projects / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Remove autodection of hesiod since it will be enabled by default if present on host...
[openwrt.git] / package / openswan / patches / scripts.patch
1 diff -Nur openswan-2.4.5rc5/programs/loggerfix openswan-2.4.5rc5.patched/programs/loggerfix
2 --- openswan-2.4.5rc5/programs/loggerfix        1970-01-01 01:00:00.000000000 +0100
3 +++ openswan-2.4.5rc5.patched/programs/loggerfix        2006-03-29 01:20:44.000000000 +0200
4 @@ -0,0 +1,5 @@
5 +#!/bin/sh
6 +# use filename instead of /dev/null to log, but dont log to flash or ram
7 +# pref. log to nfs mount
8 +echo "$*" >> /dev/null
9 +exit 0
10 diff -Nur openswan-2.4.5rc5/programs/look/look.in openswan-2.4.5rc5.patched/programs/look/look.in
11 --- openswan-2.4.5rc5/programs/look/look.in     2005-08-18 16:10:09.000000000 +0200
12 +++ openswan-2.4.5rc5.patched/programs/look/look.in     2006-03-29 01:20:44.000000000 +0200
13 @@ -84,7 +84,7 @@
14  then
15         pat="$pat|$defaultroutephys\$|$defaultroutevirt\$"
16  else
17 -       for i in `echo "$IPSECinterfaces" | sed 's/=/ /'`
18 +       for i in `echo "$IPSECinterfaces" | tr '=' ' '`
19         do
20                 pat="$pat|$i\$"
21         done
22 diff -Nur openswan-2.4.5rc5/programs/manual/manual.in openswan-2.4.5rc5.patched/programs/manual/manual.in
23 --- openswan-2.4.5rc5/programs/manual/manual.in 2005-11-18 06:18:33.000000000 +0100
24 +++ openswan-2.4.5rc5.patched/programs/manual/manual.in 2006-03-29 01:20:44.000000000 +0200
25 @@ -104,7 +104,7 @@
26                                 sub(/:/, " ", $0)
27                                 if (interf != "")
28                                         print $3 "@" interf
29 -                        }' | sed ':a;N;$!ba;s/\n/ /g'`"
30 +                        }' | tr '\n' ' '`"
31         ;;
32  esac
33  
34 diff -Nur openswan-2.4.5rc5/programs/_plutorun/_plutorun.in openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in
35 --- openswan-2.4.5rc5/programs/_plutorun/_plutorun.in   2006-01-06 00:45:00.000000000 +0100
36 +++ openswan-2.4.5rc5.patched/programs/_plutorun/_plutorun.in   2006-03-29 01:20:44.000000000 +0200
37 @@ -147,7 +147,7 @@
38                         exit 1
39                 fi
40         else
41 -               if test ! -w "`dirname $stderrlog`"
42 +               if test ! -w "`echo $stderrlog | sed -r 's/(^.*\/)(.*$)/\1/'`"
43                 then
44                         echo Cannot write to directory to create \"$stderrlog\".
