openswan/patches/103-network_ip.patch

diff -Nur openswan-2.4.9.orig/programs/loggerfix openswan-2.4.9/programs/loggerfix
--- openswan-2.4.9.orig/programs/loggerfix      1970-01-01 01:00:00.000000000 +0100
+++ openswan-2.4.9/programs/loggerfix   2007-08-02 00:58:31.000000000 +0200
@@ -0,0 +1,5 @@
+#!/bin/sh
+# use filename instead of /dev/null to log, but dont log to flash or ram
+# pref. log to nfs mount
+echo "$*" >> /dev/null
+exit 0
diff -Nur openswan-2.4.9.orig/programs/_realsetup/_realsetup.in openswan-2.4.9/programs/_realsetup/_realsetup.in
--- openswan-2.4.9.orig/programs/_realsetup/_realsetup.in       2007-06-19 17:18:52.000000000 +0200
+++ openswan-2.4.9/programs/_realsetup/_realsetup.in    2007-08-02 00:58:31.000000000 +0200
@@ -140,11 +140,12 @@
 
 if $klips
 then
-    KILLKLIPS='ifl=` ifconfig | sed -n -e "/^ipsec/s/ .*//p" ` ;
+    KILLKLIPS='ifl=` ip link show up | sed -n -e "/ipsec[0-9][0-9]*/s/^[0-9][0-9]*: \([^ ]*\): .*/\1/p" ` ;
        test "X$ifl" != "X" &&
        for i in  $ifl ;
        do
-               ifconfig $i down ;
+               ip link set $i down ;
+               ip addr flush dev $i ;
                ipsec tncfg --detach --virtual $i ;
        done ;
        test -r /proc/net/ipsec_klipsdebug && ipsec klipsdebug --none ;
diff -Nur openswan-2.4.9.orig/programs/setup/setup.in openswan-2.4.9/programs/setup/setup.in
--- openswan-2.4.9.orig/programs/setup/setup.in 2007-07-10 05:12:57.000000000 +0200
+++ openswan-2.4.9/programs/setup/setup.in      2007-08-02 00:58:31.000000000 +0200
@@ -126,6 +126,16 @@
                        logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
                exit 1
        fi
+
+       # make sure all required directories exist
+       if [ ! -d /var/run/pluto ]
+       then
+               mkdir -p /var/run/pluto
+       fi
+       if [ ! -d /var/lock/subsys ]
+       then
+               mkdir -p /var/lock/subsys
+       fi
        tmp=/var/run/pluto/ipsec_setup.st
        outtmp=/var/run/pluto/ipsec_setup.out
        (
diff -Nur openswan-2.4.9.orig/programs/_startklips/_startklips.in openswan-2.4.9/programs/_startklips/_startklips.in
--- openswan-2.4.9.orig/programs/_startklips/_startklips.in     2007-07-06 19:29:15.000000000 +0200
+++ openswan-2.4.9/programs/_startklips/_startklips.in  2007-08-02 00:58:59.000000000 +0200
@@ -104,22 +104,21 @@
 
        # figure out ifconfig for interface
        addr=
-       eval `ifconfig $phys |
-               awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ {
-                       gsub(/:/, " ", $0)
-                       print "addr=" $3
-                       other = $5
-                       if ($4 == "Bcast")
+       eval `ip addr show dev $phys label $phys  |
+               awk '$1 == "inet" {
+                       print "addr=" $2
+                       other = $4
+                       if ($3 == "brd")
                                print "type=broadcast"
-                       else if ($4 == "P-t-P")
-                               print "type=pointopoint"
+                       else if ($3 == "peer")
+                               print "type=peer"
                        else if (NF == 5) {
                                print "type="
                                other = ""
                        } else
                                print "type=unknown"
                        print "otheraddr=" other
-                       print "mask=" $NF
+                       gsub(/\//, " ", $0)
                }'`
        if test " $addr" = " "
        then
@@ -150,10 +149,12 @@
                # busybox does not like "inet" keyword in ifconfiga
                # see http://busybox.net/bugs/view.php?id=752
                # ifconfig $virt inet $addr $type $otheraddr netmask $mask $mtu
-               ifconfig $virt $addr $type $otheraddr netmask $mask $mtu
+               ip addr add $addr $type $otheraddr dev $virt
+               ip link set $virt $mtu up
        fi
 
