bakabtw/packages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

packages: remove packages marked as LINUX_2_4 only (alsa, shfs & strongswan)

Browse Source 
git-svn-id: svn://svn.openwrt.org/openwrt/packages@28953 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
nico 2011-11-11 18:01:48 +00:00
parent 3ea3f122b9
commit f0f1d1405b
34 changed files with 0 additions and 2743 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
net/shfs/Makefile
View File

@ -1,89 +0,0 @@
#
# Copyright (C) 2006 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=shfs
PKG_VERSION:=0.35
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/shfs
PKG_MD5SUM:=016f49d71bc32eee2b5d11fc1600cfbe
include $(INCLUDE_DIR)/package.mk
define Package/shfs/Default
TITLE:=ShFS
SUBMENU:=Filesystem
URL:=http://shfs.sourceforge.net/
endef
define Package/shfs/Default/description
ShFS is a simple and easy to use Linux kernel module which allows you to
mount remote filesystems using a plain shell (SSH) connection. When using
ShFS, you can access all remote files just like the local ones, only the
access is governed through the transport security of SSH.
endef
define KernelPackage/shfs
$(call Package/shfs/Default)
TITLE+= (kernel module)
DEPENDS:=@LINUX_2_4
FILES:=$(PKG_INSTALL_DIR)/lib/modules/$(LINUX_VERSION)/kernel/fs/shfs/shfs.$(LINUX_KMOD_SUFFIX)
SUBMENU:=Filesystems
AUTOLOAD:=$(call AutoLoad,40,shfs)
endef
define KernelPackage/shfs/description
$(call Package/shfs/Default/description)
This package contains the ShFS kernel module.
endef
define Package/shfs-utils
$(call Package/shfs/Default)
SECTION:=utils
CATEGORY:=Utilities
DEPENDS+=+kmod-shfs
TITLE+= (utilities)
endef
define Package/shfs-utils/description
$(call Package/shfs/Default/description)
This package contains the ShFS utilities.
endef
define Build/Compile
$(MAKE) -C $(PKG_BUILD_DIR) \
ARCH="$(LINUX_KARCH)" \
CROSS_COMPILE="$(TARGET_CROSS)" \
OFLAGS="$(TARGET_CFLAGS)" \
CC="$(TARGET_CC)" \
LINKER="$(TARGET_CC)" \
KERNEL="$(LINUX_VERSION)" \
KERNEL_SOURCES="$(LINUX_DIR)" \
ROOT="$(PKG_INSTALL_DIR)" \
module module-install
$(MAKE) -C $(PKG_BUILD_DIR) \
OFLAGS="$(TARGET_CFLAGS)" \
CC="$(TARGET_CC)" \
LINKER="$(TARGET_CC)" \
KERNEL_SOURCES="$(LINUX_DIR)" \
ROOT="$(PKG_INSTALL_DIR)" \
utils utils-install
endef
define Package/shfs-utils/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/shfs{,u}mount $(1)/usr/bin/
$(INSTALL_DIR) $(1)/sbin
ln -sf /usr/bin/shfsmount $(1)/sbin/mount.shfs
endef
$(eval $(call KernelPackage,shfs))
$(eval $(call BuildPackage,shfs-utils))

100
net/shfs/patches/100-kmod_build.patch
View File

@ -1,100 +0,0 @@
Index: shfs-0.35/shfs/Linux-2.4/Makefile
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.4/Makefile 2007-06-04 13:22:58.143016200 +0200
+++ shfs-0.35/shfs/Linux-2.4/Makefile 2007-06-04 13:22:58.209006168 +0200
@@ -1,3 +1,13 @@
+#
+# the original Makefile was trashed and replaced by this one
+# The main reason is that loadable modules should be built with
+# the same compile flags the kernel was built with, so we'd better
+# let the kernel tree build the module for us, like that :
+#
+# make -C $(KERNEL_DIR) SUBDIRS="$(shell pwd)" modules
+# make -C $(KERNEL_DIR) SUBDIRS="$(shell pwd)" modules_install
+#
+
ifndef KERNEL
KERNEL=$(shell uname -r)
endif
@@ -10,67 +20,29 @@
KERNEL_SOURCES=${MODULESDIR}/build
endif
-ifeq (${MODVERSIONS},detect)
- ifeq ($(shell test -e ${KERNEL_SOURCES}/include/linux/modversions.h; echo $$?),0)
- MODVERSIONS=yes
- endif
-endif
-
-ifeq (${MODVERSIONS},yes)
-MVER=-DMODVERSIONS -DEXPORT_SYMTAB
-endif
-
-LINVER=linux-${KERNEL}
-
-ALL_TARGETS := shfs.o
-
-SEARCHDIRS := -I- -I. -I${KERNEL_SOURCES}/include #-I/usr/src/linux/include/
+all: all-y
-CC := gcc
-CFLAGS = -O2 -fomit-frame-pointer -fno-strict-aliasing -pipe -Wall ${SEARCHDIRS} -DMODULE ${MVER} -D__KERNEL__ -DLINUX
-LINKER := ld
-LDFLAGS = -r
-LOADLIBES :=
+O_TARGET := shfs.o
-all: ${ALL_TARGETS}
+shfs-objs := dcache.o dir.o fcache.o file.o inode.o ioctl.o proc.o shell.o symlink.o
-%.o: %.c $(wildcard *.h)
- ${CC} ${CFLAGS} -c $< -o $@
+obj-y := $(shfs-objs)
+obj-m := $(O_TARGET)
-shfs.o: dcache.o dir.o fcache.o file.o inode.o ioctl.o proc.o shell.o symlink.o
- ${LINKER} ${LDFLAGS} -o $@ ${filter-out %.a %.so, $^} ${LOADLIBES}
-
-tidy:
- ${RM} core dcache.o dir.o fcache.o file.o inode.o ioctl.o proc.o shell.o symlink.o
-
-clean: tidy patch-clean
- ${RM} shfs.o
+-include $(TOPDIR)/Rules.make
+all-y:
+ make -C ${KERNEL_SOURCES} TOPDIR="${KERNEL_SOURCES}" SUBDIRS="$(shell pwd)" modules
+
install: shfs.o
rm -f ${MODULESDIR}/kernel/fs/shfs/shfs.o
install -m644 -b -D shfs.o ${MODULESDIR}/kernel/fs/shfs/shfs.o
- if [ -x /sbin/depmod -a "${ROOT}" = "/" ]; then /sbin/depmod -aq; fi
uninstall:
rm -rf ${MODULESDIR}/kernel/fs/shfs
- if [ -x /sbin/depmod -a "${ROOT}" = "/" ]; then /sbin/depmod -aq; fi
-patch:
- rm -rf ${LINVER} ${LINVER}.orig; mkdir ${LINVER};
- for i in Documentation fs/shfs include/linux; do \
- mkdir -p ${LINVER}/$$i; \
- done
- cp ${KERNEL_SOURCES}/Documentation/Configure.help ${LINVER}/Documentation
- cp ${KERNEL_SOURCES}/fs/{Makefile,Config.in} ${LINVER}/fs
- cp -r ${LINVER} ${LINVER}.orig
- cp ../../Changelog *.c shfs_debug.h proc.h ${LINVER}/fs/shfs/
- cp shfs.h shfs_fs* ${LINVER}/include/linux/
- (cd ${LINVER}; patch -p1 <../kernel-config.diff)
- find . -type f -name "*.orig" -print | xargs rm -f
- diff -urN ${LINVER}.orig ${LINVER} >${LINVER}.diff; true
-
-patch-clean:
- rm -rf ${LINVER} ${LINVER}.orig;
- rm -f ${LINVER}.diff
-
-.PHONY : all tidy clean install uninstall patch patch-clean
+clean:
+ rm -f core *.o *.a *.s
+
+shfs.o: $(shfs-objs)
+

166
net/shfs/patches/101-shfs_0.35_2.6.18_dentry.patch
View File

@ -1,166 +0,0 @@
Index: shfs-0.35/shfs/Linux-2.6/inode.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.091024104 +0200
+++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.397977440 +0200
@@ -337,12 +337,21 @@
return -EINVAL;
}
+#ifdef NEW_VFS_DENTRY_API
+static int
+shfs_get_sb(struct file_system_type *fs_type,
+ int flags, const char *dev_name, void *data, struct vfsmount *mnt)
+{
+ return get_sb_nodev(fs_type, flags, data, shfs_read_super, mnt);
+}
+#else
static struct super_block *
shfs_get_sb(struct file_system_type *fs_type,
int flags, const char *dev_name, void *data)
{
return get_sb_nodev(fs_type, flags, data, shfs_read_super);
}
+#endif
static struct file_system_type sh_fs_type = {
.owner = THIS_MODULE,
Index: shfs-0.35/shfs/Linux-2.6/file.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/file.c 2007-06-04 13:22:58.096023344 +0200
+++ shfs-0.35/shfs/Linux-2.6/file.c 2007-06-04 13:22:58.397977440 +0200
@@ -199,7 +199,7 @@
}
static int
-shfs_file_flush(struct file *f)
+do_file_flush(struct file *f)
{
struct dentry *dentry = f->f_dentry;
struct shfs_sb_info *info = info_from_dentry(dentry);
@@ -222,6 +222,16 @@
}
static int
+#ifdef FLUSH_HAS_LOCK_OWNER
+shfs_file_flush(struct file *f, fl_owner_t id)
+#else
+shfs_file_flush(struct file *f)
+#endif
+{
+ return do_file_flush(f);
+}
+
+static int
shfs_file_release(struct inode *inode, struct file *f)
{
struct dentry *dentry = f->f_dentry;
@@ -311,7 +321,7 @@
DEBUG("\n");
written = generic_file_write(f, buf, count, offset);
if (written > 0) {
- result = shfs_file_flush(f);
+ result = do_file_flush(f);
written = result < 0 ? result: written;
}
Index: shfs-0.35/shfs/Linux-2.6/proc.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/proc.c 2007-06-04 13:22:58.102022432 +0200
+++ shfs-0.35/shfs/Linux-2.6/proc.c 2007-06-04 13:22:58.398977288 +0200
@@ -570,6 +570,16 @@
return result;
}
+#ifdef NEW_VFS_DENTRY_API
+int
+shfs_statfs(struct dentry *dentry, struct kstatfs *attr)
+{
+ struct shfs_sb_info *info = info_from_sb(dentry->d_sb);
+
+ DEBUG("\n");
+ return info->fops.statfs(info, attr);
+}
+#else
int
shfs_statfs(struct super_block *sb, struct kstatfs *attr)
{
@@ -578,4 +588,5 @@
DEBUG("\n");
return info->fops.statfs(info, attr);
}
+#endif
Index: shfs-0.35/shfs/Linux-2.6/shfs_fs.h
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.107021672 +0200
+++ shfs-0.35/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.398977288 +0200
@@ -9,6 +9,12 @@
#include <linux/ioctl.h>
#include <linux/pagemap.h>
+#include <linux/version.h>
+
+#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,17)
+#define NEW_VFS_DENTRY_API
+#define FLUSH_HAS_LOCK_OWNER
+#endif
#define SHFS_MAX_AGE(info) (((info)->ttl * HZ) / 1000)
#define SOCKBUF_SIZE (SHFS_PATH_MAX * 10)
@@ -101,7 +107,12 @@
void set_garbage(struct shfs_sb_info *info, int write, int count);
int get_name(struct dentry *d, char *name);
int shfs_notify_change(struct dentry *dentry, struct iattr *attr);
+
+#ifdef NEW_VFS_DENTRY_API
+int shfs_statfs(struct dentry *dentry, struct kstatfs *attr);
+#else
int shfs_statfs(struct super_block *sb, struct kstatfs *attr);
+#endif
/* shfs/inode.c */
void shfs_set_inode_attr(struct inode *inode, struct shfs_fattr *fattr);
Index: shfs-0.35/shfs/Linux-2.6/symlink.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/symlink.c 2007-06-04 13:22:58.113020760 +0200
+++ shfs-0.35/shfs/Linux-2.6/symlink.c 2007-06-04 13:22:58.398977288 +0200
@@ -41,7 +41,7 @@
return result;
}
-static int
+static void *
shfs_follow_link(struct dentry *dentry, struct nameidata *nd)
{
struct shfs_sb_info *info = info_from_dentry(dentry);
@@ -61,7 +61,7 @@
DEBUG("%s\n", real_name);
result = vfs_follow_link(nd, real_name);
error:
- return result;
+ return NULL;
}
struct inode_operations shfs_symlink_inode_operations = {
Index: shfs-0.35/shfs/Linux-2.6/dcache.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/dcache.c 2007-06-04 13:22:58.121019544 +0200
+++ shfs-0.35/shfs/Linux-2.6/dcache.c 2007-06-04 13:22:58.398977288 +0200
@@ -68,7 +68,7 @@
spin_lock(&dcache_lock);
next = parent->d_subdirs.next;
while (next != &parent->d_subdirs) {
- dentry = list_entry(next, struct dentry, d_child);
+ dentry = list_entry(next, struct dentry, d_u.d_child);
dentry->d_fsdata = NULL;
shfs_age_dentry(info, dentry);
next = next->next;
@@ -101,7 +101,7 @@
spin_lock(&dcache_lock);
next = parent->d_subdirs.next;
while (next != &parent->d_subdirs) {
- dent = list_entry(next, struct dentry, d_child);
+ dent = list_entry(next, struct dentry, d_u.d_child);
if ((unsigned long)dent->d_fsdata == fpos) {
if (dent->d_inode)
dget_locked(dent);

