update nmap to 4.01 (thanks to Richard Nadeau)
[openwrt.git] / openwrt / package / openswan / patches / scripts.patch
index 7e908ed..c472294 100644 (file)
-diff -uNr openswan-2.3.0.orig/programs/loggerfix openswan-2.3.0/programs/loggerfix
---- openswan-2.3.0.orig/programs/loggerfix     1970-01-01 00:00:00.000000000 +0000
-+++ openswan-2.3.0/programs/loggerfix  2005-02-02 20:34:54.000000000 +0000
+diff -Nur openswan-2.4.5rc5/programs/loggerfix openswan-2.4.5rc5.patched/programs/loggerfix
+--- openswan-2.4.5rc5/programs/loggerfix       1970-01-01 01:00:00.000000000 +0100
++++ openswan-2.4.5rc5.patched/programs/loggerfix       2006-03-29 01:20:44.000000000 +0200
 @@ -0,0 +1,5 @@
 +#!/bin/sh
 +# use filename instead of /dev/null to log, but dont log to flash or ram
 +# pref. log to nfs mount
 +echo "$*" >> /dev/null
 +exit 0
-diff -uNr openswan-2.3.0.orig/programs/look/look.in openswan-2.3.0/programs/look/look.in
---- openswan-2.3.0.orig/programs/look/look.in  2003-10-31 02:32:42.000000000 +0000
-+++ openswan-2.3.0/programs/look/look.in       2005-02-02 20:34:54.000000000 +0000
-@@ -79,7 +79,7 @@
+diff -Nur openswan-2.4.5rc5/programs/look/look.in openswan-2.4.5rc5.patched/programs/look/look.in
+--- openswan-2.4.5rc5/programs/look/look.in    2005-08-18 16:10:09.000000000 +0200
++++ openswan-2.4.5rc5.patched/programs/look/look.in    2006-03-29 01:20:44.000000000 +0200
+@@ -84,7 +84,7 @@
  then
        pat="$pat|$defaultroutephys\$|$defaultroutevirt\$"
  else
--      for i in `echo "$IPSECinterfaces" | tr '=' ' '`
-+      for i in `echo "$IPSECinterfaces" | sed 's/=/ /'`
+-      for i in `echo "$IPSECinterfaces" | sed 's/=/ /'`
++      for i in `echo "$IPSECinterfaces" | tr '=' ' '`
        do
                pat="$pat|$i\$"
        done
-diff -uNr openswan-2.3.0.orig/programs/manual/manual.in openswan-2.3.0/programs/manual/manual.in
---- openswan-2.3.0.orig/programs/manual/manual.in      2004-11-01 22:49:01.000000000 +0000
-+++ openswan-2.3.0/programs/manual/manual.in   2005-02-02 20:34:54.000000000 +0000
+diff -Nur openswan-2.4.5rc5/programs/manual/manual.in openswan-2.4.5rc5.patched/programs/manual/manual.in
+--- openswan-2.4.5rc5/programs/manual/manual.in        2005-11-18 06:18:33.000000000 +0100
++++ openswan-2.4.5rc5.patched/programs/manual/manual.in        2006-03-29 01:20:44.000000000 +0200
 @@ -104,7 +104,7 @@
                                sub(/:/, " ", $0)
                                if (interf != "")
                                        print $3 "@" interf
--                       }' | tr '\n' ' '`"
-+                       }' | sed ':a;N;$!ba;s/\n/ /g'`"
+-                       }' | sed ':a;N;$!ba;s/\n/ /g'`"
++                       }' | tr '\n' ' '`"
        ;;
  esac
- diff -uNr openswan-2.3.0.orig/programs/_startklips/_startklips.in openswan-2.3.0/programs/_startklips/_startklips.in
---- openswan-2.3.0.orig/programs/_startklips/_startklips.in    2004-12-10 12:38:28.000000000 +0000
-+++ openswan-2.3.0/programs/_startklips/_startklips.in 2005-02-02 20:34:54.000000000 +0000
-@@ -292,7 +292,12 @@
+diff -Nur openswan-2.4.5rc5/programs/_plutorun/_plutorun.in openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in
+--- openswan-2.4.5rc5/programs/_plutorun/_plutorun.in  2006-01-06 00:45:00.000000000 +0100
++++ openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in  2006-03-29 01:20:44.000000000 +0200
+@@ -147,7 +147,7 @@
+                       exit 1
                fi
-                 unset MODPATH MODULECONF        # no user overrides!
