Signed-off-by: Noah Meyerhans <noahm@debian.org>lilik-openwrt-22.03
@ -0,0 +1,95 @@ | |||
# | |||
# Copyright (C) 2006-2011 OpenWrt.org | |||
# | |||
# This is free software, licensed under the GNU General Public License v2. | |||
# See /LICENSE for more information. | |||
# | |||
include $(TOPDIR)/rules.mk | |||
include $(INCLUDE_DIR)/kernel.mk | |||
PKG_NAME:=ipsec-tools | |||
PKG_VERSION:=0.8.1 | |||
PKG_RELEASE:=1 | |||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 | |||
PKG_SOURCE_URL:=@SF/ipsec-tools | |||
PKG_MD5SUM:=d38b39f291ba2962387c3232e7335dd8 | |||
PKG_BUILD_PARALLEL:=1 | |||
PKG_INSTALL:=1 | |||
PKG_FIXUP:=autoreconf | |||
include $(INCLUDE_DIR)/package.mk | |||
define Package/ipsec-tools | |||
SECTION:=net | |||
CATEGORY:=Network | |||
SUBMENU:=VPN | |||
DEPENDS:=+libopenssl +kmod-ipsec | |||
TITLE:=IPsec management tools | |||
URL:=http://ipsec-tools.sourceforge.net/ | |||
endef | |||
CONFIGURE_ARGS += \ | |||
--enable-shared \ | |||
--enable-static \ | |||
--with-kernel-headers="$(LINUX_DIR)/include" \ | |||
--without-readline \ | |||
--with-openssl="$(STAGING_DIR)/usr" \ | |||
--without-libradius \ | |||
--without-libpam \ | |||
--enable-dpd \ | |||
--enable-hybrid \ | |||
--enable-security-context=no \ | |||
--enable-natt \ | |||
--enable-adminport \ | |||
--enable-frag \ | |||
$(call autoconf_bool,CONFIG_IPV6,ipv6) | |||
# override CFLAGS holding "-Werror" that break builds on compile warnings | |||
MAKE_FLAGS+=\ | |||
CFLAGS="$(TARGET_CFLAGS) $(EXTRA_CFLAGS) $(TARGET_CPPFLAGS) $(EXTRA_CPPFLAGS)" | |||
define Build/Prepare | |||
$(call Build/Prepare/Default) | |||
chmod -R u+w $(PKG_BUILD_DIR) | |||
endef | |||
define Build/Configure | |||
(cd $(PKG_BUILD_DIR); touch \ | |||
configure.ac \ | |||
aclocal.m4 \ | |||
Makefile.in \ | |||
config.h.in \ | |||
configure \ | |||
); | |||
$(call Build/Configure/Default) | |||
echo "#undef HAVE_SHADOW_H" >> $(PKG_BUILD_DIR)/config.h | |||
endef | |||
define Package/ipsec-tools/install | |||
$(INSTALL_DIR) $(1)/etc | |||
$(INSTALL_CONF) $(PKG_BUILD_DIR)/src/racoon/samples/racoon.conf $(1)/etc/ | |||
$(SED) 's|@sysconfdir_x@|/etc|g' $(1)/etc/racoon.conf | |||
$(INSTALL_DIR) $(1)/etc/racoon | |||
$(INSTALL_CONF) $(PKG_BUILD_DIR)/src/racoon/samples/psk.txt $(1)/etc/racoon/ | |||
$(INSTALL_DIR) $(1)/etc/init.d | |||
$(INSTALL_BIN) ./files/racoon.init $(1)/etc/init.d/racoon | |||
$(INSTALL_DIR) $(1)/usr/lib | |||
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libipsec.so.* $(1)/usr/lib/ | |||
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libracoon.so.* $(1)/usr/lib/ | |||
$(INSTALL_DIR) $(1)/usr/sbin | |||
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/plainrsa-gen $(1)/usr/sbin/ | |||
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/racoon $(1)/usr/sbin/ | |||
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/racoonctl $(1)/usr/sbin/ | |||
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/setkey $(1)/usr/sbin/ | |||
endef | |||
define Package/ipsec-tools/conffiles | |||
/etc/racoon.conf | |||
/etc/racoon/psk.txt | |||
endef | |||
$(eval $(call BuildPackage,ipsec-tools)) |
@ -0,0 +1,17 @@ | |||
#!/bin/sh /etc/rc.common | |||