22
net/shfs/patches/102-shfs_0.35_clean_inode_clear.patch
View File

@ -1,22 +0,0 @@
Index: shfs-0.35/shfs/Linux-2.6/inode.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.397977440 +0200
+++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.637940960 +0200
@@ -8,6 +8,7 @@
#include <linux/modversions.h>
#endif
+#include <linux/version.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/init.h>
@@ -118,6 +119,9 @@
}
KMEM_FREE("inode", inode_cache, i);
out:
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,13))
+ truncate_inode_pages(&inode->i_data, 0);
+#endif
clear_inode(inode);
}

25
net/shfs/patches/103-shfs_0.35_gcc4.patch
View File

@ -1,25 +0,0 @@
Index: shfs-0.35/shfs/Linux-2.6/dir.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/dir.c 2007-06-04 13:22:58.041031704 +0200
+++ shfs-0.35/shfs/Linux-2.6/dir.c 2007-06-04 13:22:58.822912840 +0200
@@ -19,6 +19,8 @@
#include "shfs_debug.h"
#include "proc.h"
+static struct dentry_operations shfs_dentry_operations;
+
static int
shfs_dir_open(struct inode *inode, struct file *filp)
{
Index: shfs-0.35/shfs/Linux-2.6/shfs_fs.h
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.398977288 +0200
+++ shfs-0.35/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.823912688 +0200
@@ -56,7 +56,6 @@
#define ROUND_TO_MINS(x) do { (x).tv_sec = ((x).tv_sec / 60) * 60; (x).tv_nsec = 0; } while (0)
/* shfs/dir.c */
-extern struct dentry_operations shfs_dentry_operations;
extern struct file_operations shfs_dir_operations;
extern struct inode_operations shfs_dir_inode_operations;
extern void shfs_new_dentry(struct dentry *dentry);

377
net/shfs/patches/104-shfs_0.35_inode_and_fs.patch
View File

@ -1,377 +0,0 @@
Index: shfs-0.35/shfs/Linux-2.6/fcache.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/fcache.c 2007-06-04 13:22:57.997038392 +0200
+++ shfs-0.35/shfs/Linux-2.6/fcache.c 2007-06-04 13:22:59.019882896 +0200
@@ -100,7 +100,11 @@
VERBOSE("dir in file cache?\n");
return -EINVAL;
}
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ p = (struct shfs_inode_info *)inode->i_private;
+#else
p = (struct shfs_inode_info *)inode->u.generic_ip;
+#endif
if (!p) {
VERBOSE("inode without info\n");
return -EINVAL;
@@ -127,7 +131,11 @@
VERBOSE("dir in file cache?\n");
return -EINVAL;
}
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ p = (struct shfs_inode_info *)inode->i_private;
+#else
p = (struct shfs_inode_info *)inode->u.generic_ip;
+#endif
if (!p) {
VERBOSE("inode without info\n");
return -EINVAL;
@@ -160,7 +168,11 @@
if (result == 0) {
struct shfs_inode_info *p;
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ p = (struct shfs_inode_info *)f->f_dentry->d_inode->i_private;
+#else
p = (struct shfs_inode_info *)f->f_dentry->d_inode->u.generic_ip;
+#endif
if (!p) {
VERBOSE("inode without info\n");
return -EINVAL;
@@ -184,7 +196,11 @@
return -EINVAL;
}
DEBUG("ino: %lu\n", inode->i_ino);
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ p = (struct shfs_inode_info *)inode->i_private;
+#else
p = (struct shfs_inode_info *)inode->u.generic_ip;
+#endif
if (!p) {
VERBOSE("inode without info\n");
return -EINVAL;
@@ -226,7 +242,11 @@
VERBOSE("dir in file cache?\n");
return -EINVAL;
}
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ p = (struct shfs_inode_info *)inode->i_private;
+#else
p = (struct shfs_inode_info *)inode->u.generic_ip;
+#endif
if (!p) {
VERBOSE("inode without info\n");
return -EINVAL;
@@ -327,7 +347,11 @@
VERBOSE("dir in file cache?\n");
return -EINVAL;
}
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ p = (struct shfs_inode_info *)inode->i_private;
+#else
p = (struct shfs_inode_info *)inode->u.generic_ip;
+#endif
if (!p) {
VERBOSE("inode without info\n");
return -EINVAL;
Index: shfs-0.35/shfs/Linux-2.6/inode.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.637940960 +0200
+++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-04 13:22:59.020882744 +0200
@@ -36,7 +36,11 @@
shfs_set_inode_attr(struct inode *inode, struct shfs_fattr *fattr)
{
struct shfs_sb_info *info = info_from_inode(inode);
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ struct shfs_inode_info *i = inode->i_private;
+#else
struct shfs_inode_info *i = inode->u.generic_ip;
+#endif
struct timespec last_time = inode->i_mtime;
loff_t last_size = inode->i_size;
@@ -53,7 +57,9 @@
inode->i_ctime = fattr->f_ctime;
inode->i_atime = fattr->f_atime;
inode->i_mtime = fattr->f_mtime;
+#ifdef STRUCT_INODE_HAS_I_BLKSIZE
inode->i_blksize= fattr->f_blksize;
+#endif
inode->i_blocks = fattr->f_blocks;
inode->i_size = fattr->f_size;
@@ -76,7 +82,11 @@
if (!inode)
return NULL;
inode->i_ino = fattr->f_ino;
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ i = inode->i_private = (struct shfs_inode_info *)KMEM_ALLOC("inode", inode_cache, GFP_KERNEL);
+#else
i = inode->u.generic_ip = (struct shfs_inode_info *)KMEM_ALLOC("inode", inode_cache, GFP_KERNEL);
+#endif
if (!i)
return NULL;
i->cache = NULL;
@@ -108,7 +118,11 @@
struct shfs_inode_info *i;
DEBUG("ino: %lu\n", inode->i_ino);
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ i = (struct shfs_inode_info *)inode->i_private;
+#else
i = (struct shfs_inode_info *)inode->u.generic_ip;
+#endif
if (!i) {
VERBOSE("invalid inode\n");
goto out;
@@ -176,7 +190,11 @@
{
struct shfs_sb_info *info = info_from_dentry(dentry);
struct inode *inode = dentry->d_inode;
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ struct shfs_inode_info *i = (struct shfs_inode_info *)inode->i_private;
+#else
struct shfs_inode_info *i = (struct shfs_inode_info *)inode->u.generic_ip;
+#endif
int result;
DEBUG("%s\n", dentry->d_name.name);
Index: shfs-0.35/shfs/Linux-2.6/dir.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/dir.c 2007-06-04 13:22:58.822912840 +0200
+++ shfs-0.35/shfs/Linux-2.6/dir.c 2007-06-04 13:22:59.020882744 +0200
@@ -302,8 +302,13 @@
shfs_invalid_dir_cache(dir);
result = shfs_instantiate(dentry);
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ if (forced_write && dentry->d_inode && dentry->d_inode->i_private)
+ ((struct shfs_inode_info *)dentry->d_inode->i_private)->unset_write_on_close = 1;
+#else
if (forced_write && dentry->d_inode && dentry->d_inode->u.generic_ip)
((struct shfs_inode_info *)dentry->d_inode->u.generic_ip)->unset_write_on_close = 1;
+#endif
return result;
}
Index: shfs-0.35/shfs/Linux-2.6/file.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/file.c 2007-06-04 13:22:58.397977440 +0200
+++ shfs-0.35/shfs/Linux-2.6/file.c 2007-06-04 13:22:59.020882744 +0200
@@ -90,7 +90,11 @@
struct dentry *dentry = f->f_dentry;
struct shfs_sb_info *info = info_from_dentry(dentry);
struct inode *inode = p->mapping->host;
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ struct shfs_inode_info *i = (struct shfs_inode_info *)inode->i_private;
+#else
struct shfs_inode_info *i = (struct shfs_inode_info *)inode->u.generic_ip;
+#endif
char *buffer = kmap(p) + offset;
int written = 0, result;
unsigned count = to - offset;
@@ -252,8 +256,13 @@
}
}
/* if file was forced to be writeable, change attrs back on close */
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ if (dentry->d_inode && dentry->d_inode->i_private) {
+ if (((struct shfs_inode_info *)dentry->d_inode->i_private)->unset_write_on_close) {
+#else
if (dentry->d_inode && dentry->d_inode->u.generic_ip) {
if (((struct shfs_inode_info *)dentry->d_inode->u.generic_ip)->unset_write_on_close) {
+#endif
char name[SHFS_PATH_MAX];
if (get_name(dentry, name) < 0)
@@ -302,7 +311,8 @@
goto error;
}
if (result != 0) {
- copy_to_user(buf, (char *)page, result);
+ if (copy_to_user(buf, (char *)page, result))
+ goto error;
*ppos += result;
}
error:
@@ -315,11 +325,15 @@
static ssize_t
shfs_slow_write(struct file *f, const char *buf, size_t count, loff_t *offset)
{
- int written = 0;
+ ssize_t written = 0;
int result;
DEBUG("\n");
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ written = do_sync_write(f, buf, count, offset);
+#else
written = generic_file_write(f, buf, count, offset);
+#endif
if (written > 0) {
result = do_file_flush(f);
written = result < 0 ? result: written;
@@ -330,14 +344,23 @@
struct file_operations shfs_file_operations = {
.llseek = generic_file_llseek,
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ .read = do_sync_read,
+ .write = do_sync_write,
+#else
.read = generic_file_read,
.write = generic_file_write,
+#endif
.ioctl = shfs_ioctl,
.mmap = generic_file_mmap,
.open = shfs_file_open,
.flush = shfs_file_flush,
.release = shfs_file_release,
.fsync = shfs_file_sync,
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ .aio_read = generic_file_aio_read,
+ .aio_write = generic_file_aio_write,
+#endif
};
struct file_operations shfs_slow_operations = {
Index: shfs-0.35/shfs/Linux-2.6/proc.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/proc.c 2007-06-04 13:22:58.398977288 +0200
+++ shfs-0.35/shfs/Linux-2.6/proc.c 2007-06-04 13:22:59.021882592 +0200
@@ -149,7 +149,12 @@
{
struct file *f = info->sock;
mm_segment_t fs;
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ ssize_t result = 0;
+ loff_t begin;
+#else
int c, result = 0;
+#endif
unsigned long flags, sigpipe;
sigset_t old_set;
@@ -161,7 +166,9 @@
return result;
}
+#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19))
c = count;
+#endif
fs = get_fs();
set_fs(get_ds());
@@ -173,6 +180,16 @@
SIGRECALC;
SIGUNLOCK(flags);
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ begin = f->f_pos;
+ result = do_sync_write(f, buffer, count, &f->f_pos);
+
+ if (result < 0) {
+ DEBUG("error: %d\n", result);
+ fput(f);
+ info->sock = NULL;
+ }
+#else
do {
struct iovec vec[1];
@@ -190,6 +207,7 @@
buffer += result;
c -= result;
} while (c > 0);
+#endif
SIGLOCK(flags);
if (result == -EPIPE && !sigpipe) {
@@ -204,7 +222,11 @@
DEBUG(">%d\n", result);
if (result < 0)
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ set_garbage(info, 1, count - (f->f_pos - begin));
+#else
set_garbage(info, 1, c);
+#endif
else
result = count;
return result;
@@ -222,6 +244,9 @@
int c, result = 0;
unsigned long flags, sigpipe;
sigset_t old_set;
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ loff_t begin;
+#endif
if (!f)
return -EIO;
@@ -256,6 +281,20 @@
fs = get_fs();
set_fs(get_ds());
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ begin = f->f_pos;
+ result = do_sync_read(f, buffer, c, &f->f_pos);
+
+ if (!result) {
+ /* peer has closed socket */
+ result = -EIO;
+ }
+ if (result < 0) {
+ DEBUG("error: %d\n", result);
+ fput(f);
+ info->sock = NULL;
+ }
+#else
do {
struct iovec vec[1];
@@ -277,6 +316,7 @@
buffer += result;
c -= result;
} while (c > 0);
+#endif
SIGLOCK(flags);
if (result == -EPIPE && !sigpipe) {
@@ -291,7 +331,11 @@
DEBUG("<%d\n", result);
if (result < 0)
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ set_garbage(info, 0, count - (f->f_pos - begin));
+#else
set_garbage(info, 0, c);
+#endif
else
result = count;
return result;
@@ -316,8 +360,10 @@
return result;
}
while (1) {
+#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19))
struct iovec vec[1];
+#endif
nl = memchr(BUFFER, '\n', LEN);
if (nl) {
*nl = '\0';
@@ -348,9 +394,13 @@
fs = get_fs();
set_fs(get_ds());
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+ result = do_sync_read(f, BUFFER+LEN, c, &f->f_pos);
+#else
vec[0].iov_base = BUFFER+LEN;
vec[0].iov_len = c;
result = f->f_op->readv(f, (const struct iovec *)&vec, 1, &f->f_pos);
+#endif
SIGLOCK(flags);
if (result == -EPIPE && !sigpipe) {
sigdelset(&current->pending.signal, SIGPIPE);

