-diff -uNr openswan-2.3.0.orig/programs/loggerfix openswan-2.3.0/programs/loggerfix
---- openswan-2.3.0.orig/programs/loggerfix 1970-01-01 00:00:00.000000000 +0000
-+++ openswan-2.3.0/programs/loggerfix 2005-02-02 20:34:54.000000000 +0000
+diff -Nur openswan-2.4.5rc5/programs/loggerfix openswan-2.4.5rc5.patched/programs/loggerfix
+--- openswan-2.4.5rc5/programs/loggerfix 1970-01-01 01:00:00.000000000 +0100
++++ openswan-2.4.5rc5.patched/programs/loggerfix 2006-03-29 01:20:44.000000000 +0200
@@ -0,0 +1,5 @@
+#!/bin/sh
+# use filename instead of /dev/null to log, but dont log to flash or ram
+# pref. log to nfs mount
+echo "$*" >> /dev/null
+exit 0
-diff -uNr openswan-2.3.0.orig/programs/look/look.in openswan-2.3.0/programs/look/look.in
---- openswan-2.3.0.orig/programs/look/look.in 2003-10-31 02:32:42.000000000 +0000
-+++ openswan-2.3.0/programs/look/look.in 2005-02-02 20:34:54.000000000 +0000
-@@ -79,7 +79,7 @@
+diff -Nur openswan-2.4.5rc5/programs/look/look.in openswan-2.4.5rc5.patched/programs/look/look.in
+--- openswan-2.4.5rc5/programs/look/look.in 2005-08-18 16:10:09.000000000 +0200
++++ openswan-2.4.5rc5.patched/programs/look/look.in 2006-03-29 01:20:44.000000000 +0200
+@@ -84,7 +84,7 @@
then
pat="$pat|$defaultroutephys\$|$defaultroutevirt\$"
else
-- for i in `echo "$IPSECinterfaces" | tr '=' ' '`
-+ for i in `echo "$IPSECinterfaces" | sed 's/=/ /'`
+- for i in `echo "$IPSECinterfaces" | sed 's/=/ /'`
++ for i in `echo "$IPSECinterfaces" | tr '=' ' '`
do
pat="$pat|$i\$"
done
-diff -uNr openswan-2.3.0.orig/programs/manual/manual.in openswan-2.3.0/programs/manual/manual.in
---- openswan-2.3.0.orig/programs/manual/manual.in 2004-11-01 22:49:01.000000000 +0000
-+++ openswan-2.3.0/programs/manual/manual.in 2005-02-02 20:34:54.000000000 +0000
+diff -Nur openswan-2.4.5rc5/programs/manual/manual.in openswan-2.4.5rc5.patched/programs/manual/manual.in
+--- openswan-2.4.5rc5/programs/manual/manual.in 2005-11-18 06:18:33.000000000 +0100
++++ openswan-2.4.5rc5.patched/programs/manual/manual.in 2006-03-29 01:20:44.000000000 +0200
@@ -104,7 +104,7 @@
sub(/:/, " ", $0)
if (interf != "")
print $3 "@" interf
-- }' | tr '\n' ' '`"
-+ }' | sed ':a;N;$!ba;s/\n/ /g'`"
+- }' | sed ':a;N;$!ba;s/\n/ /g'`"
++ }' | tr '\n' ' '`"
;;
esac
- diff -uNr openswan-2.3.0.orig/programs/_startklips/_startklips.in openswan-2.3.0/programs/_startklips/_startklips.in
---- openswan-2.3.0.orig/programs/_startklips/_startklips.in 2004-12-10 12:38:28.000000000 +0000
-+++ openswan-2.3.0/programs/_startklips/_startklips.in 2005-02-02 20:34:54.000000000 +0000
-@@ -292,7 +292,12 @@
+
+diff -Nur openswan-2.4.5rc5/programs/_plutorun/_plutorun.in openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in
+--- openswan-2.4.5rc5/programs/_plutorun/_plutorun.in 2006-01-06 00:45:00.000000000 +0100
++++ openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in 2006-03-29 01:20:44.000000000 +0200
+@@ -147,7 +147,7 @@
+ exit 1
fi
- unset MODPATH MODULECONF # no user overrides!