45                         exit 1
46 diff -Nur openswan-2.4.5rc5/programs/_realsetup/_realsetup.in openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in
47 --- openswan-2.4.5rc5/programs/_realsetup/_realsetup.in 2005-07-28 02:23:48.000000000 +0200
48 +++ openswan-2.4.5rc5.patched/programs/_realsetup/_realsetup.in 2006-03-29 01:20:44.000000000 +0200
49 @@ -235,7 +235,7 @@
50  
51         # misc pre-Pluto setup
52  
53 -       perform test -d `dirname $subsyslock` "&&" touch $subsyslock
54 +       perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock
55  
56         if test " $IPSECforwardcontrol" = " yes"
57         then
58 @@ -347,7 +347,7 @@
59                 lsmod 2>&1 | grep "^xfrm_user" > /dev/null && rmmod -s xfrm_user
60         fi 
61  
62 -       perform test -d `dirname $subsyslock` "&&" rm -f $subsyslock
63 +       perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock
64  
65         perform rm -f $info $lock $plutopid
66         perform echo "...Openswan IPsec stopped" "|" $LOGONLY
67 diff -Nur openswan-2.4.5rc5/programs/send-pr/send-pr.in openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in
68 --- openswan-2.4.5rc5/programs/send-pr/send-pr.in       2005-04-18 01:04:46.000000000 +0200
69 +++ openswan-2.4.5rc5.patched/programs/send-pr/send-pr.in       2006-03-29 01:20:44.000000000 +0200
70 @@ -402,7 +402,7 @@
71                     else
72                         if [ "$fieldname" != "Category" ]
73                         then
74 -                           values=`${BINDIR}/query-pr --valid-values $fieldname | sed ':a;N;$!ba;s/\n/ /g' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
75 +                           values=`${BINDIR}/query-pr --valid-values $fieldname | tr '\n' ' ' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'`
76                             valslen=`echo "$values" | wc -c`
77                         else
78                             values="choose from a category listed above"
79 @@ -414,7 +414,7 @@
80                         else
81                                 desc="<${values} (one line)>";
82                         fi
83 -                       dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
84 +                       dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
85                         echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
86                     fi
87                     echo "${fmtname}${desc}" >> $file
88 @@ -425,7 +425,7 @@
89                         desc="  $default_val";
90                     else
91                         desc="  <`${BINDIR}/query-pr --field-description $fieldname` (multiple lines)>";
92 -                       dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
93 +                       dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
94                         echo "s/^${dpat}//" >> $FIXFIL
95                     fi
96                     echo "${fmtname}" >> $file;
97 @@ -437,7 +437,7 @@
98                         desc="${default_val}"
99                     else
100                         desc="<`${BINDIR}/query-pr --field-description $fieldname` (one line)>"
101 -                       dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'`
102 +                       dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'`
103                         echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL
104                     fi
105                     echo "${fmtname}${desc}" >> $file
106 diff -Nur openswan-2.4.5rc5/programs/setup/setup.in openswan-2.4.5rc5.patched/programs/setup/setup.in
107 --- openswan-2.4.5rc5/programs/setup/setup.in   2005-07-25 21:17:03.000000000 +0200
108 +++ openswan-2.4.5rc5.patched/programs/setup/setup.in   2006-03-29 01:20:44.000000000 +0200
109 @@ -117,12 +117,22 @@
110  # do it
111  case "$1" in
112    start|--start|stop|--stop|_autostop|_autostart)
113 -       if test " `id -u`" != " 0"
114 +       if [ "x${USER}" != "xroot" ]
115         then
116                 echo "permission denied (must be superuser)" |
117                         logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
118                 exit 1
119         fi
120 +
121 +       # make sure all required directories exist
122 +       if [ ! -d /var/run/pluto ]
123 +       then
124 +               mkdir -p /var/run/pluto
125 +       fi
126 +       if [ ! -d /var/lock/subsys ]
127 +       then
128 +               mkdir -p /var/lock/subsys
129 +       fi
130         tmp=/var/run/pluto/ipsec_setup.st
131         outtmp=/var/run/pluto/ipsec_setup.out
132         (
133 diff -Nur openswan-2.4.5rc5/programs/showhostkey/showhostkey.in openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in
134 --- openswan-2.4.5rc5/programs/showhostkey/showhostkey.in       2004-11-14 14:40:41.000000000 +0100
