diff options
| author | Waldemar Brodkorb <wbx@openadk.org> | 2009-08-09 14:23:21 +0200 |
|---|---|---|
| committer | Waldemar Brodkorb <wbx@openadk.org> | 2009-08-09 14:23:21 +0200 |
| commit | 1c47490f586071528b387edc46e531c88bd77dc7 (patch) | |
| tree | f271e5a7124d085b4d7b9acbf311c6f55b257549 | |
| parent | 4e4a2f5a1d86ce0e2b79a8b8f6b150226913582f (diff) | |
update openswan, try to use both IPsec implementations
| -rw-r--r-- | package/openswan/Config.in | 20 | ||||
| -rw-r--r-- | package/openswan/Makefile | 70 | ||||
| -rw-r--r-- | package/openswan/patches/patch-Makefile_inc | 19 | ||||
| -rw-r--r-- | package/openswan/patches/patch-programs_Makefile_program | 6 | ||||
| -rw-r--r-- | package/openswan/patches/patch-programs_ikeping_ikeping_c | 6 | ||||
| -rw-r--r-- | target/linux/config/Config.in.ipsec | 52 | ||||
| -rw-r--r-- | target/linux/config/Config.in.network | 1 |
7 files changed, 128 insertions, 46 deletions
diff --git a/package/openswan/Config.in b/package/openswan/Config.in index 9bb43fa5c..172d02679 100644 --- a/package/openswan/Config.in +++ b/package/openswan/Config.in @@ -8,3 +8,23 @@ config ADK_PACKAGE_OPENSWAN Openswan is an implementation of IPsec for Linux. http://www.openswan.org/ + +choice +prompt "IPSec stack to use" +depends ADK_PACKAGE_OPENSWAN +config ADK_COMPILE_OPENSWAN_WITH_NETKEY + prompt "NETKEY - use Linux integrated IPSec Stack" + select ADK_KPACKAGE_KMOD_NET_KEY + select ADK_KPACKAGE_KMOD_INET_XFRM_MODE_TUNNEL + select ADK_KPACKAGE_KMOD_INET_XFRM_MODE_TRANSPORT + select ADK_KPACKAGE_KMOD_INET_ESP + select ADK_KPACKAGE_KMOD_INET_AH + bool + help + +config ADK_COMPILE_OPENSWAN_WITH_KLIPS + prompt "KLIPS - use OpenS/WAN IPSec Stack" + bool + help + +endchoice diff --git a/package/openswan/Makefile b/package/openswan/Makefile index 2fdb07849..3c417135d 100644 --- a/package/openswan/Makefile +++ b/package/openswan/Makefile @@ -4,9 +4,9 @@ include ${TOPDIR}/rules.mk PKG_NAME:= openswan -PKG_VERSION:= 2.6.21 +PKG_VERSION:= 2.6.22 PKG_RELEASE:= 1 -PKG_MD5SUM:= ba9da6c90e0f5fe856767d7510ce371f +PKG_MD5SUM:= 9a30009bade8a1b09fba27680c87cf72 PKG_DESCR:= IPSec software PKG_SECTION:= net PKG_DEPENDS:= ip libgmp @@ -18,42 +18,36 @@ include ${TOPDIR}/mk/package.mk $(eval $(call PKG_template,OPENSWAN,${PKG_NAME},${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) -FLAGS:= ${TCFLAGS} ${TCPPFLAGS} ${TLDFLAGS} - -do-build: - ${MAKE} -C ${WRKBUILD} \ - ${TARGET_CONFIGURE_OPTS} \ - KERNELSRC="${LINUX_DIR}" \ - ARCH="${ARCH}" \ - USERCOMPILE="${FLAGS}" \ - EXTRA_INCLUDE="${TCPPFLAGS}" \ - EXTRA_LIBS="${TLDFLAGS}" \ - IPSECDIR="/usr/lib/ipsec" \ - INC_USRLOCAL="/usr" \ - MODPROBE="insmod" \ - OSDEP="linux" \ - BUILDENV="linux" \ - programs - -do-install: - ${MAKE} -C ${WRKBUILD} \ - ${TARGET_CONFIGURE_OPTS} \ - DESTDIR="${IDIR_OPENSWAN}" \ - KERNELSRC="${LINUX_DIR}" \ - ARCH="${ARCH}" \ - USERCOMPILE="${FLAGS}" \ - IPSECDIR="/usr/lib/ipsec" \ - INC_USRLOCAL="/usr" \ - MODPROBE="insmod" \ - OSDEP="linux" \ - BUILDENV="linux" \ - install - rm -rf ${IDIR_OPENSWAN}/usr/share - rm -rf ${IDIR_OPENSWAN}/usr/man - rm -rf ${IDIR_OPENSWAN}/var - mv ${IDIR_OPENSWAN}/etc/rc.d/init.d/ipsec \ +#ifeq ($(ADK_COMPILE_OPENSWAN_WITH_NETKEY),y) +#XAKE_FLAGS+= USE_KLIPS=false