- depmod -a >/dev/null 2>&1
-- modprobe -v ipsec
-+ if [ -f modprobe ]
-+ then modprobe -v ipsec
-+ elif [ -f insmod ]
-+ then insmod ipsec
-+ fi
-+
- fi
- if test ! -f $ipsecversion
- then
-diff -uNr openswan-2.3.0.orig/programs/setup/setup.in openswan-2.3.0/programs/setup/setup.in
---- openswan-2.3.0.orig/programs/setup/setup.in 2004-03-22 00:24:06.000000000 +0000
-+++ openswan-2.3.0/programs/setup/setup.in 2005-02-02 20:34:54.000000000 +0000
-@@ -110,12 +110,22 @@
- # do it
- case "$1" in
- start|--start|stop|--stop|_autostop|_autostart)
-- if test " `id -u`" != " 0"
-+ if [ "x${USER}" != "xroot" ]
+ else
+- if test ! -w "`dirname $stderrlog`"
++ if test ! -w "`echo $stderrlog | sed -r 's/(^.*\/)(.*$)/\1/'`"
+ then
+ echo Cannot write to directory to create \"$stderrlog\".
+ exit 1
+diff -Nur openswan-2.4.5rc5/programs/_realsetup/_realsetup.in openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in
+--- openswan-2.4.5rc5/programs/_realsetup/_realsetup.in 2005-07-28 02:23:48.000000000 +0200
++++ openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in 2006-03-29 01:20:44.000000000 +0200
+@@ -235,7 +235,7 @@
+
+ # misc pre-Pluto setup
+
+- perform test -d `dirname $subsyslock` "&&" touch $subsyslock
++ perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock
+
+ if test " $IPSECforwardcontrol" = " yes"
then
- echo "permission denied (must be superuser)" |
- logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
- exit 1
- fi
-+
-+ # make sure all required directories exist
-+ if [ ! -d /var/run ]
-+ then
-+ mkdir -p /var/run/pluto
-+ fi
-+ if [ ! -d /var/lock/subsys ]
-+ then
-+ mkdir -p /var/lock/subsys
-+ fi
- tmp=/var/run/pluto/ipsec_setup.st
- outtmp=/var/run/pluto/ipsec_setup.out
- (
-diff -uNr openswan-2.3.0.orig/programs/showhostkey/showhostkey.in openswan-2.3.0/programs/showhostkey/showhostkey.in
---- openswan-2.3.0.orig/programs/showhostkey/showhostkey.in 2004-11-14 13:40:41.000000000 +0000
-+++ openswan-2.3.0/programs/showhostkey/showhostkey.in 2005-02-02 20:34:54.000000000 +0000
-@@ -63,7 +63,7 @@
- exit 1
- fi
+@@ -347,7 +347,7 @@
+ lsmod 2>&1 | grep "^xfrm_user" > /dev/null && rmmod -s xfrm_user
+ fi
--host="`hostname --fqdn`"
-+host="`nvram get wan_hostname`"
+- perform test -d `dirname $subsyslock` "&&" rm -f $subsyslock
++ perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock
- awk ' BEGIN {
-
-diff -uNr openswan-2.3.0.orig/programs/send-pr/send-pr.in openswan-2.3.0/programs/send-pr/send-pr.in
---- openswan-2.3.0.orig/programs/send-pr/send-pr.in 2003-07-14 12:26:17.000000000 +0000
-+++ openswan-2.3.0/programs/send-pr/send-pr.in 2005-02-02 20:34:54.000000000 +0000
+ perform rm -f $info $lock $plutopid
+ perform echo "...Openswan IPsec stopped" "|" $LOGONLY
+diff -Nur openswan-2.4.5rc5/programs/send-pr/send-pr.in openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in
+--- openswan-2.4.5rc5/programs/send-pr/send-pr.in 2005-04-18 01:04:46.000000000 +0200
++++ openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in 2006-03-29 01:20:44.000000000 +0200
@@ -402,7 +402,7 @@
else
if [ "$fieldname" != "Category" ]
then
-- values=`${BINDIR}/query-pr --valid-values $fieldname | tr '\n' ' ' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