135 +++ openswan-2.4.5rc5.patched/programs/showhostkey/showhostkey.in       2006-03-29 01:20:44.000000000 +0200
136 @@ -63,7 +63,7 @@
137         exit 1
138  fi
139  
140 -host="`hostname --fqdn`"
141 +host="`cat /proc/sys/kernel/hostname`"
142  
143  awk '  BEGIN {
144                 inkey = 0
145 diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in
146 --- openswan-2.4.5rc5/programs/_startklips/_startklips.in       2005-11-25 00:08:05.000000000 +0100
147 +++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in       2006-03-29 01:23:54.000000000 +0200
148 @@ -262,15 +262,15 @@
149      echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
150      exit
151  fi
152 -if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
153 +if test ! -f $ipsecversion && test ! -f $netkey && insmod ipsec
154  then
155      # statically compiled KLIPS/NETKEY not found; try to load the module
156 -    modprobe ipsec
157 +    insmod ipsec
158  fi
159  
160  if test ! -f $ipsecversion && test ! -f $netkey
161  then
162 -       modprobe -v af_key
163 +       insmod -v af_key
164  fi
165  
166  if test -f $netkey
167 @@ -278,21 +278,21 @@
168         klips=false
169         if test -f $modules
170         then
171 -               modprobe -qv ah4
172 -               modprobe -qv esp4
173 -               modprobe -qv ipcomp
174 +               insmod -qv ah4
175 +               insmod -qv esp4
176 +               insmod -qv ipcomp
177                 #  xfrm4_tunnel is needed by ipip and ipcomp
178 -               modprobe -qv xfrm4_tunnel
179 +               insmod -qv xfrm4_tunnel
180                 # xfrm_user contains netlink support for IPsec 
181 -               modprobe -qv xfrm_user
182 -               modprobe -qv hw_random
183 +               insmod -qv xfrm_user
184 +               insmod -qv hw_random
185                 # padlock must load before aes module
186 -               modprobe -qv padlock
187 +               insmod -qv padlock
188                 # load the most common ciphers/algo's
189 -               modprobe -qv sha1
190 -               modprobe -qv md5
191 -               modprobe -qv des
192 -               modprobe -qv aes
193 +               insmod -qv sha1
194 +               insmod -qv md5
195 +               insmod -qv des
196 +               insmod -qv aes
197         fi
198  fi
199  
200 @@ -308,10 +308,10 @@
201                 fi
202                  unset MODPATH MODULECONF        # no user overrides!
203                  depmod -a >/dev/null 2>&1
204 -               modprobe -qv hw_random
205 +               insmod -qv hw_random
206                 # padlock must load before aes module
207 -               modprobe -qv padlock
208 -                modprobe -v ipsec
209 +               insmod -qv padlock
210 +                insmod -v ipsec
211          fi
212          if test ! -f $ipsecversion
213          then
214 diff -Nur openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig
215 --- openswan-2.4.5rc5/programs/_startklips/_startklips.in.orig  1970-01-01 01:00:00.000000000 +0100
216 +++ openswan-2.4.5rc5.patched/programs/_startklips/_startklips.in.orig  2005-11-25 00:08:05.000000000 +0100
217 @@ -0,0 +1,407 @@
218 +#!/bin/sh
219 +# KLIPS startup script
220 +# Copyright (C) 1998, 1999, 2001, 2002  Henry Spencer.
221 +# 
222 +# This program is free software; you can redistribute it and/or modify it
223 +# under the terms of the GNU General Public License as published by the
224 +# Free Software Foundation; either version 2 of the License, or (at your
225 +# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
226 +# 
227 +# This program is distributed in the hope that it will be useful, but
228 +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
229 +# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
230 +# for more details.
231 +#
232 +# RCSID $Id$
233 +
234 +me='ipsec _startklips'         # for messages
235 +
236 +# KLIPS-related paths
237 +sysflags=/proc/sys/net/ipsec
238 +modules=/proc/modules
239 +# full rp_filter path is $rpfilter1/interface/$rpfilter2
240 +rpfilter1=/proc/sys/net/ipv4/conf
241 +rpfilter2=rp_filter
242 +# %unchanged or setting (0, 1, or 2)
243 +rpfiltercontrol=0
244 +ipsecversion=/proc/net/ipsec_version
245 +moduleplace=/lib/modules/`uname -r`/kernel/net/ipsec
246 +bareversion=`uname -r | sed -e 's/\.nptl//' | sed -e 's/^\(2\.[0-9]\.[1-9][0-9]*-[1-9][0-9]*\(\.[0-9][0-9]*\)*\(\.x\)*\).*$/\1/'`
247 +moduleinstplace=/lib/modules/$bareversion/kernel/net/ipsec
248 +case $bareversion in
249 +       2.6*)
250 +               modulename=ipsec.ko
251 +               ;;
252 +       *)
253 +               modulename=ipsec.o
254 +               ;;
255 +esac
256 +
257 +klips=true
258 +netkey=/proc/net/pfkey
259 +
260 +info=/dev/null