USE_NETKEY=true +#endif + +#ifeq ($(ADK_COMPILE_OPENSWAN_WITH_KLIPS),y) +#XAKE_FLAGS+= USE_KLIPS=true USE_NETKEY=false +#endif + +XAKE_FLAGS+= KERNELSRC="${LINUX_DIR}" \ + IPSECDIR="/usr/lib/ipsec" \ + INC_USRLOCAL="/usr" \ + MODPROBE="insmod" \ + OSDEP="linux" \ + BUILDENV="linux" + +BUILD_STYLE:= auto +INSTALL_STYLE:= auto +ALL_TARGET:= programs + +post-install: + ${INSTALL_DIR} ${IDIR_OPENSWAN}/usr/lib/ipsec + ${INSTALL_DIR} ${IDIR_OPENSWAN}/usr/libexec/ipsec + ${INSTALL_DIR} ${IDIR_OPENSWAN}/etc/ipsec.d + ${INSTALL_DIR} ${IDIR_OPENSWAN}/usr/sbin + ${CP} ${WRKINST}/etc/ipsec.conf ${IDIR_OPENSWAN}/etc/ + ${CP} ${WRKINST}/etc/ipsec.d/* ${IDIR_OPENSWAN}/etc/ipsec.d + ${CP} ${WRKINST}/usr/lib/ipsec/* ${IDIR_OPENSWAN}/usr/lib/ipsec + ${CP} ${WRKINST}/usr/libexec/ipsec/* ${IDIR_OPENSWAN}/usr/libexec/ipsec + ${INSTALL_BIN} ${WRKINST}/usr/sbin/ipsec ${IDIR_OPENSWAN}/usr/sbin + ${INSTALL_BIN} ${WRKINST}/etc/rc.d/init.d/ipsec \ ${IDIR_OPENSWAN}/usr/libexec/ipsec/setup - rm -rf ${IDIR_OPENSWAN}/etc/rc*.d - find ${IDIR_OPENSWAN} -name \*.old -print0 | xargs -0 rm -rf include ${TOPDIR}/mk/pkg-bottom.mk diff --git a/package/openswan/patches/patch-Makefile_inc b/package/openswan/patches/patch-Makefile_inc index 653528eb9..872f21335 100644 --- a/package/openswan/patches/patch-Makefile_inc +++ b/package/openswan/patches/patch-Makefile_inc @@ -1,5 +1,5 @@ ---- openswan-2.6.21.orig/Makefile.inc 2009-03-30 15:11:28.000000000 +0200 -+++ openswan-2.6.21/Makefile.inc 2009-06-13 14:48:55.000000000 +0200 +--- openswan-2.6.22.orig/Makefile.inc 2009-06-23 04:53:08.000000000 +0200 ++++ openswan-2.6.22/Makefile.inc 2009-07-23 20:09:34.556071786 +0200 @@ -163,7 +163,7 @@ INSTALL=install # how backup names are composed. # Note that the install procedures will never overwrite an existing config @@ -9,3 +9,18 @@ INSTSUIDFLAGS=--mode=u+rxs,g+rx,o+rx --group=root -b --suffix=.old INSTMANFLAGS= INSTCONFFLAGS= +@@ -262,12 +262,12 @@ RH_KERNELSRC?=/lib/modules/2.6.9-1.681_F + # Note you need a locally running bind9 nameserver with lwres{} enabled + # to use this, or have the "lwres" package installed and running. + # This only affects conns that use DNS for keys in lookups. +-USE_LWRES?=false ++USE_LWRES?=true + + # Do a new lookup every time a connection is (re)started. This works better + # on hosts with some dyndns service, since DPD will cause a new dns lookup, + # but it could be a potential security issue if receiving spoofed dns. +-USE_DYNAMICDNS?=true ++USE_DYNAMICDNS?=false + + # Do we want all the configuration files like ipsec.conf and ipsec.secrets + # and any certificates to be in a single directory defined by diff --git a/package/openswan/patches/patch-programs_Makefile_program b/package/openswan/patches/patch-programs_Makefile_program index 74f5c8751..154fd06c2 100644 --- a/package/openswan/patches/patch-programs_Makefile_program +++ b/package/openswan/patches/patch-programs_Makefile_program @@ -1,6 +1,6 @@ $Id: update-patches 24 2008-08-31 14:56:13Z wbx $ ---- openswan-2.6.21.orig/programs/Makefile.program 2009-03-30 15:11:28.000000000 +0200 -+++ openswan-2.6.21/programs/Makefile.program 2009-06-13 14:42:38.000000000 +0200 +--- openswan-2.6.22.orig/programs/Makefile.program 