openswan/patches/scripts.patch

diff -Nur openswan-2.4.7/programs/loggerfix openswan-2.4.7.scripts/programs/loggerfix
--- openswan-2.4.7/programs/loggerfix   1970-01-01 01:00:00.000000000 +0100
+++ openswan-2.4.7.scripts/programs/loggerfix   2006-11-19 21:17:56.000000000 +0100
@@ -0,0 +1,5 @@
+#!/bin/sh
+# use filename instead of /dev/null to log, but dont log to flash or ram
+# pref. log to nfs mount
+echo "$*" >> /dev/null
+exit 0
diff -Nur openswan-2.4.7/programs/_realsetup/_realsetup.in openswan-2.4.7.scripts/programs/_realsetup/_realsetup.in
--- openswan-2.4.7/programs/_realsetup/_realsetup.in    2006-10-03 03:20:32.000000000 +0200
+++ openswan-2.4.7.scripts/programs/_realsetup/_realsetup.in    2006-11-19 21:17:56.000000000 +0100
@@ -138,11 +138,12 @@
 
 if $klips
 then
-    KILLKLIPS='ifl=` ifconfig | sed -n -e "/^ipsec/s/ .*//p" ` ;
+    KILLKLIPS='ifl=` ip link show up | sed -n -e "/ipsec[0-9][0-9]*/s/^[0-9][0-9]*: \([^ ]*\): .*/\1/p" ` ;
        test "X$ifl" != "X" &&
        for i in  $ifl ;
        do
-               ifconfig $i down ;
+               ip link set $i down ;
+               ip addr flush dev $i ;
                ipsec tncfg --detach --virtual $i ;
        done ;
        test -r /proc/net/ipsec_klipsdebug && ipsec klipsdebug --none ;
diff -Nur openswan-2.4.7/programs/setup/setup.in openswan-2.4.7.scripts/programs/setup/setup.in
--- openswan-2.4.7/programs/setup/setup.in      2006-10-27 01:54:32.000000000 +0200
+++ openswan-2.4.7.scripts/programs/setup/setup.in      2006-11-19 21:17:56.000000000 +0100
@@ -123,6 +123,16 @@
                        logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
                exit 1
        fi
+
+       # make sure all required directories exist
+       if [ ! -d /var/run/pluto ]
+       then
+               mkdir -p /var/run/pluto
+       fi
+       if [ ! -d /var/lock/subsys ]
+       then
+               mkdir -p /var/lock/subsys
+       fi
        tmp=/var/run/pluto/ipsec_setup.st
        outtmp=/var/run/pluto/ipsec_setup.out
        (
diff -Nur openswan-2.4.7/programs/showhostkey/showhostkey.in openswan-2.4.7.scripts/programs/showhostkey/showhostkey.in
--- openswan-2.4.7/programs/showhostkey/showhostkey.in  2004-11-14 14:40:41.000000000 +0100
+++ openswan-2.4.7.scripts/programs/showhostkey/showhostkey.in  2006-11-19 21:17:56.000000000 +0100
@@ -63,7 +63,7 @@
        exit 1
 fi
 
-host="`hostname --fqdn`"
+host="`cat /proc/sys/kernel/hostname`"
 
 awk '  BEGIN {
                inkey = 0
diff -Nur openswan-2.4.7/programs/_startklips/_startklips.in openswan-2.4.7.scripts/programs/_startklips/_startklips.in
--- openswan-2.4.7/programs/_startklips/_startklips.in  2006-11-13 21:27:18.000000000 +0100
+++ openswan-2.4.7.scripts/programs/_startklips/_startklips.in  2006-11-19 21:23:52.000000000 +0100
@@ -104,22 +104,21 @@
 
        # figure out ifconfig for interface
        addr=
-       eval `ifconfig $phys |
-               awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ {
-                       gsub(/:/, " ", $0)
-                       print "addr=" $3
-                       other = $5
-                       if ($4 == "Bcast")
+       eval `ip addr show dev $phys label $phys  |
+               awk '$1 == "inet" {
+                       print "addr=" $2
+                       other = $4
+                       if ($3 == "brd")
                                print "type=broadcast"
-                       else if ($4 == "P-t-P")
-                               print "type=pointopoint"
+                       else if ($3 == "peer")
+                               print "type=peer"
                        else if (NF == 5) {
                                print "type="
                                other = ""
                        } else
                                print "type=unknown"
                        print "otheraddr=" other
-                       print "mask=" $NF
+                       gsub(/\//, " ", $0)
                }'`
        if test " $addr" = " "
        then
@@ -147,10 +146,12 @@
        then
                # attach the interface and bring it up
                ipsec tncfg --attach --virtual $virt --physical $phys
-               ifconfig $virt inet $addr $type $otheraddr netmask $mask $mtu
+               ip addr add $addr $type $otheraddr dev $virt
+               ip link set $virt $mtu up
        fi
 