-                 depmod -a >/dev/null 2>&1
--                modprobe -v ipsec
-+                if [ -f modprobe ]
-+                                                                      then modprobe -v ipsec
-+                                                              elif [ -f insmod ]
-+                                                                      then insmod ipsec
-+                                                              fi
-+                                                                      
-         fi
-         if test ! -f $ipsecversion
-         then
-diff -uNr openswan-2.3.0.orig/programs/setup/setup.in openswan-2.3.0/programs/setup/setup.in
---- openswan-2.3.0.orig/programs/setup/setup.in        2004-03-22 00:24:06.000000000 +0000
-+++ openswan-2.3.0/programs/setup/setup.in     2005-02-02 20:34:54.000000000 +0000
-@@ -110,12 +110,22 @@
- # do it
- case "$1" in
-   start|--start|stop|--stop|_autostop|_autostart)
--      if test " `id -u`" != " 0"
-+      if [ "x${USER}" != "xroot" ]
+       else
+-              if test ! -w "`dirname $stderrlog`"
++              if test ! -w "`echo $stderrlog | sed -r 's/(^.*\/)(.*$)/\1/'`"
+               then
+                       echo Cannot write to directory to create \"$stderrlog\".
+                       exit 1
+diff -Nur openswan-2.4.5rc5/programs/_realsetup/_realsetup.in openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in
+--- openswan-2.4.5rc5/programs/_realsetup/_realsetup.in        2005-07-28 02:23:48.000000000 +0200
++++ openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in        2006-03-29 01:20:44.000000000 +0200
+@@ -235,7 +235,7 @@
+       # misc pre-Pluto setup
+-      perform test -d `dirname $subsyslock` "&&" touch $subsyslock
++      perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock
+       if test " $IPSECforwardcontrol" = " yes"
        then
-               echo "permission denied (must be superuser)" |
-                       logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
-               exit 1
-       fi
-+
-+      # make sure all required directories exist
-+      if [ ! -d /var/run ]
-+      then
-+              mkdir -p /var/run/pluto
-+      fi
-+      if [ ! -d /var/lock/subsys ]
-+      then
-+              mkdir -p /var/lock/subsys
-+      fi
-       tmp=/var/run/pluto/ipsec_setup.st
-       outtmp=/var/run/pluto/ipsec_setup.out
-       (
-diff -uNr openswan-2.3.0.orig/programs/showhostkey/showhostkey.in openswan-2.3.0/programs/showhostkey/showhostkey.in
---- openswan-2.3.0.orig/programs/showhostkey/showhostkey.in    2004-11-14 13:40:41.000000000 +0000
-+++ openswan-2.3.0/programs/showhostkey/showhostkey.in 2005-02-02 20:34:54.000000000 +0000
-@@ -63,7 +63,7 @@
-       exit 1
- fi
+@@ -347,7 +347,7 @@
+               lsmod 2>&1 | grep "^xfrm_user" > /dev/null && rmmod -s xfrm_user
+       fi 
  
--host="`hostname --fqdn`"
-+host="`nvram get wan_hostname`"
+-      perform test -d `dirname $subsyslock` "&&" rm -f $subsyslock
++      perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock
  
- awk ' BEGIN {
-
-diff -uNr openswan-2.3.0.orig/programs/send-pr/send-pr.in openswan-2.3.0/programs/send-pr/send-pr.in
---- openswan-2.3.0.orig/programs/send-pr/send-pr.in    2003-07-14 12:26:17.000000000 +0000
-+++ openswan-2.3.0/programs/send-pr/send-pr.in 2005-02-02 20:34:54.000000000 +0000
+       perform rm -f $info $lock $plutopid
+       perform echo "...Openswan IPsec stopped" "|" $LOGONLY
+diff -Nur openswan-2.4.5rc5/programs/send-pr/send-pr.in openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in
+--- openswan-2.4.5rc5/programs/send-pr/send-pr.in      2005-04-18 01:04:46.000000000 +0200
++++ openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in      2006-03-29 01:20:44.000000000 +0200
 @@ -402,7 +402,7 @@
                    else
                        if [ "$fieldname" != "Category" ]
                        then
--                          values=`${BINDIR}/query-pr --valid-values $fieldname | tr '\n' ' ' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
-+                          values=`${BINDIR}/query-pr --valid-values $fieldname | sed ':a;N;$!ba;s/\n/ /g' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
