From 7e30a29dfd33dfcc038307a8f7f3a26fa445e2b8 Mon Sep 17 00:00:00 2001 From: luka Date: Fri, 26 Apr 2013 23:53:56 +0000 Subject: [PATCH] [packages] strongswan: introduce /etc/ipsec.user file enable user to add their own ip (or other) rules using /etc/ipsec.user file on events like IPsec tunnel state change Signed-off-by: Luka Perkov git-svn-id: svn://svn.openwrt.org/openwrt/packages@36462 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- net/strongswan/Makefile | 5 ++++- net/strongswan/files/ipsec.user | 6 ++++++ .../patches/300-include-ipsec-user-script.patch | 17 +++++++++++++++++ 3 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 net/strongswan/files/ipsec.user create mode 100644 net/strongswan/patches/300-include-ipsec-user-script.patch diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile index 610d77c2f..8d1d3bc4a 100644 --- a/net/strongswan/Makefile +++ b/net/strongswan/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=strongswan PKG_VERSION:=5.0.2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=http://download.strongswan.org/ @@ -346,6 +346,7 @@ EXTRA_LDFLAGS+= -Wl,-rpath-link,$(STAGING_DIR)/usr/lib define Package/strongswan/conffiles /etc/ipsec.conf /etc/ipsec.secrets +/etc/ipsec.user /etc/strongswan.conf endef @@ -427,6 +428,8 @@ define Plugin/updown/install $(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{_updown,_updown_espmark} $(1)/usr/lib/ipsec/ $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-updown.so $(1)/usr/lib/ipsec/plugins/ + $(INSTALL_DIR) $(1)/etc + $(INSTALL_CONF) ./files/ipsec.user $(1)/etc/ endef define Plugin/whitelist/install diff --git a/net/strongswan/files/ipsec.user b/net/strongswan/files/ipsec.user new file mode 100644 index 000000000..4351ace39 --- /dev/null +++ b/net/strongswan/files/ipsec.user @@ -0,0 +1,6 @@ +# This file is interpreted as shell script. +# Put your custom ip rules here, they will +# be executed with each call to the script +# /usr/lib/ipsec/_updown which by default +# strongswan executes. + diff --git a/net/strongswan/patches/300-include-ipsec-user-script.patch b/net/strongswan/patches/300-include-ipsec-user-script.patch new file mode 100644 index 000000000..d96e84492 --- /dev/null +++ b/net/strongswan/patches/300-include-ipsec-user-script.patch @@ -0,0 +1,17 @@ +--- a/src/_updown/_updown.in ++++ b/src/_updown/_updown.in +@@ -16,11 +16,9 @@ + # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + # for more details. + +-# CAUTION: Installing a new version of strongSwan will install a new +-# copy of this script, wiping out any custom changes you make. If +-# you need changes, make a copy of this under another name, and customize +-# that, and use the (left/right)updown parameters in ipsec.conf to make +-# strongSwan use yours instead of this default one. ++# Add your custom ip rules to the /etc/ipsec.user file if you need that functionality. ++ ++[ -e /etc/ipsec.user ] && . /etc/ipsec.user "$1" + + # things that this script gets (from ipsec_pluto(8) man page) + #