        # if %defaultroute, note the facts
+       addr=`echo $addr|sed 's/\/.*//'`
        if test " $2" != " "
        then
                (
@@ -206,8 +207,8 @@
 
 # interfaces=%defaultroute:  put ipsec0 on top of default route's interface
 defaultinterface() {
-       phys=`netstat -nr |
-               awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'`
+       phys=`ip route show |
+               awk '$1 == "default" { print $5 }'`
        if test " $phys" = " "
        then
                echo "no default route, %defaultroute cannot cope!!!"
@@ -218,8 +219,8 @@
                echo "multiple default routes, %defaultroute cannot cope!!!"
                exit 1
        fi
-       next=`netstat -nr |
-               awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'`
+       next=`ip route show |
+               awk '$1 == "default" { print $3 }'`
        klipsinterface "ipsec0=$phys" $next
 }
 
@@ -249,7 +250,7 @@
         fi
         if test -f $moduleinstplace/$wantgoo
         then
-                echo "modprobe failed, but found matching template module $wantgoo."
+                echo "insmod failed, but found matching template module $wantgoo."
                 echo "Copying $moduleinstplace/$wantgoo to $module."
                 rm -f $module
                 mkdir -p $moduleplace
@@ -269,16 +270,16 @@
     echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
     exit
 fi
-if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
+if test ! -f $ipsecversion && test ! -f $netkey && insmod ipsec
 then
        # statically compiled KLIPS/NETKEY not found; but there seems to be an ipsec module
-       modprobe ipsec 2> /dev/null
+       insmod ipsec 2> /dev/null
 fi
 
-if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn af_key
+if test ! -f $ipsecversion && test ! -f $netkey && insmod af_key
 then
        # netkey should work then
-       modprobe af_key 2> /dev/null
+       insmod af_key 2> /dev/null
 fi
 if test ! -f $ipsecversion && test ! -f $netkey 
 then
@@ -292,26 +293,26 @@
 if test -f $modules
 then
        # we modprobe hw_random so ipsec verify can complain about not using it
-       modprobe -q hw_random 2> /dev/null
+       insmod hw_random 2> /dev/null
        # padlock must load before aes module
-       modprobe -q padlock 2> /dev/null
+       insmod padlock 2> /dev/null
        # load the most common ciphers/algo's
-       modprobe -q sha256 2> /dev/null
-       modprobe -q sha1 2> /dev/null
-       modprobe -q md5 2> /dev/null
-       modprobe -q des 2> /dev/null
-       modprobe -q aes 2> /dev/null
+       insmod -q sha256 2> /dev/null
+       insmod sha1 2> /dev/null
+       insmod md5 2> /dev/null
+       insmod des 2> /dev/null
+       insmod aes 2> /dev/null
 
        if test -f $netkey
        then
                klips=false
-               modprobe -q ah4 2> /dev/null
-               modprobe -q esp4 2> /dev/null
-               modprobe -q ipcomp 2> /dev/null
+               insmod ah4 2> /dev/null
+               insmod esp4 2> /dev/null
+               insmod ipcomp 2> /dev/null
                #  xfrm4_tunnel is needed by ipip and ipcomp
-               modprobe -q xfrm4_tunnel 2> /dev/null
+               insmod xfrm4_tunnel 2> /dev/null
                # xfrm_user contains netlink support for IPsec 
-               modprobe -q xfrm_user 2> /dev/null
+               insmod xfrm_user 2> /dev/null
        fi
 