+-                          values=`${BINDIR}/query-pr --valid-values $fieldname | sed ':a;N;$!ba;s/\n/ /g' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
++                          values=`${BINDIR}/query-pr --valid-values $fieldname | tr '\n' ' ' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
                            valslen=`echo "$values" | wc -c`
                        else
                            values="choose from a category listed above"
@@ -102,8 +80,8 @@ diff -uNr openswan-2.3.0.orig/programs/send-pr/send-pr.in openswan-2.3.0/program
                        else
                                desc="<${values} (one line)>";
                        fi
--                      dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
-+                      dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
+-                      dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
++                      dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
                        echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
                    fi
                    echo "${fmtname}${desc}" >> $file
@@ -111,8 +89,8 @@ diff -uNr openswan-2.3.0.orig/programs/send-pr/send-pr.in openswan-2.3.0/program
                        desc="  $default_val";
                    else
                        desc="  <`${BINDIR}/query-pr --field-description $fieldname` (multiple lines)>";
--                      dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
-+                      dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
+-                      dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
++                      dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
                        echo "s/^${dpat}//" >> $FIXFIL
                    fi
                    echo "${fmtname}" >> $file;
@@ -120,40 +98,527 @@ diff -uNr openswan-2.3.0.orig/programs/send-pr/send-pr.in openswan-2.3.0/program
                        desc="${default_val}"
                    else
                        desc="<`${BINDIR}/query-pr --field-description $fieldname` (one line)>"
--                      dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
-+                      dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
+-                      dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
++                      dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
                        echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
                    fi
                    echo "${fmtname}${desc}" >> $file
-diff -uNr openswan-2.3.0.orig/programs/_realsetup/_realsetup.in openswan-2.3.0/programs/_realsetup/_realsetup.in
---- openswan-2.3.0.orig/programs/_realsetup/_realsetup.in      2004-12-10 13:10:04.000000000 +0000
-+++ openswan-2.3.0/programs/_realsetup/_realsetup.in   2005-02-02 20:34:54.000000000 +0000
-@@ -209,7 +209,7 @@
+diff -Nur openswan-2.4.5rc5/programs/setup/setup.in openswan-2.4.5rc5.patched/programs/setup/setup.in
+--- openswan-2.4.5rc5/programs/setup/setup.in  2005-07-25 21:17:03.000000000 +0200
++++ openswan-2.4.5rc5.patched/programs/setup/setup.in  2006-03-29 01:20:44.000000000 +0200
+@@ -117,12 +117,22 @@
+ # do it
+ case "$1" in
+   start|--start|stop|--stop|_autostop|_autostart)
+-      if test " `id -u`" != " 0"
++      if [ "x${USER}" != "xroot" ]
+       then
+               echo "permission denied (must be superuser)" |
+                       logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
+               exit 1
+       fi
++
++      # make sure all required directories exist
++      if [ ! -d /var/run/pluto ]
++      then
++              mkdir -p /var/run/pluto
++      fi
++      if [ ! -d /var/lock/subsys ]
++      then
++              mkdir -p /var/lock/subsys
++      fi
+       tmp=/var/run/pluto/ipsec_setup.st
+       outtmp=/var/run/pluto/ipsec_setup.out
+       (
+diff -Nur openswan-2.4.5rc5/programs/showhostkey/showhostkey.in openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in
+--- openswan-2.4.5rc5/programs/showhostkey/showhostkey.in      2004-11-14 14:40:41.000000000 +0100
++++ openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in      2006-03-29 01:20:44.000000000 +0200
+@@ -63,7 +63,7 @@
+       exit 1
+ fi
  