70
net/shfs/patches/105-space_chars.patch
View File

@ -1,70 +0,0 @@
Index: shfs-0.35/shfs/Linux-2.4/shell.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.4/shell.c 2007-06-04 13:22:57.970042496 +0200
+++ shfs-0.35/shfs/Linux-2.4/shell.c 2007-06-04 13:22:59.249847936 +0200
@@ -213,6 +213,7 @@
int c = 0;
int is_space = 1;
int device = 0;
+ char *start = s;
while (*s) {
if (c == DIR_COLS)
@@ -227,17 +228,20 @@
s++;
}
*s = '\0';
+ start = s+1;
is_space = 1;
+ } else {
+ if (c != DIR_NAME)
+ start = s+1;
}
} else {
if (is_space) {
/* (b)lock/(c)haracter device hack */
- col[c++] = s;
+ col[c++] = start;
is_space = 0;
if ((c-1 == DIR_PERM) && ((*s == 'b')||(*s == 'c'))) {
device = 1;
}
-
}
}
s++;
Index: shfs-0.35/shfs/Linux-2.6/shell.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/shell.c 2007-06-04 13:22:57.977041432 +0200
+++ shfs-0.35/shfs/Linux-2.6/shell.c 2007-06-04 13:22:59.249847936 +0200
@@ -225,6 +225,7 @@
int c = 0;
int is_space = 1;
int device = 0;
+ char *start = s;
while (*s) {
if (c == DIR_COLS)
@@ -239,17 +240,20 @@
s++;
}
*s = '\0';
+ start = s+1;
is_space = 1;
+ } else {
+ if (c != DIR_NAME)
+ start = s+1;
}
} else {
if (is_space) {
/* (b)lock/(c)haracter device hack */
- col[c++] = s;
+ col[c++] = start;
is_space = 0;
if ((c-1 == DIR_PERM) && ((*s == 'b')||(*s == 'c'))) {
device = 1;
}
-
}
}
s++;

38
net/shfs/patches/106-uidgid32.patch
View File

@ -1,38 +0,0 @@
Index: shfs-0.35/shfs/Linux-2.4/shfs_fs_sb.h
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.4/shfs_fs_sb.h 2007-06-04 13:22:57.941046904 +0200
+++ shfs-0.35/shfs/Linux-2.4/shfs_fs_sb.h 2007-06-04 13:22:59.448817688 +0200
@@ -38,10 +38,10 @@
struct shfs_fileops fops;
int version;
int ttl;
- __kernel_uid_t uid;
- __kernel_gid_t gid;
- __kernel_mode_t root_mode;
- __kernel_mode_t fmask;
+ uid_t uid;
+ gid_t gid;
+ mode_t root_mode;
+ mode_t fmask;
char mount_point[SHFS_PATH_MAX];
struct semaphore sock_sem; /* next 4 vars are guarded */
struct file *sock;
Index: shfs-0.35/shfs/Linux-2.6/shfs_fs_sb.h
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/shfs_fs_sb.h 2007-06-04 13:22:57.949045688 +0200
+++ shfs-0.35/shfs/Linux-2.6/shfs_fs_sb.h 2007-06-04 13:22:59.449817536 +0200
@@ -38,10 +38,10 @@
struct shfs_fileops fops;
int version;
int ttl;
- __kernel_uid_t uid;
- __kernel_gid_t gid;
- __kernel_mode_t root_mode;
- __kernel_mode_t fmask;
+ uid_t uid;
+ gid_t gid;
+ mode_t root_mode;
+ mode_t fmask;
char mount_point[SHFS_PATH_MAX];
struct semaphore sock_sem; /* next 4 vars are guarded */
struct file *sock;

38
net/shfs/patches/107-df.patch
View File

@ -1,38 +0,0 @@
Index: shfs-0.35/shfs/Linux-2.4/shell.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.4/shell.c 2007-06-04 13:22:59.249847936 +0200
+++ shfs-0.35/shfs/Linux-2.4/shell.c 2007-06-04 13:22:59.643788048 +0200
@@ -961,11 +961,11 @@
s = info->sockbuf;
if ((p = strsep(&s, " ")))
- attr->f_blocks = simple_strtoull(p, NULL, 10);
+ attr->f_blocks = simple_strtoull(p, NULL, 10) >> 2;
if ((p = strsep(&s, " ")))
- attr->f_bfree = attr->f_blocks - simple_strtoull(p, NULL, 10);
+ attr->f_bfree = attr->f_blocks - (simple_strtoull(p, NULL, 10) >> 2);
if ((p = strsep(&s, " ")))
- attr->f_bavail = simple_strtoull(p, NULL, 10);
+ attr->f_bavail = simple_strtoull(p, NULL, 10) >> 2;
result = sock_readln(info, info->sockbuf, SOCKBUF_SIZE);
if (result < 0)
Index: shfs-0.35/shfs/Linux-2.6/shell.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/shell.c 2007-06-04 13:22:59.249847936 +0200
+++ shfs-0.35/shfs/Linux-2.6/shell.c 2007-06-04 13:22:59.643788048 +0200
@@ -974,11 +974,11 @@
s = info->sockbuf;
if ((p = strsep(&s, " ")))
- attr->f_blocks = simple_strtoull(p, NULL, 10);
+ attr->f_blocks = simple_strtoull(p, NULL, 10) >> 2;
if ((p = strsep(&s, " ")))
- attr->f_bfree = attr->f_blocks - simple_strtoull(p, NULL, 10);
+ attr->f_bfree = attr->f_blocks - (simple_strtoull(p, NULL, 10) >> 2);
if ((p = strsep(&s, " ")))
- attr->f_bavail = simple_strtoull(p, NULL, 10);
+ attr->f_bavail = simple_strtoull(p, NULL, 10) >> 2;
result = sock_readln(info, info->sockbuf, SOCKBUF_SIZE);
if (result < 0)

28
net/shfs/patches/108-no_update_mtab.patch
View File

@ -1,28 +0,0 @@
Index: shfs-0.35/shfsmount/shfsmount.c
===================================================================
--- shfs-0.35.orig/shfsmount/shfsmount.c 2007-06-04 13:22:57.883055720 +0200
+++ shfs-0.35/shfsmount/shfsmount.c 2007-06-04 13:22:59.838758408 +0200
@@ -74,7 +74,7 @@
static int have_uid = 0;
/* do not update /etc/mtab */
-static int nomtab = 0;
+static int nomtab = 1;
/* preserve owner of files */
static int preserve = 0;
Index: shfs-0.35/shfsmount/shfsumount.c
===================================================================
--- shfs-0.35.orig/shfsmount/shfsumount.c 2007-06-04 13:22:57.890054656 +0200
+++ shfs-0.35/shfsmount/shfsumount.c 2007-06-04 13:22:59.838758408 +0200
@@ -67,10 +67,6 @@
FILE *new_mtab;
struct mntent *ment;
- if ((fd = open(MOUNTED"~", O_RDWR|O_CREAT|O_EXCL, 0600)) == -1) {
- fprintf(stderr, "Can't get "MOUNTED"~ lock file");
- return 0;
- }
close(fd);
if ((mtab = setmntent(MOUNTED, "r")) == NULL) {
fprintf(stderr, "Can't open " MOUNTED ": %s\n", strerror(errno));

26
net/shfs/patches/109-linux_2.6.22.patch
View File

@ -1,26 +0,0 @@
Index: shfs-0.35/shfs/Linux-2.6/dir.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/dir.c 2007-06-17 04:08:32.449815896 +0200
+++ shfs-0.35/shfs/Linux-2.6/dir.c 2007-06-17 04:08:41.766399560 +0200
@@ -13,6 +13,7 @@
#include <asm/uaccess.h>
#include <linux/smp_lock.h>
#include <linux/stat.h>
+#include <linux/jiffies.h>
#include "shfs_fs.h"
#include "shfs_fs_i.h"
Index: shfs-0.35/shfs/Linux-2.6/inode.c
===================================================================
--- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-17 04:09:01.961329464 +0200
+++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-17 04:13:08.501849608 +0200
@@ -15,6 +15,9 @@
#include <asm/uaccess.h>
#include <linux/file.h>
#include <linux/smp_lock.h>
+#include <linux/jiffies.h>
+#include <linux/sched.h>
+#include <asm/current.h>
#include "shfs_fs.h"
#include "shfs_fs_sb.h"

