[packages] openswan: update to v2.6.24 and remove obsolete patches - fixes Linux 2.6.32 compatibility

git-svn-id: svn://svn.openwrt.org/openwrt/packages@19766 3c298f89-4303-0410-b956-a3cf2f4a3e73

net/openswan/Makefile

@@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=openswan
-PKG_VERSION:=2.6.23
+PKG_VERSION:=2.6.24
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.openswan.org/download
-PKG_MD5SUM:=c83053471e639bf3b97e3cf7796b7e83
+PKG_MD5SUM:=1c76b6982c05392f7c360afb92699661
 
 include $(INCLUDE_DIR)/package.mk
 

net/openswan/patches/110-scripts.patch

@@ -1,16 +1,14 @@
-diff -urN openswan.old/programs/loggerfix openswan.dev/programs/loggerfix
---- openswan.old/programs/loggerfix	1970-01-01 01:00:00.000000000 +0100
-+++ openswan.dev/programs/loggerfix	2006-10-08 20:41:08.000000000 +0200
+--- /dev/null
++++ b/programs/loggerfix
 @@ -0,0 +1,5 @@
 +#!/bin/sh
 +# use filename instead of /dev/null to log, but dont log to flash or ram
 +# pref. log to nfs mount
 +echo "$*" >> /dev/null
 +exit 0
-diff -urN openswan.old/programs/_plutorun/_plutorun.in openswan.dev/programs/_plutorun/_plutorun.in
---- openswan.old/programs/_plutorun/_plutorun.in	2006-10-08 20:43:21.000000000 +0200
-+++ openswan.dev/programs/_plutorun/_plutorun.in	2006-10-08 20:41:08.000000000 +0200
-@@ -147,7 +147,7 @@
+--- a/programs/_plutorun/_plutorun.in
++++ b/programs/_plutorun/_plutorun.in
+@@ -156,7 +156,7 @@
  			exit 1
  		fi
  	else
@@ -19,15 +17,14 @@ diff -urN openswan.old/programs/_plutorun/_plutorun.in openswan.dev/programs/_pl
  		then
  			echo Cannot write to directory to create \"$stderrlog\".
  			exit 1
-diff -urN openswan.old/programs/_realsetup/_realsetup.in openswan.dev/programs/_realsetup/_realsetup.in
---- openswan.old/programs/_realsetup/_realsetup.in	2006-10-08 20:43:21.000000000 +0200
-+++ openswan.dev/programs/_realsetup/_realsetup.in	2006-10-08 20:41:08.000000000 +0200
-@@ -232,7 +232,7 @@
+--- a/programs/_realsetup/_realsetup.in
++++ b/programs/_realsetup/_realsetup.in
+@@ -282,7 +282,7 @@
  
  	# misc pre-Pluto setup
  
 -	perform test -d `dirname $subsyslock` "&&" touch $subsyslock
 +	perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock
  