2009-06-23 04:53:08.000000000 +0200 ++++ openswan-2.6.22/programs/Makefile.program 2009-07-23 19:46:18.635264333 +0200 @@ -49,9 +49,9 @@ CFLAGS+=-DFINALCONFFILE=\"${FINALCONFFIL CFLAGS+=-DFINALVARDIR=\"${FINALVARDIR}\" @@ -14,7 +14,7 @@ $Id: update-patches 24 2008-08-31 14:56:13Z wbx $ CFLAGS+= ${WERROR} -@@ -108,67 +108,67 @@ endif +@@ -104,67 +104,67 @@ endif ifneq ($(NOINSTALL),true) doinstall:: $(PROGRAM) $(CONFFILES) $(EXTRA8MAN) $(EXTRA5MAN) $(EXTRA5PROC) $(LIBFILES) $(CONFDFILES) diff --git a/package/openswan/patches/patch-programs_ikeping_ikeping_c b/package/openswan/patches/patch-programs_ikeping_ikeping_c index 5e8bde61b..4be18fcdb 100644 --- a/package/openswan/patches/patch-programs_ikeping_ikeping_c +++ b/package/openswan/patches/patch-programs_ikeping_ikeping_c @@ -1,7 +1,7 @@ $Id: update-patches 24 2008-08-31 14:56:13Z wbx $ ---- openswan-2.6.18.orig/programs/ikeping/ikeping.c 2008-10-06 18:52:49.000000000 +0200 -+++ openswan-2.6.18/programs/ikeping/ikeping.c 2008-10-14 13:09:06.000000000 +0200 -@@ -316,7 +316,7 @@ main(int argc, char **argv) +--- openswan-2.6.22.orig/programs/ikeping/ikeping.c 2009-06-23 04:53:08.000000000 +0200 ++++ openswan-2.6.22/programs/ikeping/ikeping.c 2009-07-23 19:46:18.643265912 +0200 +@@ -319,7 +319,7 @@ main(int argc, char **argv) natt=0; listen_only=0; noDNS=0; diff --git a/target/linux/config/Config.in.ipsec b/target/linux/config/Config.in.ipsec new file mode 100644 index 000000000..998e3a383 --- /dev/null +++ b/target/linux/config/Config.in.ipsec @@ -0,0 +1,52 @@ +menu "IPSec support" + +config ADK_KPACKAGE_KMOD_NET_KEY + prompt "kmod-net-ipsec-netkey............. PF_KEYv2 socket family" + tristate + default n + help + PF_KEYv2 socket family, compatible to KAME ones. + +config ADK_KPACKAGE_KMOD_INET_AH + prompt "kmod-net-ipsec-ah................. IPsec AH support" + tristate + default n + help + Support for IPsec AH. + +config ADK_KPACKAGE_KMOD_INET_ESP + prompt "kmod-net-ipsec-esp................ IPsec ESP support" + tristate + default n + help + Support for IPsec ESP. + +config ADK_KPACKAGE_KMOD_INET_IPCOMP + prompt "kmod-net-ipsec-comp................ IP Payload Compression" + tristate + default n + help + Support for IP Payload Compression Protocol (IPComp) (RFC3173), + typically needed for IPsec. + +config ADK_KPACKAGE_KMOD_INET_XFRM_MODE_TRANSPORT + prompt "kmod-net-ipsec-transport........... IPsec transport mode" + tristate + default n + help + Support for IPsec transport mode. + +config ADK_KPACKAGE_KMOD_INET_XFRM_MODE_TUNNEL + prompt "kmod-net-ipsec-tunnel.............. IPsec tunnel mode" + tristate + default n + help + Support for IPsec tunnel mode. + +config ADK_KPACKAGE_KMOD_INET_XFRM_MODE_BEET + prompt "kmod-net-ipsec-beet................ IPsec BEET mode" + tristate + default n + help + Support for IPsec BEET mode. +endmenu diff --git a/target/linux/config/Config.in.network b/target/linux/config/Config.in.network index 195006c51..255e17738 100644 --- a/target/linux/config/Config.in.network +++ b/target/linux/config/Config.in.network @@ -234,6 +234,7 @@ config ADK_KPACKAGE_KMOD_BONDING information. source target/linux/config/Config.in.sched +source target/linux/config/Config.in.ipsec endmenu |