        if test ! -f $ipsecversion && $klips
@@ -324,7 +325,7 @@
                fi
                        unset MODPATH MODULECONF        # no user overrides!
                        depmod -a >/dev/null 2>&1
-                       modprobe -v ipsec
+                       insmod -v ipsec
                if test ! -f $ipsecversion
                then
                        echo "kernel appears to lack IPsec support (neither CONFIG_KLIPS or CONFIG_NET_KEY are set)"
// Log In
// CVSweb
Project: FreeWRT
// Summary // Activity // Search // Tracker // Lists // News // SCM // Wiki
1	diff -Nur openswan-2.4.7/programs/loggerfix openswan-2.4.7.scripts/programs/loggerfix
2	--- openswan-2.4.7/programs/loggerfix 1970-01-01 01:00:00.000000000 +0100
3	+++ openswan-2.4.7.scripts/programs/loggerfix 2006-11-19 21:17:56.000000000 +0100
4	@@ -0,0 +1,5 @@
5	+#!/bin/sh
6	+# use filename instead of /dev/null to log, but dont log to flash or ram
7	+# pref. log to nfs mount
8	+echo "$*" >> /dev/null
9	+exit 0
10	diff -Nur openswan-2.4.7/programs/_realsetup/_realsetup.in openswan-2.4.7.scripts/programs/_realsetup/_realsetup.in
11	--- openswan-2.4.7/programs/_realsetup/_realsetup.in 2006-10-03 03:20:32.000000000 +0200
12	+++ openswan-2.4.7.scripts/programs/_realsetup/_realsetup.in 2006-11-19 21:17:56.000000000 +0100
13	@@ -138,11 +138,12 @@
14
15	if $klips
16	then
17	- KILLKLIPS='ifl=` ifconfig \| sed -n -e "/^ipsec/s/ .*//p" ` ;
18	+ KILLKLIPS='ifl=` ip link show up \| sed -n -e "/ipsec[0-9][0-9]/s/^[0-9][0-9]: \([^ ]\): ./\1/p" ` ;
19	test "X$ifl" != "X" &&
20	for i in $ifl ;
21	do
22	- ifconfig $i down ;
23	+ ip link set $i down ;
24	+ ip addr flush dev $i ;
25	ipsec tncfg --detach --virtual $i ;
26	done ;
27	test -r /proc/net/ipsec_klipsdebug && ipsec klipsdebug --none ;
28	diff -Nur openswan-2.4.7/programs/setup/setup.in openswan-2.4.7.scripts/programs/setup/setup.in
29	--- openswan-2.4.7/programs/setup/setup.in 2006-10-27 01:54:32.000000000 +0200
30	+++ openswan-2.4.7.scripts/programs/setup/setup.in 2006-11-19 21:17:56.000000000 +0100
31	@@ -123,6 +123,16 @@
32	logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
33	exit 1
34	fi
35	+
36	+ # make sure all required directories exist
37	+ if [ ! -d /var/run/pluto ]
38	+ then
39	+ mkdir -p /var/run/pluto
40	+ fi
41	+ if [ ! -d /var/lock/subsys ]
42	+ then
43	+ mkdir -p /var/lock/subsys
44	+ fi
45	tmp=/var/run/pluto/ipsec_setup.st
46	outtmp=/var/run/pluto/ipsec_setup.out
47	(
48	diff -Nur openswan-2.4.7/programs/showhostkey/showhostkey.in openswan-2.4.7.scripts/programs/showhostkey/showhostkey.in
49	--- openswan-2.4.7/programs/showhostkey/showhostkey.in 2004-11-14 14:40:41.000000000 +0100
50	+++ openswan-2.4.7.scripts/programs/showhostkey/showhostkey.in 2006-11-19 21:17:56.000000000 +0100
51	@@ -63,7 +63,7 @@
52	exit 1
53	fi
54
55	-host="`hostname --fqdn`"
56	+host="`cat /proc/sys/kernel/hostname`"
57
58	awk ' BEGIN {
59	inkey = 0
60	diff -Nur openswan-2.4.7/programs/_startklips/_startklips.in openswan-2.4.7.scripts/programs/_startklips/_startklips.in
61	--- openswan-2.4.7/programs/_startklips/_startklips.in 2006-11-13 21:27:18.000000000 +0100
62	+++ openswan-2.4.7.scripts/programs/_startklips/_startklips.in 2006-11-19 21:23:52.000000000 +0100
63	@@ -104,22 +104,21 @@
64
65	# figure out ifconfig for interface
66	addr=
67	- eval `ifconfig $phys \|
68	- awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ {
69	- gsub(/:/, " ", $0)
70	- print "addr=" $3
71	- other = $5
72	- if ($4 == "Bcast")
73	+ eval `ip addr show dev $phys label $phys \|
74	+ awk '$1 == "inet" {
75	+ print "addr=" $2
76	+ other = $4
77	+ if ($3 == "brd")
78	print "type=broadcast"
79	- else if ($4 == "P-t-P")
80	- print "type=pointopoint"
81	+ else if ($3 == "peer")
82	+ print "type=peer"
83	else if (NF == 5) {
84	print "type="
85	other = ""
86	} else
87	print "type=unknown"