-       # misc pre-Pluto setup
+-host="`hostname --fqdn`"
++host="`cat /proc/sys/kernel/hostname`"
  
--      perform test -d `dirname $subsyslock` "&&" touch $subsyslock
-+      perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock
+ awk ' BEGIN {
+               inkey = 0
+diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in
+--- openswan-2.4.5rc5/programs/_startklips/_startklips.in      2005-11-25 00:08:05.000000000 +0100
++++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in      2006-03-29 01:23:54.000000000 +0200
+@@ -262,15 +262,15 @@
+     echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
+     exit
+ fi
+-if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
++if test ! -f $ipsecversion && test ! -f $netkey && insmod ipsec
+ then
+     # statically compiled KLIPS/NETKEY not found; try to load the module
+-    modprobe ipsec
++    insmod ipsec
+ fi
  
-       if test " $IPSECforwardcontrol" = " yes"
      then
-@@ -313,7 +313,7 @@
-               lsmod 2>&1 | grep "^xfrm_user" > /dev/null && rmmod -s xfrm_user
-       fi 
+ if test ! -f $ipsecversion && test ! -f $netkey
+ then
+-      modprobe -v af_key
++      insmod -v af_key
+ fi
  
--      perform test -d `dirname $subsyslock` "&&" rm -f $subsyslock
-+      perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock
+ if test -f $netkey
+@@ -278,21 +278,21 @@
+       klips=false
+       if test -f $modules
+       then
+-              modprobe -qv ah4
+-              modprobe -qv esp4
+-              modprobe -qv ipcomp
++              insmod -qv ah4
++              insmod -qv esp4
++              insmod -qv ipcomp
+               #  xfrm4_tunnel is needed by ipip and ipcomp
+-              modprobe -qv xfrm4_tunnel
++              insmod -qv xfrm4_tunnel
+               # xfrm_user contains netlink support for IPsec 
+-              modprobe -qv xfrm_user
+-              modprobe -qv hw_random
++              insmod -qv xfrm_user
++              insmod -qv hw_random
+               # padlock must load before aes module
+-              modprobe -qv padlock
++              insmod -qv padlock
+               # load the most common ciphers/algo's
+-              modprobe -qv sha1
+-              modprobe -qv md5
+-              modprobe -qv des
+-              modprobe -qv aes
++              insmod -qv sha1
++              insmod -qv md5
++              insmod -qv des
++              insmod -qv aes
+       fi
+ fi
  
-       perform rm -f $info $lock $plutopid
-       perform echo "...Openswan IPsec stopped" "|" $LOGONLY
---- openswan-2.3.0.orig/programs/_plutorun/_plutorun.in        2004-11-03 20:21:08.000000000 +0000
-+++ openswan-2.3.0/programs/_plutorun/_plutorun.in     2005-02-02 20:34:54.000000000 +0000
-@@ -140,7 +140,7 @@
-                       exit 1
+@@ -308,10 +308,10 @@
                fi
-       else
--              if test ! -w "`dirname $stderrlog`"
-+              if test ! -w "`echo $stderrlog | sed -r 's/(^.*\/)(.*$)/\1/'`"
-               then
-                       echo Cannot write to directory to create \"$stderrlog\".
-                       exit 1
+                 unset MODPATH MODULECONF        # no user overrides!
+                 depmod -a >/dev/null 2>&1
+-              modprobe -qv hw_random
++              insmod -qv hw_random
+               # padlock must load before aes module
+-              modprobe -qv padlock
+-                modprobe -v ipsec
++              insmod -qv padlock
++                insmod -v ipsec
+         fi
+         if test ! -f $ipsecversion
+         then
+diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig
+--- openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig 1970-01-01 01:00:00.000000000 +0100
++++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig 2005-11-25 00:08:05.000000000 +0100
+@@ -0,0 +1,407 @@
++#!/bin/sh
++# KLIPS startup script
++# Copyright (C) 1998, 1999, 2001, 2002  Henry Spencer.
++# 
++# This program is free software; you can redistribute it and/or modify it
++# under the terms of the GNU General Public License as published by the
++# Free Software Foundation; either version 2 of the License, or (at your
++# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
++# 
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
++# for more details.
