[package] ipsec-tools: update to 0.8.0, add init script
Signed-off-by: Artem Makhutov <artem@makhutov.org> git-svn-id: svn://svn.openwrt.org/openwrt/packages@28102 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
florian
parent
a6befab009
commit
476ca0ea41
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Copyright (C) 2006-2010 OpenWrt.org
|
||||
# Copyright (C) 2006-2011 OpenWrt.org
|
||||
#
|
||||
# This is free software, licensed under the GNU General Public License v2.
|
||||
# See /LICENSE for more information.
|
||||
@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk
|
||||
include $(INCLUDE_DIR)/kernel.mk
|
||||
|
||||
PKG_NAME:=ipsec-tools
|
||||
PKG_VERSION:=0.7.3
|
||||
PKG_RELEASE:=3
|
||||
PKG_VERSION:=0.8.0
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
||||
PKG_SOURCE_URL:=@SF/ipsec-tools
|
||||
PKG_MD5SUM:=821bd84e8d4ad5a93bf594b8b3d66e1e
|
||||
PKG_MD5SUM:=b79aae3055a51f8de5c0f1b8ca6cf619
|
||||
|
||||
PKG_BUILD_PARALLEL:=1
|
||||
PKG_INSTALL:=1
|
||||
@ -43,6 +43,7 @@ CONFIGURE_ARGS += \
|
||||
--enable-security-context=no \
|
||||
--enable-natt \
|
||||
--enable-adminport \
|
||||
--enable-frag \
|
||||
$(call autoconf_bool,CONFIG_IPV6,ipv6)
|
||||
|
||||
# override CFLAGS holding "-Werror" that break builds on compile warnings
|
||||
@ -72,6 +73,8 @@ define Package/ipsec-tools/install
|
||||
$(SED) 's|@sysconfdir_x@|/etc|g' $(1)/etc/racoon.conf
|
||||
$(INSTALL_DIR) $(1)/etc/racoon
|
||||
$(INSTALL_CONF) $(PKG_BUILD_DIR)/src/racoon/samples/psk.txt $(1)/etc/racoon/
|
||||
$(INSTALL_DIR) $(1)/etc/init.d
|
||||
$(INSTALL_BIN) ./files/racoon.init $(1)/etc/init.d/racoon
|
||||
$(INSTALL_DIR) $(1)/usr/lib
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libipsec.so.* $(1)/usr/lib/
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libracoon.so.* $(1)/usr/lib/
|
||||
|
||||
17
net/ipsec-tools/files/racoon.init
Normal file
17
net/ipsec-tools/files/racoon.init
Normal file
@ -0,0 +1,17 @@
|
||||
#!/bin/sh /etc/rc.common
|
||||
# Copyright (C) 2009 OpenWrt.org
|
||||
START=49
|
||||
# Copyright (C) 2011 Artem Makhutov
|
||||
|
||||
start() {
|
||||
setkey -f /etc/ipsec.conf
|
||||
mkdir /var/racoon/
|
||||
|
||||
/usr/sbin/racoon -f /etc/racoon/racoon.conf
|
||||
}
|
||||
|
||||
stop() {
|
||||
killall racoon
|
||||
killall racoonctl
|
||||
}
|
||||
|
||||
25
net/ipsec-tools/patches/001-ipsec-tools-def-psk.patch
Normal file
25
net/ipsec-tools/patches/001-ipsec-tools-def-psk.patch
Normal file
@ -0,0 +1,25 @@
|
||||
diff -brau ipsec-tools-0.7.3.o/src/racoon/oakley.c ipsec-tools-0.7.3/src/racoon/oakley.c
|
||||
--- a/src/racoon/oakley.c 2009-08-13 11:18:45.000000000 +0200
|
||||
+++ b/src/racoon/oakley.c 2011-06-06 09:36:11.000000000 +0200
|
||||
@@ -2498,8 +2498,21 @@
|
||||
plog(LLV_ERROR, LOCATION, iph1->remote,
|
||||
"couldn't find the pskey for %s.\n",
|
||||
saddrwop2str(iph1->remote));
|
||||
+ }
|
||||
+ }
|
||||
+ if (iph1->authstr == NULL) {
|
||||
+ /*
|
||||
+ * If we could not locate a psk above try and locate
|
||||
+ * the default psk, ie, "*".