        # if %defaultroute, note the facts
+       addr=`echo $addr|sed 's/\/.*//'`
        if test " $2" != " "
        then
                (
@@ -209,8 +210,8 @@
 
 # interfaces=%defaultroute:  put ipsec0 on top of default route's interface
 defaultinterface() {
-       phys=`netstat -nr |
-               awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'`
+       phys=`ip route show |
+               awk '$1 == "default" { print $5 }'`
        if test " $phys" = " "
        then
                echo "no default route, %defaultroute cannot cope!!!"
@@ -221,8 +222,8 @@
                echo "multiple default routes, %defaultroute cannot cope!!!"
                exit 1
        fi
-       next=`netstat -nr |
-               awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'`
+       next=`ip route show |
+               awk '$1 == "default" { print $3 }'`
        if [ "$next" = "0.0.0.0" ] ; then
                next=`ip addr list $phys | grep -E '^ +inet6*.*scope global $phys' |
                        awk '{ print $2}' | awk -F / '{ print $1 }'`
@@ -276,13 +277,13 @@
     echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
     exit
 fi
-if test ! -f $ipsecversion && test ! -f $netkey && @MODPROBE@ -qn ipsec
+if test ! -f $ipsecversion && test ! -f $netkey && @MODPROBE@ -q ipsec
 then
        # statically compiled KLIPS/NETKEY not found; but there seems to be an ipsec module
        @MODPROBE@ ipsec 2> /dev/null
 fi
 