- 	if test " $IPSECforwardcontrol" = " yes"
- 	then
+ 	manualconns
+ 

net/openswan/patches/120-no_manpages.patch

@@ -1,6 +1,5 @@
-diff -ur openswan-2.6.23/programs/_confread/Makefile wrtfix/programs/_confread/Makefile
---- openswan-2.6.23/programs/_confread/Makefile	2009-09-08 20:42:54.000000000 -0400
-+++ wrtfix/programs/_confread/Makefile	2009-09-23 16:32:08.000000000 -0400
+--- a/programs/_confread/Makefile
++++ b/programs/_confread/Makefile
 @@ -16,7 +16,6 @@
  OPENSWANSRCDIR?=$(shell cd ../..; pwd)
  include ${OPENSWANSRCDIR}/Makefile.inc
@@ -21,14 +20,12 @@ diff -ur openswan-2.6.23/programs/_confread/Makefile wrtfix/programs/_confread/M
 -diff:	ipsec.conf.5.xml
 -	diff -B -w -u ipsec.conf.5.xml ipsec.conf.5.xml-ref
 -
-diff -ur openswan-2.6.23/programs/pluto/Makefile wrtfix/programs/pluto/Makefile
---- openswan-2.6.23/programs/pluto/Makefile	2009-09-08 20:42:54.000000000 -0400
-+++ wrtfix/programs/pluto/Makefile	2009-09-23 16:32:38.000000000 -0400
-@@ -186,36 +186,11 @@
+--- a/programs/pluto/Makefile
++++ b/programs/pluto/Makefile
+@@ -188,35 +188,11 @@
  	$(INSTALL) $(INSTBINFLAGS) $(BINNAMEPLUTO) $(BINNAMEWHACK) $(LIBEXECDIR)
  	#$(INSTALL) $(INSTSUIDFLAGS) $(BINNAMEWHACKINIT) $(LIBEXECDIR)
  	if $(USE_ADNS) ; then $(INSTALL) $(INSTBINFLAGS) $(BINNAMEADNS)  $(LIBEXECDIR) ; fi
--	( cd ${OPENSWANSRCDIR}/programs/pluto ; xmlto man pluto.8.xml ; mv ipsec_pluto.8 pluto.8; xmlto man ipsec.secrets.5.xml)
 -	$(INSTALL) $(INSTMANFLAGS) ${srcdir}pluto.8 $(PMANDIR)/ipsec_pluto.8
 -	sh ${OPENSWANSRCDIR}/packaging/utils/manlink ${srcdir}pluto.8 | \
 -		while read from to ; \