97
net/strongswan/Makefile
View File

@ -1,97 +0,0 @@
#
# Copyright (C) 2006 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=strongswan
PKG_VERSION:=2.8.11
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://download.strongswan.org/
PKG_MD5SUM:=067189ae1586f0fdc5527c3c90448771
include $(INCLUDE_DIR)/package.mk
define Package/strongswan/Default
TITLE:=strongSwan
DEPENDS:=@LINUX_2_4
URL:=http://www.strongswan.org/
endef
define Package/strongswan/Default/description
strongSwan is an IPsec implementation for Linux.
endef
define Package/strongswan
$(call Package/strongswan/Default)
SECTION:=net
CATEGORY:=Network
DEPENDS:=+kmod-strongswan +libgmp @LINUX_2_4
TITLE+= (daemon)
endef
define Package/strongswan/description
$(call Package/strongswan/Default/description)
This package contains the strongSwan user-land daemon.
endef
define KernelPackage/strongswan
$(call Package/strongswan/Default)
SUBMENU:=Network Support
TITLE+= (kernel module)
DEPENDS:=@LINUX_2_4
FILES:=$(PKG_BUILD_DIR)/linux/net/ipsec/ipsec.$(LINUX_KMOD_SUFFIX)
AUTOLOAD:=$(call AutoLoad,50,ipsec)
endef
define KernelPackage/strongswan/description
$(call Package/strongswan/Default/description)
This package contains the strongSwan kernel module.
endef
PKG_MAKE_OPTS:= \
LINUX_RELEASE="$(LINUX_RELEASE)" \
KERNELSRC="$(LINUX_DIR)" \
ARCH="$(LINUX_KARCH)" \
CROSS_COMPILE="$(TARGET_CROSS)" \
USERCOMPILE="$(TARGET_CFLAGS) -I./linux/include $(TARGET_CPPFLAGS) $(TARGET_LDFLAGS)" \
IPSECDIR="/usr/lib/ipsec" \
INC_USRLOCAL="/usr" \
define Build/Compile
$(MAKE) -C $(PKG_BUILD_DIR) \
$(TARGET_CONFIGURE_OPTS) \
$(PKG_MAKE_OPTS) \
LDFLAGS="$(TARGET_LDFLAGS)" \
DESTDIR="$(PKG_INSTALL_DIR)" \
programs module install
endef
define Package/strongswan/install
$(CP) $(PKG_INSTALL_DIR)/* $(1)
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_DIR) $(1)/etc/cron.tick
$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
$(INSTALL_DIR) $(1)/etc/hotplug.d/button
$(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec
$(INSTALL_BIN) ./files/ipsec.cron $(1)/etc/cron.tick/ipsec-wakeup
$(INSTALL_BIN) ./files/ipsec.iface $(1)/etc/hotplug.d/iface/65-ipsec
$(INSTALL_BIN) ./files/ipsec.button $(1)/etc/hotplug.d/button/65-ipsec
$(INSTALL_DATA) ./files/ipsec.config $(1)/etc/config/ipsec
$(INSTALL_DATA) ./files/ipsec.conf $(1)/etc/ipsec.conf
rm -rf $(1)/usr/share
rm -rf $(1)/usr/man
rm -rf $(1)/var
rm -rf $(1)/etc/rc.d
find $(1) -name \*.old | xargs rm -rf
endef
$(eval $(call BuildPackage,strongswan))
$(eval $(call KernelPackage,strongswan))

34
net/strongswan/files/ipsec.button
View File

@ -1,34 +0,0 @@
#!/bin/sh
# snarf the code that loads the config values
# since we also load the functions, might as well save the shell calls
. /etc/init.d/ipsec
[ -n "$IPSEC_RESET_BUTTON" -a "$BUTTON" = "$IPSEC_RESET_BUTTON" ] || exit
if [ ! -e /var/run/pluto.pid ] ; then
[ "$ACTION" = "pressed" ] && start
else
if [ "$ACTION" = "pressed" ] ; then
stop
elif [ "$ACTION" = "released" ] ; then
while [ -e /var/run/pluto.pid ] ; do
sleep 1
done
while ps auxww | grep ipsec | grep -v grep ; do
sleep 1
done
start
fi
fi

34
net/strongswan/files/ipsec.conf
View File

@ -1,34 +0,0 @@
version 2.0
config setup
interfaces=%defaultroute
nat_traversal=yes # required on both ends
uniqueids=yes # makes sense on client, not server
hidetos=no
conn %default
authby=rsasig
keyingtries=3
keyexchange=ike
left=%defaultroute
leftrsasigkey=%cert
rightrsasigkey=%cert
dpdtimeout=30 # keepalive must arrive within
dpddelay=5 # secs before keepalives start
compress=no # breaks double nat installations
pfs=yes
conn sample
leftca=%same
leftcert=my.certificate.crt
leftsourceip=192.168.10.1
leftsubnet=192.168.10.0/24
right=my.vpn.concentrator.net.
rightca=%same
rightid="C=??, ST=??, O=??, OU=??, CN=my.vpn.concentrator.net, E=root@concentrator.net"
rightsourceip=192.168.11.1
rightsubnet=192.168.11.0/24
dpdaction=hold
auto=start

21
net/strongswan/files/ipsec.config
View File

@ -1,21 +0,0 @@
# Configure button/light behavior here.
config device
option reset_button ses
option status_start ses_orange
option status_valid ses_white
# iptables setup for traffic to/from this host
config filter
option rule_in input_rule
option dest_in ACCEPT
option rule_out output_rule
option dest_out ACCEPT
# iptables setup for traffic to/from another host
config forward
option rule_in forwarding_rule
option dest_in forwarding_vpn_in
option rule_out forwarding_rule
option dest_out forwarding_vpn_out

2
net/strongswan/files/ipsec.cron
View File

@ -1,2 +0,0 @@
#!/bin/sh
/usr/sbin/ipsec wakeup

8
net/strongswan/files/ipsec.iface
View File

@ -1,8 +0,0 @@
NAME=ipsec
CTLFILE="/var/run/pluto.ctl"
[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] || exit
[ -e "$CTLFILE" ] || exit
/etc/init.d/ipsec update

101
net/strongswan/files/ipsec.init
View File

@ -1,101 +0,0 @@
#!/bin/sh /etc/rc.common
START=65
config_cb() {
local cfg="$CONFIG_SECTION"
local cfgt
config_get cfgt "$cfg" TYPE
case "$cfgt" in
device)
config_get IPSEC_RESET_BUTTON $cfg reset_button
config_get IPSEC_STATUS_LED_START $cfg status_start
config_get IPSEC_STATUS_LED_VALID $cfg status_valid
;;
filter)
config_get IPSEC_UPDOWN_RULE_IN $cfg rule_in
config_get IPSEC_UPDOWN_DEST_IN $cfg dest_in
config_get IPSEC_UPDOWN_RULE_OUT $cfg rule_out
config_get IPSEC_UPDOWN_DEST_OUT $cfg dest_out
;;
forward)
config_get IPSEC_UPDOWN_FWD_RULE_IN $cfg rule_in
config_get IPSEC_UPDOWN_FWD_DEST_IN $cfg dest_in
config_get IPSEC_UPDOWN_FWD_RULE_OUT $cfg rule_out
config_get IPSEC_UPDOWN_FWD_DEST_OUT $cfg dest_out
;;
*)
;;
esac
}
config_load ipsec
export IPSEC_RESET_BUTTON
export IPSEC_STATUS_LED_START
export IPSEC_STATUS_LED_VALID
export IPSEC_UPDOWN_RULE_IN
export IPSEC_UPDOWN_DEST_IN
export IPSEC_UPDOWN_RULE_OUT
export IPSEC_UPDOWN_DEST_OUT
export IPSEC_UPDOWN_FWD_RULE_IN
export IPSEC_UPDOWN_FWD_DEST_IN
export IPSEC_UPDOWN_FWD_RULE_OUT
export IPSEC_UPDOWN_FWD_DEST_OUT
start() {
[ -f /etc/ipsec.conf ] || exit
[ -e /var/run/starter.pid ] && exit
/usr/sbin/ipsec _showstatus start
# stuff the dnsmasq cache in case dns is on our own subnet
for peer in `grep left= /etc/ipsec.conf | \
cut -f 1 -d% | cut -f 2 -d=` ; do
ping -c 1 $peer > /dev/null 2>&1
done
/usr/sbin/ipsec start || exit
# work around broken routing behavior:
# a route to the local wan segment will appear
# the need was removed in the patched _updown script
while ! route -n | grep -q ipsec ; do sleep 1 ; done
defint=`route -n | awk '/^0.0.0.0/{print $8}'`
defnet=`route -n | grep $defint | awk '!/^0.0.0.0/{print $1}'`
dnmask=`route -n | grep $defint | awk '!/^0.0.0.0/{print $3}'`
tundev=`route -n | grep $defnet | awk '/ipsec/{print $8}'`
route del -net $defnet netmask $dnmask dev $tundev
}
stop() {
/usr/sbin/ipsec stop 2> /dev/null
# wait until the shutdown actually happens
while [ -e /var/run/starter.pid ] ; do
if [ -d /proc/`cat /var/run/starter.pid` ] ; then
sleep 1
else
rm /var/run/starter.pid
fi
done
# kill any lingering processes
while ps auxww | grep -q ipsec | grep -v init.d; do
kill `ps auxww | grep -v init.d | awk '/\/ipsec\//{print $1}'` 2> /dev/null
sleep 1
done
ipsec _showstatus stop
}

81
net/strongswan/patches/100-ar-fixes.patch
View File

@ -1,81 +0,0 @@
Index: strongswan-2.8.2/lib/libcrypto/libaes/Makefile
===================================================================
--- strongswan-2.8.2.orig/lib/libcrypto/libaes/Makefile 2007-06-04 13:23:04.777007680 +0200
+++ strongswan-2.8.2/lib/libcrypto/libaes/Makefile 2007-06-04 13:23:04.873992936 +0200
@@ -25,10 +25,8 @@
$(BLIB): $(LIBOBJ)
/bin/rm -f $(BLIB)
- ar cr $(BLIB) $(LIBOBJ)
- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
- else exit 0; fi; fi
+ $(AR) cr $(BLIB) $(LIBOBJ)
+ $(RANLIB) $(BLIB)
testx: test_main_mac.o $(BLIB)
$(CC) -o $@ $^
Index: strongswan-2.8.2/lib/libcrypto/libblowfish/Makefile
===================================================================
--- strongswan-2.8.2.orig/lib/libcrypto/libblowfish/Makefile 2007-06-04 13:23:04.783006768 +0200
+++ strongswan-2.8.2/lib/libcrypto/libblowfish/Makefile 2007-06-04 13:23:04.873992936 +0200
@@ -58,7 +58,7 @@
lib: $(LIB)
$(LIB): $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
+ $(AR) -r $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
# elf
Index: strongswan-2.8.2/lib/libcrypto/libserpent/Makefile
===================================================================
--- strongswan-2.8.2.orig/lib/libcrypto/libserpent/Makefile 2007-06-04 13:23:04.790005704 +0200
+++ strongswan-2.8.2/lib/libcrypto/libserpent/Makefile 2007-06-04 13:23:04.873992936 +0200
@@ -8,10 +8,8 @@
$(BLIB): $(LIBOBJ)
/bin/rm -f $(BLIB)
- ar cr $(BLIB) $(LIBOBJ)
- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
- else exit 0; fi; fi
+ $(AR) cr $(BLIB) $(LIBOBJ)
+ $(RANLIB) $(BLIB)
test: test_main.o $(BLIB)
$(CC) -o $@ $^
Index: strongswan-2.8.2/lib/libcrypto/libsha2/Makefile
===================================================================
--- strongswan-2.8.2.orig/lib/libcrypto/libsha2/Makefile 2007-06-04 13:23:04.796004792 +0200
+++ strongswan-2.8.2/lib/libcrypto/libsha2/Makefile 2007-06-04 13:23:04.874992784 +0200
@@ -9,10 +9,8 @@
$(BLIB): $(LIBOBJ)
/bin/rm -f $(BLIB)
- ar cr $(BLIB) $(LIBOBJ)
- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
- else exit 0; fi; fi
+ $(AR) cr $(BLIB) $(LIBOBJ)
+ $(RANLIB) $(BLIB)
test: test_main.o $(BLIB)
$(CC) -o $@ $^
Index: strongswan-2.8.2/lib/libcrypto/libtwofish/Makefile
===================================================================
--- strongswan-2.8.2.orig/lib/libcrypto/libtwofish/Makefile 2007-06-04 13:23:04.804003576 +0200
+++ strongswan-2.8.2/lib/libcrypto/libtwofish/Makefile 2007-06-04 13:23:04.874992784 +0200
@@ -9,10 +9,8 @@
$(BLIB): $(LIBOBJ)
/bin/rm -f $(BLIB)
- ar cr $(BLIB) $(LIBOBJ)
- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
- else exit 0; fi; fi
+ $(AR) cr $(BLIB) $(LIBOBJ)
+ $(RANLIB) $(BLIB)
test: test_main.o $(BLIB)
$(CC) -o $@ $^

