bakabtw/packages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[package] ipsec-tools: update to 0.8.0, add init script

Browse Source 
Signed-off-by: Artem Makhutov <artem@makhutov.org>

git-svn-id: svn://svn.openwrt.org/openwrt/packages@28102 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
florian
2011-08-28 12:08:31 +00:00
parent a6befab009
commit 476ca0ea41
8 changed files with 147 additions and 1683 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
net/ipsec-tools/Makefile
View File

@ -1,5 +1,5 @@
# #
# Copyright (C) 2006-2010 OpenWrt.org # Copyright (C) 2006-2011 OpenWrt.org
# #
# This is free software, licensed under the GNU General Public License v2. # This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information. # See /LICENSE for more information.
@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=ipsec-tools PKG_NAME:=ipsec-tools
PKG_VERSION:=0.7.3 PKG_VERSION:=0.8.0
PKG_RELEASE:=3 PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=@SF/ipsec-tools PKG_SOURCE_URL:=@SF/ipsec-tools
PKG_MD5SUM:=821bd84e8d4ad5a93bf594b8b3d66e1e PKG_MD5SUM:=b79aae3055a51f8de5c0f1b8ca6cf619
PKG_BUILD_PARALLEL:=1 PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1 PKG_INSTALL:=1
@ -43,6 +43,7 @@ CONFIGURE_ARGS += \
--enable-security-context=no \ --enable-security-context=no \
--enable-natt \ --enable-natt \
--enable-adminport \ --enable-adminport \
--enable-frag \
$(call autoconf_bool,CONFIG_IPV6,ipv6) $(call autoconf_bool,CONFIG_IPV6,ipv6)
# override CFLAGS holding "-Werror" that break builds on compile warnings # override CFLAGS holding "-Werror" that break builds on compile warnings
@ -72,6 +73,8 @@ define Package/ipsec-tools/install
$(SED) 's|@sysconfdir_x@|/etc|g' $(1)/etc/racoon.conf $(SED) 's|@sysconfdir_x@|/etc|g' $(1)/etc/racoon.conf
$(INSTALL_DIR) $(1)/etc/racoon $(INSTALL_DIR) $(1)/etc/racoon
$(INSTALL_CONF) $(PKG_BUILD_DIR)/src/racoon/samples/psk.txt $(1)/etc/racoon/ $(INSTALL_CONF) $(PKG_BUILD_DIR)/src/racoon/samples/psk.txt $(1)/etc/racoon/
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/racoon.init $(1)/etc/init.d/racoon
$(INSTALL_DIR) $(1)/usr/lib $(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libipsec.so.* $(1)/usr/lib/ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libipsec.so.* $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libracoon.so.* $(1)/usr/lib/ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libracoon.so.* $(1)/usr/lib/

17
net/ipsec-tools/files/racoon.init Normal file
View File

@ -0,0 +1,17 @@
#!/bin/sh /etc/rc.common
# Copyright (C) 2009 OpenWrt.org
START=49
# Copyright (C) 2011 Artem Makhutov
start() {
setkey -f /etc/ipsec.conf
mkdir /var/racoon/
/usr/sbin/racoon -f /etc/racoon/racoon.conf
}
stop() {
killall racoon
killall racoonctl
}

25
net/ipsec-tools/patches/001-ipsec-tools-def-psk.patch Normal file
View File

@ -0,0 +1,25 @@
diff -brau ipsec-tools-0.7.3.o/src/racoon/oakley.c ipsec-tools-0.7.3/src/racoon/oakley.c
--- a/src/racoon/oakley.c 2009-08-13 11:18:45.000000000 +0200
+++ b/src/racoon/oakley.c 2011-06-06 09:36:11.000000000 +0200
@@ -2498,8 +2498,21 @@
plog(LLV_ERROR, LOCATION, iph1->remote,
"couldn't find the pskey for %s.\n",
saddrwop2str(iph1->remote));
+ }
+ }
+ if (iph1->authstr == NULL) {
+ /*
+ * If we could not locate a psk above try and locate
+ * the default psk, ie, "*".
+ */
+ iph1->authstr = privsep_getpsk("*", 1);
+ if (iph1->authstr == NULL) {
+ plog(LLV_ERROR, LOCATION, iph1->remote,
+ "couldn't find the the default pskey either.\n");
goto end;
}
+ plog(LLV_NOTIFY, LOCATION, iph1->remote,
+ "Using default PSK.\n");
}
plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n");
/* should be secret PSK */