net/openswan/patches/130-netdev_ops.patch

@@ -1,273 +0,0 @@
-diff -urN openswan-2.6.23/linux/net/ipsec/ipsec_mast.c openswan-2.6.23.new/linux/net/ipsec/ipsec_mast.c
---- openswan-2.6.23/linux/net/ipsec/ipsec_mast.c	2009-09-09 02:42:54.000000000 +0200
-+++ openswan-2.6.23.new/linux/net/ipsec/ipsec_mast.c	2009-11-08 14:20:37.000000000 +0100
-@@ -643,6 +643,18 @@
- 	return NOTIFY_DONE;
- }
- 
-+
-+#if !(defined CONFIG_COMPAT_NET_DEV_OPS) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,30)
-+static const struct net_device_ops ipsec_mast_ops = {
-+	.ndo_open		= ipsec_mast_open,
-+	.ndo_stop		= ipsec_mast_close,
-+	.ndo_start_xmit		= ipsec_mast_start_xmit,
-+	.ndo_get_stats		= ipsec_mast_get_stats,
-+	.ndo_do_ioctl		= ipsec_mast_ioctl,
-+	.ndo_neigh_setup	= ipsec_mast_neigh_setup_dev,
-+};
-+#endif
-+
- /*
-  *	Called when an ipsec mast device is initialized.
-  *	The ipsec mast device structure is passed to us.
-@@ -657,12 +669,17 @@
- 		    "allocating %lu bytes initialising device: %s\n",
- 		    (unsigned long) sizeof(struct mastpriv),
- 		    dev->name ? dev->name : "NULL");
--
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,30)
- 	/* Add our mast functions to the device */
- 	dev->open		= ipsec_mast_open;
- 	dev->stop		= ipsec_mast_close;
- 	dev->hard_start_xmit	= ipsec_mast_start_xmit;
- 	dev->get_stats		= ipsec_mast_get_stats;
-+#else
-+#if !(defined CONFIG_COMPAT_NET_DEV_OPS) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,30)
-+	dev->netdev_ops		= &ipsec_mast_ops;
-+#endif
-+#endif
- #ifdef alloc_netdev
- 	dev->destructor         = free_netdev;
- #endif
-@@ -677,9 +694,11 @@
- 	for(i = 0; i < sizeof(zeroes); i++) {
- 		((__u8*)(zeroes))[i] = 0;
- 	}
--	
-+
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,30)	
- 	dev->set_multicast_list = NULL;
- 	dev->do_ioctl		= ipsec_mast_ioctl;
-+#endif
- #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
- 	dev->header_ops = NULL;
- #else
-@@ -687,8 +706,10 @@
- 	dev->rebuild_header 	= NULL;
- 	dev->header_cache_update= NULL;
- #endif
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,30)
- 	dev->set_mac_address 	= NULL;
- 	dev->neigh_setup        = ipsec_mast_neigh_setup_dev;
-+#endif
- 	dev->hard_header_len 	= 8+20+20+8;
- 	dev->mtu		= 0;
- 	dev->addr_len		= 0;
-@@ -719,6 +740,9 @@
- 	struct net_device *im;
- 	int vifentry;
- 	char name[IFNAMSIZ];
-+#if !(defined CONFIG_COMPAT_NET_DEV_OPS) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,30)
-+	struct net_device_ops *im_ops;
-+#endif
- 
- 	if(vifnum > IPSEC_NUM_IFMAX) {
- 		return -ENOENT;
-@@ -750,8 +774,14 @@
- 	memset((caddr_t)im, 0, sizeof(struct net_device));
- 	memcpy(im->name, name, IFNAMSIZ);
- #endif
--		
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,30)	
- 	im->init = ipsec_mast_probe;
-+#else
-+#if !(defined CONFIG_COMPAT_NET_DEV_OPS) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,30)
-+	im_ops = (struct net_device_ops *)im->netdev_ops;
-+	im_ops->ndo_init = ipsec_mast_probe;
-+#endif
-+#endif
- 
- 	if(register_netdev(im) != 0) {
- 		printk(KERN_ERR "ipsec_mast: failed to register %s\n",
-diff -urN openswan-2.6.23/linux/net/ipsec/ipsec_rcv.c openswan-2.6.23.new/linux/net/ipsec/ipsec_rcv.c
---- openswan-2.6.23/linux/net/ipsec/ipsec_rcv.c	2009-09-09 02:42:54.000000000 +0200