-+ values=`${BINDIR}/query-pr --valid-values $fieldname | sed ':a;N;$!ba;s/\n/ /g' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
+- values=`${BINDIR}/query-pr --valid-values $fieldname | sed ':a;N;$!ba;s/\n/ /g' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
++ values=`${BINDIR}/query-pr --valid-values $fieldname | tr '\n' ' ' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
valslen=`echo "$values" | wc -c`
else
values="choose from a category listed above"
else
desc="<${values} (one line)>";
fi
-- dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
-+ dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
+- dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
++ dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
fi
echo "${fmtname}${desc}" >> $file
desc=" $default_val";
else
desc=" <`${BINDIR}/query-pr --field-description $fieldname` (multiple lines)>";
-- dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
-+ dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
+- dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
++ dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
echo "s/^${dpat}//" >> $FIXFIL
fi
echo "${fmtname}" >> $file;
desc="${default_val}"
else
desc="<`${BINDIR}/query-pr --field-description $fieldname` (one line)>"
-- dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
-+ dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
+- dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
++ dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
fi
echo "${fmtname}${desc}" >> $file
-diff -uNr openswan-2.3.0.orig/programs/_realsetup/_realsetup.in openswan-2.3.0/programs/_realsetup/_realsetup.in
---- openswan-2.3.0.orig/programs/_realsetup/_realsetup.in 2004-12-10 13:10:04.000000000 +0000
-+++ openswan-2.3.0/programs/_realsetup/_realsetup.in 2005-02-02 20:34:54.000000000 +0000
-@@ -209,7 +209,7 @@
+diff -Nur openswan-2.4.5rc5/programs/setup/setup.in openswan-2.4.5rc5.patched/programs/setup/setup.in
+--- openswan-2.4.5rc5/programs/setup/setup.in 2005-07-25 21:17:03.000000000 +0200
++++ openswan-2.4.5rc5.patched/programs/setup/setup.in 2006-03-29 01:20:44.000000000 +0200
+@@ -117,12 +117,22 @@
+ # do it
+ case "$1" in
+ start|--start|stop|--stop|_autostop|_autostart)
+- if test " `id -u`" != " 0"
++ if [ "x${USER}" != "xroot" ]
+ then
+ echo "permission denied (must be superuser)" |
+ logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
+ exit 1
+ fi
++
++ # make sure all required directories exist
++ if [ ! -d /var/run/pluto ]
++ then
++ mkdir -p /var/run/pluto
++ fi
++ if [ ! -d /var/lock/subsys ]
++ then
++ mkdir -p /var/lock/subsys
++ fi
+ tmp=/var/run/pluto/ipsec_setup.st
+ outtmp=/var/run/pluto/ipsec_setup.out
+ (
+diff -Nur openswan-2.4.5rc5/programs/showhostkey/showhostkey.in openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in
+--- openswan-2.4.5rc5/programs/showhostkey/showhostkey.in 2004-11-14 14:40:41.000000000 +0100
++++ openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in 2006-03-29 01:20:44.000000000 +0200
+@@ -63,7 +63,7 @@
+ exit 1
+ fi
- # misc pre-Pluto setup
+-host="`hostname --fqdn`"
++host="`cat /proc/sys/kernel/hostname`"
-- perform test -d `dirname $subsyslock` "&&" touch $subsyslock
-+ perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock
