From eeba2691fc47f7ba42465b7594fb90946a835efe Mon Sep 17 00:00:00 2001 From: luka Date: Sat, 14 Jul 2012 23:16:06 +0000 Subject: [PATCH] [packages] strongswan: add package (version 5.0.0) git-svn-id: svn://svn.openwrt.org/openwrt/packages@32716 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- net/strongswan/Config.in | 28 ++ net/strongswan/Makefile | 498 +++++++++++++++++++ net/strongswan/files/ipsec.secrets | 1 + net/strongswan/patches/201-no-modprobe.patch | 28 ++ net/strongswan/patches/203-uci.patch | 20 + 5 files changed, 575 insertions(+) create mode 100644 net/strongswan/Config.in create mode 100644 net/strongswan/Makefile create mode 100644 net/strongswan/files/ipsec.secrets create mode 100644 net/strongswan/patches/201-no-modprobe.patch create mode 100644 net/strongswan/patches/203-uci.patch diff --git a/net/strongswan/Config.in b/net/strongswan/Config.in new file mode 100644 index 000000000..10b4ec609 --- /dev/null +++ b/net/strongswan/Config.in @@ -0,0 +1,28 @@ +menu "Configuration" + depends on PACKAGE_strongswan + +# --with-random-device +config STRONGSWAN_DEVICE_RANDOM + string + prompt "Set the device to read real random data from" + default "/dev/random" + +# --with-urandom-device +config STRONGSWAN_DEVICE_URANDOM + string + prompt "Set the device to read pseudo random data from" + default "/dev/urandom" + +# --with-routing-table +config STRONGSWAN_ROUTING_TABLE + string + prompt "Set the IPsec routing table ID" + default "220" + +# --with-routing-table-prio +config STRONGSWAN_ROUTING_TABLE_PRIO + string + prompt "Set the IPsec routing table priority" + default "220" + +endmenu diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile new file mode 100644 index 000000000..cc1401e56 --- /dev/null +++ b/net/strongswan/Makefile @@ -0,0 +1,498 @@ +# +# Copyright (C) 2012 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=strongswan +PKG_VERSION:=5.0.0 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_SOURCE_URL:=http://download.strongswan.org/ +PKG_MD5SUM:=c8b861305def7c0abae04f7bbefec212 + +PKG_MOD_AVAILABLE:= \ + addrblock \ + aes \ + af-alg \ + agent \ + attr \ + attr-sql \ + blowfish \ + ccm \ + cmac \ + constraints \ + coupling \ + ctr \ + curl \ + des \ + dhcp \ + dnskey \ + duplicheck \ + eap-identity \ + eap-md5 \ + eap-mschapv2 \ + farp \ + fips-prf \ + gcm \ + gcrypt \ + gmp \ + ha \ + hmac \ + kernel-klips \ + kernel-netlink \ + kernel-pfkey \ + ldap \ + led \ + load-tester \ + nonce \ + md4 \ + md5 \ + mysql \ + openssl \ + padlock \ + pem \ + pgp \ + pkcs1 \ + pkcs8 \ + pkcs11 \ + pubkey \ + random \ + resolve \ + revocation \ + sha1 \ + sha2 \ + smp \ + socket-default \ + socket-dynamic \ + socket-raw \ + sql \ + sqlite \ + stroke \ + test-vectors \ + uci \ + updown \ + whitelist \ + x509 \ + xauth-eap \ + xauth-generic \ + xcbc \ + +PKG_CONFIG_DEPENDS:= \ + CONFIG_STRONGSWAN_DEVICE_RANDOM \ + CONFIG_STRONGSWAN_DEVICE_URANDOM \ + CONFIG_STRONGSWAN_ROUTING_TABLE \ + CONFIG_STRONGSWAN_ROUTING_TABLE_PRIO \ + $(patsubst %,CONFIG_PACKAGE_strongswan-mod-%,$(PKG_MOD_AVAILABLE)) \ + +PKG_FIXUP:=autoreconf +PKG_INSTALL:=1 +PKG_BUILD_PARALLEL:=1 + +include $(INCLUDE_DIR)/package.mk + +define Package/strongswan/Default + SUBMENU:=VPN + SECTION:=net + CATEGORY:=Network + TITLE:=StrongSwan + URL:=http://www.strongswan.org/ +endef + +define