projects / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Prevent l2tpd from using PMTU discovery, setting the DF bit on all outgoing UDP packe...
[openwrt.git] / openwrt / package / openswan / patches / scripts.patch
1 diff -Nur openswan-2.4.5rc5/programs/loggerfix openswan-2.4.5rc5.patched/programs/loggerfix
2 --- openswan-2.4.5rc5/programs/loggerfix 1970-01-01 01:00:00.000000000 +0100
3 +++ openswan-2.4.5rc5.patched/programs/loggerfix 2006-03-29 01:20:44.000000000 +0200
4 @@ -0,0 +1,5 @@
5 +#!/bin/sh
6 +# use filename instead of /dev/null to log, but dont log to flash or ram
7 +# pref. log to nfs mount
8 +echo "$*" >> /dev/null
9 +exit 0
10 diff -Nur openswan-2.4.5rc5/programs/look/look.in openswan-2.4.5rc5.patched/programs/look/look.in
11 --- openswan-2.4.5rc5/programs/look/look.in 2005-08-18 16:10:09.000000000 +0200
12 +++ openswan-2.4.5rc5.patched/programs/look/look.in 2006-03-29 01:20:44.000000000 +0200
13 @@ -84,7 +84,7 @@
14 then
15 pat="$pat|$defaultroutephys\$|$defaultroutevirt\$"
16 else
17 - for i in `echo "$IPSECinterfaces" | sed 's/=/ /'`
18 + for i in `echo "$IPSECinterfaces" | tr '=' ' '`
19 do
20 pat="$pat|$i\$"
21 done
22 diff -Nur openswan-2.4.5rc5/programs/manual/manual.in openswan-2.4.5rc5.patched/programs/manual/manual.in
23 --- openswan-2.4.5rc5/programs/manual/manual.in 2005-11-18 06:18:33.000000000 +0100
24 +++ openswan-2.4.5rc5.patched/programs/manual/manual.in 2006-03-29 01:20:44.000000000 +0200
25 @@ -104,7 +104,7 @@
26 sub(/:/, " ", $0)
27 if (interf != "")
28 print $3 "@" interf
29 - }' | sed ':a;N;$!ba;s/\n/ /g'`"
30 + }' | tr '\n' ' '`"
31 ;;
32 esac
33
34 diff -Nur openswan-2.4.5rc5/programs/_plutorun/_plutorun.in openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in
35 --- openswan-2.4.5rc5/programs/_plutorun/_plutorun.in 2006-01-06 00:45:00.000000000 +0100
36 +++ openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in 2006-03-29 01:20:44.000000000 +0200
37 @@ -147,7 +147,7 @@
38 exit 1
39 fi
40 else
41 - if test ! -w "`dirname $stderrlog`"
42 + if test ! -w "`echo $stderrlog | sed -r 's/(^.*\/)(.*$)/\1/'`"
43 then
44 echo Cannot write to directory to create \"$stderrlog\".
