From de63f502581d7ebc121545b6aa2fe1ecd3d03619 Mon Sep 17 00:00:00 2001
From: swalker <swalker@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Fri, 9 Sep 2011 00:37:04 +0000
Subject: [PATCH] [packages] fwknop: update to 2.0.0rc4  * add client package,
 InstallDev & license  * fix config defaults & daemon conffiles  * use
 PKG_INSTALL  * cleanup Makefile

git-svn-id: svn://svn.openwrt.org/openwrt/packages@28201 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 net/fwknop/Makefile                     | 117 ++++++++++++++++++------
 net/fwknop/patches/001-fix_config.patch |  33 +++++++
 2 files changed, 121 insertions(+), 29 deletions(-)
 create mode 100644 net/fwknop/patches/001-fix_config.patch

diff --git a/net/fwknop/Makefile b/net/fwknop/Makefile
index 18650aef1..d4778d35f 100644
--- a/net/fwknop/Makefile
+++ b/net/fwknop/Makefile
@@ -1,60 +1,119 @@
+#
+# Copyright (C) 2011 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
 include $(TOPDIR)/rules.mk
 
-PKG_NAME:=fwknopd
-PKG_VERSION:=2.0.0rc2
+PKG_NAME:=fwknop
+PKG_VERSION:=2.0.0rc4
 PKG_RELEASE:=1
 
-PKG_BUILD_DIR:=$(BUILD_DIR)/fwknop-$(PKG_VERSION)
-PKG_SOURCE:=fwknop-$(PKG_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=http://www.cipherdyne.org/fwknop/download
-PKG_MD5SUM:=c78252216fa9627cacf61b453da915a8
-PKG_CAT:=zcat
+PKG_MD5SUM:=4f5d45187429ca56d3b444ab96c57fb6
+
+PKG_INSTALL:=1
+
 include $(INCLUDE_DIR)/package.mk
 
+define Package/fwknop/Default
+  TITLE:=FireWall KNock OPerator
+  URL:=http://www.cipherdyne.org/fwknop/
+  MAINTAINER:=Jonathan Bennett <jbscience87@gmail.com>
+endef
+
+define Package/fwknop/Default/description
+  Fwknop implements an authorization scheme known as Single Packet Authorization
+  (SPA) for Linux systems running iptables.  This mechanism requires only a
+  single encrypted and non-replayed packet to communicate various pieces of
+  information including desired access through an iptables policy. The main
+  application of this program is to use iptables in a default-drop stance to
+  protect services such as SSH with an additional layer of security in order to
+  make the exploitation of vulnerabilities (both 0-day and unpatched code) much
+  more difficult.
+endef
+
 define Package/fwknopd
+  $(call Package/fwknop/Default)
   SECTION:=net
   CATEGORY:=Network
-  TITLE:=Firewall Knock Operator Daemon
-  URL:=http://http://www.cipherdyne.org/fwknop/
-  MAINTAINER:=Jonathan Bennett <jbscience87@gmail.com>
-  DEPENDS:=+libpcap +libgdbm +iptables
+  SUBMENU:=Firewall
+  TITLE+= Daemon
+  DEPENDS:=+iptables +libfko +libpcap
 endef
 
 define Package/fwknopd/description
-  Firewall Knock Operator Daemon
-  Fwknop implements an authorization scheme known as Single Packet
-  Authorization (SPA) for Linux systems running iptables.  This
-  mechanism requires only a single encrypted and non-replayed
-  packet to communicate various pieces of information including
-  desired access through an iptables policy. The main application
-  of this program is to use iptables in a default-drop stance to
-  protect services such as SSH with an additional layer
-  of security in order to make the exploitation of vulnerabilities
-  (both 0-day and unpatched code) much more difficult.
+  $(call Package/fwknop/Default/description)
+  This package contains the fwknop daemon.
 endef
 