|
||||
+ */
|
||||
+ iph1->authstr = privsep_getpsk("*", 1);
|
||||
+ if (iph1->authstr == NULL) {
|
||||
+ plog(LLV_ERROR, LOCATION, iph1->remote,
|
||||
+ "couldn't find the the default pskey either.\n");
|
||||
goto end;
|
||||
}
|
||||
+ plog(LLV_NOTIFY, LOCATION, iph1->remote,
|
||||
+ "Using default PSK.\n");
|
||||
}
|
||||
plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n");
|
||||
/* should be secret PSK */
|
||||
73
net/ipsec-tools/patches/002-patch8-utmp.patch
Normal file
73
net/ipsec-tools/patches/002-patch8-utmp.patch
Normal file
@ -0,0 +1,73 @@
|
||||
diff -urN build_dir/linux-ar71xx_generic/ipsec-tools-0.8.0/src/racoon/isakmp_cfg.c build_dir/linux-ar71xx_generic/ipsec-tools-0.8.0a/src/racoon/isakmp_cfg.c
|
||||
--- a/src/racoon/isakmp_cfg.c 2010-09-21 16:14:17.000000000 +0300
|
||||
+++ b/src/racoon/isakmp_cfg.c 2011-07-13 11:52:16.000000000 +0300
|
||||
@@ -38,7 +38,7 @@
|
||||
#include <sys/socket.h>
|
||||
#include <sys/queue.h>
|
||||
|
||||
-#include <utmpx.h>
|
||||
+#include <utmp.h>
|
||||
#if defined(__APPLE__) && defined(__MACH__)
|
||||
#include <util.h>
|
||||
#endif
|
||||
@@ -1661,7 +1661,8 @@
|
||||
int inout;
|
||||
{
|
||||
int error = 0;
|
||||
- struct utmpx ut;
|
||||
+ struct utmp ut;
|
||||
+ char term[UT_LINESIZE];
|
||||
char addr[NI_MAXHOST];
|
||||
|
||||
if (usr == NULL || usr[0]=='\0') {
|
||||
@@ -1670,34 +1671,37 @@
|
||||
return -1;
|
||||
}
|
||||
|
||||
- memset(&ut, 0, sizeof ut);
|
||||
- gettimeofday((struct timeval *)&ut.ut_tv, NULL);
|
||||
- snprintf(ut.ut_id, sizeof ut.ut_id, TERMSPEC, port);
|
||||
+ sprintf(term, TERMSPEC, port);
|
||||
|
||||
switch (inout) {
|
||||
case ISAKMP_CFG_LOGIN:
|
||||
- ut.ut_type = USER_PROCESS;
|
||||
- strncpy(ut.ut_user, usr, sizeof ut.ut_user);
|
||||
+ strncpy(ut.ut_name, usr, UT_NAMESIZE);
|
||||
+ ut.ut_name[UT_NAMESIZE - 1] = '\0';
|
||||
+
|
||||
+ strncpy(ut.ut_line, term, UT_LINESIZE);
|
||||
+ ut.ut_line[UT_LINESIZE - 1] = '\0';
|
||||
|
||||
GETNAMEINFO_NULL(raddr, addr);
|
||||
- strncpy(ut.ut_host, addr, sizeof ut.ut_host);
|
||||
+ strncpy(ut.ut_host, addr, UT_HOSTSIZE);
|
||||
+ ut.ut_host[UT_HOSTSIZE - 1] = '\0';
|
||||
+
|
||||
+ ut.ut_time = time(NULL);
|
||||
|
||||
plog(LLV_INFO, LOCATION, NULL,
|
||||
"Accounting : '%s' logging on '%s' from %s.\n",
|
||||
- ut.ut_user, ut.ut_id, addr);
|
||||
-
|
||||
- pututxline(&ut);
|
||||
+ ut.ut_name, ut.ut_line, ut.ut_host);
|
||||
|
||||
+ login(&ut);
|
||||
+
|
||||
break;
|
||||
case ISAKMP_CFG_LOGOUT:
|