11
net/strongswan/patches/110-make-ipsec.patch
View File

@ -1,11 +0,0 @@
Index: strongswan-2.8.2/programs/ipsec/Makefile
===================================================================
--- strongswan-2.8.2.orig/programs/ipsec/Makefile 2007-06-04 13:23:04.756010872 +0200
+++ strongswan-2.8.2/programs/ipsec/Makefile 2007-06-04 13:23:05.227939128 +0200
@@ -24,5 +24,5 @@
include ../Makefile.program
install:: ipsec
- @$(INSTALL) $(INSTBINFLAGS) ipsec $(RCDIR)/ipsec
+ @$(INSTALL) $(INSTBINFLAGS) -D ipsec $(RCDIR)/ipsec

13
net/strongswan/patches/120-make-pluto.patch
View File

@ -1,13 +0,0 @@
Index: strongswan-2.8.2/programs/pluto/alg/Makefile
===================================================================
--- strongswan-2.8.2.orig/programs/pluto/alg/Makefile 2007-06-04 13:23:04.734014216 +0200
+++ strongswan-2.8.2/programs/pluto/alg/Makefile 2007-06-04 13:23:05.416910400 +0200
@@ -20,7 +20,7 @@
include Config.ike_alg
LIBCRYPTO:=../../../lib/libcrypto
-ALLFLAGS=$(CPPFLAGS) $(CFLAGS) -I .. -I- -I ../../../linux/include -I $(LIBCRYPTO)
+ALLFLAGS=$(CPPFLAGS) $(CFLAGS) -I .. -I- -I ../../../linux/include -I $(LIBCRYPTO) $(USERCOMPILE)
LIBALG := libalg.o
all : $(LIBALG)

21
net/strongswan/patches/130-make-starter.patch
View File

@ -1,21 +0,0 @@
Index: strongswan-2.8.2/programs/starter/Makefile
===================================================================
--- strongswan-2.8.2.orig/programs/starter/Makefile 2007-06-04 13:23:04.711017712 +0200
+++ strongswan-2.8.2/programs/starter/Makefile 2007-06-04 13:23:06.227787128 +0200
@@ -16,7 +16,6 @@
FREESWANSRCDIR?=$(shell cd ../..; pwd)
include ${FREESWANSRCDIR}/Makefile.inc
-LD=$(CC)
RM=rm
LEX=flex
BISON=bison
@@ -59,7 +58,7 @@
all: starter
starter: $(OBJS) $(FREESWANLIB)
- $(LD) $(LDFLAGS) -o starter $(OBJS) $(LIBS)
+ $(CC) $(LDFLAGS) -o starter $(OBJS) $(LIBS)
lex.yy.c: parser.tab.c parser.l parser.y parser.h
$(LEX) parser.l

234
net/strongswan/patches/200-wakeup-showstatus.patch
View File

@ -1,234 +0,0 @@
Index: strongswan-2.8.2/programs/Makefile
===================================================================
--- strongswan-2.8.2.orig/programs/Makefile 2007-06-04 13:23:04.661025312 +0200
+++ strongswan-2.8.2/programs/Makefile 2007-06-04 13:23:06.414758704 +0200
@@ -22,7 +22,7 @@
SUBDIRS+=_realsetup _secretcensor _startklips _updown _updown_espmark
SUBDIRS+=auto barf ipsec look manual ranbits secrets starter
SUBDIRS+=rsasigkey send-pr setup showdefaults showhostkey calcgoo mailkey
-SUBDIRS+=ikeping examples openac scepclient
+SUBDIRS+=ikeping examples openac scepclient _showstatus wakeup
ifeq ($(USE_LWRES),true)
SUBDIRS+=lwdnsq
Index: strongswan-2.8.2/programs/_showstatus/Makefile
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ strongswan-2.8.2/programs/_showstatus/Makefile 2007-06-04 13:23:06.414758704 +0200
@@ -0,0 +1,22 @@
+# Makefile for miscelaneous programs
+# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# for more details.
+#
+# RCSID $Id: Makefile,v 1.3 2006/04/17 06:48:49 as Exp $
+
+FREESWANSRCDIR=../..
+include ${FREESWANSRCDIR}/Makefile.inc
+
+PROGRAM=_showstatus
+PROGRAMDIR=${LIBDIR}
+
+include ../Makefile.program
Index: strongswan-2.8.2/programs/_showstatus/_showstatus.8
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ strongswan-2.8.2/programs/_showstatus/_showstatus.8 2007-06-04 13:23:06.414758704 +0200
@@ -0,0 +1,23 @@
+.TH _showstatus 8 "03 Feb 2007"
+.\"
+.\" RCSID $Id: _showstatus.8
+.\"
+.SH NAME
+ipsec _showstatus \- give state feedback via led or other method
+.SH SYNOPSIS
+.I _showstatus
+is invoked by _updown to trigger led's, or other distribution
+or platform specific behavior. Presently, the SES button is
+supported as a status light on OpenWRT platforms. The button
+is configurable by environment variable:
+-B IPSEC_STATUS_LED_START
+defaults to ses_orange, and
+-B IPSEC_STATUS_LED_VALID
+defaults to ses_white.
+.SH "SEE ALSO"
+ipsec(8), ipsec_updown(8).
+.SH HISTORY
+Man page written for the Linux strongSwan project <http://www.strongswan.org/>
+by Kevin Cody Jr. Original manpage for _updown by Michael Richardson.
+Original program written by Henry Spencer. Extended for the Linux strongSwan
+project <http://www.strongswan.org/> by Andreas Steffen.
Index: strongswan-2.8.2/programs/_showstatus/_showstatus.in
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ strongswan-2.8.2/programs/_showstatus/_showstatus.in 2007-06-04 13:23:06.414758704 +0200
@@ -0,0 +1,70 @@
+#! /bin/sh
+#
+# Copyright (C) 2007 Kevin Cody Jr. <kcody@vegaresearch.com>
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# for more details.
+#
+# RCSID $Id: _showstatus.in
+
+
+LED_START=$IPSEC_STATUS_LED_START
+LED_VALID=$IPSEC_STATUS_LED_VALID
+
+[ -z "$LED_START" ] && LED_START="ses_orange"
+[ -z "$LED_VALID" ] && LED_VALID="ses_white"
+
+
+setled() {
+ led=$1
+ st=$2
+
+ [ -n "$led" -a -n "$st" ] || return
+
+ if [ -w "/proc/diag/led/$led" ] ; then
+ echo "$st" > "/proc/diag/led/$led"
+ fi
+
+ # integrate other led control methods here
+
+}
+
+
+case "$1" in
+ 'start')
+ [ -n "$LED_VALID" ] && setled "$LED_START" 1
+ [ -z "$LED_VALID" ] && setled "$LED_START" f
+ setled "$LED_VALID" 0
+ ;;
+ 'stop')
+ setled "$LED_START" 0
+ setled "$LED_VALID" 0
+ ;;
+ 'valid')
+ setled "$LED_VALID" 1
+ ;;
+ 'invalid')
+ setled "$LED_VALID" 0
+ ;;
+ 'up')
+ [ -n "$LED_VALID" ] && setled "$LED_START" 0
+ [ -z "$LED_VALID" ] && setled "$LED_START" 1
+ setled "$LED_VALID" 1
+ ;;
+ 'down')
+ [ -n "$LED_VALID" ] && setled "$LED_START" 1
+ [ -z "$LED_VALID" ] && setled "$LED_START" f
+ setled "$LED_VALID" f
+ ;;
+ *)
+ echo "$0: unknown status $status" >&2
+ ;;
+esac
+
Index: strongswan-2.8.2/programs/wakeup/Makefile
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ strongswan-2.8.2/programs/wakeup/Makefile 2007-06-04 13:23:06.415758552 +0200
@@ -0,0 +1,22 @@
+# Makefile for miscelaneous programs
+# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# for more details.
+#
+# RCSID $Id: Makefile,v 1.3 2006/04/17 06:48:49 as Exp $
+
+FREESWANSRCDIR=../..
+include ${FREESWANSRCDIR}/Makefile.inc
+
+PROGRAM=wakeup
+PROGRAMDIR=${LIBDIR}
+
+include ../Makefile.program
Index: strongswan-2.8.2/programs/wakeup/wakeup.8
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ strongswan-2.8.2/programs/wakeup/wakeup.8 2007-06-04 13:23:06.415758552 +0200
@@ -0,0 +1,16 @@
+.TH wakeup 8 "03 Feb 2007"
+.\"
+.\" RCSID $Id: wakeup.8
+.\"
+.SH NAME
+ipsec wakeup \- stalled and down connection detection
+.SH SYNOPSIS
+.I wakeup
+is invoked by cron and checks ipsec status, whacking as necessary.
+.SH "SEE ALSO"
+ipsec(8), ipsec_whack(8).
+.SH HISTORY
+Man page written for the Linux strongSwan project <http://www.strongswan.org/>
+by Kevin Cody Jr. Original manpage for _updown by Michael Richardson.
+Original program written by Henry Spencer. Extended for the Linux strongSwan
+project <http://www.strongswan.org/> by Andreas Steffen.
Index: strongswan-2.8.2/programs/wakeup/wakeup.in
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ strongswan-2.8.2/programs/wakeup/wakeup.in 2007-06-04 13:23:06.415758552 +0200
@@ -0,0 +1,38 @@
+#! /bin/sh
+# wakeup script
+#
+# Copyright (C) 2007 Kevin Cody Jr. <kcody@vegaresearch.com>
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# for more details.
+#
+
+# only applicable when ipsec is running
+[ -e /var/run/pluto.pid ] || exit
+
+# loop through any erouted tunnels in the HOLD state
+for f in `ipsec status | awk '/erouted HOLD/{ print $2 }' | cut -f1 -d\: | cut -f2 -d\"` ; do
+
+ # only whack if no pending events at all exists
+ ipsec status | grep STATE | grep -q $f ||
+ ipsec whack --name $f --initiate --asynchronous
+
+done
+
+# loop through any tunnels that don't quite exist
+for f in `ipsec status | awk '/prospective erouted/{ print $2 }' | cut -f1 -d: | grep -v \# | cut -f2 -d\"` ; do
+
+ ipsec status | grep STATE_QUICK | grep -q $f || {
+ ipsec status | grep STATE_MAIN | grep -q $f && ipsec down $f
+ ipsec up $f
+ }
+
+done
+

