Browse Source

net/ipsec-tools: Import net/ipsec-tools from oldpackages

Signed-off-by: Noah Meyerhans <noahm@debian.org>
lilik-openwrt-22.03
Noah Meyerhans 10 years ago
parent
commit
5117da7925
8 changed files with 304 additions and 0 deletions
  1. +95
    -0
      net/ipsec-tools/Makefile
  2. +17
    -0
      net/ipsec-tools/files/racoon.init
  3. +24
    -0
      net/ipsec-tools/patches/001-ipsec-tools-def-psk.patch
  4. +22
    -0
      net/ipsec-tools/patches/001-no_libfl.patch
  5. +72
    -0
      net/ipsec-tools/patches/002-patch8-utmp.patch
  6. +13
    -0
      net/ipsec-tools/patches/003-microsoft-fqdn-in-main.patch
  7. +11
    -0
      net/ipsec-tools/patches/005-isakmp-fix.patch
  8. +50
    -0
      net/ipsec-tools/patches/006-linux-3.7-compat.patch

+ 95
- 0
net/ipsec-tools/Makefile View File

@ -0,0 +1,95 @@
#
# Copyright (C) 2006-2011 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=ipsec-tools
PKG_VERSION:=0.8.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=@SF/ipsec-tools
PKG_MD5SUM:=d38b39f291ba2962387c3232e7335dd8
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
PKG_FIXUP:=autoreconf
include $(INCLUDE_DIR)/package.mk
define Package/ipsec-tools
SECTION:=net
CATEGORY:=Network
SUBMENU:=VPN
DEPENDS:=+libopenssl +kmod-ipsec
TITLE:=IPsec management tools
URL:=http://ipsec-tools.sourceforge.net/
endef
CONFIGURE_ARGS += \
--enable-shared \
--enable-static \
--with-kernel-headers="$(LINUX_DIR)/include" \
--without-readline \
--with-openssl="$(STAGING_DIR)/usr" \
--without-libradius \
--without-libpam \
--enable-dpd \
--enable-hybrid \
--enable-security-context=no \
--enable-natt \
--enable-adminport \
--enable-frag \
$(call autoconf_bool,CONFIG_IPV6,ipv6)
# override CFLAGS holding "-Werror" that break builds on compile warnings
MAKE_FLAGS+=\
CFLAGS="$(TARGET_CFLAGS) $(EXTRA_CFLAGS) $(TARGET_CPPFLAGS) $(EXTRA_CPPFLAGS)"
define Build/Prepare
$(call Build/Prepare/Default)
chmod -R u+w $(PKG_BUILD_DIR)
endef
define Build/Configure
(cd $(PKG_BUILD_DIR); touch \
configure.ac \
aclocal.m4 \
Makefile.in \
config.h.in \
configure \
);
$(call Build/Configure/Default)
echo "#undef HAVE_SHADOW_H" >> $(PKG_BUILD_DIR)/config.h
endef
define Package/ipsec-tools/install
$(INSTALL_DIR) $(1)/etc
$(INSTALL_CONF) $(PKG_BUILD_DIR)/src/racoon/samples/racoon.conf $(1)/etc/
$(SED) 's|@sysconfdir_x@|/etc|g' $(1)/etc/racoon.conf
$(INSTALL_DIR) $(1)/etc/racoon
$(INSTALL_CONF) $(PKG_BUILD_DIR)/src/racoon/samples/psk.txt $(1)/etc/racoon/
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/racoon.init $(1)/etc/init.d/racoon
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libipsec.so.* $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libracoon.so.* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/plainrsa-gen $(1)/usr/sbin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/racoon $(1)/usr/sbin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/racoonctl $(1)/usr/sbin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/setkey $(1)/usr/sbin/
endef
define Package/ipsec-tools/conffiles
/etc/racoon.conf
/etc/racoon/psk.txt
endef
$(eval $(call BuildPackage,ipsec-tools))