45 exit 1
46 diff -Nur openswan-2.4.5rc5/programs/_realsetup/_realsetup.in openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in
47 --- openswan-2.4.5rc5/programs/_realsetup/_realsetup.in 2005-07-28 02:23:48.000000000 +0200
48 +++ openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in 2006-03-29 01:20:44.000000000 +0200
49 @@ -235,7 +235,7 @@
50
51 # misc pre-Pluto setup
52
53 - perform test -d `dirname $subsyslock` "&&" touch $subsyslock
54 + perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock
55
56 if test " $IPSECforwardcontrol" = " yes"
57 then
58 @@ -347,7 +347,7 @@
59 lsmod 2>&1 | grep "^xfrm_user" > /dev/null && rmmod -s xfrm_user
60 fi
61
62 - perform test -d `dirname $subsyslock` "&&" rm -f $subsyslock
63 + perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock
64
65 perform rm -f $info $lock $plutopid
66 perform echo "...Openswan IPsec stopped" "|" $LOGONLY
67 diff -Nur openswan-2.4.5rc5/programs/send-pr/send-pr.in openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in
68 --- openswan-2.4.5rc5/programs/send-pr/send-pr.in 2005-04-18 01:04:46.000000000 +0200
69 +++ openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in 2006-03-29 01:20:44.000000000 +0200
70 @@ -402,7 +402,7 @@
71 else
72 if [ "$fieldname" != "Category" ]
73 then
74 - values=`${BINDIR}/query-pr --valid-values $fieldname | sed ':a;N;$!ba;s/\n/ /g' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
75 + values=`${BINDIR}/query-pr --valid-values $fieldname | tr '\n' ' ' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
76 valslen=`echo "$values" | wc -c`
77 else
78 values="choose from a category listed above"
79 @@ -414,7 +414,7 @@
80 else
81 desc="<${values} (one line)>";
82 fi
83 - dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
84 + dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
85 echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
86 fi
87 echo "${fmtname}${desc}" >> $file
88 @@ -425,7 +425,7 @@
89 desc=" $default_val";
90 else
91 desc=" <`${BINDIR}/query-pr --field-description $fieldname` (multiple lines)>";
92 - dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
93 + dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
94 echo "s/^${dpat}//" >> $FIXFIL
95 fi
96 echo "${fmtname}" >> $file;
97 @@ -437,7 +437,7 @@
98 desc="${default_val}"
99 else
100 desc="<`${BINDIR}/query-pr --field-description $fieldname` (one line)>"
101 - dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
102 + dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
103 echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
104 fi
105 echo "${fmtname}${desc}" >> $file
106 diff -Nur openswan-2.4.5rc5/programs/setup/setup.in openswan-2.4.5rc5.patched/programs/setup/setup.in
107 --- openswan-2.4.5rc5/programs/setup/setup.in 2005-07-25 21:17:03.000000000 +0200
108 +++ openswan-2.4.5rc5.patched/programs/setup/setup.in 2006-03-29 01:20:44.000000000 +0200
109 @@ -117,12 +117,22 @@
110 # do it
111 case "$1" in
112 start|--start|stop|--stop|_autostop|_autostart)
113 - if test " `id -u`" != " 0"
114 + if [ "x${USER}" != "xroot" ]
115 then
116 echo "permission denied (must be superuser)" |
117 logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
118 exit 1
119 fi
120 +
121 + # make sure all required directories exist
122 + if [ ! -d /var/run/pluto ]
123 + then
124 + mkdir -p /var/run/pluto
125 + fi
126 + if [ ! -d /var/lock/subsys ]
127 + then
128 + mkdir -p /var/lock/subsys
129 + fi
130 tmp=/var/run/pluto/ipsec_setup.st
131 outtmp=/var/run/pluto/ipsec_setup.out
132 (
133 diff -Nur openswan-2.4.5rc5/programs/showhostkey/showhostkey.in openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in
134 --- openswan-2.4.5rc5/programs/showhostkey/showhostkey.in 2004-11-14 14:40:41.000000000 +0100
135 +++ openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in 2006-03-29 01:20:44.000000000 +0200
136 @@ -63,7 +63,7 @@
137 exit 1
138 fi
139
140 -host="`hostname --fqdn`"
141 +host="`cat /proc/sys/kernel/hostname`"