261 +log=daemon.error
262 +for dummy
263 +do
264 +       case "$1" in
265 +       --log)          log="$2" ; shift        ;;
266 +       --info)         info="$2" ; shift       ;;
267 +       --debug)        debug="$2" ; shift      ;;
268 +       --omtu)         omtu="$2" ; shift       ;;
269 +       --fragicmp)     fragicmp="$2" ; shift   ;;
270 +       --hidetos)      hidetos="$2" ; shift    ;;
271 +       --rpfilter)     rpfiltercontrol="$2" ; shift    ;;
272 +       --)     shift ; break   ;;
273 +       -*)     echo "$me: unknown option \`$1'" >&2 ; exit 2   ;;
274 +       *)      break   ;;
275 +       esac
276 +       shift
277 +done
278 +
279 +
280 +
281 +# some shell functions, to clarify the actual code
282 +
283 +# set up a system flag based on a variable
284 +# sysflag value shortname default flagname
285 +sysflag() {
286 +       case "$1" in
287 +       '')     v="$3"  ;;
288 +       *)      v="$1"  ;;
289 +       esac
290 +       if test ! -f $sysflags/$4
291 +       then
292 +               if test " $v" != " $3"
293 +               then
294 +                       echo "cannot do $2=$v, $sysflags/$4 does not exist"
295 +                       exit 1
296 +               else
297 +                       return  # can't set, but it's the default anyway
298 +               fi
299 +       fi
300 +       case "$v" in
301 +       yes|no) ;;
302 +       *)      echo "unknown (not yes/no) $2 value \`$1'"
303 +               exit 1
304 +               ;;
305 +       esac
306 +       case "$v" in
307 +       yes)    echo 1 >$sysflags/$4    ;;
308 +       no)     echo 0 >$sysflags/$4    ;;
309 +       esac
310 +}
311 +
312 +# set up a Klips interface
313 +klipsinterface() {
314 +       # pull apart the interface spec
315 +       virt=`expr $1 : '\([^=]*\)=.*'`
316 +       phys=`expr $1 : '[^=]*=\(.*\)'`
317 +       case "$virt" in
318 +       ipsec[0-9])     ;;
319 +       *)      echo "invalid interface \`$virt' in \`$1'" ; exit 1     ;;
320 +       esac
321 +
322 +       # figure out ifconfig for interface
323 +       addr=
324 +       eval `ifconfig $phys |
325 +               awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ {
326 +                       gsub(/:/, " ", $0)
327 +                       print "addr=" $3
328 +                       other = $5
329 +                       if ($4 == "Bcast")
330 +                               print "type=broadcast"
331 +                       else if ($4 == "P-t-P")
332 +                               print "type=pointopoint"
333 +                       else if (NF == 5) {
334 +                               print "type="
335 +                               other = ""
336 +                       } else
337 +                               print "type=unknown"
338 +                       print "otheraddr=" other
339 +                       print "mask=" $NF
340 +               }'`
341 +       if test " $addr" = " "
342 +       then
343 +               echo "unable to determine address of \`$phys'"
344 +               exit 1
345 +       fi
346 +       if test " $type" = " unknown"
347 +       then
348 +               echo "\`$phys' is of an unknown type"
349 +               exit 1
350 +       fi
351 +       if test " $omtu" != " "
352 +       then
353 +               mtu="mtu $omtu"
354 +       else
355 +               mtu=
356 +       fi
357 +       echo "KLIPS $virt on $phys $addr/$mask $type $otheraddr $mtu" | logonly
358 +
359 +       if $klips
360 +       then
361 +               # attach the interface and bring it up
362 +               ipsec tncfg --attach --virtual $virt --physical $phys
363 +               ifconfig $virt inet $addr $type $otheraddr netmask $mask $mtu
364 +       fi
365 +
366 +       # if %defaultroute, note the facts
367 +       if test " $2" != " "
368 +       then
369 +               (
370 +                       echo "defaultroutephys=$phys"
371 +                       echo "defaultroutevirt=$virt"
372 +                       echo "defaultrouteaddr=$addr"
373 +                       if test " $2" != " 0.0.0.0"
374 +                       then
375 +                               echo "defaultroutenexthop=$2"
376 +                       fi
377 +               ) >>$info
378 +       else
379 +               echo '#dr: no default route' >>$info
380 +       fi
381 +
382 +       # check for rp_filter trouble
383 +       checkif $phys                   # thought to be a problem only on phys
384 +}
385 +
386 +# check an interface for problems
387 +checkif() {
388 +       $klips || return 0
389 +       rpf=$rpfilter1/$1/$rpfilter2
390 +       if test -f $rpf
391 +       then
392 +               r="`cat $rpf`"
393 +               if test " $r" != " 0"
394 +               then
395 +                       case "$r-$rpfiltercontrol" in