88	print "otheraddr=" other
89	- print "mask=" $NF
90	+ gsub(/\//, " ", $0)
91	}'`
92	if test " $addr" = " "
93	then
94	@@ -147,10 +146,12 @@
95	then
96	# attach the interface and bring it up
97	ipsec tncfg --attach --virtual $virt --physical $phys
98	- ifconfig $virt inet $addr $type $otheraddr netmask $mask $mtu
99	+ ip addr add $addr $type $otheraddr dev $virt
100	+ ip link set $virt $mtu up
101	fi
102
103	# if %defaultroute, note the facts
104	+ addr=`echo $addr\|sed 's/\/.*//'`
105	if test " $2" != " "
106	then
107	(
108	@@ -206,8 +207,8 @@
109
110	# interfaces=%defaultroute: put ipsec0 on top of default route's interface
111	defaultinterface() {
112	- phys=`netstat -nr \|
113	- awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'`
114	+ phys=`ip route show \|
115	+ awk '$1 == "default" { print $5 }'`
116	if test " $phys" = " "
117	then
118	echo "no default route, %defaultroute cannot cope!!!"
119	@@ -218,8 +219,8 @@
120	echo "multiple default routes, %defaultroute cannot cope!!!"
121	exit 1
122	fi
123	- next=`netstat -nr \|
124	- awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'`
125	+ next=`ip route show \|
126	+ awk '$1 == "default" { print $3 }'`
127	klipsinterface "ipsec0=$phys" $next
128	}
129
130	@@ -249,7 +250,7 @@
131	fi
132	if test -f $moduleinstplace/$wantgoo
133	then
134	- echo "modprobe failed, but found matching template module $wantgoo."
135	+ echo "insmod failed, but found matching template module $wantgoo."
136	echo "Copying $moduleinstplace/$wantgoo to $module."
137	rm -f $module
138	mkdir -p $moduleplace
139	@@ -269,16 +270,16 @@
140	echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
141	exit
142	fi
143	-if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
144	+if test ! -f $ipsecversion && test ! -f $netkey && insmod ipsec
145	then
146	# statically compiled KLIPS/NETKEY not found; but there seems to be an ipsec module
147	- modprobe ipsec 2> /dev/null
148	+ insmod ipsec 2> /dev/null
149	fi
150
151	-if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn af_key
152	+if test ! -f $ipsecversion && test ! -f $netkey && insmod af_key
153	then
154	# netkey should work then
155	- modprobe af_key 2> /dev/null
156	+ insmod af_key 2> /dev/null
157	fi
158	if test ! -f $ipsecversion && test ! -f $netkey
159	then
160	@@ -292,26 +293,26 @@
161	if test -f $modules
162	then
163	# we modprobe hw_random so ipsec verify can complain about not using it
164	- modprobe -q hw_random 2> /dev/null
165	+ insmod hw_random 2> /dev/null
166	# padlock must load before aes module
167	- modprobe -q padlock 2> /dev/null
168	+ insmod padlock 2> /dev/null
169	# load the most common ciphers/algo's
170	- modprobe -q sha256 2> /dev/null
171	- modprobe -q sha1 2> /dev/null
172	- modprobe -q md5 2> /dev/null
173	- modprobe -q des 2> /dev/null
174	- modprobe -q aes 2> /dev/null
175	+ insmod -q sha256 2> /dev/null
176	+ insmod sha1 2> /dev/null
177	+ insmod md5 2> /dev/null
178	+ insmod des 2> /dev/null
179	+ insmod aes 2> /dev/null
180
181	if test -f $netkey
182	then
183	klips=false
184	- modprobe -q ah4 2> /dev/null
185	- modprobe -q esp4 2> /dev/null
186	- modprobe -q ipcomp 2> /dev/null
187	+ insmod ah4 2> /dev/null
188	+ insmod esp4 2> /dev/null
189	+ insmod ipcomp 2> /dev/null
190	# xfrm4_tunnel is needed by ipip and ipcomp
191	- modprobe -q xfrm4_tunnel 2> /dev/null
192	+ insmod xfrm4_tunnel 2> /dev/null
193	# xfrm_user contains netlink support for IPsec
194	- modprobe -q xfrm_user 2> /dev/null
195	+ insmod xfrm_user 2> /dev/null
196	fi
197
198	if test ! -f $ipsecversion && $klips
199	@@ -324,7 +325,7 @@
200	fi
201	unset MODPATH MODULECONF # no user overrides!
202	depmod -a >/dev/null 2>&1
203	- modprobe -v ipsec
204	+ insmod -v ipsec
205	if test ! -f $ipsecversion
206	then
207	echo "kernel appears to lack IPsec support (neither CONFIG_KLIPS or CONFIG_NET_KEY are set)"