Package/strongswan/description/Default + StrongSwan is an OpenSource IPsec implementation for the Linux operating system. +endef + +define Package/strongswan +$(call Package/strongswan/Default) + DEPENDS:= +libpthread +ip \ + +kmod-crypto-authenc \ + +kmod-ipsec +kmod-ipsec4 +kmod-ipsec6 \ + +kmod-ipt-ipsec +iptables-mod-ipsec +endef + +define Package/strongswan/config + source "$(SOURCE)/Config.in" +endef + +define Package/strongswan/description +$(call Package/strongswan/description/Default) + This package contains shared libraries and scripts. +endef + +define Package/strongswan-full +$(call Package/strongswan/Default) + TITLE+= (full) + DEPENDS:= +strongswan \ + +strongswan-charon \ + +strongswan-libfast \ + +strongswan-mod-addrblock \ + +strongswan-mod-aes \ + +strongswan-mod-af-alg \ + +strongswan-mod-agent \ + +strongswan-mod-attr \ + +strongswan-mod-attr-sql \ + +strongswan-mod-blowfish \ + +strongswan-mod-ccm \ + +strongswan-mod-cmac \ + +strongswan-mod-constraints \ + +strongswan-mod-coupling \ + +strongswan-mod-ctr \ + +strongswan-mod-curl \ + +strongswan-mod-des \ + +strongswan-mod-dhcp \ + +strongswan-mod-dnskey \ + +strongswan-mod-duplicheck \ + +strongswan-mod-eap-identity \ + +strongswan-mod-eap-md5 \ + +strongswan-mod-eap-mschapv2 \ + +strongswan-mod-farp \ + +strongswan-mod-fips-prf \ + +strongswan-mod-gcm \ + +strongswan-mod-gcrypt \ + +strongswan-mod-gmp \ + +strongswan-mod-ha \ + +strongswan-mod-hmac \ + +strongswan-mod-kernel-netlink \ + +strongswan-mod-ldap \ + +strongswan-mod-led \ + +strongswan-mod-load-tester \ + +strongswan-mod-nonce \ + +strongswan-mod-md4 \ + +strongswan-mod-md5 \ + +strongswan-mod-mysql \ + +strongswan-mod-openssl \ + +TARGET_x86:strongswan-mod-padlock \ + +strongswan-mod-pem \ + +strongswan-mod-pgp \ + +strongswan-mod-pkcs1 \ + +strongswan-mod-pkcs8 \ + +strongswan-mod-pkcs11 \ + +strongswan-mod-pubkey \ + +strongswan-mod-random \ + +strongswan-mod-resolve \ + +strongswan-mod-revocation \ + +strongswan-mod-sha1 \ + +strongswan-mod-sha2 \ + +strongswan-mod-smp \ + +strongswan-mod-socket-default \ + +strongswan-mod-sql \ + +strongswan-mod-sqlite \ + +strongswan-mod-stroke \ + +strongswan-mod-test-vectors \ + +strongswan-mod-uci \ + +strongswan-mod-updown \ + +strongswan-mod-whitelist \ + +strongswan-mod-x509 \ + +strongswan-mod-xauth-eap \ + +strongswan-mod-xauth-generic \ + +strongswan-mod-xcbc \ + +strongswan-utils \ + @DEVEL +endef + +define Package/strongswan-full/description +$(call Package/strongswan/description/Default) + This meta-package contains dependencies for all of the strongswan plugins + except kernel-klips, kernel-pfkey, socket-dynamic and socket-raw which are + ommitted in favor of the kernel-netlink and socket-default plugins. +endef + + +define Package/strongswan-default +$(call Package/strongswan/Default) + TITLE+= (default) + DEPENDS:= +strongswan \ + +strongswan-charon \ + +strongswan-mod-aes \ + +strongswan-mod-attr \ + +strongswan-mod-constraints \ + +strongswan-mod-des \ + +strongswan-mod-dnskey \ + +strongswan-mod-fips-prf \ + +strongswan-mod-gmp \ + +strongswan-mod-hmac \ + +strongswan-mod-kernel-netlink \ + +strongswan-mod-md5 \ + +strongswan-mod-nonce \ + +strongswan-mod-pem \ + +strongswan-mod-pgp \ + +strongswan-mod-pkcs1 \ + +strongswan-mod-pubkey \ + +strongswan-mod-random \ + +strongswan-mod-resolve \ + +strongswan-mod-revocation \ + +strongswan-mod-sha1 \ + +strongswan-mod-sha2 \ + +strongswan-mod-socket-default \ + +strongswan-mod-stroke \ + +strongswan-mod-updown \ + +strongswan-mod-x509 \ + +strongswan-mod-xauth-generic \ + +strongswan-mod-xcbc \ + +strongswan-utils +endef + +define Package/strongswan-default/description +$(call Package/strongswan/description/Default) + This meta-package contains only dependencies to match upstream defaults. +endef + +define Package/strongswan-minimal +$(call Package/strongswan/Default) + TITLE+= (minimal) + DEPENDS:= +strongswan \ + +strongswan-charon \ + +strongswan-mod-aes \ + +strongswan-mod-gmp \ + +strongswan-mod-hmac \ + +strongswan-mod-kernel-netlink \ + +strongswan-mod-nonce \ + +strongswan-mod-pubkey \ + +strongswan-mod-random \ + +strongswan-mod-sha1 \ + +strongswan-mod-socket-default \ + +strongswan-mod-stroke \ + +strongswan-mod-updown \ + +strongswan-mod-x509 \ + +strongswan-mod-xcbc +endef + +define Package/strongswan-minimal/description +$(call Package/strongswan/description/Default) + This meta-package contains only dependencies for a minimal IKEv2 setup. +endef + +define Package/strongswan-charon +$(call Package/strongswan/Default) + TITLE+= IKEv1/IKEv2 keying daemon + DEPENDS:= +strongswan +endef + +define Package/strongswan-charon/description +$(call Package/strongswan/description/Default) + This package contains charon, an IKEv2 keying daemon. +endef + +define Package/strongswan-libfast +$(call Package/strongswan/Default) + TITLE+= libfast + DEPENDS:= +strongswan \ + +PACKAGE_strongswan-libfast:zlib \ + +PACKAGE_strongswan-libfast:fcgi \ + +PACKAGE_strongswan-libfast:clearsilver +endef + +define Package/strongswan-libfast/description +$(call Package/strongswan/description/Default) + This package contains libfast, a lightweight framework to build native web + applications using ClearSilver and FastCGI. +endef + +define Package/strongswan-utils +$(call Package/strongswan/Default) + TITLE+= utilities + DEPENDS:= +strongswan +endef + +define Package/strongswan-utils/description +$(call Package/strongswan/description/Default) + This package contains the openac, pki & scepclient utilities. +endef + +define BuildPlugin + define Package/strongswan-mod-$(1) + $$(call Package/strongswan/Default) + TITLE:= StrongSwan $(2) plugin + DEPENDS:= +strongswan $(3) + endef + + define Package/strongswan-mod-$(1)/install + $(INSTALL_DIR) $$(1)/usr/lib/ipsec/plugins + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-$(1).so \ + $$(1)/usr/lib/ipsec/plugins/ + $(call Plugin/$(1)/install,$$(1)) + endef + + $$(eval $$(call BuildPackage,strongswan-mod-$(1))) +endef + +CONFIGURE_ARGS+= \ + --disable-scripts \ + --disable-static \ + $(if $(CONFIG_PACKAGE_strongswan-libfast),--enable-fast,--disable-fast) \ + $(if $(CONFIG_PACKAGE_strongswan-utils),--enable-tools,--disable-tools) \ + --with-random-device="$(call qstrip,$(CONFIG_STRONGSWAN_DEVICE_RANDOM))" \ + --with-urandom-device="$(call qstrip,$(CONFIG_STRONGSWAN_DEVICE_URANDOM))" \ + --with-routing-table="$(call qstrip,$(CONFIG_STRONGSWAN_ROUTING_TABLE))" \ + --with-routing-table-prio="$(call qstrip,$(CONFIG_STRONGSWAN_ROUTING_TABLE_PRIO))" \ + $(foreach m,$(PKG_MOD_AVAILABLE), \ + $(if $(CONFIG_PACKAGE_strongswan-mod-$(m)),--enable-$(m),--disable-$(m)) \ + ) + +ifneq ($(CONFIG_PACKAGE_strongswan-libfast),) + EXTRA_CPPFLAGS+= -I$(STAGING_DIR)/usr/include/ClearSilver +endif + +EXTRA_LDFLAGS+= -Wl,-rpath-link,$(STAGING_DIR)/usr/lib + +define Package/strongswan/conffiles +/etc/ipsec.conf +/etc/ipsec.secrets +/etc/strongswan.conf +endef + +define Package/strongswan/install + $(INSTALL_DIR) $(1)/etc + $(CP) $(PKG_INSTALL_DIR)/etc/strongswan.conf $(1)/etc/ + $(INSTALL_DIR) $(1)/usr/lib/ipsec + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{libstrongswan.so.