# Copyright (C) 2009-2011 OpenWrt.org | |||
# Copyright (C) 2011 Artem Makhutov | |||
START=49 | |||
SERVICE_USE_PID=1 | |||
start() { | |||
mkdir -m 0700 -p /var/racoon | |||
[ -f /etc/ipsec.conf ] && /usr/sbin/setkey -f /etc/ipsec.conf | |||
service_start /usr/sbin/racoon -f /etc/racoon.conf | |||
} | |||
stop() { | |||
service_stop /usr/sbin/racoon | |||
} |
@ -0,0 +1,24 @@ | |||
--- a/src/racoon/oakley.c | |||
+++ b/src/racoon/oakley.c | |||
@@ -2424,8 +2424,21 @@ oakley_skeyid(iph1) | |||
plog(LLV_ERROR, LOCATION, iph1->remote, | |||
"couldn't find the pskey for %s.\n", | |||
saddrwop2str(iph1->remote)); | |||
+ } | |||
+ } | |||
+ if (iph1->authstr == NULL) { | |||
+ /* | |||
+ * If we could not locate a psk above try and locate | |||
+ * the default psk, ie, "*". | |||
+ */ | |||
+ iph1->authstr = privsep_getpsk("*", 1); | |||
+ if (iph1->authstr == NULL) { | |||
+ plog(LLV_ERROR, LOCATION, iph1->remote, | |||
+ "couldn't find the the default pskey either.\n"); | |||
goto end; | |||
} | |||
+ plog(LLV_NOTIFY, LOCATION, iph1->remote, | |||
+ "Using default PSK.\n"); | |||
} | |||
plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n"); | |||
/* should be secret PSK */ |
@ -0,0 +1,22 @@ | |||
--- a/src/racoon/cftoken.l | |||
+++ b/src/racoon/cftoken.l | |||
@@ -104,6 +104,8 @@ static struct include_stack { | |||
static int incstackp = 0; | |||
static int yy_first_time = 1; | |||
+ | |||
+int yywrap(void) { return 1; } | |||
%} | |||
/* common seciton */ | |||
--- a/src/setkey/token.l | |||
+++ b/src/setkey/token.l | |||
@@ -86,6 +86,8 @@ | |||
#if defined(SADB_X_EALG_AES) && ! defined(SADB_X_EALG_AESCBC) | |||
#define SADB_X_EALG_AESCBC SADB_X_EALG_AES | |||
#endif | |||
+ | |||
+int yywrap(void) { return 1; } | |||
%} | |||
/* common section */ |
@ -0,0 +1,72 @@ | |||
--- a/src/racoon/isakmp_cfg.c | |||
+++ b/src/racoon/isakmp_cfg.c | |||
@@ -38,7 +38,7 @@ | |||
#include <sys/socket.h> | |||
#include <sys/queue.h> | |||
-#include <utmpx.h> | |||
+#include <utmp.h> | |||
#if defined(__APPLE__) && defined(__MACH__) | |||
#include <util.h> | |||
#endif | |||
@@ -1661,7 +1661,8 @@ isakmp_cfg_accounting_system(port, raddr | |||
int inout; | |||
{ | |||
int error = 0; | |||
- struct utmpx ut; | |||
+ struct utmp ut; | |||
+ char term[UT_LINESIZE]; | |||
char addr[NI_MAXHOST]; | |||
if (usr == NULL || usr[0]=='\0') { | |||
@@ -1670,34 +1671,37 @@ isakmp_cfg_accounting_system(port, raddr | |||
return -1; | |||
} | |||
- memset(&ut, 0, sizeof ut); | |||
- gettimeofday((struct timeval *)&ut.ut_tv, NULL); | |||
- snprintf(ut.ut_id, sizeof ut.ut_id, TERMSPEC, port); | |||
+ sprintf(term, TERMSPEC, port); | |||
switch (inout) { | |||
case ISAKMP_CFG_LOGIN: | |||
- ut.ut_type = USER_PROCESS; | |||
- strncpy(ut.ut_user, usr, sizeof ut.ut_user); | |||
+ strncpy(ut.ut_name, usr, UT_NAMESIZE); | |||
+ ut.ut_name[UT_NAMESIZE - 1] = '\0'; | |||
+ | |||
+ strncpy(ut.ut_line, term, UT_LINESIZE); | |||
+ ut.ut_line[UT_LINESIZE - 1] = '\0'; | |||
GETNAMEINFO_NULL(raddr, addr); | |||
- strncpy(ut.ut_host, addr, sizeof ut.ut_host); | |||
+ strncpy(ut.ut_host, addr, UT_HOSTSIZE); | |||
+ ut.ut_host[UT_HOSTSIZE - 1] = '\0'; | |||