++#
++# RCSID $Id$
++
++me='ipsec _startklips'                # for messages
++
++# KLIPS-related paths
++sysflags=/proc/sys/net/ipsec
++modules=/proc/modules
++# full rp_filter path is $rpfilter1/interface/$rpfilter2
++rpfilter1=/proc/sys/net/ipv4/conf
++rpfilter2=rp_filter
++# %unchanged or setting (0, 1, or 2)
++rpfiltercontrol=0
++ipsecversion=/proc/net/ipsec_version
++moduleplace=/lib/modules/`uname -r`/kernel/net/ipsec
++bareversion=`uname -r | sed -e 's/\.nptl//' | sed -e 's/^\(2\.[0-9]\.[1-9][0-9]*-[1-9][0-9]*\(\.[0-9][0-9]*\)*\(\.x\)*\).*$/\1/'`
++moduleinstplace=/lib/modules/$bareversion/kernel/net/ipsec
++case $bareversion in
++      2.6*)
++              modulename=ipsec.ko
++              ;;
++      *)
++              modulename=ipsec.o
++              ;;
++esac
++
++klips=true
++netkey=/proc/net/pfkey
++
++info=/dev/null
++log=daemon.error
++for dummy
++do
++      case "$1" in
++      --log)          log="$2" ; shift        ;;
++      --info)         info="$2" ; shift       ;;
++      --debug)        debug="$2" ; shift      ;;
++      --omtu)         omtu="$2" ; shift       ;;
++      --fragicmp)     fragicmp="$2" ; shift   ;;
++      --hidetos)      hidetos="$2" ; shift    ;;
++      --rpfilter)     rpfiltercontrol="$2" ; shift    ;;
++      --)     shift ; break   ;;
++      -*)     echo "$me: unknown option \`$1'" >&2 ; exit 2   ;;
++      *)      break   ;;
++      esac
++      shift
++done
++
++
++
++# some shell functions, to clarify the actual code
++
++# set up a system flag based on a variable
++# sysflag value shortname default flagname
++sysflag() {
++      case "$1" in
++      '')     v="$3"  ;;
++      *)      v="$1"  ;;
++      esac
++      if test ! -f $sysflags/$4
++      then
++              if test " $v" != " $3"
++              then
++                      echo "cannot do $2=$v, $sysflags/$4 does not exist"
++                      exit 1
++              else
++                      return  # can't set, but it's the default anyway
++              fi
++      fi
++      case "$v" in
++      yes|no) ;;
++      *)      echo "unknown (not yes/no) $2 value \`$1'"
++              exit 1
++              ;;
++      esac
++      case "$v" in
++      yes)    echo 1 >$sysflags/$4    ;;
++      no)     echo 0 >$sysflags/$4    ;;
++      esac
++}
++
++# set up a Klips interface
++klipsinterface() {
++      # pull apart the interface spec
++      virt=`expr $1 : '\([^=]*\)=.*'`
++      phys=`expr $1 : '[^=]*=\(.*\)'`
++      case "$virt" in
++      ipsec[0-9])     ;;
++      *)      echo "invalid interface \`$virt' in \`$1'" ; exit 1     ;;
++      esac
++
++      # figure out ifconfig for interface
++      addr=
++      eval `ifconfig $phys |
++              awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ {
++                      gsub(/:/, " ", $0)
++                      print "addr=" $3
++                      other = $5
++                      if ($4 == "Bcast")
++                              print "type=broadcast"
++                      else if ($4 == "P-t-P")
++                              print "type=pointopoint"
++                      else if (NF == 5) {
++                              print "type="
++                              other = ""
++                      } else
++                              print "type=unknown"
++                      print "otheraddr=" other
++                      print "mask=" $NF
++              }'`
++      if test " $addr" = " "
++      then
++              echo "unable to determine address of \`$phys'"
++              exit 1
++      fi
++      if test " $type" = " unknown"
++      then
++              echo "\`$phys' is of an unknown type"
++              exit 1
++      fi
++      if test " $omtu" != " "
++      then
++              mtu="mtu $omtu"
++      else
++              mtu=
++      fi