+ 17
- 0
net/ipsec-tools/files/racoon.init View File

@ -0,0 +1,17 @@
#!/bin/sh /etc/rc.common
# Copyright (C) 2009-2011 OpenWrt.org
# Copyright (C) 2011 Artem Makhutov
START=49
SERVICE_USE_PID=1
start() {
mkdir -m 0700 -p /var/racoon
[ -f /etc/ipsec.conf ] && /usr/sbin/setkey -f /etc/ipsec.conf
service_start /usr/sbin/racoon -f /etc/racoon.conf
}
stop() {
service_stop /usr/sbin/racoon
}

+ 24
- 0
net/ipsec-tools/patches/001-ipsec-tools-def-psk.patch View File

@ -0,0 +1,24 @@
--- a/src/racoon/oakley.c
+++ b/src/racoon/oakley.c
@@ -2424,8 +2424,21 @@ oakley_skeyid(iph1)
plog(LLV_ERROR, LOCATION, iph1->remote,
"couldn't find the pskey for %s.\n",
saddrwop2str(iph1->remote));
+ }
+ }
+ if (iph1->authstr == NULL) {
+ /*
+ * If we could not locate a psk above try and locate
+ * the default psk, ie, "*".
+ */
+ iph1->authstr = privsep_getpsk("*", 1);
+ if (iph1->authstr == NULL) {
+ plog(LLV_ERROR, LOCATION, iph1->remote,
+ "couldn't find the the default pskey either.\n");
goto end;
}
+ plog(LLV_NOTIFY, LOCATION, iph1->remote,
+ "Using default PSK.\n");
}
plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n");
/* should be secret PSK */

+ 22
- 0
net/ipsec-tools/patches/001-no_libfl.patch View File

@ -0,0 +1,22 @@
--- a/src/racoon/cftoken.l
+++ b/src/racoon/cftoken.l
@@ -104,6 +104,8 @@ static struct include_stack {
static int incstackp = 0;
static int yy_first_time = 1;
+
+int yywrap(void) { return 1; }
%}
/* common seciton */
--- a/src/setkey/token.l
+++ b/src/setkey/token.l
@@ -86,6 +86,8 @@
#if defined(SADB_X_EALG_AES) && ! defined(SADB_X_EALG_AESCBC)
#define SADB_X_EALG_AESCBC SADB_X_EALG_AES
#endif
+
+int yywrap(void) { return 1; }
%}
/* common section */

+ 72
- 0
net/ipsec-tools/patches/002-patch8-utmp.patch View File

@ -0,0 +1,72 @@
--- a/src/racoon/isakmp_cfg.c
+++ b/src/racoon/isakmp_cfg.c
@@ -38,7 +38,7 @@
#include <sys/socket.h>
#include <sys/queue.h>
-#include <utmpx.h>
+#include <utmp.h>
#if defined(__APPLE__) && defined(__MACH__)
#include <util.h>
#endif
@@ -1661,7 +1661,8 @@ isakmp_cfg_accounting_system(port, raddr
int inout;
{
int error = 0;
- struct utmpx ut;
+ struct utmp ut;
+ char term[UT_LINESIZE];
char addr[NI_MAXHOST];
if (usr == NULL || usr[0]=='\0') {
@@ -1670,34 +1671,37 @@ isakmp_cfg_accounting_system(port, raddr
return -1;
}
- memset(&ut, 0, sizeof ut);
- gettimeofday((struct timeval *)&ut.ut_tv, NULL);
- snprintf(ut.ut_id, sizeof ut.ut_id, TERMSPEC, port);
+ sprintf(term, TERMSPEC, port);
switch (inout) {
case ISAKMP_CFG_LOGIN:
- ut.ut_type = USER_PROCESS;
- strncpy(ut.ut_user, usr, sizeof ut.ut_user);
+ strncpy(ut.ut_name, usr, UT_NAMESIZE);
+ ut.ut_name[UT_NAMESIZE - 1] = '\0';
+
+ strncpy(ut.ut_line, term, UT_LINESIZE);
+ ut.ut_line[UT_LINESIZE - 1] = '\0';
GETNAMEINFO_NULL(raddr, addr);
- strncpy(ut.ut_host, addr, sizeof ut.ut_host);
+ strncpy(ut.ut_host, addr, UT_HOSTSIZE);
+ ut.ut_host[UT_HOSTSIZE - 1] = '\0';
+
+ ut.ut_time = time(NULL);
plog(LLV_INFO, LOCATION, NULL,
"Accounting : '%s' logging on '%s' from %s.\n",
- ut.ut_user, ut.ut_id, addr);
-
- pututxline(&ut);
+ ut.ut_name, ut.ut_line, ut.ut_host);
+ login(&ut);
+
break;
case ISAKMP_CFG_LOGOUT:
- ut.ut_type = DEAD_PROCESS;
plog(LLV_INFO, LOCATION, NULL,
"Accounting : '%s' unlogging from '%s'.\n",
- usr, ut.ut_id);
-
- pututxline(&ut);
+ usr, term);
+ logout(term);
+
break;
default:
plog(LLV_ERROR, LOCATION, NULL, "Unepected inout\n");