73
net/ipsec-tools/patches/002-patch8-utmp.patch Normal file
View File

@ -0,0 +1,73 @@
diff -urN build_dir/linux-ar71xx_generic/ipsec-tools-0.8.0/src/racoon/isakmp_cfg.c build_dir/linux-ar71xx_generic/ipsec-tools-0.8.0a/src/racoon/isakmp_cfg.c
--- a/src/racoon/isakmp_cfg.c 2010-09-21 16:14:17.000000000 +0300
+++ b/src/racoon/isakmp_cfg.c 2011-07-13 11:52:16.000000000 +0300
@@ -38,7 +38,7 @@
#include <sys/socket.h>
#include <sys/queue.h>
-#include <utmpx.h>
+#include <utmp.h>
#if defined(__APPLE__) && defined(__MACH__)
#include <util.h>
#endif
@@ -1661,7 +1661,8 @@
int inout;
{
int error = 0;
- struct utmpx ut;
+ struct utmp ut;
+ char term[UT_LINESIZE];
char addr[NI_MAXHOST];
if (usr == NULL || usr[0]=='\0') {
@@ -1670,34 +1671,37 @@
return -1;
}
- memset(&ut, 0, sizeof ut);
- gettimeofday((struct timeval *)&ut.ut_tv, NULL);
- snprintf(ut.ut_id, sizeof ut.ut_id, TERMSPEC, port);
+ sprintf(term, TERMSPEC, port);
switch (inout) {
case ISAKMP_CFG_LOGIN:
- ut.ut_type = USER_PROCESS;
- strncpy(ut.ut_user, usr, sizeof ut.ut_user);
+ strncpy(ut.ut_name, usr, UT_NAMESIZE);
+ ut.ut_name[UT_NAMESIZE - 1] = '\0';
+
+ strncpy(ut.ut_line, term, UT_LINESIZE);
+ ut.ut_line[UT_LINESIZE - 1] = '\0';
GETNAMEINFO_NULL(raddr, addr);
- strncpy(ut.ut_host, addr, sizeof ut.ut_host);
+ strncpy(ut.ut_host, addr, UT_HOSTSIZE);
+ ut.ut_host[UT_HOSTSIZE - 1] = '\0';
+
+ ut.ut_time = time(NULL);
plog(LLV_INFO, LOCATION, NULL,
"Accounting : '%s' logging on '%s' from %s.\n",
- ut.ut_user, ut.ut_id, addr);
-
- pututxline(&ut);
+ ut.ut_name, ut.ut_line, ut.ut_host);
+ login(&ut);
+
break;
case ISAKMP_CFG_LOGOUT:
- ut.ut_type = DEAD_PROCESS;
plog(LLV_INFO, LOCATION, NULL,
"Accounting : '%s' unlogging from '%s'.\n",
- usr, ut.ut_id);
-
- pututxline(&ut);
+ usr, term);
+ logout(term);
+
break;
default:
plog(LLV_ERROR, LOCATION, NULL, "Unepected inout\n");

20
net/ipsec-tools/patches/003-linux_2.6.19_rtnetlink_changes.diff
View File

@ -1,20 +0,0 @@
--- a/src/racoon/grabmyaddr.c
+++ b/src/racoon/grabmyaddr.c
@@ -80,10 +80,17 @@
#ifdef __linux__
#include <linux/types.h>
#include <linux/rtnetlink.h>
+#include <linux/version.h>
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
+# include <linux/if_addr.h>
+#endif
#ifndef HAVE_GETIFADDRS
#define HAVE_GETIFADDRS
#define NEED_LINUX_GETIFADDRS
#endif
+#ifndef IFA_RTA
+# define IFA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
+#endif
#endif
#ifndef HAVE_GETIFADDRS

14
net/ipsec-tools/patches/003-microsoft-fqdn-in-main.patch Normal file
View File

@ -0,0 +1,14 @@
diff -urN build_dir/linux-ar71xx_generic/ipsec-tools-0.8.0/src/racoon/ipsec_doi.c build_dir/linux-ar71xx_generic/ipsec-tools-0.8.0a/src/racoon/ipsec_doi.c
--- a/src/racoon/ipsec_doi.c 2010-12-14 19:57:31.000000000 +0200
+++ b/src/racoon/ipsec_doi.c 2011-07-13 12:07:44.000000000 +0300
@@ -3582,8 +3582,8 @@
iph1->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_PSKEY) {
if (id_b->type != IPSECDOI_ID_IPV4_ADDR
&& id_b->type != IPSECDOI_ID_IPV6_ADDR) {
- plog(LLV_ERROR, LOCATION, NULL,
- "Expecting IP address type in main mode, "
+ plog(LLV_WARNING, LOCATION, NULL,
+ "Expecting IP address type in main mode (RFC2409) , "
"but %s.\n", s_ipsecdoi_ident(id_b->type));
return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
}

1659
net/ipsec-tools/patches/004-opennhrp.patch
View File

File diff suppressed because it is too large Load Diff

11
net/ipsec-tools/patches/005-isakmp-fix.patch Normal file
View File

@ -0,0 +1,11 @@
--- a/src/racoon/isakmp.c
+++ b/src/racoon/isakmp.c
@@ -31,6 +31,8 @@
* SUCH DAMAGE.
*/
+#define __packed __attribute__((__packed__))
+
#include "config.h"
#include <sys/types.h>