++      echo "KLIPS $virt on $phys $addr/$mask $type $otheraddr $mtu" | logonly
++
++      if $klips
++      then
++              # attach the interface and bring it up
++              ipsec tncfg --attach --virtual $virt --physical $phys
++              ifconfig $virt inet $addr $type $otheraddr netmask $mask $mtu
++      fi
++
++      # if %defaultroute, note the facts
++      if test " $2" != " "
++      then
++              (
++                      echo "defaultroutephys=$phys"
++                      echo "defaultroutevirt=$virt"
++                      echo "defaultrouteaddr=$addr"
++                      if test " $2" != " 0.0.0.0"
++                      then
++                              echo "defaultroutenexthop=$2"
++                      fi
++              ) >>$info
++      else
++              echo '#dr: no default route' >>$info
++      fi
++
++      # check for rp_filter trouble
++      checkif $phys                   # thought to be a problem only on phys
++}
++
++# check an interface for problems
++checkif() {
++      $klips || return 0
++      rpf=$rpfilter1/$1/$rpfilter2
++      if test -f $rpf
++      then
++              r="`cat $rpf`"
++              if test " $r" != " 0"
++              then
++                      case "$r-$rpfiltercontrol" in
++                      0-%unchanged|0-0|1-1|2-2)
++                              # happy state
++                              ;;
++                      *-%unchanged)
++                              echo "WARNING: $1 has route filtering turned on; KLIPS may not work ($rpf is $r)"
++                              ;;
++                      [012]-[012])
++                              echo "WARNING: changing route filtering on $1 (changing $rpf from $r to $rpfiltercontrol)"
++                              echo "$rpfiltercontrol" >$rpf
++                              ;;
++                      [012]-*)
++                              echo "ERROR: unknown rpfilter setting: $rpfiltercontrol"
++                              ;;
++                      *)
++                              echo "ERROR: unknown $rpf value $r"
++                              ;;
++                      esac
++              fi
++      fi
++}
++
++# interfaces=%defaultroute:  put ipsec0 on top of default route's interface
++defaultinterface() {
++      phys=`netstat -nr |
++              awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'`
++      if test " $phys" = " "
++      then
++              echo "no default route, %defaultroute cannot cope!!!"
++              exit 1
++      fi
++      if test `echo " $phys" | wc -l` -gt 1
++      then
++              echo "multiple default routes, %defaultroute cannot cope!!!"
++              exit 1
++      fi
++      next=`netstat -nr |
++              awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'`
++      klipsinterface "ipsec0=$phys" $next
++}
++
++# log only to syslog, not to stdout/stderr
++logonly() {
++      logger -p $log -t ipsec_setup
++}
++
++# sort out which module is appropriate, changing it if necessary
++setmodule() {
++      if [ -e /proc/kallsyms ]
++      then
++              kernelsymbols="/proc/kallsyms";
++              echo "calcgoo: warning: 2.6 kernel with kallsyms not supported yet"
++      else
++              kernelsymbols="/proc/ksyms";
++      fi      
++        wantgoo="`ipsec calcgoo $kernelsymbols`"
++        module=$moduleplace/$modulename
++        if test -f $module
++        then
++                goo="`nm -ao $module | ipsec calcgoo`"
++                if test " $wantgoo" = " $goo"
++                then
++                        return          # looks right
++                fi
++        fi
++        if test -f $moduleinstplace/$wantgoo
++        then
++                echo "modprobe failed, but found matching template module $wantgoo."
++                echo "Copying $moduleinstplace/$wantgoo to $module."