-+++ openswan-2.6.23.new/linux/net/ipsec/ipsec_rcv.c	2009-11-08 14:16:26.000000000 +0100
-@@ -482,9 +482,15 @@
- 				    irs->ipsp->ips_out->name);
- 		}
- 		skb->dev = irs->ipsp->ips_out;
--		
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,30)	
- 		if(skb->dev && skb->dev->get_stats) {
- 			struct net_device_stats *stats = skb->dev->get_stats(skb->dev);
-+#else
-+#if !(defined CONFIG_COMPAT_NET_DEV_OPS) || LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,30)
-+		if(skb->dev && skb->dev->netdev_ops->ndo_get_stats) {
-+			struct net_device_stats *stats = skb->dev->netdev_ops->ndo_get_stats(skb->dev);
-+#endif
-+#endif
- 			irs->stats = stats;
- 		}
- 	} 
-diff -urN openswan-2.6.23/linux/net/ipsec/ipsec_tunnel.c openswan-2.6.23.new/linux/net/ipsec/ipsec_tunnel.c
---- openswan-2.6.23/linux/net/ipsec/ipsec_tunnel.c	2009-09-09 02:42:54.000000000 +0200
-+++ openswan-2.6.23.new/linux/net/ipsec/ipsec_tunnel.c	2009-11-08 14:14:38.000000000 +0100
-@@ -3,7 +3,7 @@
-  * Copyright (C) 1996, 1997  John Ioannidis.
-  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003  Richard Guy Briggs.
-  * 
-- * OCF/receive state machine written by
-+ * OCF/receive statet machine written by
-  * David McCullough <dmccullough@cyberguard.com>
-  * Copyright (C) 2004-2005 Intel Corporation.  All Rights Reserved.
-  *
-@@ -1098,6 +1098,10 @@
- {
-         int i;
- 	struct ipsecpriv *prv = netdev_priv(dev);
-+#if !(defined CONFIG_COMPAT_NET_DEV_OPS) || LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,30)
-+	struct net_device_ops *dev_ops;
-+	struct net_device_ops *physdev_ops;
-+#endif
- 
- 	if(dev == NULL) {
- 		KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
-@@ -1113,11 +1117,17 @@
- 			    dev->name ? dev->name : "NULL");
- 		return -ENODATA;
- 	}
--
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,30)
- 	dev->set_mac_address = ipsec_tunnel_set_mac_address;
- 	prv->dev = physdev;
- 	prv->hard_start_xmit = physdev->hard_start_xmit;
- 	prv->get_stats = physdev->get_stats;
-+#else
-+#if !(defined CONFIG_COMPAT_NET_DEV_OPS) || LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,30)
-+	dev_ops = (struct net_device_ops *)dev->netdev_ops;
-+	dev_ops->ndo_set_mac_address = ipsec_tunnel_set_mac_address;
-+#endif
-+#endif
- 
- #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
- 	if (physdev->header_ops) {
-@@ -1152,18 +1162,34 @@
- 	} else
- 		dev->header_cache_update = NULL;
- #endif
--	
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,30)	
- 	if (physdev->set_mac_address) {
- 		prv->set_mac_address = physdev->set_mac_address;
- 		dev->set_mac_address = ipsec_tunnel_set_mac_address;
- 	} else
- 		dev->set_mac_address = NULL;
--
-+#else
-+#if !(defined CONFIG_COMPAT_NET_DEV_OPS) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,30)
-+	physdev_ops = (struct net_device_ops *)physdev->netdev_ops;
-+	if (physdev_ops->ndo_set_mac_address) {
-+		prv->set_mac_address = physdev_ops->ndo_set_mac_address;
-+		dev_ops->ndo_set_mac_address = ipsec_tunnel_set_mac_address;
-+	} else
-+		dev_ops->ndo_set_mac_address = NULL;
-+#endif
-+#endif
-+	
- 	dev->hard_header_len = physdev->hard_header_len;
- 
- #ifdef NET_21
- /*	prv->neigh_setup        = physdev->neigh_setup; */