662
net/strongswan/patches/210-updown.patch
View File

@ -1,662 +0,0 @@
Index: strongswan-2.8.2/programs/_updown/_updown.8
===================================================================
--- strongswan-2.8.2.orig/programs/_updown/_updown.8 2007-06-04 13:23:04.632029720 +0200
+++ strongswan-2.8.2/programs/_updown/_updown.8 2007-06-04 13:23:06.656721920 +0200
@@ -8,8 +8,23 @@
.I _updown
is invoked by pluto when it has brought up a new connection. This script
is used to insert the appropriate routing entries for IPsec operation.
-It can also be used to insert and delete dynamic iptables firewall rules.
-The interface to the script is documented in the pluto man page.
+It also inserts and deletes dynamic iptables firewall rules. IMPORTANT!
+By default, it will ACCEPT as appropriate on the INPUT, OUTPUT, FORWARD
+tables. Most distributions will want to change that to provide more
+flexibility in their firewall configuration.
+The script looks for the environment variables
+.B IPSEC_UPDOWN_RULE_IN
+for the iptables table it should insert into,
+.B IPSEC_UPDOWN_DEST_IN
+for where the rule should -j jump to,
+.B IPSEC_UPDOWN_RULE_OUT
+.B IPSEC_UPDOWN_DEST_OUT
+for the same on outgoing packets, and
+.B IPSEC_UPDOWN_FWD_RULE_IN
+.B IPSEC_UPDOWN_FWD_DEST_IN
+.B IPSEC_UPDOWN_FWD_RULE_OUT
+.B IPSEC_UPDOWN_FWD_DEST_OUT
+respectively for packets being forwarded to/from the local networks.
.SH "SEE ALSO"
ipsec(8), ipsec_pluto(8).
.SH HISTORY
Index: strongswan-2.8.2/programs/_updown/_updown.in
===================================================================
--- strongswan-2.8.2.orig/programs/_updown/_updown.in 2007-06-04 13:23:04.642028200 +0200
+++ strongswan-2.8.2/programs/_updown/_updown.in 2007-06-04 13:23:06.657721768 +0200
@@ -5,6 +5,7 @@
# Copyright (C) 2003-2004 Tuomo Soini
# Copyright (C) 2002-2004 Michael Richardson
# Copyright (C) 2005-2006 Andreas Steffen <andreas.steffen@strongswan.org>
+# Copyright (C) 2007 Kevin Cody Jr <kcody@vegaresearch.com>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
@@ -118,20 +119,61 @@
# restricted on the peer side.
#
-# uncomment to log VPN connections
-VPN_LOGGING=1
-#
+# set to /bin/true to silence log messages
+LOGGER=logger
+
# tag put in front of each log entry:
TAG=vpn
-#
+
# syslog facility and priority used:
-FAC_PRIO=local0.notice
-#
-# to create a special vpn logging file, put the following line into
-# the syslog configuration file /etc/syslog.conf:
-#
-# local0.notice -/var/log/vpn
-#
+FAC_PRIO=authpriv.info
+
+
+# in the presence of KLIPS and ipsecN interfaces do not use IPSEC_POLICY
+if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ] ; then
+ IPSEC_POLICY_IN=""
+ IPSEC_POLICY_OUT=""
+else
+ IPSEC_POLICY="-m policy --pol ipsec --proto esp --reqid $PLUTO_REQID"
+ IPSEC_POLICY_IN="$IPSEC_POLICY --dir in"
+ IPSEC_POLICY_OUT="$IPSEC_POLICY --dir out"
+fi
+
+# are there port numbers?
+if [ "$PLUTO_MY_PORT" != 0 ] ; then
+ S_MY_PORT="--sport $PLUTO_MY_PORT"
+ D_MY_PORT="--dport $PLUTO_MY_PORT"
+fi
+
+if [ "$PLUTO_PEER_PORT" != 0 ] ; then
+ S_PEER_PORT="--sport $PLUTO_PEER_PORT"
+ D_PEER_PORT="--dport $PLUTO_PEER_PORT"
+fi
+
+# import firewall behavior
+IPT_RULE_IN=$IPSEC_UPDOWN_RULE_IN
+IPT_DEST_IN=$IPSEC_UPDOWN_DEST_IN
+IPT_RULE_OUT=$IPSEC_UPDOWN_RULE_OUT
+IPT_DEST_OUT=$IPSEC_UPDOWN_DEST_OUT
+
+# import forwarding behavior
+FWD_RULE_IN=$IPSEC_UPDOWN_FWD_RULE_IN
+FWD_DEST_IN=$IPSEC_UPDOWN_FWD_DEST_IN
+FWD_RULE_OUT=$IPSEC_UPDOWN_FWD_RULE_OUT
+FWD_DEST_OUT=$IPSEC_UPDOWN_FWD_DEST_OUT
+
+# default firewall behavior
+[ -z "$IPT_RULE_IN" ] && IPT_RULE_IN=INPUT
+[ -z "$IPT_DEST_IN" ] && IPT_DEST_IN=ACCEPT
+[ -z "$IPT_RULE_OUT" ] && IPT_RULE_OUT=OUTPUT
+[ -z "$IPT_DEST_OUT" ] && IPT_DEST_OUT=ACCEPT
+
+# default forwarding behavior
+[ -z "$FWD_RULE_IN" ] && FWD_RULE_IN=FORWARD
+[ -z "$FWD_DEST_IN" ] && FWD_DEST_IN=ACCEPT
+[ -z "$FWD_RULE_OUT" ] && FWD_RULE_OUT=FORWARD
+[ -z "$FWD_DEST_OUT" ] && FWD_DEST_OUT=ACCEPT
+
# check interface version
case "$PLUTO_VERSION" in
@@ -150,8 +192,6 @@
case "$1:$*" in
':') # no parameters
;;
-iptables:iptables) # due to (left/right)firewall; for default script only
- ;;
custom:*) # custom parameters (see above CAUTION comment)
;;
*) echo "$0: unknown parameters \`$*'" >&2
@@ -159,345 +199,307 @@
;;
esac
+
# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
+
uproute() {
doroute add
ip route flush cache
}
+
downroute() {
doroute delete
ip route flush cache
}
+upfirewall() {
+ in_rule=$1
+ in_dest=$2
+ out_rule=$3
+ out_dest=$4
+
+ [ -n "$in_rule" -a -n "$in_dest" ] && \
+ iptables -I $in_rule 1 \
+ -i $PLUTO_INTERFACE \
+ -p $PLUTO_MY_PROTOCOL \
+ -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
+ -d $PLUTO_MY_CLIENT $D_MY_PORT \
+ $IPSEC_POLICY_IN \
+ -j $in_dest
+
+ [ -n "$out_rule" -a -n "$out_dest" ] && \
+ iptables -I $out_rule 1 \
+ -o $PLUTO_INTERFACE \
+ -p $PLUTO_PEER_PROTOCOL \
+ -s $PLUTO_MY_CLIENT $S_MY_PORT \
+ -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
+ $IPSEC_POLICY_OUT \
+ -j $out_dest
+
+}
+
+downfirewall() {
+ in_rule=$1
+ in_dest=$2
+ out_rule=$3
+ out_dest=$4
+
+ [ -n "$in_rule" -a -n "$in_dest" ] && \
+ iptables -D $in_rule \
+ -i $PLUTO_INTERFACE \
+ -p $PLUTO_MY_PROTOCOL \
+ -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
+ -d $PLUTO_MY_CLIENT $D_MY_PORT \
+ $IPSEC_POLICY_IN \
+ -j $in_dest
+
+ [ -n "$out_rule" -a -n "$out_dest" ] && \
+ iptables -D $out_rule \
+ -o $PLUTO_INTERFACE \
+ -p $PLUTO_PEER_PROTOCOL \
+ -s $PLUTO_MY_CLIENT $S_MY_PORT \
+ -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
+ $IPSEC_POLICY_OUT \
+ -j $out_dest
+
+}
+
addsource() {
st=0
- if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local
- then
+
+ if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local ; then
+
it="ip addr add ${PLUTO_MY_SOURCEIP%/*}/32 dev $PLUTO_INTERFACE"
oops="`eval $it 2>&1`"
st=$?
- if test " $oops" = " " -a " $st" != " 0"
- then
+
+ if [ " $oops" = " " -a " $st" != " 0" ] ; then
oops="silent error, exit status $st"
fi
- if test " $oops" != " " -o " $st" != " 0"
- then
+
+ if [ " $oops" != " " -o " $st" != " 0" ] ; then
echo "$0: addsource \`$it' failed ($oops)" >&2
fi
fi
+
return $st
}
doroute() {
st=0
parms="$PLUTO_PEER_CLIENT"
+ parms2="dev $PLUTO_INTERFACE"
- parms2=
- if [ -n "$PLUTO_NEXT_HOP" ]
- then
- parms2="via $PLUTO_NEXT_HOP"
- fi
- parms2="$parms2 dev $PLUTO_INTERFACE"
-
- if [ -z "$PLUTO_MY_SOURCEIP" ]
- then
- if [ -f /etc/sysconfig/defaultsource ]
- then
- . /etc/sysconfig/defaultsource
- fi
+ if [ -z "$PLUTO_MY_SOURCEIP" ] ; then
- if [ -f /etc/conf.d/defaultsource ]
- then
- . /etc/conf.d/defaultsource
- fi
+ [ -f /etc/sysconfig/defaultsource ] && \
+ . /etc/sysconfig/defaultsource
+
+ [ -f /etc/conf.d/defaultsource ] && \
+ . /etc/conf.d/defaultsource
+
+ [ -n "$DEFAULTSOURCE" ] && \
+ PLUTO_MY_SOURCEIP=$DEFAULTSOURCE
- if [ -n "$DEFAULTSOURCE" ]
- then
- PLUTO_MY_SOURCEIP=$DEFAULTSOURCE
- fi
fi
parms3=
- if test "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP"
- then
+ if [ "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP" ] ; then
addsource
parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*}"
fi
- case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
- "0.0.0.0/0.0.0.0")
+ if [ "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" = \
+ "0.0.0.0/0.0.0.0" ] ; then
# opportunistic encryption work around
# need to provide route that eclipses default, without
# replacing it.
- it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
- ip route $1 128.0.0.0/1 $parms2 $parms3"
- ;;
- *) it="ip route $1 $parms $parms2 $parms3"
- ;;
- esac
+ it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
+ ip route $1 128.0.0.0/1 $parms2 $parms3"
+ else
+ it="ip route $1 $parms $parms2 $parms3"
+ fi
+
oops="`eval $it 2>&1`"
st=$?
- if test " $oops" = " " -a " $st" != " 0"
- then
- oops="silent error, exit status $st"
- fi
- if test " $oops" != " " -o " $st" != " 0"
- then
- echo "$0: doroute \`$it' failed ($oops)" >&2
+
+ if [ " $oops" = " " -a " $st" != " 0" ] ; then
+ oops="silent error, exit status $st"
fi
+
+ if [ " $oops" != " " -o " $st" != " 0" ] ; then
+ echo "$0: doroute \`$it' failed ($oops)" >&2
+ fi
+
return $st
}
-
-# in the presence of KLIPS and ipsecN interfaces do not use IPSEC_POLICY
-if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ]
-then
- IPSEC_POLICY_IN=""
- IPSEC_POLICY_OUT=""
-else
- IPSEC_POLICY="-m policy --pol ipsec --proto esp --reqid $PLUTO_REQID"
- IPSEC_POLICY_IN="$IPSEC_POLICY --dir in"
- IPSEC_POLICY_OUT="$IPSEC_POLICY --dir out"
-fi
-# are there port numbers?
-if [ "$PLUTO_MY_PORT" != 0 ]
-then
- S_MY_PORT="--sport $PLUTO_MY_PORT"
- D_MY_PORT="--dport $PLUTO_MY_PORT"
-fi
-if [ "$PLUTO_PEER_PORT" != 0 ]
-then
- S_PEER_PORT="--sport $PLUTO_PEER_PORT"
- D_PEER_PORT="--dport $PLUTO_PEER_PORT"
-fi
+dologentry() {
+ action=$1
+
+ if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] ; then
+ rem="$PLUTO_PEER"
+ else
+ rem="$PLUTO_PEER_CLIENT == $PLUTO_PEER"
+ fi
+
+ if [ "$PLUTO_MY_CLIENT" == "$PLUTO_ME/32" ] ; then
+ loc="$PLUTO_ME"
+ else
+ loc="$PLUTO_ME == $PLUTO_MY_CLIENT"
+ fi
+
+ $LOGGER -t $TAG -p $FAC_PRIO "$action $rem -- $loc ($PLUTO_PEER_ID)"
+}
+
# the big choice
+
case "$PLUTO_VERB:$1" in
prepare-host:*|prepare-client:*)
# delete possibly-existing route (preliminary to adding a route)
- case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
- "0.0.0.0/0.0.0.0")
- # need to provide route that eclipses default, without
+
+ if [ "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" = \
+ "0.0.0.0/0.0.0.0" ] ; then
+ # need to remove the route that eclipses default, without
# replacing it.
- parms1="0.0.0.0/1"
- parms2="128.0.0.0/1"
- it="ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1"
- oops="`ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1`"
- ;;
- *)
- parms="$PLUTO_PEER_CLIENT"
- it="ip route delete $parms 2>&1"
- oops="`ip route delete $parms 2>&1`"
- ;;
- esac
- status="$?"
- if test " $oops" = " " -a " $status" != " 0"
- then
- oops="silent error, exit status $status"
+ it="( ip route delete 0.0.0.0/1 ;
+ ip route delete 128.0.0.0/1 )"
+ else
+ it="ip route delete $PLUTO_PEER_CLIENT"
+ fi
+
+ oops="`$it 2>&1`"
+ st="$?"
+
+ if [ " $oops" = " " -a " $st" != " 0" ] ; then
+ oops="silent error, exit status $st"
fi
+
case "$oops" in
*'RTNETLINK answers: No such process'*)
# This is what route (currently -- not documented!) gives
# for "could not find such a route".
oops=
- status=0
+ st=0
;;
esac
- if test " $oops" != " " -o " $status" != " 0"
- then
+
+ if [ " $oops" != " " -o " $st" != " 0" ] ; then
echo "$0: \`$it' failed ($oops)" >&2
fi
- exit $status
+
+ exit $st
+
;;
route-host:*|route-client:*)
# connection to me or my client subnet being routed
+
+ ipsec _showstatus valid
uproute
+
;;
unroute-host:*|unroute-client:*)
# connection to me or my client subnet being unrouted
+
+ ipsec _showstatus invalid
downroute
+
;;
-up-host:)
+up-host:*)
# connection to me coming up
- # If you are doing a custom version, firewall commands go here.
+
+ ipsec _showstatus up
+ upfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT
+ dologentry "VPN-UP"
+
;;
-down-host:)
+down-host:*)
# connection to me going down
- # If you are doing a custom version, firewall commands go here.
- ;;
-up-client:)
- # connection to my client subnet coming up
- # If you are doing a custom version, firewall commands go here.
- ;;
-down-client:)
- # connection to my client subnet going down
- # If you are doing a custom version, firewall commands go here.
+
+ ipsec _showstatus down
+ downfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT
+ dologentry "VPN-DN"
+
;;
-up-host:iptables)
- # connection to me, with (left/right)firewall=yes, coming up
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT
- #
- # log IPsec host connection setup
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
- then
- logger -t $TAG -p $FAC_PRIO \
- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME"
- else
- logger -t $TAG -p $FAC_PRIO \
- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
- fi
- fi
- ;;
-down-host:iptables)
- # connection to me, with (left/right)firewall=yes, going down
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT
- #
- # log IPsec host connection teardown
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
- then
- logger -t $TAG -p $FAC_PRIO -- \
- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME"
- else
- logger -t $TAG -p $FAC_PRIO -- \
- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
- fi
- fi
- ;;
-up-client:iptables)
- # connection to client subnet, with (left/right)firewall=yes, coming up
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
- then
- iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \
- $IPSEC_POLICY_OUT -j ACCEPT
- iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
- $IPSEC_POLICY_IN -j ACCEPT
+up-client:*)
+ # connection to client subnet coming up
+
+ ipsec _showstatus up
+
+ if [ "$PLUTO_MY_CLIENT" != "$PLUTO_ME/32" -a \
+ "$PLUTO_MY_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] ; then
+ upfirewall $FWD_RULE_IN $FWD_DEST_IN $FWD_RULE_OUT $FWD_DEST_OUT
fi
- #
+
# a virtual IP requires an INPUT and OUTPUT rule on the host
# or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
- $IPSEC_POLICY_IN -j ACCEPT
- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \
- $IPSEC_POLICY_OUT -j ACCEPT
- fi
- #
- # log IPsec client connection setup
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
- then
- logger -t $TAG -p $FAC_PRIO \
- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- else
- logger -t $TAG -p $FAC_PRIO \
- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- fi
- fi
- ;;
-down-client:iptables)
- # connection to client subnet, with (left/right)firewall=yes, going down
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
- then
- iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \
- $IPSEC_POLICY_OUT -j ACCEPT
- iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
- $IPSEC_POLICY_IN -j ACCEPT
+ if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] ; then
+ upfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT
+ fi
+
+ dologentry "VPN-UP"
+
+ ;;
+down-client:*)
+ # connection to client subnet going down
+
+ ipsec _showstatus down
+
+ if [ "$PLUTO_MY_CLIENT" != "$PLUTO_ME/32" -a \
+ "$PLUTO_MY_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] ; then
+ downfirewall $FWD_RULE_IN $FWD_DEST_IN $FWD_RULE_OUT $FWD_DEST_OUT
fi
- #
+
# a virtual IP requires an INPUT and OUTPUT rule on the host
# or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
- $IPSEC_POLICY_IN -j ACCEPT
- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \
- $IPSEC_POLICY_OUT -j ACCEPT
- fi
- #
- # log IPsec client connection teardown
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
- then
- logger -t $TAG -p $FAC_PRIO -- \
- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- else
- logger -t $TAG -p $FAC_PRIO -- \
- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- fi
+ if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] ; then
+ downfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT
fi
+
+ dologentry "VPN-DN"
+
;;
-#
-# IPv6
-#
prepare-host-v6:*|prepare-client-v6:*)
+
;;
route-host-v6:*|route-client-v6:*)
# connection to me or my client subnet being routed
+
#uproute_v6
+
;;
unroute-host-v6:*|unroute-client-v6:*)
# connection to me or my client subnet being unrouted
+
#downroute_v6
+
;;
up-host-v6:*)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
+
;;
down-host-v6:*)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
+
;;
up-client-v6:)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
+
;;
down-client-v6:)
# connection to my client subnet going down
# If you are doing a custom version, firewall commands go here.
+
;;
-*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
+*)
+ echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
exit 1
+
;;
esac
+