+ awk ' BEGIN {
+ inkey = 0
+diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in
+--- openswan-2.4.5rc5/programs/_startklips/_startklips.in 2005-11-25 00:08:05.000000000 +0100
++++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in 2006-03-29 01:23:54.000000000 +0200
+@@ -262,15 +262,15 @@
+ echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
+ exit
+ fi
+-if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
++if test ! -f $ipsecversion && test ! -f $netkey && insmod ipsec
+ then
+ # statically compiled KLIPS/NETKEY not found; try to load the module
+- modprobe ipsec
++ insmod ipsec
+ fi
- if test " $IPSECforwardcontrol" = " yes"
- then
-@@ -313,7 +313,7 @@
- lsmod 2>&1 | grep "^xfrm_user" > /dev/null && rmmod -s xfrm_user
- fi
+ if test ! -f $ipsecversion && test ! -f $netkey
+ then
+- modprobe -v af_key
++ insmod -v af_key
+ fi
-- perform test -d `dirname $subsyslock` "&&" rm -f $subsyslock
-+ perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock
+ if test -f $netkey
+@@ -278,21 +278,21 @@
+ klips=false
+ if test -f $modules
+ then
+- modprobe -qv ah4
+- modprobe -qv esp4
+- modprobe -qv ipcomp
++ insmod -qv ah4
++ insmod -qv esp4
++ insmod -qv ipcomp
+ # xfrm4_tunnel is needed by ipip and ipcomp
+- modprobe -qv xfrm4_tunnel
++ insmod -qv xfrm4_tunnel
+ # xfrm_user contains netlink support for IPsec
+- modprobe -qv xfrm_user
+- modprobe -qv hw_random
++ insmod -qv xfrm_user
++ insmod -qv hw_random
+ # padlock must load before aes module
+- modprobe -qv padlock
++ insmod -qv padlock
+ # load the most common ciphers/algo's
+- modprobe -qv sha1
+- modprobe -qv md5
+- modprobe -qv des
+- modprobe -qv aes
++ insmod -qv sha1
++ insmod -qv md5
++ insmod -qv des
++ insmod -qv aes
+ fi
+ fi
- perform rm -f $info $lock $plutopid
- perform echo "...Openswan IPsec stopped" "|" $LOGONLY
---- openswan-2.3.0.orig/programs/_plutorun/_plutorun.in 2004-11-03 20:21:08.000000000 +0000
-+++ openswan-2.3.0/programs/_plutorun/_plutorun.in 2005-02-02 20:34:54.000000000 +0000
-@@ -140,7 +140,7 @@
- exit 1
+@@ -308,10 +308,10 @@
fi
- else
-- if test ! -w "`dirname $stderrlog`"
-+ if test ! -w "`echo $stderrlog | sed -r 's/(^.*\/)(.*$)/\1/'`"
- then
- echo Cannot write to directory to create \"$stderrlog\".
- exit 1
+ unset MODPATH MODULECONF # no user overrides!
+ depmod -a >/dev/null 2>&1
+- modprobe -qv hw_random
++ insmod -qv hw_random
+ # padlock must load before aes module
+- modprobe -qv padlock
+- modprobe -v ipsec
++ insmod -qv padlock
++ insmod -v ipsec
+ fi
+ if test ! -f $ipsecversion
+ then
+diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig
+--- openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig 1970-01-01 01:00:00.000000000 +0100
++++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig 2005-11-25 00:08:05.000000000 +0100
+@@ -0,0 +1,407 @@
++#!/bin/sh
++# KLIPS startup script
++# Copyright (C) 1998, 1999, 2001, 2002 Henry Spencer.
++#
++# This program is free software; you can redistribute it and/or modify it
++# under the terms of the GNU General Public License as published by the
++# Free Software Foundation; either version 2 of the License, or (at your
++# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++# for more details.