142
143 awk ' BEGIN {
144 inkey = 0
145 diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in
146 --- openswan-2.4.5rc5/programs/_startklips/_startklips.in 2005-11-25 00:08:05.000000000 +0100
147 +++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in 2006-03-29 01:23:54.000000000 +0200
148 @@ -262,15 +262,15 @@
149 echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
150 exit
151 fi
152 -if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
153 +if test ! -f $ipsecversion && test ! -f $netkey && insmod ipsec
154 then
155 # statically compiled KLIPS/NETKEY not found; try to load the module
156 - modprobe ipsec
157 + insmod ipsec
158 fi
159
160 if test ! -f $ipsecversion && test ! -f $netkey
161 then
162 - modprobe -v af_key
163 + insmod -v af_key
164 fi
165
166 if test -f $netkey
167 @@ -278,21 +278,21 @@
168 klips=false
169 if test -f $modules
170 then
171 - modprobe -qv ah4
172 - modprobe -qv esp4
173 - modprobe -qv ipcomp
174 + insmod -qv ah4
175 + insmod -qv esp4
176 + insmod -qv ipcomp
177 # xfrm4_tunnel is needed by ipip and ipcomp
178 - modprobe -qv xfrm4_tunnel
179 + insmod -qv xfrm4_tunnel
180 # xfrm_user contains netlink support for IPsec
181 - modprobe -qv xfrm_user
182 - modprobe -qv hw_random
183 + insmod -qv xfrm_user
184 + insmod -qv hw_random
185 # padlock must load before aes module
186 - modprobe -qv padlock
187 + insmod -qv padlock
188 # load the most common ciphers/algo's
189 - modprobe -qv sha1
190 - modprobe -qv md5
191 - modprobe -qv des
192 - modprobe -qv aes
193 + insmod -qv sha1
194 + insmod -qv md5
195 + insmod -qv des
196 + insmod -qv aes
197 fi
198 fi
199
200 @@ -308,10 +308,10 @@
201 fi
202 unset MODPATH MODULECONF # no user overrides!
203 depmod -a >/dev/null 2>&1
204 - modprobe -qv hw_random
205 + insmod -qv hw_random
206 # padlock must load before aes module
207 - modprobe -qv padlock
208 - modprobe -v ipsec
209 + insmod -qv padlock
210 + insmod -v ipsec
211 fi
212 if test ! -f $ipsecversion
213 then
214 diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig
215 --- openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig 1970-01-01 01:00:00.000000000 +0100
216 +++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig 2005-11-25 00:08:05.000000000 +0100
217 @@ -0,0 +1,407 @@
218 +#!/bin/sh
219 +# KLIPS startup script
220 +# Copyright (C) 1998, 1999, 2001, 2002 Henry Spencer.
221 +#
222 +# This program is free software; you can redistribute it and/or modify it
223 +# under the terms of the GNU General Public License as published by the
224 +# Free Software Foundation; either version 2 of the License, or (at your
225 +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
226 +#
227 +# This program is distributed in the hope that it will be useful, but
228 +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
229 +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
230 +# for more details.
231 +#
232 +# RCSID $Id$
233 +
234 +me='ipsec _startklips' # for messages
235 +
236 +# KLIPS-related paths
237 +sysflags=/proc/sys/net/ipsec
238 +modules=/proc/modules
239 +# full rp_filter path is $rpfilter1/interface/$rpfilter2
240 +rpfilter1=/proc/sys/net/ipv4/conf
241 +rpfilter2=rp_filter
242 +# %unchanged or setting (0, 1, or 2)
243 +rpfiltercontrol=0
244 +ipsecversion=/proc/net/ipsec_version
245 +moduleplace=/lib/modules/`uname -r`/kernel/net/ipsec
246 +bareversion=`uname -r | sed -e 's/\.nptl//' | sed -e 's/^\(2\.[0-9]\.[1-9][0-9]*-[1-9][0-9]*\(\.[0-9][0-9]*\)*\(\.x\)*\).*$/\1/'`
247 +moduleinstplace=/lib/modules/$bareversion/kernel/net/ipsec
248 +case $bareversion in
249 + 2.6*)
250 + modulename=ipsec.ko
251 + ;;
252 + *)
253 + modulename=ipsec.o
254 + ;;
255 +esac
256 +
257 +klips=true
258 +netkey=/proc/net/pfkey
259 +
260 +info=/dev/null
261 +log=daemon.error
262 +for dummy
263 +do
264 + case "$1" in
265 + --log) log="$2" ; shift ;;
266 + --info) info="$2" ; shift ;;
267 + --debug) debug="$2" ; shift ;;
268 + --omtu) omtu="$2" ; shift ;;
