--- /dev/null
+#
+# Copyright (C) 2006-2011 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=ipsec-tools
+PKG_VERSION:=0.8.1
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:=@SF/ipsec-tools
+PKG_MD5SUM:=d38b39f291ba2962387c3232e7335dd8
+
+PKG_BUILD_PARALLEL:=1
+PKG_INSTALL:=1
+
+PKG_FIXUP:=autoreconf
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/ipsec-tools
+ SECTION:=net
+ CATEGORY:=Network
+ SUBMENU:=VPN
+ DEPENDS:=+libopenssl +kmod-ipsec
+ TITLE:=IPsec management tools
+ URL:=http://ipsec-tools.sourceforge.net/
+endef
+
+CONFIGURE_ARGS += \
+ --enable-shared \
+ --enable-static \
+ --with-kernel-headers="$(LINUX_DIR)/include" \
+ --without-readline \
+ --with-openssl="$(STAGING_DIR)/usr" \
+ --without-libradius \
+ --without-libpam \
+ --enable-dpd \
+ --enable-hybrid \
+ --enable-security-context=no \
+ --enable-natt \
+ --enable-adminport \
+ --enable-frag \
+ $(call autoconf_bool,CONFIG_IPV6,ipv6)
+
+# override CFLAGS holding "-Werror" that break builds on compile warnings
+MAKE_FLAGS+=\
+ CFLAGS="$(TARGET_CFLAGS) $(EXTRA_CFLAGS) $(TARGET_CPPFLAGS) $(EXTRA_CPPFLAGS)"
+
+define Build/Prepare
+ $(call Build/Prepare/Default)
+ chmod -R u+w $(PKG_BUILD_DIR)
+endef
+
+define Build/Configure
+ (cd $(PKG_BUILD_DIR); touch \
+ configure.ac \
+ aclocal.m4 \
+ Makefile.in \
+ config.h.in \
+ configure \
+ );
+ $(call Build/Configure/Default)
+ echo "#undef HAVE_SHADOW_H" >> $(PKG_BUILD_DIR)/config.h
+endef
+
+define Package/ipsec-tools/install
+ $(INSTALL_DIR) $(1)/etc
+ $(INSTALL_CONF) $(PKG_BUILD_DIR)/src/racoon/samples/racoon.conf $(1)/etc/
+ $(SED) 's|@sysconfdir_x@|/etc|g' $(1)/etc/racoon.conf
+ $(INSTALL_DIR) $(1)/etc/racoon
+ $(INSTALL_CONF) $(PKG_BUILD_DIR)/src/racoon/samples/psk.txt $(1)/etc/racoon/
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/racoon.init $(1)/etc/init.d/racoon
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libipsec.so.* $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libracoon.so.* $(1)/usr/lib/
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/plainrsa-gen $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/racoon $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/racoonctl $(1)/usr/sbin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/setkey $(1)/usr/sbin/
+endef
+
+define Package/ipsec-tools/conffiles
+/etc/racoon.conf
+/etc/racoon/psk.txt
+endef
+
+$(eval $(call BuildPackage,ipsec-tools))
--- /dev/null
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2009-2011 OpenWrt.org
+# Copyright (C) 2011 Artem Makhutov
+
+START=49
+
+SERVICE_USE_PID=1
+
+start() {
+ mkdir -m 0700 -p /var/racoon
+ [ -f /etc/ipsec.conf ] && /usr/sbin/setkey -f /etc/ipsec.conf
+ service_start /usr/sbin/racoon -f /etc/racoon.conf
+}
+
+stop() {
+ service_stop /usr/sbin/racoon
+}
--- /dev/null
+--- a/src/racoon/oakley.c
++++ b/src/racoon/oakley.c
+@@ -2424,8 +2424,21 @@ oakley_skeyid(iph1)
+ plog(LLV_ERROR, LOCATION, iph1->remote,
+ "couldn't find the pskey for %s.\n",
+ saddrwop2str(iph1->remote));
++ }
++ }
++ if (iph1->authstr == NULL) {
++ /*
++ * If we could not locate a psk above try and locate
++ * the default psk, ie, "*".