++#
++# RCSID $Id$
++
++me='ipsec _startklips' # for messages
++
++# KLIPS-related paths
++sysflags=/proc/sys/net/ipsec
++modules=/proc/modules
++# full rp_filter path is $rpfilter1/interface/$rpfilter2
++rpfilter1=/proc/sys/net/ipv4/conf
++rpfilter2=rp_filter
++# %unchanged or setting (0, 1, or 2)
++rpfiltercontrol=0
++ipsecversion=/proc/net/ipsec_version
++moduleplace=/lib/modules/`uname -r`/kernel/net/ipsec
++bareversion=`uname -r | sed -e 's/\.nptl//' | sed -e 's/^\(2\.[0-9]\.[1-9][0-9]*-[1-9][0-9]*\(\.[0-9][0-9]*\)*\(\.x\)*\).*$/\1/'`
++moduleinstplace=/lib/modules/$bareversion/kernel/net/ipsec
++case $bareversion in
++ 2.6*)
++ modulename=ipsec.ko
++ ;;
++ *)
++ modulename=ipsec.o
++ ;;
++esac
++
++klips=true
++netkey=/proc/net/pfkey
++
++info=/dev/null
++log=daemon.error
++for dummy
++do
++ case "$1" in
++ --log) log="$2" ; shift ;;
++ --info) info="$2" ; shift ;;
++ --debug) debug="$2" ; shift ;;
++ --omtu) omtu="$2" ; shift ;;
++ --fragicmp) fragicmp="$2" ; shift ;;
++ --hidetos) hidetos="$2" ; shift ;;
++ --rpfilter) rpfiltercontrol="$2" ; shift ;;
++ --) shift ; break ;;
++ -*) echo "$me: unknown option \`$1'" >&2 ; exit 2 ;;
++ *) break ;;
++ esac
++ shift
++done
++
++
++
++# some shell functions, to clarify the actual code
++
++# set up a system flag based on a variable
++# sysflag value shortname default flagname
++sysflag() {
++ case "$1" in
++ '') v="$3" ;;
++ *) v="$1" ;;
++ esac
++ if test ! -f $sysflags/$4
++ then
++ if test " $v" != " $3"
++ then
++ echo "cannot do $2=$v, $sysflags/$4 does not exist"
++ exit 1
++ else
++ return # can't set, but it's the default anyway
++ fi
++ fi
++ case "$v" in
++ yes|no) ;;
++ *) echo "unknown (not yes/no) $2 value \`$1'"
++ exit 1
++ ;;
++ esac
++ case "$v" in
++ yes) echo 1 >$sysflags/$4 ;;
++ no) echo 0 >$sysflags/$4 ;;
++ esac
++}
++
++# set up a Klips interface
++klipsinterface() {
++ # pull apart the interface spec
++ virt=`expr $1 : '\([^=]*\)=.*'`
++ phys=`expr $1 : '[^=]*=\(.*\)'`
++ case "$virt" in
++ ipsec[0-9]) ;;
++ *) echo "invalid interface \`$virt' in \`$1'" ; exit 1 ;;
++ esac
++
++ # figure out ifconfig for interface
++ addr=
++ eval `ifconfig $phys |
++ awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ {
++ gsub(/:/, " ", $0)
++ print "addr=" $3
++ other = $5
++ if ($4 == "Bcast")
++ print "type=broadcast"
++ else if ($4 == "P-t-P")
++ print "type=pointopoint"
++ else if (NF == 5) {
++ print "type="
++ other = ""
++ } else
++ print "type=unknown"
++ print "otheraddr=" other
++ print "mask=" $NF
++ }'`
++ if test " $addr" = " "
++ then
++ echo "unable to determine address of \`$phys'"
++ exit 1
++ fi
++ if test " $type" = " unknown"
++ then
++ echo "\`$phys' is of an unknown type"
++ exit 1
++ fi
++ if test " $omtu" != " "