269 + --fragicmp) fragicmp="$2" ; shift ;;
270 + --hidetos) hidetos="$2" ; shift ;;
271 + --rpfilter) rpfiltercontrol="$2" ; shift ;;
272 + --) shift ; break ;;
273 + -*) echo "$me: unknown option \`$1'" >&2 ; exit 2 ;;
274 + *) break ;;
275 + esac
276 + shift
277 +done
278 +
279 +
280 +
281 +# some shell functions, to clarify the actual code
282 +
283 +# set up a system flag based on a variable
284 +# sysflag value shortname default flagname
285 +sysflag() {
286 + case "$1" in
287 + '') v="$3" ;;
288 + *) v="$1" ;;
289 + esac
290 + if test ! -f $sysflags/$4
291 + then
292 + if test " $v" != " $3"
293 + then
294 + echo "cannot do $2=$v, $sysflags/$4 does not exist"
295 + exit 1
296 + else
297 + return # can't set, but it's the default anyway
298 + fi
299 + fi
300 + case "$v" in
301 + yes|no) ;;
302 + *) echo "unknown (not yes/no) $2 value \`$1'"
303 + exit 1
304 + ;;
305 + esac
306 + case "$v" in
307 + yes) echo 1 >$sysflags/$4 ;;
308 + no) echo 0 >$sysflags/$4 ;;
309 + esac
310 +}
311 +
312 +# set up a Klips interface
313 +klipsinterface() {
314 + # pull apart the interface spec
315 + virt=`expr $1 : '\([^=]*\)=.*'`
316 + phys=`expr $1 : '[^=]*=\(.*\)'`
317 + case "$virt" in
318 + ipsec[0-9]) ;;
319 + *) echo "invalid interface \`$virt' in \`$1'" ; exit 1 ;;
320 + esac
321 +
322 + # figure out ifconfig for interface
323 + addr=
324 + eval `ifconfig $phys |
325 + awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ {
326 + gsub(/:/, " ", $0)
327 + print "addr=" $3
328 + other = $5
329 + if ($4 == "Bcast")
330 + print "type=broadcast"
331 + else if ($4 == "P-t-P")
332 + print "type=pointopoint"
333 + else if (NF == 5) {
334 + print "type="
335 + other = ""
336 + } else
337 + print "type=unknown"
338 + print "otheraddr=" other
339 + print "mask=" $NF
340 + }'`
341 + if test " $addr" = " "
342 + then
343 + echo "unable to determine address of \`$phys'"
344 + exit 1
345 + fi
346 + if test " $type" = " unknown"
347 + then
348 + echo "\`$phys' is of an unknown type"
349 + exit 1
350 + fi
351 + if test " $omtu" != " "
352 + then
353 + mtu="mtu $omtu"
354 + else
355 + mtu=
356 + fi
357 + echo "KLIPS $virt on $phys $addr/$mask $type $otheraddr $mtu" | logonly
358 +
359 + if $klips
360 + then
361 + # attach the interface and bring it up
362 + ipsec tncfg --attach --virtual $virt --physical $phys
363 + ifconfig $virt inet $addr $type $otheraddr netmask $mask $mtu
364 + fi
365 +
366 + # if %defaultroute, note the facts
367 + if test " $2" != " "
368 + then
369 + (
370 + echo "defaultroutephys=$phys"
371 + echo "defaultroutevirt=$virt"
372 + echo "defaultrouteaddr=$addr"
373 + if test " $2" != " 0.0.0.0"
374 + then
375 + echo "defaultroutenexthop=$2"
376 + fi
377 + ) >>$info
378 + else
379 + echo '#dr: no default route' >>$info
380 + fi
381 +
382 + # check for rp_filter trouble
383 + checkif $phys # thought to be a problem only on phys
384 +}
385 +
386 +# check an interface for problems
387 +checkif() {
388 + $klips || return 0
389 + rpf=$rpfilter1/$1/$rpfilter2
390 + if test -f $rpf
391 + then
392 + r="`cat $rpf`"
393 + if test " $r" != " 0"
394 + then
395 + case "$r-$rpfiltercontrol" in
396 + 0-%unchanged|0-0|1-1|2-2)
397 + # happy state
398 + ;;
399 + *-%unchanged)
400 + echo "WARNING: $1 has route filtering turned on; KLIPS may not work ($rpf is $r)"
401 + ;;
402 + [012]-[012])
403 + echo "WARNING: changing route filtering on $1 (changing $rpf from $r to $rpfiltercontrol)"
404 + echo "$rpfiltercontrol" >$rpf
405 + ;;
406 + [012]-*)
407 + echo "ERROR: unknown rpfilter setting: $rpfiltercontrol"
408 + ;;
409 + *)
410 + echo "ERROR: unknown $rpf value $r"
411 + ;;
412 + esac
413 + fi
414 + fi
415 +}
416 +
417 +# interfaces=%defaultroute: put ipsec0 on top of default route's interface
418 +defaultinterface() {
419 + phys=`netstat -nr |
420 + awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'`
421 + if test " $phys" = " "
422 + then
423 + echo "no default route, %defaultroute cannot cope!!!"