26
net/strongswan/patches/300-openwrt.patch
View File

@ -1,26 +0,0 @@
Index: strongswan-2.8.2/Makefile.inc
===================================================================
--- strongswan-2.8.2.orig/Makefile.inc 2007-06-04 13:23:04.604033976 +0200
+++ strongswan-2.8.2/Makefile.inc 2007-06-04 13:23:06.855691672 +0200
@@ -123,7 +123,7 @@
# With a non-null DESTDIR, INC_RCDEFAULT will be used unless one of the
# INC_RCDIRS directories has been pre-created under DESTDIR.
INC_RCDIRS=/etc/rc.d/init.d /etc/rc.d /etc/init.d /sbin/init.d
-INC_RCDEFAULT=/etc/rc.d/init.d
+INC_RCDEFAULT=/etc/init.d
# RCDIR is where boot/shutdown scripts go; FINALRCDIR is where they think
# will finally be (so utils/Makefile can create a symlink in BINDIR to the
Index: strongswan-2.8.2/programs/showhostkey/showhostkey.in
===================================================================
--- strongswan-2.8.2.orig/programs/showhostkey/showhostkey.in 2007-06-04 13:23:04.612032760 +0200
+++ strongswan-2.8.2/programs/showhostkey/showhostkey.in 2007-06-04 13:23:06.855691672 +0200
@@ -62,7 +62,7 @@
exit 1
fi
-host="`hostname --fqdn`"
+host="`cat /proc/sys/kernel/hostname`"
awk ' BEGIN {
inkey = 0

19
net/strongswan/patches/310-make-ipsec-alg.patch
View File

@ -1,19 +0,0 @@
Index: strongswan-2.8.2/linux/net/ipsec/alg/Makefile.alg_cryptoapi
===================================================================
--- strongswan-2.8.2.orig/linux/net/ipsec/alg/Makefile.alg_cryptoapi 2007-06-04 13:23:04.583037168 +0200
+++ strongswan-2.8.2/linux/net/ipsec/alg/Makefile.alg_cryptoapi 2007-06-04 13:23:07.053661576 +0200
@@ -1,10 +1,10 @@
MOD_CRYPTOAPI := ipsec_cryptoapi.o
ifneq ($(wildcard $(TOPDIR)/include/linux/crypto.h),)
-ALG_MODULES += $(MOD_CRYPTOAPI)
-obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += $(MOD_CRYPTOAPI)
-static_init-func-$(CONFIG_IPSEC_ALG_CRYPTOAPI)+= ipsec_cryptoapi_init
-alg_obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += ipsec_alg_cryptoapi.o
+#ALG_MODULES += $(MOD_CRYPTOAPI)
+#obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += $(MOD_CRYPTOAPI)
+#static_init-func-$(CONFIG_IPSEC_ALG_CRYPTOAPI)+= ipsec_cryptoapi_init
+#alg_obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += ipsec_alg_cryptoapi.o
else
$(warning "Linux CryptoAPI (2.4.22+ or 2.6.x) not found, not building ipsec_cryptoapi.o")
endif

108
net/strongswan/patches/320-no-modprobe.patch
View File

@ -1,108 +0,0 @@
Index: strongswan-2.8.2/programs/starter/klips.c
===================================================================
--- strongswan-2.8.2.orig/programs/starter/klips.c 2007-06-04 13:23:04.544043096 +0200
+++ strongswan-2.8.2/programs/starter/klips.c 2007-06-04 13:23:07.238633456 +0200
@@ -44,7 +44,7 @@
unsetenv("MODPATH");
unsetenv("MODULECONF");
system("depmod -a >/dev/null 2>&1");
- system("modprobe -qv ipsec");
+ system("insmod -qv ipsec");
}
if (stat(PROC_IPSECVERSION, &stb) == 0)
{
@@ -62,11 +62,11 @@
/* make sure that all available crypto algorithms are loaded */
if (stat(PROC_MODULES, &stb) == 0)
{
- system("modprobe -qv ipsec_aes");
- system("modprobe -qv ipsec_serpent");
- system("modprobe -qv ipsec_twofish");
- system("modprobe -qv ipsec_blowfish");
- system("modprobe -qv ipsec_sha2");
+ system("insmod -qv ipsec_aes");
+ system("insmod -qv ipsec_serpent");
+ system("insmod -qv ipsec_twofish");
+ system("insmod -qv ipsec_blowfish");
+ system("insmod -qv ipsec_sha2");
}
starter_klips_clear();
Index: strongswan-2.8.2/programs/starter/netkey.c
===================================================================
--- strongswan-2.8.2.orig/programs/starter/netkey.c 2007-06-04 13:23:04.551042032 +0200
+++ strongswan-2.8.2/programs/starter/netkey.c 2007-06-04 13:23:07.238633456 +0200
@@ -36,7 +36,7 @@
/* af_key module makes the netkey proc interface visible */
if (stat(PROC_MODULES, &stb) == 0)
{
- system("modprobe -qv af_key");
+ system("insmod -qv af_key");
}
/* now test again */
@@ -52,11 +52,11 @@
/* make sure that all required IPsec modules are loaded */
if (stat(PROC_MODULES, &stb) == 0)
{
- system("modprobe -qv ah4");
- system("modprobe -qv esp4");
- system("modprobe -qv ipcomp");
- system("modprobe -qv xfrm4_tunnel");
- system("modprobe -qv xfrm_user");
+ system("insmod -qv ah4");
+ system("insmod -qv esp4");
+ system("insmod -qv ipcomp");
+ system("insmod -qv xfrm4_tunnel");
+ system("insmod -qv xfrm_user");
}
DBG(DBG_CONTROL,
Index: strongswan-2.8.2/programs/_startklips/_startklips.in
===================================================================
--- strongswan-2.8.2.orig/programs/_startklips/_startklips.in 2007-06-04 13:23:04.560040664 +0200
+++ strongswan-2.8.2/programs/_startklips/_startklips.in 2007-06-04 13:23:07.238633456 +0200
@@ -249,7 +249,7 @@
if test ! -f $ipsecversion && test ! -f $netkey
then
- modprobe -v af_key
+ insmod -v af_key
fi
if test -f $netkey
@@ -257,11 +257,11 @@
klips=false
if test -f $modules
then
- modprobe -qv ah4
- modprobe -qv esp4
- modprobe -qv ipcomp
- modprobe -qv xfrm4_tunnel
- modprobe -qv xfrm_user
+ insmod -qv ah4
+ insmod -qv esp4
+ insmod -qv ipcomp
+ insmod -qv xfrm4_tunnel
+ insmod -qv xfrm_user
fi
fi
@@ -272,7 +272,7 @@
setmodule
unset MODPATH MODULECONF # no user overrides!
depmod -a >/dev/null 2>&1
- modprobe -v ipsec
+ insmod -v ipsec
fi
if test ! -f $ipsecversion
then
@@ -288,7 +288,7 @@
do
if test -f $moduleinstplace/alg/ipsec_$alg.o
then
- modprobe ipsec_$alg
+ insmod ipsec_$alg
fi
done
fi