++ */
++ iph1->authstr = privsep_getpsk("*", 1);
++ if (iph1->authstr == NULL) {
++ plog(LLV_ERROR, LOCATION, iph1->remote,
++ "couldn't find the the default pskey either.\n");
+ goto end;
+ }
++ plog(LLV_NOTIFY, LOCATION, iph1->remote,
++ "Using default PSK.\n");
+ }
+ plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n");
+ /* should be secret PSK */
--- /dev/null
+--- a/src/racoon/cftoken.l
++++ b/src/racoon/cftoken.l
+@@ -104,6 +104,8 @@ static struct include_stack {
+ static int incstackp = 0;
+
+ static int yy_first_time = 1;
++
++int yywrap(void) { return 1; }
+ %}
+
+ /* common seciton */
+--- a/src/setkey/token.l
++++ b/src/setkey/token.l
+@@ -86,6 +86,8 @@
+ #if defined(SADB_X_EALG_AES) && ! defined(SADB_X_EALG_AESCBC)
+ #define SADB_X_EALG_AESCBC SADB_X_EALG_AES
+ #endif
++
++int yywrap(void) { return 1; }
+ %}
+
+ /* common section */
--- /dev/null
+--- a/src/racoon/isakmp_cfg.c
++++ b/src/racoon/isakmp_cfg.c
+@@ -38,7 +38,7 @@
+ #include <sys/socket.h>
+ #include <sys/queue.h>
+
+-#include <utmpx.h>
++#include <utmp.h>
+ #if defined(__APPLE__) && defined(__MACH__)
+ #include <util.h>
+ #endif
+@@ -1661,7 +1661,8 @@ isakmp_cfg_accounting_system(port, raddr
+ int inout;
+ {
+ int error = 0;
+- struct utmpx ut;
++ struct utmp ut;
++ char term[UT_LINESIZE];
+ char addr[NI_MAXHOST];
+
+ if (usr == NULL || usr[0]=='\0') {
+@@ -1670,34 +1671,37 @@ isakmp_cfg_accounting_system(port, raddr
+ return -1;
+ }
+
+- memset(&ut, 0, sizeof ut);
+- gettimeofday((struct timeval *)&ut.ut_tv, NULL);
+- snprintf(ut.ut_id, sizeof ut.ut_id, TERMSPEC, port);
++ sprintf(term, TERMSPEC, port);
+
+ switch (inout) {
+ case ISAKMP_CFG_LOGIN:
+- ut.ut_type = USER_PROCESS;
+- strncpy(ut.ut_user, usr, sizeof ut.ut_user);
++ strncpy(ut.ut_name, usr, UT_NAMESIZE);
++ ut.ut_name[UT_NAMESIZE - 1] = '\0';
++
++ strncpy(ut.ut_line, term, UT_LINESIZE);
++ ut.ut_line[UT_LINESIZE - 1] = '\0';
+
+ GETNAMEINFO_NULL(raddr, addr);
+- strncpy(ut.ut_host, addr, sizeof ut.ut_host);
++ strncpy(ut.ut_host, addr, UT_HOSTSIZE);
++ ut.ut_host[UT_HOSTSIZE - 1] = '\0';
++
++ ut.ut_time = time(NULL);
+
+ plog(LLV_INFO, LOCATION, NULL,
+ "Accounting : '%s' logging on '%s' from %s.\n",
+- ut.ut_user, ut.ut_id, addr);
+-
+- pututxline(&ut);
++ ut.ut_name, ut.ut_line, ut.ut_host);
+
++ login(&ut);
++
+ break;
+ case ISAKMP_CFG_LOGOUT:
+- ut.ut_type = DEAD_PROCESS;
+
+ plog(LLV_INFO, LOCATION, NULL,
+ "Accounting : '%s' unlogging from '%s'.\n",
+- usr, ut.ut_id);
+-
+- pututxline(&ut);
++ usr, term);
+
++ logout(term);
++
+ break;
+ default:
+ plog(LLV_ERROR, LOCATION, NULL, "Unepected inout\n");
--- /dev/null
+--- a/src/racoon/ipsec_doi.c
++++ b/src/racoon/ipsec_doi.c
+@@ -3582,8 +3582,8 @@ ipsecdoi_checkid1(iph1)
+ iph1->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_PSKEY) {
+ if (id_b->type != IPSECDOI_ID_IPV4_ADDR
+ && id_b->type != IPSECDOI_ID_IPV6_ADDR) {
+- plog(LLV_ERROR, LOCATION, NULL,
+- "Expecting IP address type in main mode, "
++ plog(LLV_WARNING, LOCATION, NULL,
++ "Expecting IP address type in main mode (RFC2409) , "
+ "but %s.\n", s_ipsecdoi_ident(id_b->type));
+ return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
+ }
--- /dev/null
+--- a/src/racoon/isakmp.c
++++ b/src/racoon/isakmp.c
+@@ -31,6 +31,8 @@
+ * SUCH DAMAGE.
+ */
+
++#define __packed __attribute__((__packed__))
++
+ #include "config.h"
+
+ #include <sys/types.h>
--- /dev/null
+--- a/configure.ac
++++ b/configure.ac
+@@ -74,9 +74,10 @@ case "$host_os" in
+ [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
+
+ AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
+- [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
+- KERNEL_INCLUDE=/usr/src/linux/include ,
+- [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
++ [ AC_CHECK_HEADER($KERNEL_INCLUDE/uapi/linux/pfkeyv2.h, ,
++ [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
++ KERNEL_INCLUDE=/usr/src/linux/include ,
++ [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] ) ] )
+ AC_SUBST(KERNEL_INCLUDE)
+ # We need the configure script to run with correct kernel headers.
+ # However we don't want to point to kernel source tree in compile time,
+@@ -643,7 +644,14 @@ AC_EGREP_CPP(yes,
+ #ifdef SADB_X_EXT_NAT_T_TYPE
+ yes
+ #endif
+-], [kernel_natt="yes"])
++], [kernel_natt="yes"], [
++ AC_EGREP_CPP(yes,
++ [#include <uapi/linux/pfkeyv2.h>
++ #ifdef SADB_X_EXT_NAT_T_TYPE
++ yes
++ #endif
++ ], [kernel_natt="yes"])
++])
+ ;;
+ freebsd*|netbsd*)
+ # NetBSD case
+--- a/src/include-glibc/Makefile.am
++++ b/src/include-glibc/Makefile.am
+@@ -1,14 +1,7 @@
+-
+-.includes: ${top_builddir}/config.status
+- ln -snf $(KERNEL_INCLUDE)/linux
+- touch .includes
+-
+-all: .includes
+-
+ EXTRA_DIST = \
+ glibc-bugs.h \
+ net/pfkeyv2.h \
+ netinet/ipsec.h \
+ sys/queue.h
+
+-DISTCLEANFILES = .includes linux
++DISTCLEANFILES = linux
git.99rst.org / openwrt-packages.git / commitdiff