++ then
++ mtu="mtu $omtu"
++ else
++ mtu=
++ fi
++ echo "KLIPS $virt on $phys $addr/$mask $type $otheraddr $mtu" | logonly
++
++ if $klips
++ then
++ # attach the interface and bring it up
++ ipsec tncfg --attach --virtual $virt --physical $phys
++ ifconfig $virt inet $addr $type $otheraddr netmask $mask $mtu
++ fi
++
++ # if %defaultroute, note the facts
++ if test " $2" != " "
++ then
++ (
++ echo "defaultroutephys=$phys"
++ echo "defaultroutevirt=$virt"
++ echo "defaultrouteaddr=$addr"
++ if test " $2" != " 0.0.0.0"
++ then
++ echo "defaultroutenexthop=$2"
++ fi
++ ) >>$info
++ else
++ echo '#dr: no default route' >>$info
++ fi
++
++ # check for rp_filter trouble
++ checkif $phys # thought to be a problem only on phys
++}
++
++# check an interface for problems
++checkif() {
++ $klips || return 0
++ rpf=$rpfilter1/$1/$rpfilter2
++ if test -f $rpf
++ then
++ r="`cat $rpf`"
++ if test " $r" != " 0"
++ then
++ case "$r-$rpfiltercontrol" in
++ 0-%unchanged|0-0|1-1|2-2)
++ # happy state
++ ;;
++ *-%unchanged)
++ echo "WARNING: $1 has route filtering turned on; KLIPS may not work ($rpf is $r)"
++ ;;
++ [012]-[012])
++ echo "WARNING: changing route filtering on $1 (changing $rpf from $r to $rpfiltercontrol)"
++ echo "$rpfiltercontrol" >$rpf
++ ;;
++ [012]-*)
++ echo "ERROR: unknown rpfilter setting: $rpfiltercontrol"
++ ;;
++ *)
++ echo "ERROR: unknown $rpf value $r"
++ ;;
++ esac
++ fi
++ fi
++}
++
++# interfaces=%defaultroute: put ipsec0 on top of default route's interface
++defaultinterface() {
++ phys=`netstat -nr |
++ awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'`
++ if test " $phys" = " "
++ then
++ echo "no default route, %defaultroute cannot cope!!!"
++ exit 1
++ fi
++ if test `echo " $phys" | wc -l` -gt 1
++ then
++ echo "multiple default routes, %defaultroute cannot cope!!!"
++ exit 1
++ fi
++ next=`netstat -nr |
++ awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'`
++ klipsinterface "ipsec0=$phys" $next
++}
++
++# log only to syslog, not to stdout/stderr
++logonly() {
++ logger -p $log -t ipsec_setup
++}
++
++# sort out which module is appropriate, changing it if necessary
++setmodule() {
++ if [ -e /proc/kallsyms ]
++ then
++ kernelsymbols="/proc/kallsyms";
++ echo "calcgoo: warning: 2.6 kernel with kallsyms not supported yet"
++ else
++ kernelsymbols="/proc/ksyms";
++ fi
++ wantgoo="`ipsec calcgoo $kernelsymbols`"
++ module=$moduleplace/$modulename
++ if test -f $module
++ then
++ goo="`nm -ao $module | ipsec calcgoo`"
++ if test " $wantgoo" = " $goo"
++ then
++ return # looks right
++ fi
++ fi
++ if test -f $moduleinstplace/$wantgoo
++ then
++ echo "modprobe failed, but found matching template module $wantgoo."
++ echo "Copying $moduleinstplace/$wantgoo to $module."