+ | |||
+ ut.ut_time = time(NULL); | |||
plog(LLV_INFO, LOCATION, NULL, | |||
"Accounting : '%s' logging on '%s' from %s.\n", | |||
- ut.ut_user, ut.ut_id, addr); | |||
- | |||
- pututxline(&ut); | |||
+ ut.ut_name, ut.ut_line, ut.ut_host); | |||
+ login(&ut); | |||
+ | |||
break; | |||
case ISAKMP_CFG_LOGOUT: | |||
- ut.ut_type = DEAD_PROCESS; | |||
plog(LLV_INFO, LOCATION, NULL, | |||
"Accounting : '%s' unlogging from '%s'.\n", | |||
- usr, ut.ut_id); | |||
- | |||
- pututxline(&ut); | |||
+ usr, term); | |||
+ logout(term); | |||
+ | |||
break; | |||
default: | |||
plog(LLV_ERROR, LOCATION, NULL, "Unepected inout\n"); |
@ -0,0 +1,13 @@ | |||
--- a/src/racoon/ipsec_doi.c | |||
+++ b/src/racoon/ipsec_doi.c | |||
@@ -3582,8 +3582,8 @@ ipsecdoi_checkid1(iph1) | |||
iph1->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_PSKEY) { | |||
if (id_b->type != IPSECDOI_ID_IPV4_ADDR | |||
&& id_b->type != IPSECDOI_ID_IPV6_ADDR) { | |||
- plog(LLV_ERROR, LOCATION, NULL, | |||
- "Expecting IP address type in main mode, " | |||
+ plog(LLV_WARNING, LOCATION, NULL, | |||
+ "Expecting IP address type in main mode (RFC2409) , " | |||
"but %s.\n", s_ipsecdoi_ident(id_b->type)); | |||
return ISAKMP_NTYPE_INVALID_ID_INFORMATION; | |||
} |
@ -0,0 +1,11 @@ | |||
--- a/src/racoon/isakmp.c | |||
+++ b/src/racoon/isakmp.c | |||
@@ -31,6 +31,8 @@ | |||
* SUCH DAMAGE. | |||
*/ | |||
+#define __packed __attribute__((__packed__)) | |||
+ | |||
#include "config.h" | |||
#include <sys/types.h> |
@ -0,0 +1,50 @@ | |||
--- a/configure.ac | |||
+++ b/configure.ac | |||
@@ -74,9 +74,10 @@ case "$host_os" in | |||
[ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ]) | |||
AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, , | |||
- [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h, | |||
- KERNEL_INCLUDE=/usr/src/linux/include , | |||
- [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] ) | |||
+ [ AC_CHECK_HEADER($KERNEL_INCLUDE/uapi/linux/pfkeyv2.h, , | |||
+ [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h, | |||
+ KERNEL_INCLUDE=/usr/src/linux/include , | |||
+ [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] ) ] ) | |||
AC_SUBST(KERNEL_INCLUDE) | |||
# We need the configure script to run with correct kernel headers. | |||
# However we don't want to point to kernel source tree in compile time, | |||
@@ -643,7 +644,14 @@ AC_EGREP_CPP(yes, | |||
#ifdef SADB_X_EXT_NAT_T_TYPE | |||
yes | |||
#endif | |||
-], [kernel_natt="yes"]) | |||
+], [kernel_natt="yes"], [ | |||
+ AC_EGREP_CPP(yes, | |||
+ [#include <uapi/linux/pfkeyv2.h> | |||
+ #ifdef SADB_X_EXT_NAT_T_TYPE | |||
+ yes | |||
+ #endif | |||
+ ], [kernel_natt="yes"]) | |||
+]) | |||
;; | |||
freebsd*|netbsd*) | |||
# NetBSD case | |||
--- a/src/include-glibc/Makefile.am | |||
+++ b/src/include-glibc/Makefile.am | |||
@@ -1,14 +1,7 @@ | |||
- | |||
-.includes: ${top_builddir}/config.status | |||
- ln -snf $(KERNEL_INCLUDE)/linux | |||
- touch .includes | |||
- | |||
-all: .includes | |||
- | |||
EXTRA_DIST = \ | |||
glibc-bugs.h \ | |||
net/pfkeyv2.h \ | |||
netinet/ipsec.h \ | |||
sys/queue.h | |||
-DISTCLEANFILES = .includes linux | |||
+DISTCLEANFILES = linux |