From 8b6d5b1d9fb894abf57b7c5c7f82c03f7b51e503 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sun, 7 Sep 2008 14:14:35 +0200 Subject: [PATCH] Updated openwan to 2.6.16 --- config/ipac-ng/ipac.conf | 5 -- config/ipac-ng/rules.conf | 36 ----------- doc/packages-list.txt | 4 +- lfs/openswan | 21 ++++-- make.sh | 2 +- src/patches/openswan-2.6.16-clear-1.patch | 21 ++++++ .../openswan-2.6.16-startklips-1.patch | 64 +++++++++++++++++++ .../openswan-2.6.16-updown.klips-1.patch | 30 +++++++++ 8 files changed, 133 insertions(+), 50 deletions(-) delete mode 100644 config/ipac-ng/ipac.conf delete mode 100644 config/ipac-ng/rules.conf create mode 100644 src/patches/openswan-2.6.16-clear-1.patch create mode 100644 src/patches/openswan-2.6.16-startklips-1.patch create mode 100644 src/patches/openswan-2.6.16-updown.klips-1.patch diff --git a/config/ipac-ng/ipac.conf b/config/ipac-ng/ipac.conf deleted file mode 100644 index b4145952c..000000000 --- a/config/ipac-ng/ipac.conf +++ /dev/null @@ -1,5 +0,0 @@ -access agent = files -account agent = iptables -storage = gdbm -rules file = /etc/ipac-ng/rules.conf -drop zero lines = yes diff --git a/config/ipac-ng/rules.conf b/config/ipac-ng/rules.conf deleted file mode 100644 index d5ab1a3ec..000000000 --- a/config/ipac-ng/rules.conf +++ /dev/null @@ -1,36 +0,0 @@ -# Example config file with accounting rules -# Install as /etc/ipac-ng/rules.conf.iptables -# -# Format: -# Name of rule|direction|interface|protocol|source|destination -# WARNING!!!! spaces are not allowed before and after '|'. -# -# where -# Name of rule Any string to identify this rule -# direction ipac~fi - forward in -# ipac~fo - forward out -# ipac~i - outgoing from machine with ipac-ng to other host(/net) -# (or incoming to otherhost) -# ipac~o - incoming to machine with ipac-ng -# (or outgoing from otherhost) -# -# interface interface name, '+' means all interfaces (dont try to use ip numbers here!) -# protocol tcp | udp | icmp | all -# source \ -# destination both as described in ipfwadm(8), or empty -# -# incoming: - -# lets demonstrate this by following rules. -# Example 1: -# there are some hosts in out net 192.168.0.0/24 -# our ipac-ng host has two interfaces - eth0 connected to local net -# and eth1 to internet -Incoming GREEN|ipac~i|green0|all||| -Outgoing GREEN|ipac~o|green0|all||| - -Incoming RED (PPP)|ipac~i|ppp0|all||| -Outgoing RED (PPP)|ipac~o|ppp0|all||| - -Incoming RED (ISDN PPP)|ipac~i|ippp0|all||| -Outgoing RED (ISDN PPP)|ipac~o|ippp0|all||| diff --git a/doc/packages-list.txt b/doc/packages-list.txt index cd6a008ee..e67eb811a 100644 --- a/doc/packages-list.txt +++ b/doc/packages-list.txt @@ -221,8 +221,8 @@ * openmailadmin-1.0.0 * openssh-4.7p1 * openssl-0.9.8g -* openswan-2.4.12 -* openswan-2.4.12-kmod +* openswan-2.6.16 +* openswan-2.6.16-kmod * openvpn-2.0.9 * pam_mysql-0.7RC1 * patch-2.5.4 diff --git a/lfs/openswan b/lfs/openswan index d6e71b214..3420840c5 100644 --- a/lfs/openswan +++ b/lfs/openswan @@ -24,7 +24,7 @@ include Config -VER = 2.4.12 +VER = 2.6.16 THISAPP = openswan-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 0bca0cc205d2d83eff64a7cea825ce7a +$(DL_FILE)_MD5 = ef0ea8f9082df70c993a035904d538c7 install : $(TARGET) @@ -86,9 +86,18 @@ else -e 's%^INC_USRLOCAL.*$$%INC_USRLOCAL=/usr%' \ -e 's%^USERCOMPILE.*$$%USERCOMPILE=$(CFLAGS)%' \ -e 's%^KLIPSCOMPILE.*$$%KLIPSCOMPILE=$(CFLAGS)%' Makefile.inc + + cd $(DIR_APP) && sed -i 's/-Werror//' lib/libdns/Makefile + cd $(DIR_APP) && sed -i 's/-Werror//' lib/libisc/Makefile + cd $(DIR_APP) && sed -i 's/-Werror//' lib/liblwres/Makefile + cd $(DIR_APP) && sed -i 's/-Werror//' programs/Makefile.program + cd $(DIR_APP) && make programs cd $(DIR_APP) && make install + # don't know why make this doesnt made + cd $(DIR_APP) && cp -a programs/_confread/_confread.in /usr/lib/ipsec/_confread + -rm -rfv /etc/rc*.d/*ipsec cd $(DIR_SRC) && cp src/initscripts/init.d/ipsec /etc/rc.d/init.d/ipsec rm -f /etc/ipsec.conf /etc/ipsec.secrets @@ -100,10 +109,10 @@ else ln -sf $(CONFIG_ROOT)/certs /etc/ipsec.d/certs ln -sf $(CONFIG_ROOT)/crls /etc/ipsec.d/crls - cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.12-startklips-1.patch - cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.9-updown-1.patch - cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.9-updown_x509-1.patch - cd /etc/ipsec.d/policies && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.9-clear-1.patch + cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.6.16-startklips-1.patch + cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.6.16-updown.klips-1.patch + # cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.9-updown_x509-1.patch + cd /etc/ipsec.d/policies && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.6.16-clear-1.patch endif #@rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/make.sh b/make.sh index a37220dd7..4aab5f310 100755 --- a/make.sh +++ b/make.sh @@ -24,7 +24,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name -VERSION="2.3-beta3" +VERSION="2.3-test" GIT_BRANCH=master:master # Version number SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir diff --git a/src/patches/openswan-2.6.16-clear-1.patch b/src/patches/openswan-2.6.16-clear-1.patch new file mode 100644 index 000000000..41175c14e --- /dev/null +++ b/src/patches/openswan-2.6.16-clear-1.patch @@ -0,0 +1,21 @@ +--- clear.org 2008-09-07 01:10:26.000000000 +0200 ++++ clear 2008-09-07 01:12:23.000000000 +0200 +@@ -3,18 +3,3 @@ + # + # See /usr/share/doc/openswan/policygroups.html for details. + # +- +-# root name servers should be in the clear +-192.58.128.30/32 +-198.41.0.4/32 +-192.228.79.201/32 +-192.33.4.12/32 +-128.8.10.90/32 +-192.203.230.10/32 +-192.5.5.241/32 +-192.112.36.4/32 +-128.63.2.53/32 +-192.36.148.17/32 +-193.0.14.129/32 +-199.7.83.42/32 +-202.12.27.33/32 diff --git a/src/patches/openswan-2.6.16-startklips-1.patch b/src/patches/openswan-2.6.16-startklips-1.patch new file mode 100644 index 000000000..ff05bbb81 --- /dev/null +++ b/src/patches/openswan-2.6.16-startklips-1.patch @@ -0,0 +1,64 @@ +--- _startklips.old 2008-09-07 00:50:40.000000000 +0200 ++++ _startklips 2008-09-07 00:50:42.000000000 +0200 +@@ -146,23 +146,35 @@ + + # figure out ifconfig for interface + addr= +- eval `ifconfig $phys | +- awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ { +- gsub(/:/, " ", $0) +- print "addr=" $3 +- other = $5 +- if ($4 == "Bcast") +- print "type=broadcast" +- else if ($4 == "P-t-P") +- print "type=pointopoint" +- else if (NF == 5) { +- print "type=" +- other = "" +- } else +- print "type=unknown" +- print "otheraddr=" other +- print "mask=" $NF +- }'` ++ eval `ip addr show $phys | awk '$3 ~ /BROADCAST|POINTOPOINT/ { ++ if ($3 ~ /BROADCAST/) ++ print "type=broadcast"; ++ else if ($3 ~ /POINTOPOINT/) ++ print "type=pointopoint"; ++ else { ++ print "type="; ++ } ++ }'` ++ ++ if [ "$type" == "broadcast" ]; then ++ eval `ip addr show $phys | awk '$1 == "inet" { gsub(/\//, " "); ++ print "addr=" $2; ++ print "mask=" $3; ++ print "otheraddr=" $5; ++ }'` ++ elif [ "$type" == "pointopoint" ]; then ++ eval `ip addr show $phys | awk '$1 == "inet" { gsub(/\//, " "); ++ print "addr=" $2; ++ print "mask=" $5; ++ print "otheraddr=" $4; ++ }'` ++ else ++ type="unknown" ++ otheraddr= ++ fi ++ ++ eval `whatmask /$mask | awk -F': ' '$1 ~ /^Netmask =/ { print "mask=" $2 }'` ++ + if test " $addr" = " " + then + echo "unable to determine address of \`$phys'" +@@ -171,7 +183,7 @@ + if test " $type" = " unknown" + then + echo "\`$phys' is of an unknown type" +- exit 1 ++ exit 1 + fi + if test " $omtu" != " " + then diff --git a/src/patches/openswan-2.6.16-updown.klips-1.patch b/src/patches/openswan-2.6.16-updown.klips-1.patch new file mode 100644 index 000000000..f587dea00 --- /dev/null +++ b/src/patches/openswan-2.6.16-updown.klips-1.patch @@ -0,0 +1,30 @@ +--- /usr/lib/ipsec/_updown.klips 2007-10-14 00:56:15.000000000 +0200 ++++ /usr/lib/ipsec/_updown.klips 2007-10-27 00:00:26.000000000 +0200 +@@ -376,8 +376,8 @@ + # opportunistic encryption work around + # need to provide route that eclipses default, without + # replacing it. +- it="ip route $1 0.0.0.0/1 $parms2 $parms3 && +- ip route $1 128.0.0.0/1 $parms2 $parms3" ++ #it="ip route $1 0.0.0.0/1 $parms2 $parms3 && ++ # ip route $1 128.0.0.0/1 $parms2 $parms3" + ;; + *) it="ip route $1 $parms $parms2 $parms3" + ;; +@@ -401,13 +401,13 @@ + prepare-host:*|prepare-client:*) + # delete possibly-existing route (preliminary to adding a route) + case "$PLUTO_PEER_CLIENT" in +- "0.0.0.0/0") ++ "0.0.0.0/0") + # need to provide route that eclipses default, without + # replacing it. + parms1="0.0.0.0/1" + parms2="128.0.0.0/1" +- it="ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1" +- oops="`ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1`" ++ # it="ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1" ++ # oops="`ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1`" + ;; + *) + parms="$PLUTO_PEER_CLIENT $IPROUTEARGS" -- 2.39.2