396 +                       0-%unchanged|0-0|1-1|2-2)
397 +                               # happy state
398 +                               ;;
399 +                       *-%unchanged)
400 +                               echo "WARNING: $1 has route filtering turned on; KLIPS may not work ($rpf is $r)"
401 +                               ;;
402 +                       [012]-[012])
403 +                               echo "WARNING: changing route filtering on $1 (changing $rpf from $r to $rpfiltercontrol)"
404 +                               echo "$rpfiltercontrol" >$rpf
405 +                               ;;
406 +                       [012]-*)
407 +                               echo "ERROR: unknown rpfilter setting: $rpfiltercontrol"
408 +                               ;;
409 +                       *)
410 +                               echo "ERROR: unknown $rpf value $r"
411 +                               ;;
412 +                       esac
413 +               fi
414 +       fi
415 +}
416 +
417 +# interfaces=%defaultroute:  put ipsec0 on top of default route's interface
418 +defaultinterface() {
419 +       phys=`netstat -nr |
420 +               awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'`
421 +       if test " $phys" = " "
422 +       then
423 +               echo "no default route, %defaultroute cannot cope!!!"
424 +               exit 1
425 +       fi
426 +       if test `echo " $phys" | wc -l` -gt 1
427 +       then
428 +               echo "multiple default routes, %defaultroute cannot cope!!!"
429 +               exit 1
430 +       fi
431 +       next=`netstat -nr |
432 +               awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'`
433 +       klipsinterface "ipsec0=$phys" $next
434 +}
435 +
436 +# log only to syslog, not to stdout/stderr
437 +logonly() {
438 +       logger -p $log -t ipsec_setup
439 +}
440 +
441 +# sort out which module is appropriate, changing it if necessary
442 +setmodule() {
443 +       if [ -e /proc/kallsyms ]
444 +       then
445 +               kernelsymbols="/proc/kallsyms";
446 +               echo "calcgoo: warning: 2.6 kernel with kallsyms not supported yet"
447 +       else
448 +               kernelsymbols="/proc/ksyms";
449 +       fi      
450 +        wantgoo="`ipsec calcgoo $kernelsymbols`"
451 +        module=$moduleplace/$modulename
452 +        if test -f $module
453 +        then
454 +                goo="`nm -ao $module | ipsec calcgoo`"
455 +                if test " $wantgoo" = " $goo"
456 +                then
457 +                        return          # looks right
458 +                fi
459 +        fi
460 +        if test -f $moduleinstplace/$wantgoo
461 +        then
462 +                echo "modprobe failed, but found matching template module $wantgoo."
463 +                echo "Copying $moduleinstplace/$wantgoo to $module."
464 +                rm -f $module
465 +                mkdir -p $moduleplace
466 +                cp -p $moduleinstplace/$wantgoo $module
467 +                # "depmod -a" gets done by caller
468 +        fi
469 +}
470 +
471 +
472 +
473 +# main line
474 +
475 +# load module if possible
476 +if test -f $ipsecversion && test -f $netkey
477 +then
478 +    # both KLIPS and NETKEY code detected, bail out
479 +    echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
480 +    exit
481 +fi
482 +if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
483 +then
484 +    # statically compiled KLIPS/NETKEY not found; try to load the module
485 +    modprobe ipsec
486 +fi
487 +
488 +if test ! -f $ipsecversion && test ! -f $netkey
489 +then
490 +       modprobe -v af_key
491 +fi
492 +
493 +if test -f $netkey
494 +then
495 +       klips=false
496 +       if test -f $modules
497 +       then
498 +               modprobe -qv ah4
499 +               modprobe -qv esp4
500 +               modprobe -qv ipcomp
501 +               #  xfrm4_tunnel is needed by ipip and ipcomp
502 +               modprobe -qv xfrm4_tunnel
503 +               # xfrm_user contains netlink support for IPsec 
504 +               modprobe -qv xfrm_user
505 +               modprobe -qv hw_random
506 +               # padlock must load before aes module
507 +               modprobe -qv padlock
508 +               # load the most common ciphers/algo's
509 +               modprobe -qv sha1
510 +               modprobe -qv md5
511 +               modprobe -qv des
512 +               modprobe -qv aes
513 +       fi
514 +fi
515 +
516 +if test ! -f $ipsecversion && $klips
517 +then
518 +        if test -r $modules             # kernel does have modules
519 +        then
520 +               if [ ! -e /proc/ksyms -a ! -e /proc/kallsyms ]
521 +               then
522 +                       echo "Broken 2.6 kernel without kallsyms, skipping calcgoo (Fedora rpm?)"