21
net/strongswan/patches/350-make-programs.patch
View File

@ -1,21 +0,0 @@
Index: strongswan-2.8.2/programs/Makefile
===================================================================
--- strongswan-2.8.2.orig/programs/Makefile 2007-06-04 13:23:06.414758704 +0200
+++ strongswan-2.8.2/programs/Makefile 2007-06-04 13:23:07.444602144 +0200
@@ -17,12 +17,10 @@
FREESWANSRCDIR=..
include ${FREESWANSRCDIR}/Makefile.inc
-SUBDIRS=spi eroute spigrp tncfg klipsdebug pf_key proc pluto
-SUBDIRS+=_confread _copyright _include _keycensor _plutoload _plutorun
-SUBDIRS+=_realsetup _secretcensor _startklips _updown _updown_espmark
-SUBDIRS+=auto barf ipsec look manual ranbits secrets starter
-SUBDIRS+=rsasigkey send-pr setup showdefaults showhostkey calcgoo mailkey
-SUBDIRS+=ikeping examples openac scepclient _showstatus wakeup
+SUBDIRS=_copyright _updown _showstatus wakeup examples
+SUBDIRS+=barf calcgoo eroute ikeping klipsdebug look mailkey manual
+SUBDIRS+=openac pf_key pluto proc ranbits rsasigkey scepclient secrets
+SUBDIRS+=showdefaults showhostkey spi spigrp starter tncfg ipsec
ifeq ($(USE_LWRES),true)
SUBDIRS+=lwdnsq

149
net/strongswan/patches/400-pluto-fix_CIRCLEQ.patch
View File

@ -1,149 +0,0 @@
diff -Nurp strongswan-2.8.11.orig/linux/include/circ-queue.h strongswan-2.8.11.queue/linux/include/circ-queue.h
--- strongswan-2.8.11.orig/linux/include/circ-queue.h 1970-01-01 01:00:00.000000000 +0100
+++ strongswan-2.8.11.queue/linux/include/circ-queue.h 2009-12-02 19:11:31.414549616 +0100
@@ -0,0 +1,131 @@
+/*
+ * Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)queue.h 8.5 (Berkeley) 8/20/94
+ * $FreeBSD: ports/misc/44bsd-more/files/queue.h,v 1.1 2001/01/06 03:41:36 hoek Exp $
+ */
+
+/*
+ * Circular queue definitions.
+ */
+#define CIRCLEQ_HEAD(name, type) \
+struct name { \
+ struct type *cqh_first; /* first element */ \
+ struct type *cqh_last; /* last element */ \
+}
+
+#define CIRCLEQ_ENTRY(type) \
+struct { \
+ struct type *cqe_next; /* next element */ \
+ struct type *cqe_prev; /* previous element */ \
+}
+
+/*
+ * Circular queue functions.
+ */
+#define CIRCLEQ_EMPTY(head) ((head)->cqh_first == (void *)(head))
+
+#define CIRCLEQ_FIRST(head) ((head)->cqh_first)
+
+#define CIRCLEQ_FOREACH(var, head, field) \
+ for((var) = (head)->cqh_first; \
+ (var) != (void *)(head); \
+ (var) = (var)->field.cqe_next)
+
+#define CIRCLEQ_FOREACH_REVERSE(var, head, field) \
+ for((var) = (head)->cqh_last; \
+ (var) != (void *)(head); \
+ (var) = (var)->field.cqe_prev)
+
+#define CIRCLEQ_INIT(head) do { \
+ (head)->cqh_first = (void *)(head); \
+ (head)->cqh_last = (void *)(head); \
+} while (0)
+
+#define CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) do { \
+ (elm)->field.cqe_next = (listelm)->field.cqe_next; \
+ (elm)->field.cqe_prev = (listelm); \
+ if ((listelm)->field.cqe_next == (void *)(head)) \
+ (head)->cqh_last = (elm); \
+ else \
+ (listelm)->field.cqe_next->field.cqe_prev = (elm); \
+ (listelm)->field.cqe_next = (elm); \
+} while (0)
+
+#define CIRCLEQ_INSERT_BEFORE(head, listelm, elm, field) do { \
+ (elm)->field.cqe_next = (listelm); \
+ (elm)->field.cqe_prev = (listelm)->field.cqe_prev; \
+ if ((listelm)->field.cqe_prev == (void *)(head)) \
+ (head)->cqh_first = (elm); \
+ else \
+ (listelm)->field.cqe_prev->field.cqe_next = (elm); \
+ (listelm)->field.cqe_prev = (elm); \
+} while (0)
+
+#define CIRCLEQ_INSERT_HEAD(head, elm, field) do { \
+ (elm)->field.cqe_next = (head)->cqh_first; \
+ (elm)->field.cqe_prev = (void *)(head); \
+ if ((head)->cqh_last == (void *)(head)) \
+ (head)->cqh_last = (elm); \
+ else \
+ (head)->cqh_first->field.cqe_prev = (elm); \
+ (head)->cqh_first = (elm); \
+} while (0)
+
+#define CIRCLEQ_INSERT_TAIL(head, elm, field) do { \
+ (elm)->field.cqe_next = (void *)(head); \
+ (elm)->field.cqe_prev = (head)->cqh_last; \
+ if ((head)->cqh_first == (void *)(head)) \
+ (head)->cqh_first = (elm); \
+ else \
+ (head)->cqh_last->field.cqe_next = (elm); \
+ (head)->cqh_last = (elm); \
+} while (0)
+
+#define CIRCLEQ_LAST(head) ((head)->cqh_last)
+
+#define CIRCLEQ_NEXT(elm,field) ((elm)->field.cqe_next)
+
+#define CIRCLEQ_PREV(elm,field) ((elm)->field.cqe_prev)
+
+#define CIRCLEQ_REMOVE(head, elm, field) do { \
+ if ((elm)->field.cqe_next == (void *)(head)) \
+ (head)->cqh_last = (elm)->field.cqe_prev; \
+ else \
+ (elm)->field.cqe_next->field.cqe_prev = \
+ (elm)->field.cqe_prev; \
+ if ((elm)->field.cqe_prev == (void *)(head)) \
+ (head)->cqh_first = (elm)->field.cqe_next; \
+ else \
+ (elm)->field.cqe_prev->field.cqe_next = \
+ (elm)->field.cqe_next; \
+} while (0)
diff -Nurp strongswan-2.8.11.orig/programs/pluto/connections.h strongswan-2.8.11.queue/programs/pluto/connections.h
--- strongswan-2.8.11.orig/programs/pluto/connections.h 2007-06-18 20:24:51.000000000 +0200
+++ strongswan-2.8.11.queue/programs/pluto/connections.h 2009-12-02 19:11:02.127064115 +0100
@@ -18,6 +18,10 @@
#define _CONNECTIONS_H
#include <sys/queue.h>
+/* This handles the 'syntax error before "CIRCLEQ_ENTRY"' */
+#ifndef CIRCLEQ_HEAD
+#include <circ-queue.h>
+#endif
#include "id.h"
#include "certs.h"

67
sound/alsa/Makefile
View File

@ -1,67 +0,0 @@
#
# Copyright (C) 2006 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=alsa-driver
PKG_VERSION:=1.0.14rc1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=ftp://ftp.alsa-project.org/pub/driver/
PKG_MD5SUM:=4cff99be4b225e96663fbd61cabe3182
include $(INCLUDE_DIR)/package.mk
define KernelPackage/alsa
SUBMENU:=Other modules
DEPENDS:=@USB_SUPPORT @LINUX_2_4
TITLE:=Advanced Linux Sound Architecture
FILES:=$(PKG_BUILD_DIR)/modules/*.$(LINUX_KMOD_SUFFIX)
AUTOLOAD=$(call AutoLoad,70,$(shell cat ./files/alsa.modules))
endef
ifeq ($(KERNEL),2.4)
ifeq ($(LINUX_KARCH),i386)
KERNEL_C_OPTS:= -Os -mpreferred-stack-boundary=2 -march=i486 -fno-unit-at-a-time
endif
ifeq ($(LINUX_KARCH),mips)
KERNEL_C_OPTS:= -Os -G 0 -mlong-calls -mno-abicalls -fno-pic -finline-limit=100000 -mabi=32 -march=mips32 -Wa,-32 -Wa,-march=mips32 -Wa,-mips32 -Wa,--trap
endif
endif
ifeq ($(LINUX_KARCH),i386)
KERNEL_C_INCS:= -I$(LINUX_DIR)/include/asm-i386/mach-generic -I$(LINUX_DIR)/include/asm-i386/mach-default
endif
ifeq ($(LINUX_KARCH),mips)
KERNEL_C_INCS:= -I$(LINUX_DIR)/include/asm-mips/mach-generic
endif
CONFIGURE_VARS:= \
CFLAGS="$(KERNEL_C_INCS)"
CONFIGURE_ARGS:= \
--with-build="$(LINUX_DIR)" \
--with-kernel="$(LINUX_DIR)" \
--with-cross="$(KERNEL_CROSS)" \
--with-redhat=no \
--with-suse=no \
--with-oss=yes \
--with-isapnp=no \
--with-sequencer=no \
--with-cards=usb-audio
define Build/Compile
$(MAKE) -C $(PKG_BUILD_DIR) \
ARCH="$(LINUX_KARCH)" \
CROSS_COMPILE="$(TARGET_CROSS)" \
c_opts="$(KERNEL_C_OPTS)" \
CP="$(CP)" \
all
endef
$(eval $(call KernelPackage,alsa))

10
sound/alsa/files/alsa.modules
View File

@ -1,10 +0,0 @@
snd-page-alloc
snd
snd-timer
snd-pcm
snd-rawmidi
snd-usb-lib
snd-hwdep
snd-usb-audio
snd-mixer-oss
snd-pcm-oss

19
sound/alsa/patches/100-compile_fix.patch
View File

@ -1,19 +0,0 @@
Index: alsa-driver-1.0.14rc1/include/adriver.h
===================================================================
--- alsa-driver-1.0.14rc1.orig/include/adriver.h 2007-06-04 13:22:44.887031416 +0200
+++ alsa-driver-1.0.14rc1/include/adriver.h 2007-06-04 13:22:44.956020928 +0200
@@ -514,7 +514,7 @@
#endif /* < 2.6.0 */
/* workarounds for USB API */
-#if defined(SND_NEED_USB_WRAPPER) && (defined(CONFIG_USB) || defined(CONFIG_USB_MODULE))
+#if 1
#include <linux/usb.h>
@@ -1360,4 +1360,5 @@
#endif
#endif
+#undef info /* used in several structs */
#endif /* __SOUND_LOCAL_DRIVER_H */

13
sound/alsa/patches/110-cp_command.patch
View File

@ -1,13 +0,0 @@
Index: alsa-driver-1.0.14rc1/Makefile
===================================================================
--- alsa-driver-1.0.14rc1.orig/Makefile 2007-06-04 13:22:44.865034760 +0200
+++ alsa-driver-1.0.14rc1/Makefile 2007-06-04 13:22:45.149991440 +0200
@@ -115,7 +115,7 @@
if [ ! -d include/sound -a ! -L include/sound ]; then \
ln -sf ../alsa-kernel/include include/sound ; \
fi
- cp -puvf include/version.h include/sound/version.h
+ $(CP) include/version.h include/sound/version.h
utils/mod-deps: utils/mod-deps.c
gcc utils/mod-deps.c -o utils/mod-deps

13
sound/alsa/patches/120-sndfops.patch
View File

@ -1,13 +0,0 @@
Index: alsa-driver-1.0.14rc1/alsa-kernel/core/sound.c
===================================================================
--- alsa-driver-1.0.14rc1.orig/alsa-kernel/core/sound.c 2007-07-11 12:15:11.408530571 +0200
+++ alsa-driver-1.0.14rc1/alsa-kernel/core/sound.c 2007-07-11 12:15:26.421386105 +0200
@@ -171,7 +171,7 @@
return err;
}
-static struct file_operations snd_fops =
+struct file_operations snd_fops =
{
.owner = THIS_MODULE,
.open = snd_open