-define Package/conffiles
-/etc/fwknop/fwknopd.conf
+define Package/fwknopd/conffiles
 /etc/fwknop/access.conf
+/etc/fwknop/fwknopd.conf
+endef
+
+define Package/fwknop
+  $(call Package/fwknop/Default)
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=Firewall
+  TITLE+= Client
+  DEPENDS:=+libfko
+endef
+
+define Package/fwknop/description
+  $(call Package/fwknop/Default/description)
+  This package contains the fwknop client.
+endef
+
+define Package/libfko
+  $(call Package/fwknop/Default)
+  SECTION:=libs
+  CATEGORY:=Libraries
+  SUBMENU:=Firewall
+  TITLE+= Library
+endef
+
+define Package/libfko/description
+  $(call Package/fwknop/Default/description)
+  This package contains the libfko shared library.
 endef
 
 CONFIGURE_ARGS += \
-	--disable-client \
 	--without-gpgme \
 	--with-iptables=/usr/sbin/iptables
 
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/include
+	$(CP) $(PKG_INSTALL_DIR)/usr/include/fko.h $(1)/usr/include/
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libfko.{a,la,so*} $(1)/usr/lib/
+endef
+
 define Package/fwknopd/install
+	$(INSTALL_DIR) $(1)/etc/fwknop
+	$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/fwknop/{access,fwknopd}.conf \
+		$(1)/etc/fwknop/
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/extras/fwknop.init.openwrt \
 		$(1)/etc/init.d/fwknopd
 	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/server/.libs/fwknopd $(1)/usr/sbin/
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(PKG_BUILD_DIR)/lib/.libs/libfko.so* $(1)/usr/lib/
-	$(INSTALL_DIR) $(1)/etc/fwknop
-	$(INSTALL_CONF) $(PKG_BUILD_DIR)/server/fwknopd.conf $(1)/etc/fwknop/
-	$(INSTALL_CONF) $(PKG_BUILD_DIR)/server/access.conf $(1)/etc/fwknop/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/fwknopd $(1)/usr/sbin/
+endef
 
+define Package/fwknop/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/fwknop $(1)/usr/bin/
+endef
+
+define Package/libfko/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libfko.so.* $(1)/usr/lib/
 endef
 
 $(eval $(call BuildPackage,fwknopd))
+$(eval $(call BuildPackage,fwknop))
+$(eval $(call BuildPackage,libfko))
diff --git a/net/fwknop/patches/001-fix_config.patch b/net/fwknop/patches/001-fix_config.patch
new file mode 100644
index 000000000..d6cd42a76
--- /dev/null
+++ b/net/fwknop/patches/001-fix_config.patch
@@ -0,0 +1,33 @@
+@@ -0,0 +1,32 @@
+--- a/server/fwknopd.conf
++++ b/server/fwknopd.conf
+@@ -30,7 +30,12 @@
+ # Define the ethernet interface on which we will sniff packets.
+ # Default if not set is eth0.
+ #
+-#PCAP_INTF                   eth0;
++
++# The following line is changed specifically for Openwrt.
++# Openwrt defaults to using eth1 as its wan port. If using PPPoE,
++# Then this needs to be set to pppoe-wan.
++
++PCAP_INTF                   eth1;
+ 
+ # By default fwknopd does not put the pcap interface into promiscuous mode.
+ # Set this to 'Y' to enable promiscuous sniffing.
+@@ -239,8 +244,13 @@
+ # The IPT_FORWARD_ACCESS variable is only used if ENABLE_IPT_FORWARDING is
+ # enabled.
+ #
+-#IPT_FORWARD_ACCESS      ACCEPT, filter, FORWARD, 1, FWKNOP_FORWARD, 1;
+-#IPT_DNAT_ACCESS         DNAT, nat, PREROUTING, 1, FWKNOP_PREROUTING, 1;
++
++# These two lines are changed specifically for Openwrt, due to
++# different naming conventions. IPT_FORWARD is still disabled
++# by default, and must be enabled earlier in this file to be used.
++
++IPT_FORWARD_ACCESS      ACCEPT, filter, zone_wan_forward, 1, FWKNOP_FORWARD, 1;
++IPT_DNAT_ACCESS         DNAT, nat, zone_wan_prerouting, 1, FWKNOP_PREROUTING, 1;
+ 
+ # The IPT_SNAT_ACCESS variable is not used unless both ENABLE_IPT_SNAT and
+ # ENABLE_IPT_FORWARDING are enabled.  Also, the external static IP must be