++ rm -f $module
++ mkdir -p $moduleplace
++ cp -p $moduleinstplace/$wantgoo $module
++ # "depmod -a" gets done by caller
++ fi
++}
++
++
++
++# main line
++
++# load module if possible
++if test -f $ipsecversion && test -f $netkey
++then
++ # both KLIPS and NETKEY code detected, bail out
++ echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
++ exit
++fi
++if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
++then
++ # statically compiled KLIPS/NETKEY not found; try to load the module
++ modprobe ipsec
++fi
++
++if test ! -f $ipsecversion && test ! -f $netkey
++then
++ modprobe -v af_key
++fi
++
++if test -f $netkey
++then
++ klips=false
++ if test -f $modules
++ then
++ modprobe -qv ah4
++ modprobe -qv esp4
++ modprobe -qv ipcomp
++ # xfrm4_tunnel is needed by ipip and ipcomp
++ modprobe -qv xfrm4_tunnel
++ # xfrm_user contains netlink support for IPsec
++ modprobe -qv xfrm_user
++ modprobe -qv hw_random
++ # padlock must load before aes module
++ modprobe -qv padlock
++ # load the most common ciphers/algo's
++ modprobe -qv sha1
++ modprobe -qv md5
++ modprobe -qv des
++ modprobe -qv aes
++ fi
++fi
++
++if test ! -f $ipsecversion && $klips
++then
++ if test -r $modules # kernel does have modules
++ then
++ if [ ! -e /proc/ksyms -a ! -e /proc/kallsyms ]
++ then
++ echo "Broken 2.6 kernel without kallsyms, skipping calcgoo (Fedora rpm?)"
++ else
++ setmodule
++ fi
++ unset MODPATH MODULECONF # no user overrides!
++ depmod -a >/dev/null 2>&1
++ modprobe -qv hw_random
++ # padlock must load before aes module
++ modprobe -qv padlock
++ modprobe -v ipsec
++ fi
++ if test ! -f $ipsecversion
++ then
++ echo "kernel appears to lack IPsec support (neither CONFIG_KLIPS or CONFIG_NET_KEY are set)"
++ exit 1
++ fi
++fi
++
++# figure out debugging flags
++case "$debug" in
++'') debug=none ;;
++esac
++if test -r /proc/net/ipsec_klipsdebug
++then
++ echo "KLIPS debug \`$debug'" | logonly
++ case "$debug" in
++ none) ipsec klipsdebug --none ;;
++ all) ipsec klipsdebug --all ;;
++ *) ipsec klipsdebug --none
++ for d in $debug
++ do
++ ipsec klipsdebug --set $d
++ done
++ ;;
++ esac
++elif $klips
++then
++ if test " $debug" != " none"
++ then
++ echo "klipsdebug=\`$debug' ignored, KLIPS lacks debug facilities"
++ fi
++fi
++
++# figure out misc. kernel config
++if test -d $sysflags
++then
++ sysflag "$fragicmp" "fragicmp" yes icmp
++ echo 1 >$sysflags/inbound_policy_check # no debate
++ sysflag no "no_eroute_pass" no no_eroute_pass # obsolete parm
++ sysflag no "opportunistic" no opportunistic # obsolete parm
++ sysflag "$hidetos" "hidetos" yes tos
++elif $klips
++then
++ echo "WARNING: cannot adjust KLIPS flags, no $sysflags directory!"
++ # carry on
++fi
++
++if $klips
++then
++ # clear tables out in case dregs have been left over
++ ipsec eroute --clear
++ ipsec spi --clear
++elif test $netkey
++then
++ if ip xfrm state > /dev/null 2>&1
++ then
++ ip xfrm state flush
++ ip xfrm policy flush
++ elif type setkey > /dev/null 2>&1
++ then
++ # Check that the setkey command is available.
++ setkeycmd=
++ PATH=$PATH:/usr/local/sbin
++ for dir in `echo $PATH | tr ':' ' '`
++ do
++ if test -f $dir/setkey -a -x $dir/setkey
++ then
++ setkeycmd=$dir/setkey
++ break # NOTE BREAK OUT
++ fi
++ done
++ $setkeycmd -F
++ $setkeycmd -FP
++ else
++
++ echo "WARNING: cannot flush state/policy database -- \`$1'. Install a newer version of iproute/iproute2 or install the ipsec-tools package to obtain the setkey command." |
++ logger -s -p daemon.error -t ipsec_setup
++ fi
++fi
++
++# figure out interfaces
++for i
++do
++ case "$i" in
++ ipsec*=?*) klipsinterface "$i" ;;
++ %defaultroute) defaultinterface ;;
++ *) echo "interface \`$i' not understood"
++ exit 1
++ ;;
++ esac
++done
++
++exit 0