+ 13
- 0
net/ipsec-tools/patches/003-microsoft-fqdn-in-main.patch View File

@ -0,0 +1,13 @@
--- a/src/racoon/ipsec_doi.c
+++ b/src/racoon/ipsec_doi.c
@@ -3582,8 +3582,8 @@ ipsecdoi_checkid1(iph1)
iph1->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_PSKEY) {
if (id_b->type != IPSECDOI_ID_IPV4_ADDR
&& id_b->type != IPSECDOI_ID_IPV6_ADDR) {
- plog(LLV_ERROR, LOCATION, NULL,
- "Expecting IP address type in main mode, "
+ plog(LLV_WARNING, LOCATION, NULL,
+ "Expecting IP address type in main mode (RFC2409) , "
"but %s.\n", s_ipsecdoi_ident(id_b->type));
return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
}

+ 11
- 0
net/ipsec-tools/patches/005-isakmp-fix.patch View File

@ -0,0 +1,11 @@
--- a/src/racoon/isakmp.c
+++ b/src/racoon/isakmp.c
@@ -31,6 +31,8 @@
* SUCH DAMAGE.
*/
+#define __packed __attribute__((__packed__))
+
#include "config.h"
#include <sys/types.h>

+ 50
- 0
net/ipsec-tools/patches/006-linux-3.7-compat.patch View File

@ -0,0 +1,50 @@
--- a/configure.ac
+++ b/configure.ac
@@ -74,9 +74,10 @@ case "$host_os" in
[ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
- [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
- KERNEL_INCLUDE=/usr/src/linux/include ,
- [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
+ [ AC_CHECK_HEADER($KERNEL_INCLUDE/uapi/linux/pfkeyv2.h, ,
+ [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
+ KERNEL_INCLUDE=/usr/src/linux/include ,
+ [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] ) ] )
AC_SUBST(KERNEL_INCLUDE)
# We need the configure script to run with correct kernel headers.
# However we don't want to point to kernel source tree in compile time,
@@ -643,7 +644,14 @@ AC_EGREP_CPP(yes,
#ifdef SADB_X_EXT_NAT_T_TYPE
yes
#endif
-], [kernel_natt="yes"])
+], [kernel_natt="yes"], [
+ AC_EGREP_CPP(yes,
+ [#include <uapi/linux/pfkeyv2.h>
+ #ifdef SADB_X_EXT_NAT_T_TYPE
+ yes
+ #endif
+ ], [kernel_natt="yes"])
+])
;;
freebsd*|netbsd*)
# NetBSD case
--- a/src/include-glibc/Makefile.am
+++ b/src/include-glibc/Makefile.am
@@ -1,14 +1,7 @@
-
-.includes: ${top_builddir}/config.status
- ln -snf $(KERNEL_INCLUDE)/linux
- touch .includes
-
-all: .includes
-
EXTRA_DIST = \
glibc-bugs.h \
net/pfkeyv2.h \
netinet/ipsec.h \
sys/queue.h
-DISTCLEANFILES = .includes linux
+DISTCLEANFILES = linux

Loading…
Cancel
Save