*,libhydra.so.*} $(1)/usr/lib/ipsec/ + $(INSTALL_CONF) ./files/ipsec.secrets $(1)/etc/ +endef + +define Package/strongswan-default/install + true +endef + +define Package/strongswan-full/install + true +endef + +define Package/strongswan-minimal/install + true +endef + +define Package/strongswan-charon/install + $(INSTALL_DIR) $(1)/usr/lib/ipsec + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/ipsec/charon $(1)/usr/lib/ipsec/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libcharon.so.* $(1)/usr/lib/ipsec/ +endef + +define Package/strongswan-libfast/install + $(INSTALL_DIR) $(1)/usr/lib/ipsec + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libfast.so.* $(1)/usr/lib/ipsec/ +endef + +define Package/strongswan-utils/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/usr/lib/ipsec + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{openac,pki,scepclient,_copyright} $(1)/usr/lib/ipsec/ +endef + +define Plugin/duplicheck/install + $(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/duplicheck $(1)/usr/lib/ipsec/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-duplicheck.so $(1)/usr/lib/ipsec/plugins/ +endef + +define Plugin/attr-sql/install + $(INSTALL_DIR) $(1)/usr/lib/ipsec + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/pool $(1)/usr/lib/ipsec/ +endef + +define Plugin/stroke/install + $(INSTALL_DIR) $(1)/etc/ipsec.d/aacerts + $(INSTALL_DIR) $(1)/etc/ipsec.d/acerts + $(INSTALL_DIR) $(1)/etc/ipsec.d/cacerts + $(INSTALL_DIR) $(1)/etc/ipsec.d/certs + $(INSTALL_DIR) $(1)/etc/ipsec.d/crls + $(INSTALL_DIR) $(1)/etc/ipsec.d/ocspcerts + $(INSTALL_DIR) $(1)/etc/ipsec.d/private + $(INSTALL_DIR) $(1)/etc/ipsec.d/reqs + + $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/ipsec.conf $(1)/etc/ + + $(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{starter,stroke,_copyright} $(1)/usr/lib/ipsec/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-stroke.so $(1)/usr/lib/ipsec/plugins/ +endef + +define Plugin/updown/install + $(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{_updown,_updown_espmark} $(1)/usr/lib/ipsec/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-updown.so $(1)/usr/lib/ipsec/plugins/ +endef + +define Plugin/whitelist/install + $(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/whitelist $(1)/usr/lib/ipsec/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-whitelist.so $(1)/usr/lib/ipsec/plugins/ +endef + +$(eval $(call BuildPackage,strongswan)) +$(eval $(call BuildPackage,strongswan-default)) +$(eval $(call BuildPackage,strongswan-full)) +$(eval $(call BuildPackage,strongswan-minimal)) +$(eval $(call BuildPackage,strongswan-charon)) +$(eval $(call BuildPackage,strongswan-libfast)) +$(eval $(call BuildPackage,strongswan-utils)) +$(eval $(call BuildPlugin,addrblock,RFC 3779 address block constraint support,)) +$(eval $(call