424 + exit 1
425 + fi
426 + if test `echo " $phys" | wc -l` -gt 1
427 + then
428 + echo "multiple default routes, %defaultroute cannot cope!!!"
429 + exit 1
430 + fi
431 + next=`netstat -nr |
432 + awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'`
433 + klipsinterface "ipsec0=$phys" $next
434 +}
435 +
436 +# log only to syslog, not to stdout/stderr
437 +logonly() {
438 + logger -p $log -t ipsec_setup
439 +}
440 +
441 +# sort out which module is appropriate, changing it if necessary
442 +setmodule() {
443 + if [ -e /proc/kallsyms ]
444 + then
445 + kernelsymbols="/proc/kallsyms";
446 + echo "calcgoo: warning: 2.6 kernel with kallsyms not supported yet"
447 + else
448 + kernelsymbols="/proc/ksyms";
449 + fi
450 + wantgoo="`ipsec calcgoo $kernelsymbols`"
451 + module=$moduleplace/$modulename
452 + if test -f $module
453 + then
454 + goo="`nm -ao $module | ipsec calcgoo`"
455 + if test " $wantgoo" = " $goo"
456 + then
457 + return # looks right
458 + fi
459 + fi
460 + if test -f $moduleinstplace/$wantgoo
461 + then
462 + echo "modprobe failed, but found matching template module $wantgoo."
463 + echo "Copying $moduleinstplace/$wantgoo to $module."
464 + rm -f $module
465 + mkdir -p $moduleplace
466 + cp -p $moduleinstplace/$wantgoo $module
467 + # "depmod -a" gets done by caller
468 + fi
469 +}
470 +
471 +
472 +
473 +# main line
474 +
475 +# load module if possible
476 +if test -f $ipsecversion && test -f $netkey
477 +then
478 + # both KLIPS and NETKEY code detected, bail out
479 + echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
480 + exit
481 +fi
482 +if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
483 +then
484 + # statically compiled KLIPS/NETKEY not found; try to load the module
485 + modprobe ipsec
486 +fi
487 +
488 +if test ! -f $ipsecversion && test ! -f $netkey
489 +then
490 + modprobe -v af_key
491 +fi
492 +
493 +if test -f $netkey
494 +then
495 + klips=false
496 + if test -f $modules
497 + then
498 + modprobe -qv ah4
499 + modprobe -qv esp4
500 + modprobe -qv ipcomp
501 + # xfrm4_tunnel is needed by ipip and ipcomp
502 + modprobe -qv xfrm4_tunnel
503 + # xfrm_user contains netlink support for IPsec
504 + modprobe -qv xfrm_user
505 + modprobe -qv hw_random
506 + # padlock must load before aes module
507 + modprobe -qv padlock
508 + # load the most common ciphers/algo's
509 + modprobe -qv sha1
510 + modprobe -qv md5
511 + modprobe -qv des
512 + modprobe -qv aes
513 + fi
514 +fi
515 +
516 +if test ! -f $ipsecversion && $klips
517 +then
518 + if test -r $modules # kernel does have modules
519 + then
520 + if [ ! -e /proc/ksyms -a ! -e /proc/kallsyms ]
521 + then
522 + echo "Broken 2.6 kernel without kallsyms, skipping calcgoo (Fedora rpm?)"