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,30)
- 	dev->neigh_setup        = ipsec_tunnel_neigh_setup_dev;
-+#else
-+#if !(defined CONFIG_COMPAT_NET_DEV_OPS) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,30)
-+#endif
-+	dev_ops->ndo_neigh_setup = ipsec_tunnel_neigh_setup_dev;
-+#endif
- #endif /* NET_21 */
- 	dev->mtu = 16260; /* 0xfff0; */ /* dev->mtu; */
- 	prv->mtu = physdev->mtu;
-@@ -1602,6 +1628,16 @@
-  *	Called when an ipsec tunnel device is initialized.
-  *	The ipsec tunnel device structure is passed to us.
-  */
-+#if !(defined CONFIG_COMPAT_NET_DEV_OPS) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,30)
-+static const struct net_device_ops ipsec_tunnel_netdev_ops = {
-+	.ndo_open               = ipsec_tunnel_open,
-+	.ndo_stop               = ipsec_tunnel_close,
-+	.ndo_start_xmit         = ipsec_tunnel_start_xmit,
-+	.ndo_get_stats		= ipsec_tunnel_get_stats,
-+	.ndo_do_ioctl		= ipsec_tunnel_ioctl,
-+	.ndo_neigh_setup	= ipsec_tunnel_neigh_setup_dev,
-+};
-+#endif
-  
- int
- ipsec_tunnel_init(struct net_device *dev)
-@@ -1614,12 +1650,17 @@
- 		    (unsigned long) sizeof(struct ipsecpriv),
- 		    dev->name ? dev->name : "NULL");
- 
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,30)
- 	/* Add our tunnel functions to the device */
- 	dev->open		= ipsec_tunnel_open;
- 	dev->stop		= ipsec_tunnel_close;
- 	dev->hard_start_xmit	= ipsec_tunnel_start_xmit;
- 	dev->get_stats		= ipsec_tunnel_get_stats;
--
-+#else
-+#if !(defined CONFIG_COMPAT_NET_DEV_OPS) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,30)
-+	dev->netdev_ops		= &ipsec_tunnel_netdev_ops;
-+#endif
-+#endif
- #ifndef alloc_netdev
- 	dev->priv = kmalloc(sizeof(struct ipsecpriv), GFP_KERNEL);
- 	if (dev->priv == NULL)
-@@ -1637,8 +1678,10 @@
- 		skb_queue_head_init(&dev->buffs[i]);
- #endif /* !NET_21 */
- 
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,30)
- 	dev->set_multicast_list = NULL;
- 	dev->do_ioctl		= ipsec_tunnel_ioctl;
-+#endif
- #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
- 	dev->header_ops		= NULL;
- #else
-@@ -1653,7 +1696,9 @@
- 
- #ifdef NET_21
- /*	prv->neigh_setup        = NULL; */
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,30)
- 	dev->neigh_setup        = ipsec_tunnel_neigh_setup_dev;
-+#endif
- #endif /* NET_21 */
- 	dev->hard_header_len 	= 0;
- 	dev->mtu		= 0;
-@@ -1695,7 +1740,9 @@
- 	char name[IFNAMSIZ];
- 	struct net_device *dev_ipsec;
- 	int vifentry;
--
-+#if !(defined CONFIG_COMPAT_NET_DEV_OPS) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,30)
-+	struct net_device_ops *dev_ops;
-+#endif
- 	if(ifnum > IPSEC_NUM_IFMAX) {
- 		return -ENOENT;
- 	}
-@@ -1747,7 +1794,14 @@
- 	dev_ipsec->next = NULL;
- #endif
- #endif /* alloc_netdev */
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,30)
- 	dev_ipsec->init = &ipsec_tunnel_probe;
-+#else
-+#if !(defined CONFIG_COMPAT_NET_DEV_OPS) && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,30)
-+	dev_ops = (struct net_device_ops *)dev_ipsec->netdev_ops;
-+	dev_ops->ndo_init = &ipsec_tunnel_probe;
-+#endif
-+#endif
- 	KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
- 		    "klips_debug:ipsec_tunnel_init_devices: "
- 		    "registering device %s\n",