BuildPlugin,aes,AES crypto,)) +$(eval $(call BuildPlugin,af-alg,AF_ALG crypto interface to Linux Crypto API,+kmod-crypto-user)) +$(eval $(call BuildPlugin,agent,SSH agent signing,)) +$(eval $(call BuildPlugin,attr,file based config,)) +$(eval $(call BuildPlugin,attr-sql,SQL based config,+strongswan-mod-sql)) +$(eval $(call BuildPlugin,blowfish,Blowfish crypto,)) +$(eval $(call BuildPlugin,ccm,CCM AEAD wrapper crypto,)) +$(eval $(call BuildPlugin,cmac,CMAC crypto,)) +$(eval $(call BuildPlugin,constraints,advanced X509 constraint checking,)) +$(eval $(call BuildPlugin,coupling,IKEv2 plugin to couple peer certificates permanently to authentication,)) +$(eval $(call BuildPlugin,ctr,Counter Mode wrapper crypto,)) +$(eval $(call BuildPlugin,curl,cURL fetcher plugin,+PACKAGE_strongswan-mod-curl:libcurl)) +$(eval $(call BuildPlugin,des,DES crypto,)) +$(eval $(call BuildPlugin,dhcp,DHCP based attribute provider,)) +$(eval $(call BuildPlugin,dnskey,DNS RR key decoding,)) +$(eval $(call BuildPlugin,duplicheck,advanced duplicate checking,)) +$(eval $(call BuildPlugin,eap-identity,EAP identity helper,)) +$(eval $(call BuildPlugin,eap-md5,EAP MD5 (CHAP) EAP auth,)) +$(eval $(call BuildPlugin,eap-mschapv2,EAP MS-CHAPv2 EAP auth,)) +$(eval $(call BuildPlugin,farp,fake arp respsonses,)) +$(eval $(call BuildPlugin,fips-prf,FIPS PRF crypto,+strongswan-mod-sha1)) +$(eval $(call BuildPlugin,gcm,GCM AEAD wrapper crypto,)) +$(eval $(call BuildPlugin,gcrypt,libgcrypt,+PACKAGE_strongswan-mod-gcrypt:libgcrypt)) +$(eval $(call BuildPlugin,gmp,libgmp,+PACKAGE_strongswan-mod-gmp:libgmp)) +$(eval $(call BuildPlugin,ha,high availability cluster,)) +$(eval $(call BuildPlugin,hmac,HMAC crypto,)) +$(eval $(call BuildPlugin,kernel-klips,KLIPS kernel interface,)) +$(eval $(call BuildPlugin,kernel-netlink,netlink kernel interface,)) +$(eval $(call BuildPlugin,kernel-pfkey,PK_KEY kernel interface,)) +$(eval $(call BuildPlugin,ldap,LDAP,+PACKAGE_strongswan-mod-ldap:libopenldap)) +$(eval $(call BuildPlugin,led,LED blink on IKE activity,)) +$(eval $(call BuildPlugin,load-tester,load testing,)) +$(eval $(call BuildPlugin,nonce,nonce genereation,)) +$(eval $(call BuildPlugin,md4,MD4 crypto,)) +$(eval $(call BuildPlugin,md5,MD5 crypto,)) +$(eval $(call BuildPlugin,mysql,MySQL database interface,+strongswan-mod-sql +PACKAGE_strongswan-mod-mysql:libmysqlclient-r)) +$(eval $(call BuildPlugin,openssl,OpenSSL crypto,+PACKAGE_strongswan-mod-openssl:libopenssl)) +$(eval $(call BuildPlugin,padlock,VIA PadLock crypto,@TARGET_x86)) +$(eval $(call BuildPlugin,pem,PEM decoding,)) +$(eval $(call BuildPlugin,pgp,PGP key decoding,)) +$(eval $(call BuildPlugin,pkcs1,PKCS1 key decoding,)) +$(eval $(call BuildPlugin,pkcs8,PKCS8 key decoding,)) +$(eval $(call BuildPlugin,pkcs11,PKCS11 key decoding,)) +$(eval $(call BuildPlugin,pubkey,raw public key,)) +$(eval $(call BuildPlugin,random,RNG,)) +$(eval $(call BuildPlugin,resolve,DNS resolver,)) +$(eval $(call BuildPlugin,revocation,X509 CRL/OCSP revocation,)) +$(eval $(call BuildPlugin,sha1,SHA1 crypto,)) +$(eval $(call BuildPlugin,sha2,SHA2 crypto,)) +$(eval $(call BuildPlugin,smp,SMP configuration and control interface,+PACKAGE_strongswan-mod-smp:libxml2)) +$(eval $(call BuildPlugin,socket-default,default socket implementation for charon,)) +$(eval $(call BuildPlugin,socket-dynamic,dynamic