++                rm -f $module
++                mkdir -p $moduleplace
++                cp -p $moduleinstplace/$wantgoo $module
++                # "depmod -a" gets done by caller
++        fi
++}
++
++
++
++# main line
++
++# load module if possible
++if test -f $ipsecversion && test -f $netkey
++then
++    # both KLIPS and NETKEY code detected, bail out
++    echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
++    exit
++fi
++if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
++then
++    # statically compiled KLIPS/NETKEY not found; try to load the module
++    modprobe ipsec
++fi
++
++if test ! -f $ipsecversion && test ! -f $netkey
++then
++      modprobe -v af_key
++fi
++
++if test -f $netkey
++then
++      klips=false
++      if test -f $modules
++      then
++              modprobe -qv ah4
++              modprobe -qv esp4
++              modprobe -qv ipcomp
++              #  xfrm4_tunnel is needed by ipip and ipcomp
++              modprobe -qv xfrm4_tunnel
++              # xfrm_user contains netlink support for IPsec 
++              modprobe -qv xfrm_user
++              modprobe -qv hw_random
++              # padlock must load before aes module
++              modprobe -qv padlock
++              # load the most common ciphers/algo's
++              modprobe -qv sha1
++              modprobe -qv md5
++              modprobe -qv des
++              modprobe -qv aes
++      fi
++fi
++
++if test ! -f $ipsecversion && $klips
++then
++        if test -r $modules             # kernel does have modules
++        then
++              if [ ! -e /proc/ksyms -a ! -e /proc/kallsyms ]
++              then
++                      echo "Broken 2.6 kernel without kallsyms, skipping calcgoo (Fedora rpm?)"
++              else
++                      setmodule
++              fi
++                unset MODPATH MODULECONF        # no user overrides!
++                depmod -a >/dev/null 2>&1
++              modprobe -qv hw_random
++              # padlock must load before aes module
++              modprobe -qv padlock
++                modprobe -v ipsec
++        fi
++        if test ! -f $ipsecversion
++        then
++                echo "kernel appears to lack IPsec support (neither CONFIG_KLIPS or CONFIG_NET_KEY are set)"
++                exit 1
++        fi
++fi
++
++# figure out debugging flags
++case "$debug" in
++'')   debug=none      ;;
++esac
++if test -r /proc/net/ipsec_klipsdebug
++then
++      echo "KLIPS debug \`$debug'" | logonly
++      case "$debug" in
++      none)   ipsec klipsdebug --none ;;
++      all)    ipsec klipsdebug --all  ;;
++      *)      ipsec klipsdebug --none
++              for d in $debug
++              do
++                      ipsec klipsdebug --set $d
++              done
++              ;;
++      esac
++elif $klips
++then
++      if test " $debug" != " none"
++      then
++              echo "klipsdebug=\`$debug' ignored, KLIPS lacks debug facilities"
++      fi
++fi
++
++# figure out misc. kernel config
++if test -d $sysflags
++then
++      sysflag "$fragicmp" "fragicmp" yes icmp
++      echo 1 >$sysflags/inbound_policy_check          # no debate
++      sysflag no "no_eroute_pass" no no_eroute_pass   # obsolete parm
++      sysflag no "opportunistic" no opportunistic     # obsolete parm
++      sysflag "$hidetos" "hidetos" yes tos
++elif $klips
++then
++      echo "WARNING: cannot adjust KLIPS flags, no $sysflags directory!"
++      # carry on
++fi
++
++if $klips
++then
++      # clear tables out in case dregs have been left over
++      ipsec eroute --clear
++      ipsec spi --clear
++elif test $netkey
++then
++      if ip xfrm state > /dev/null 2>&1
++      then
++              ip xfrm state flush
++              ip xfrm policy flush
++      elif type setkey > /dev/null 2>&1
++      then
++              # Check that the setkey command is available.
++              setkeycmd=       
++              PATH=$PATH:/usr/local/sbin       
++              for dir in `echo $PATH | tr ':' ' '`     
++              do       
++                      if test -f $dir/setkey -a -x $dir/setkey         
++                      then
++                              setkeycmd=$dir/setkey
++                              break                   # NOTE BREAK OUT 
++                      fi
++              done
++              $setkeycmd -F
++              $setkeycmd -FP
++      else
++      
++              echo "WARNING: cannot flush state/policy database -- \`$1'. Install a newer version of iproute/iproute2 or install the ipsec-tools package to obtain the setkey command." |
++                      logger -s -p daemon.error -t ipsec_setup
++      fi
++fi
++
++# figure out interfaces
++for i
++do
++      case "$i" in
++      ipsec*=?*)      klipsinterface "$i"     ;;
++      %defaultroute)  defaultinterface        ;;
++      *)      echo "interface \`$i' not understood"
++              exit 1
++              ;;
++      esac
++done
++
++exit 0
This page took 0.071532 seconds and 4 git commands to generate.