523 +               else
524 +                       setmodule
525 +               fi
526 +                unset MODPATH MODULECONF        # no user overrides!
527 +                depmod -a >/dev/null 2>&1
528 +               modprobe -qv hw_random
529 +               # padlock must load before aes module
530 +               modprobe -qv padlock
531 +                modprobe -v ipsec
532 +        fi
533 +        if test ! -f $ipsecversion
534 +        then
535 +                echo "kernel appears to lack IPsec support (neither CONFIG_KLIPS or CONFIG_NET_KEY are set)"
536 +                exit 1
537 +        fi
538 +fi
539 +
540 +# figure out debugging flags
541 +case "$debug" in
542 +'')    debug=none      ;;
543 +esac
544 +if test -r /proc/net/ipsec_klipsdebug
545 +then
546 +       echo "KLIPS debug \`$debug'" | logonly
547 +       case "$debug" in
548 +       none)   ipsec klipsdebug --none ;;
549 +       all)    ipsec klipsdebug --all  ;;
550 +       *)      ipsec klipsdebug --none
551 +               for d in $debug
552 +               do
553 +                       ipsec klipsdebug --set $d
554 +               done
555 +               ;;
556 +       esac
557 +elif $klips
558 +then
559 +       if test " $debug" != " none"
560 +       then
561 +               echo "klipsdebug=\`$debug' ignored, KLIPS lacks debug facilities"
562 +       fi
563 +fi
564 +
565 +# figure out misc. kernel config
566 +if test -d $sysflags
567 +then
568 +       sysflag "$fragicmp" "fragicmp" yes icmp
569 +       echo 1 >$sysflags/inbound_policy_check          # no debate
570 +       sysflag no "no_eroute_pass" no no_eroute_pass   # obsolete parm
571 +       sysflag no "opportunistic" no opportunistic     # obsolete parm
572 +       sysflag "$hidetos" "hidetos" yes tos
573 +elif $klips
574 +then
575 +       echo "WARNING: cannot adjust KLIPS flags, no $sysflags directory!"
576 +       # carry on
577 +fi
578 +
579 +if $klips
580 +then
581 +       # clear tables out in case dregs have been left over
582 +       ipsec eroute --clear
583 +       ipsec spi --clear
584 +elif test $netkey
585 +then
586 +       if ip xfrm state > /dev/null 2>&1
587 +       then
588 +               ip xfrm state flush
589 +               ip xfrm policy flush
590 +       elif type setkey > /dev/null 2>&1
591 +       then
592 +               # Check that the setkey command is available.
593 +               setkeycmd=       
594 +               PATH=$PATH:/usr/local/sbin       
595 +               for dir in `echo $PATH | tr ':' ' '`     
596 +               do       
597 +                       if test -f $dir/setkey -a -x $dir/setkey         
598 +                       then
599 +                               setkeycmd=$dir/setkey
600 +                               break                   # NOTE BREAK OUT 
601 +                       fi
602 +               done
603 +               $setkeycmd -F
604 +               $setkeycmd -FP
605 +       else
606 +       
607 +               echo "WARNING: cannot flush state/policy database -- \`$1'. Install a newer version of iproute/iproute2 or install the ipsec-tools package to obtain the setkey command." |
608 +                       logger -s -p daemon.error -t ipsec_setup
609 +       fi
610 +fi
611 +
612 +# figure out interfaces
613 +for i
614 +do
615 +       case "$i" in
616 +       ipsec*=?*)      klipsinterface "$i"     ;;
617 +       %defaultroute)  defaultinterface        ;;
618 +       *)      echo "interface \`$i' not understood"
619 +               exit 1
620 +               ;;
621 +       esac
622 +done
623 +
624 +exit 0
OpenWRT with patches for F@ST2504n board