523 + else
524 + setmodule
525 + fi
526 + unset MODPATH MODULECONF # no user overrides!
527 + depmod -a >/dev/null 2>&1
528 + modprobe -qv hw_random
529 + # padlock must load before aes module
530 + modprobe -qv padlock
531 + modprobe -v ipsec
532 + fi
533 + if test ! -f $ipsecversion
534 + then
535 + echo "kernel appears to lack IPsec support (neither CONFIG_KLIPS or CONFIG_NET_KEY are set)"
536 + exit 1
537 + fi
538 +fi
539 +
540 +# figure out debugging flags
541 +case "$debug" in
542 +'') debug=none ;;
543 +esac
544 +if test -r /proc/net/ipsec_klipsdebug
545 +then
546 + echo "KLIPS debug \`$debug'" | logonly
547 + case "$debug" in
548 + none) ipsec klipsdebug --none ;;
549 + all) ipsec klipsdebug --all ;;
550 + *) ipsec klipsdebug --none
551 + for d in $debug
552 + do
553 + ipsec klipsdebug --set $d
554 + done
555 + ;;
556 + esac
557 +elif $klips
558 +then
559 + if test " $debug" != " none"
560 + then
561 + echo "klipsdebug=\`$debug' ignored, KLIPS lacks debug facilities"
562 + fi
563 +fi
564 +
565 +# figure out misc. kernel config
566 +if test -d $sysflags
567 +then
568 + sysflag "$fragicmp" "fragicmp" yes icmp
569 + echo 1 >$sysflags/inbound_policy_check # no debate
570 + sysflag no "no_eroute_pass" no no_eroute_pass # obsolete parm
571 + sysflag no "opportunistic" no opportunistic # obsolete parm
572 + sysflag "$hidetos" "hidetos" yes tos
573 +elif $klips
574 +then
575 + echo "WARNING: cannot adjust KLIPS flags, no $sysflags directory!"
576 + # carry on
577 +fi
578 +
579 +if $klips
580 +then
581 + # clear tables out in case dregs have been left over
582 + ipsec eroute --clear
583 + ipsec spi --clear
584 +elif test $netkey
585 +then
586 + if ip xfrm state > /dev/null 2>&1
587 + then
588 + ip xfrm state flush
589 + ip xfrm policy flush
590 + elif type setkey > /dev/null 2>&1
591 + then
592 + # Check that the setkey command is available.
593 + setkeycmd=
594 + PATH=$PATH:/usr/local/sbin
595 + for dir in `echo $PATH | tr ':' ' '`
596 + do
597 + if test -f $dir/setkey -a -x $dir/setkey
598 + then
599 + setkeycmd=$dir/setkey
600 + break # NOTE BREAK OUT
601 + fi
602 + done
603 + $setkeycmd -F
604 + $setkeycmd -FP
605 + else
606 +
607 + echo "WARNING: cannot flush state/policy database -- \`$1'. Install a newer version of iproute/iproute2 or install the ipsec-tools package to obtain the setkey command." |
608 + logger -s -p daemon.error -t ipsec_setup
609 + fi
610 +fi
611 +
612 +# figure out interfaces
613 +for i
614 +do
615 + case "$i" in
616 + ipsec*=?*) klipsinterface "$i" ;;
617 + %defaultroute) defaultinterface ;;
618 + *) echo "interface \`$i' not understood"
619 + exit 1
620 + ;;
621 + esac
622 +done
623 +
624 +exit 0
Personal OpenWRT clone
This page took 0.073582 seconds and 5 git commands to generate.