socket implementation for charon,)) +$(eval $(call BuildPlugin,socket-raw,raw socket implementation for charon,)) +$(eval $(call BuildPlugin,sql,SQL database interface,)) +$(eval $(call BuildPlugin,sqlite,SQLite database interface,+strongswan-mod-sql +PACKAGE_strongswan-mod-sqlite:libsqlite3)) +$(eval $(call BuildPlugin,stroke,Stroke,+strongswan-utils)) +$(eval $(call BuildPlugin,test-vectors,crypto test vectors,)) +$(eval $(call BuildPlugin,uci,UCI config interface,+PACKAGE_strongswan-mod-uci:libuci)) +$(eval $(call BuildPlugin,updown,updown firewall,)) +$(eval $(call BuildPlugin,whitelist,peer identity whitelisting,)) +$(eval $(call BuildPlugin,x509,x509 certificate,)) +$(eval $(call BuildPlugin,xauth-eap,EAP XAuth backend,)) +$(eval $(call BuildPlugin,xauth-generic,generic XAuth backend,)) +$(eval $(call BuildPlugin,xcbc,xcbc crypto,)) diff --git a/net/strongswan/files/ipsec.secrets b/net/strongswan/files/ipsec.secrets new file mode 100644 index 000000000..ddd495699 --- /dev/null +++ b/net/strongswan/files/ipsec.secrets @@ -0,0 +1 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file diff --git a/net/strongswan/patches/201-no-modprobe.patch b/net/strongswan/patches/201-no-modprobe.patch new file mode 100644 index 000000000..5dee45e97 --- /dev/null +++ b/net/strongswan/patches/201-no-modprobe.patch @@ -0,0 +1,28 @@ +--- a/src/starter/netkey.c ++++ b/src/starter/netkey.c +@@ -31,7 +31,7 @@ bool starter_netkey_init(void) + /* af_key module makes the netkey proc interface visible */ + if (stat(PROC_MODULES, &stb) == 0) + { +- ignore_result(system("modprobe -qv af_key")); ++ ignore_result(system("insmod -qv af_key")); + } + + /* now test again */ +@@ -45,11 +45,11 @@ bool starter_netkey_init(void) + /* make sure that all required IPsec modules are loaded */ + if (stat(PROC_MODULES, &stb) == 0) + { +- ignore_result(system("modprobe -qv ah4")); +- ignore_result(system("modprobe -qv esp4")); +- ignore_result(system("modprobe -qv ipcomp")); +- ignore_result(system("modprobe -qv xfrm4_tunnel")); +- ignore_result(system("modprobe -qv xfrm_user")); ++ ignore_result(system("insmod -qv ah4")); ++ ignore_result(system("insmod -qv esp4")); ++ ignore_result(system("insmod -qv ipcomp")); ++ ignore_result(system("insmod -qv xfrm4_tunnel")); ++ ignore_result(system("insmod -qv xfrm_user")); + } + + DBG2(DBG_APP, "found netkey IPsec stack"); diff --git a/net/strongswan/patches/203-uci.patch b/net/strongswan/patches/203-uci.patch new file mode 100644 index 000000000..274ea8694 --- /dev/null +++ b/net/strongswan/patches/203-uci.patch @@ -0,0 +1,20 @@ +--- a/src/libcharon/plugins/uci/uci_parser.c ++++ b/src/libcharon/plugins/uci/uci_parser.c +@@ -78,7 +78,7 @@ METHOD(enumerator_t, section_enumerator_ + if (uci_lookup(this->ctx, &element, this->package, + this->current->name, "name") == UCI_OK) + { /* use "name" attribute as config name if available ... */ +- *value = uci_to_option(element)->value; ++ *value = uci_to_option(element)->v.string; + } + else + { /* ... or the section name becomes config name */ +@@ -93,7 +93,7 @@ METHOD(enumerator_t, section_enumerator_ + if (value && uci_lookup(this->ctx, &element, this->package, + this->current->name, this->keywords[i]) == UCI_OK) + { +- *value = uci_to_option(element)->value; ++ *value = uci_to_option(element)->v.string; + } + } + va_end(args);