-if test ! -f $ipsecversion && test ! -f $netkey && @MODPROBE@ -qn af_key
+if test ! -f $ipsecversion && test ! -f $netkey && @MODPROBE@ -q af_key
 then
        # netkey should work then
        @MODPROBE@ af_key 2> /dev/null
// Log In
// CVSweb
Project: FreeWRT
// Summary // Activity // Search // Tracker // Lists // News // SCM // Wiki
1	diff -Nur openswan-2.4.9.orig/programs/loggerfix openswan-2.4.9/programs/loggerfix
2	--- openswan-2.4.9.orig/programs/loggerfix 1970-01-01 01:00:00.000000000 +0100
3	+++ openswan-2.4.9/programs/loggerfix 2007-08-02 00:58:31.000000000 +0200
4	@@ -0,0 +1,5 @@
5	+#!/bin/sh
6	+# use filename instead of /dev/null to log, but dont log to flash or ram
7	+# pref. log to nfs mount
8	+echo "$*" >> /dev/null
9	+exit 0
10	diff -Nur openswan-2.4.9.orig/programs/_realsetup/_realsetup.in openswan-2.4.9/programs/_realsetup/_realsetup.in
11	--- openswan-2.4.9.orig/programs/_realsetup/_realsetup.in 2007-06-19 17:18:52.000000000 +0200
12	+++ openswan-2.4.9/programs/_realsetup/_realsetup.in 2007-08-02 00:58:31.000000000 +0200
13	@@ -140,11 +140,12 @@
14
15	if $klips
16	then
17	- KILLKLIPS='ifl=` ifconfig \| sed -n -e "/^ipsec/s/ .*//p" ` ;
18	+ KILLKLIPS='ifl=` ip link show up \| sed -n -e "/ipsec[0-9][0-9]/s/^[0-9][0-9]: \([^ ]\): ./\1/p" ` ;
19	test "X$ifl" != "X" &&
20	for i in $ifl ;
21	do
22	- ifconfig $i down ;
23	+ ip link set $i down ;
24	+ ip addr flush dev $i ;
25	ipsec tncfg --detach --virtual $i ;
26	done ;
27	test -r /proc/net/ipsec_klipsdebug && ipsec klipsdebug --none ;
28	diff -Nur openswan-2.4.9.orig/programs/setup/setup.in openswan-2.4.9/programs/setup/setup.in
29	--- openswan-2.4.9.orig/programs/setup/setup.in 2007-07-10 05:12:57.000000000 +0200
30	+++ openswan-2.4.9/programs/setup/setup.in 2007-08-02 00:58:31.000000000 +0200
31	@@ -126,6 +126,16 @@
32	logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
33	exit 1
34	fi
35	+
36	+ # make sure all required directories exist
37	+ if [ ! -d /var/run/pluto ]
38	+ then
39	+ mkdir -p /var/run/pluto
40	+ fi
41	+ if [ ! -d /var/lock/subsys ]
42	+ then
43	+ mkdir -p /var/lock/subsys
44	+ fi
45	tmp=/var/run/pluto/ipsec_setup.st
46	outtmp=/var/run/pluto/ipsec_setup.out
47	(
48	diff -Nur openswan-2.4.9.orig/programs/_startklips/_startklips.in openswan-2.4.9/programs/_startklips/_startklips.in
49	--- openswan-2.4.9.orig/programs/_startklips/_startklips.in 2007-07-06 19:29:15.000000000 +0200
50	+++ openswan-2.4.9/programs/_startklips/_startklips.in 2007-08-02 00:58:59.000000000 +0200
51	@@ -104,22 +104,21 @@
52
53	# figure out ifconfig for interface
54	addr=
55	- eval `ifconfig $phys \|
56	- awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ {
57	- gsub(/:/, " ", $0)
58	- print "addr=" $3
59	- other = $5
60	- if ($4 == "Bcast")
61	+ eval `ip addr show dev $phys label $phys \|
62	+ awk '$1 == "inet" {
63	+ print "addr=" $2
64	+ other = $4
65	+ if ($3 == "brd")
66	print "type=broadcast"
67	- else if ($4 == "P-t-P")
68	- print "type=pointopoint"
69	+ else if ($3 == "peer")
70	+ print "type=peer"
71	else if (NF == 5) {
72	print "type="
73	other = ""
74	} else
75	print "type=unknown"
76	print "otheraddr=" other
77	- print "mask=" $NF
78	+ gsub(/\//, " ", $0)
79	}'`
80	if test " $addr" = " "
81	then
82	@@ -150,10 +149,12 @@
83	# busybox does not like "inet" keyword in ifconfiga
84	# see http://busybox.net/bugs/view.php?id=752
85	# ifconfig $virt inet $addr $type $otheraddr netmask $mask $mtu
86	- ifconfig $virt $addr $type $otheraddr netmask $mask $mtu
87	+ ip addr add $addr $type $otheraddr dev $virt
88	+ ip link set $virt $mtu up
89	fi
90
91	# if %defaultroute, note the facts
92	+ addr=`echo $addr\|sed 's/\/.*//'`
93	if test " $2" != " "
94	then
95	(
96	@@ -209,8 +210,8 @@
97
98	# interfaces=%defaultroute: put ipsec0 on top of default route's interface
99	defaultinterface() {
100	- phys=`netstat -nr \|
101	- awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'`
102	+ phys=`ip route show \|
103	+ awk '$1 == "default" { print $5 }'`
104	if test " $phys" = " "
105	then
106	echo "no default route, %defaultroute cannot cope!!!"
107	@@ -221,8 +222,8 @@
108	echo "multiple default routes, %defaultroute cannot cope!!!"
109	exit 1
110	fi
111	- next=`netstat -nr \|
112	- awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'`
113	+ next=`ip route show \|
114	+ awk '$1 == "default" { print $3 }'`
115	if [ "$next" = "0.0.0.0" ] ; then
116	next=`ip addr list $phys \| grep -E '^ +inet6.scope global $phys' \|
117	awk '{ print $2}' \| awk -F / '{ print $1 }'`
118	@@ -276,13 +277,13 @@
119	echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
120	exit
121	fi
122	-if test ! -f $ipsecversion && test ! -f $netkey && @MODPROBE@ -qn ipsec
123	+if test ! -f $ipsecversion && test ! -f $netkey && @MODPROBE@ -q ipsec
124	then
125	# statically compiled KLIPS/NETKEY not found; but there seems to be an ipsec module
126	@MODPROBE@ ipsec 2> /dev/null
127	fi
128
129	-if test ! -f $ipsecversion && test ! -f $netkey && @MODPROBE@ -qn af_key
130	+if test ! -f $ipsecversion && test ! -f $netkey && @MODPROBE@ -q af_key
131	then
132	# netkey should work then
133	@MODPROBE@ af_key 2> /dev/null