net/openswan/patches/140-linux-2.6.31-compat.patch

@@ -1,102 +0,0 @@
-Index: openswan-2.6.23/linux/net/ipsec/ipsec_xmit.c
-===================================================================
---- openswan-2.6.23.orig/linux/net/ipsec/ipsec_xmit.c	2009-09-09 02:42:54.000000000 +0200
-+++ openswan-2.6.23/linux/net/ipsec/ipsec_xmit.c	2009-12-17 15:28:32.000000000 +0100
-@@ -116,7 +116,7 @@
- #endif
- 
- /* kernels > 2.4.2 */
--#if defined(IP_SELECT_IDENT) && defined(IP_SELECT_IDENT_NEW)
-+#if defined(IP_SELECT_IDENT) && defined(IP_SELECT_IDENT_NEW) && LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 30)
- #define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph, skb->dst, NULL)
- #endif
- 
-@@ -2037,8 +2037,14 @@
- 		return IPSEC_XMIT_RECURSDETECT;
- 	}
- 
-+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 30)
- 	dst_release(ixs->skb->dst);
- 	ixs->skb->dst = &ixs->route->u.dst;
-+#else
-+	dst_release(skb_dst(ixs->skb));
-+	skb_dst_set(ixs->skb, &ixs->route->u.dst);
-+#endif
-+
- 	if(ixs->stats) {
- 		ixs->stats->tx_bytes += ixs->skb->len;
- 	}
-Index: openswan-2.6.23/linux/net/ipsec/ipsec_rcv.c
-===================================================================
---- openswan-2.6.23.orig/linux/net/ipsec/ipsec_rcv.c	2009-12-17 15:28:32.000000000 +0100
-+++ openswan-2.6.23/linux/net/ipsec/ipsec_rcv.c	2009-12-17 15:28:32.000000000 +0100
-@@ -1710,10 +1710,18 @@
- 	/* release the dst that was attached, since we have likely
- 	 * changed the actual destination of the packet.
- 	 */
-+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 30)
- 	if(skb->dst) {
- 		dst_release(skb->dst);
- 		skb->dst = NULL;
- 	}
-+#else
-+	if(skb_dst(skb))
-+	{
-+		dst_release(skb_dst(skb));
-+		skb_dst_set(skb, NULL);
-+	}
-+#endif
- 	skb->pkt_type = PACKET_HOST;
- 	if(irs->hard_header_len &&
- 	   (skb_mac_header(skb) != (skb_network_header(skb) - irs->hard_header_len)) &&
-Index: openswan-2.6.23/linux/include/openswan/ipsec_param.h
-===================================================================
---- openswan-2.6.23.orig/linux/include/openswan/ipsec_param.h	2009-09-09 02:42:54.000000000 +0200
-+++ openswan-2.6.23/linux/include/openswan/ipsec_param.h	2009-12-17 15:28:32.000000000 +0100
-@@ -220,7 +220,12 @@
- 
- /* kernels > 2.4.2 */
- #if defined(IP_SELECT_IDENT) && defined(IP_SELECT_IDENT_NEW)
-+/* 2.6.31 changed skb_buff */
-+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 30)
- #define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph, skb->dst, NULL)
-+#else
-+#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph, skb_dst(skb), NULL)
-+#endif
- #endif
- 
- #endif /* SUSE_LINUX_2_4_19_IS_STUPID */
-Index: openswan-2.6.23/linux/net/ipsec/pfkey_v2.c
-===================================================================
---- openswan-2.6.23.orig/linux/net/ipsec/pfkey_v2.c	2009-09-09 02:42:54.000000000 +0200
-+++ openswan-2.6.23/linux/net/ipsec/pfkey_v2.c	2009-12-17 15:28:32.000000000 +0100
-@@ -492,7 +492,11 @@
- 			printk(" h:0p%p", skb_transport_header(skb));
- 			printk(" nh:0p%p", skb_network_header(skb));
- 			printk(" mac:0p%p", skb_mac_header(skb));
-+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 30)
- 			printk(" dst:0p%p", skb->dst);
-+#else
-+			printk(" dst:0p%p", skb_dst(skb));
-+#endif
- 			if(sysctl_ipsec_debug_verbose) {
- 				int i;
- 				
-Index: openswan-2.6.23/linux/net/ipsec/ipsec_mast.c
-===================================================================
---- openswan-2.6.23.orig/linux/net/ipsec/ipsec_mast.c	2009-12-17 15:28:57.000000000 +0100
-+++ openswan-2.6.23/linux/net/ipsec/ipsec_mast.c	2009-12-17 15:29:58.000000000 +0100
-@@ -178,8 +178,13 @@
- 			    ixs->dev->name);
- 		return IPSEC_XMIT_RECURSDETECT;
- 	}
-+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 30)
- 	dst_release(ixs->skb->dst);
- 	ixs->skb->dst = &ixs->route->u.dst;
-+#else
-+	dst_release(skb_dst(ixs->skb));
-+	skb_dst_set(ixs->skb, &ixs->route->u.dst);
-+#endif
- 	ixs->stats->tx_bytes += ixs->skb->len;
- 	if(ixs->skb->len < ixs->skb->nh.raw - ixs->skb->data) {
- 		ixs->stats->tx_errors++;

net/openswan/patches/150-2.6.32.patch

@@ -1,13 +0,0 @@
-diff --git a/linux/include/openswan/ipsec_kversion.h b/linux/include/openswan/ipsec_kversion.h
-index 8ebf99a..27fe871 100644
---- a/linux/include/openswan/ipsec_kversion.h
-+++ b/linux/include/openswan/ipsec_kversion.h
-@@ -332,7 +332,7 @@
- 
- #endif
- 
--#ifndef NETDEV_TX_BUSY
-+#if !defined(NETDEV_TX_BUSY) && LINUX_VERSION_CODE < KERNEL_VERSION(2,6,32)
- # ifdef NETDEV_XMIT_CN
- #  define NETDEV_TX_BUSY NETDEV_XMIT_CN
- # else