||||
- ut.ut_type = DEAD_PROCESS;
|
||||
|
||||
plog(LLV_INFO, LOCATION, NULL,
|
||||
"Accounting : '%s' unlogging from '%s'.\n",
|
||||
- usr, ut.ut_id);
|
||||
-
|
||||
- pututxline(&ut);
|
||||
+ usr, term);
|
||||
|
||||
+ logout(term);
|
||||
+
|
||||
break;
|
||||
default:
|
||||
plog(LLV_ERROR, LOCATION, NULL, "Unepected inout\n");
|
||||
@ -1,20 +0,0 @@
|
||||
--- a/src/racoon/grabmyaddr.c
|
||||
+++ b/src/racoon/grabmyaddr.c
|
||||
@@ -80,10 +80,17 @@
|
||||
#ifdef __linux__
|
||||
#include <linux/types.h>
|
||||
#include <linux/rtnetlink.h>
|
||||
+#include <linux/version.h>
|
||||
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
|
||||
+# include <linux/if_addr.h>
|
||||
+#endif
|
||||
#ifndef HAVE_GETIFADDRS
|
||||
#define HAVE_GETIFADDRS
|
||||
#define NEED_LINUX_GETIFADDRS
|
||||
#endif
|
||||
+#ifndef IFA_RTA
|
||||
+# define IFA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
|
||||
+#endif
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_GETIFADDRS
|
||||
14
net/ipsec-tools/patches/003-microsoft-fqdn-in-main.patch
Normal file
14
net/ipsec-tools/patches/003-microsoft-fqdn-in-main.patch
Normal file
@ -0,0 +1,14 @@
|
||||
diff -urN build_dir/linux-ar71xx_generic/ipsec-tools-0.8.0/src/racoon/ipsec_doi.c build_dir/linux-ar71xx_generic/ipsec-tools-0.8.0a/src/racoon/ipsec_doi.c
|
||||
--- a/src/racoon/ipsec_doi.c 2010-12-14 19:57:31.000000000 +0200
|
||||
+++ b/src/racoon/ipsec_doi.c 2011-07-13 12:07:44.000000000 +0300
|
||||
@@ -3582,8 +3582,8 @@
|
||||
iph1->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_PSKEY) {
|
||||
if (id_b->type != IPSECDOI_ID_IPV4_ADDR
|
||||
&& id_b->type != IPSECDOI_ID_IPV6_ADDR) {
|
||||
- plog(LLV_ERROR, LOCATION, NULL,
|
||||
- "Expecting IP address type in main mode, "
|
||||
+ plog(LLV_WARNING, LOCATION, NULL,
|
||||
+ "Expecting IP address type in main mode (RFC2409) , "
|
||||
"but %s.\n", s_ipsecdoi_ident(id_b->type));
|
||||
return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
|
||||
}
|
||||
File diff suppressed because it is too large
Load Diff
11
net/ipsec-tools/patches/005-isakmp-fix.patch
Normal file
11
net/ipsec-tools/patches/005-isakmp-fix.patch
Normal file
@ -0,0 +1,11 @@
|
||||
--- a/src/racoon/isakmp.c
|
||||
+++ b/src/racoon/isakmp.c
|
||||
@@ -31,6 +31,8 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
+#define __packed __attribute__((__packed__))
|
||||
+
|
||||
#include "config.h"
|
||||
|
||||
#include <sys/types.h>
|
||||
Loading…
x
Reference in New Issue
Block a user