO_ME/32" -a \ -+ "$PLUTO_MY_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] ; then -+ downfirewall $FWD_RULE_IN $FWD_DEST_IN $FWD_RULE_OUT $FWD_DEST_OUT - fi -- # -+ - # a virtual IP requires an INPUT and OUTPUT rule on the host - # or sometimes host access via the internal IP is needed -- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] -- then -- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ -- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ -- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \ -- $IPSEC_POLICY_IN -j ACCEPT -- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ -- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \ -- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \ -- $IPSEC_POLICY_OUT -j ACCEPT -- fi -- # -- # log IPsec client connection teardown -- if [ $VPN_LOGGING ] -- then -- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] -- then -- logger -t $TAG -p $FAC_PRIO -- \ -- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" -- else -- logger -t $TAG -p $FAC_PRIO -- \ -- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" -- fi -+ if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] ; then -+ downfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT - fi -+ -+ dologentry "VPN-DN" -+ - ;; --# --# IPv6 --# - prepare-host-v6:*|prepare-client-v6:*) -+ - ;; - route-host-v6:*|route-client-v6:*) - # connection to me or my client subnet being routed -+ - #uproute_v6 -+ - ;; - unroute-host-v6:*|unroute-client-v6:*) - # connection to me or my client subnet being unrouted -+ - #downroute_v6 -+ - ;; - up-host-v6:*) - # connection to me coming up - # If you are doing a custom version, firewall commands go here. -+ - ;; - down-host-v6:*) - # connection to me going down - # If you are doing a custom version, firewall commands go here. -+ - ;; - up-client-v6:) - # connection to my client subnet coming up - # If you are doing a custom version, firewall commands go here. -+ - ;; - down-client-v6:) - # connection to my client subnet going down - # If you are doing a custom version, firewall commands go here. -+ - ;; --*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2 -+*) -+ echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2 - exit 1 -+ - ;; - esac -+ diff --git a/package/strongswan/patches/300-openwrt.patch b/package/strongswan/patches/300-openwrt.patch deleted file mode 100644 index e249a8d613..0000000000 --- a/package/strongswan/patches/300-openwrt.patch +++ /dev/null @@ -1,26 +0,0 @@ -Index: strongswan-2.8.2/Makefile.inc -=================================================================== ---- strongswan-2.8.2.orig/Makefile.inc 2007-06-04 13:23:04.604033976 +0200 -+++ strongswan-2.8.2/Makefile.inc 2007-06-04 13:23:06.855691672 +0200 -@@ -123,7 +123,7 @@ - # With a non-null DESTDIR, INC_RCDEFAULT will be used unless one of the - # INC_RCDIRS directories has been pre-created under DESTDIR. - INC_RCDIRS=/etc/rc.d/init.d /etc/rc.d /etc/init.d /sbin/init.d --INC_RCDEFAULT=/etc/rc.d/init.d -+INC_RCDEFAULT=/etc/init.d - - # RCDIR is where boot/shutdown scripts go; FINALRCDIR is where they think - # will finally be (so utils/Makefile can create a symlink in BINDIR to the -Index: strongswan-2.8.2/programs/showhostkey/showhostkey.in -=================================================================== ---- strongswan-2.8.2.orig/programs/showhostkey/showhostkey.in 2007-06-04 13:23:04.612032760 +0200 -+++ strongswan-2.8.2/programs/showhostkey/showhostkey.in 2007-06-04 13:23:06.855691672 +0200 -@@ -62,7 +62,7 @@ - exit 1 - fi - --host="`hostname --fqdn`" -+host="`cat /proc/sys/kernel/hostname`" - - awk ' BEGIN { - inkey = 0 diff --git a/package/strongswan/patches/310-make-ipsec-alg.patch b/package/strongswan/patches/310-make-ipsec-alg.patch deleted file mode 100644 index d5fad3d3e0..0000000000 --- a/package/strongswan/patches/310-make-ipsec-alg.patch +++ /dev/null @@ -1,19 +0,0 @@ -Index: strongswan-2.8.2/linux/net/ipsec/alg/Makefile.alg_cryptoapi -=================================================================== ---- strongswan-2.8.2.orig/linux/net/ipsec/alg/Makefile.alg_cryptoapi 2007-06-04 13:23:04.583037168 +0200 -+++ strongswan-2.8.2/linux/net/ipsec/alg/Makefile.alg_cryptoapi 2007-06-04 13:23:07.053661576 +0200 -@@ -1,10 +1,10 @@ - MOD_CRYPTOAPI := ipsec_cryptoapi.o - - ifneq ($(wildcard $(TOPDIR)/include/linux/crypto.h),) --ALG_MODULES += $(MOD_CRYPTOAPI) --obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += $(MOD_CRYPTOAPI) --static_init-func-$(CONFIG_IPSEC_ALG_CRYPTOAPI)+= ipsec_cryptoapi_init --alg_obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += ipsec_alg_cryptoapi.o -+#ALG_MODULES += $(MOD_CRYPTOAPI) -+#obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += $(MOD_CRYPTOAPI) -+#static_init-func-$(CONFIG_IPSEC_ALG_CRYPTOAPI)+= ipsec_cryptoapi_init -+#alg_obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += ipsec_alg_cryptoapi.o - else - $(warning "Linux CryptoAPI (2.4.22+ or 2.6.x) not found, not building ipsec_cryptoapi.o") - endif diff --git a/package/strongswan/patches/320-no-modprobe.patch b/package/strongswan/patches/320-no-modprobe.patch deleted file mode 100644 index d8c3648baf..0000000000 --- a/package/strongswan/patches/320-no-modprobe.patch +++ /dev/null @@ -1,108 +0,0 @@ -Index: strongswan-2.8.2/programs/starter/klips.c -=================================================================== ---- strongswan-2.8.2.orig/programs/starter/klips.c 2007-06-04 13:23:04.544043096 +0200 -+++ strongswan-2.8.2/programs/starter/klips.c 2007-06-04 13:23:07.238633456 +0200 -@@ -44,7 +44,7 @@ - unsetenv("MODPATH"); - unsetenv("MODULECONF"); - system("depmod -a >/dev/null 2>&1"); -- system("modprobe -qv ipsec"); -+ system("insmod -qv ipsec"); - } - if (stat(PROC_IPSECVERSION, &stb) == 0) - { -@@ -62,11 +62,11 @@ - /* make sure that all available crypto algorithms are loaded */ - if (stat(PROC_MODULES, &stb) == 0) - { -- system("modprobe -qv ipsec_aes"); -- system("modprobe -qv ipsec_serpent"); -- system("modprobe -qv ipsec_twofish"); -- system("modprobe -qv ipsec_blowfish"); -- system("modprobe -qv ipsec_sha2"); -+ system("insmod -qv ipsec_aes"); -+ system("insmod -qv ipsec_serpent"); -+ system("insmod -qv ipsec_twofish"); -+ system("insmod -qv ipsec_blowfish"); -+ system("insmod -qv ipsec_sha2"); - } - - starter_klips_clear(); -Index: strongswan-2.8.2/programs/starter/netkey.c -=================================================================== ---- strongswan-2.8.2.orig/programs/starter/netkey.c 2007-06-04 13:23:04.551042032 +0200 -+++ strongswan-2.8.2/programs/starter/netkey.c 2007-06-04 13:23:07.238633456 +0200 -@@ -36,7 +36,7 @@ - /* af_key module makes the netkey proc interface visible */ - if (stat(PROC_MODULES, &stb) == 0) - { -- system("modprobe -qv af_key"); -+ system("insmod -qv af_key"); - } - - /* now test again */ -@@ -52,11 +52,11 @@ - /* make sure that all required IPsec modules are loaded */ - if (stat(PROC_MODULES, &stb) == 0) - { -- system("modprobe -qv ah4"); -- system("modprobe -qv esp4"); -- system("modprobe -qv ipcomp"); -- system("modprobe -qv xfrm4_tunnel"); -- system("modprobe -qv xfrm_user"); -+ system("insmod -qv ah4"); -+ system("insmod -qv esp4"); -+ system("insmod -qv ipcomp"); -+ system("insmod -qv xfrm4_tunnel"); -+ system("insmod -qv xfrm_user"); - } - - DBG(DBG_CONTROL, -Index: strongswan-2.8.2/programs/_startklips/_startklips.in -=================================================================== ---- strongswan-2.8.2.orig/programs/_startklips/_startklips.in 2007-06-04 13:23:04.560040664 +0200 -+++ strongswan-2.8.2/programs/_startklips/_startklips.in 2007-06-04 13:23:07.238633456 +0200 -@@ -249,7 +249,7 @@ - - if test ! -f $ipsecversion && test ! -f $netkey - then -- modprobe -v af_key -+ insmod -v af_key - fi - - if test -f $netkey -@@ -257,11 +257,11 @@ - klips=false - if test -f $modules - then -- modprobe -qv ah4 -- modprobe -qv esp4 -- modprobe -qv ipcomp -- modprobe -qv xfrm4_tunnel -- modprobe -qv xfrm_user -+ insmod -qv ah4 -+ insmod -qv esp4 -+ insmod -qv ipcomp -+ insmod -qv xfrm4_tunnel -+ insmod -qv xfrm_user - fi - fi - -@@ -272,7 +272,7 @@ - setmodule - unset MODPATH MODULECONF # no user overrides! - depmod -a >/dev/null 2>&1 -- modprobe -v ipsec -+ insmod -v ipsec - fi - if test ! -f $ipsecversion - then -@@ -288,7 +288,7 @@ - do - if test -f $moduleinstplace/alg/ipsec_$alg.o - then -- modprobe ipsec_$alg -+ insmod ipsec_$alg - fi - done - fi diff --git a/package/strongswan/patches/350-make-programs.patch b/package/strongswan/patches/350-make-programs.patch deleted file mode 100644 index aba957754f..0000000000 --- a/package/strongswan/patches/350-make-programs.patch +++ /dev/null @@ -1,21 +0,0 @@ -Index: strongswan-2.8.2/programs/Makefile -=================================================================== ---- strongswan-2.8.2.orig/programs/Makefile 2007-06-04 13:23:06.414758704 +0200 -+++ strongswan-2.8.2/programs/Makefile 2007-06-04 13:23:07.444602144 +0200 -@@ -17,12 +17,10 @@ - FREESWANSRCDIR=.. - include ${FREESWANSRCDIR}/Makefile.inc - --SUBDIRS=spi eroute spigrp tncfg klipsdebug pf_key proc pluto --SUBDIRS+=_confread _copyright _include _keycensor _plutoload _plutorun --SUBDIRS+=_realsetup _secretcensor _startklips _updown _updown_espmark --SUBDIRS+=auto barf ipsec look manual ranbits secrets starter --SUBDIRS+=rsasigkey send-pr setup showdefaults showhostkey calcgoo mailkey --SUBDIRS+=ikeping examples openac scepclient _showstatus wakeup -+SUBDIRS=_copyright _updown _showstatus wakeup examples -+SUBDIRS+=barf calcgoo eroute ikeping klipsdebug look mailkey manual -+SUBDIRS+=openac pf_key pluto proc ranbits rsasigkey scepclient secrets -+SUBDIRS+=showdefaults showhostkey spi spigrp starter tncfg ipsec - - ifeq ($(USE_LWRES),true) - SUBDIRS+=lwdnsq