webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-15 21:43:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

OpenSwan aktualisiert, da in der alten Version ein Fehler mit dem PPPoE vorlag.

Browse Source 
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@693 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
This commit is contained in:
ms
2007-07-15 11:30:12 +00:00
parent 0fe5c268a9
commit 4b871415a2
6 changed files with 16 additions and 58266 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lfs/linux
View File

@@ -64,7 +64,7 @@ netfilter-layer7-v2.9.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.9.tar.gz
patch-2.6.16-nath323-1.3.bz2 = $(URL_IPFIRE)/patch-2.6.16-nath323-1.3.bz2
squashfs3.2-r2.tar.gz = $(URL_IPFIRE)/squashfs3.2-r2.tar.gz
mISDN-1_1_3.tar.gz = $(URL_IPFIRE)/mISDN-1_1_3.tar.gz
openswan-2.4.8.tar.gz = $(URL_IPFIRE)/openswan-2.4.8.tar.gz
openswan-2.4.9.tar.gz = $(URL_IPFIRE)/openswan-2.4.9.tar.gz
$(DL_FILE)_MD5 = cc2106c6188675187d636aa518b04958
linux-2.6.16.33.tar.bz2_MD5 = 22f56e3a5e7524b2bbde2696152b5ad7
@@ -74,7 +74,7 @@ netfilter-layer7-v2.9.tar.gz_MD5 = ebf9043a5352ebe6dbd721989ef83dee
patch-2.6.16-nath323-1.3.bz2_MD5 = f926409ff703a307baf54b57ab75d138
squashfs3.2-r2.tar.gz_MD5 = bf360b92eba9e6d5610196ce2e02fcd1
mISDN-1_1_3.tar.gz_MD5 = d29bcf48f16fc8a9b9f3552d111b308d
openswan-2.4.8.tar.gz_MD5 = 918cc56ccf8e5d14cd2047e47450b34a
openswan-2.4.9.tar.gz_MD5 = 845f12d80d443cfa1a52f2b53b987bee
install : $(TARGET)
@@ -111,9 +111,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
# Openswan 2
cd $(DIR_SRC) && rm -rf openswan-*
cd $(DIR_SRC) && tar xfz $(DIR_DL)/openswan-2.4.8.tar.gz
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openswan-2.4.8.kernel-2.6-klips.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openswan-2.4.8.kernel-2.6-natt.patch
cd $(DIR_SRC) && tar xfz $(DIR_DL)/openswan-2.4.9.tar.gz
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openswan-2.4.9.kernel-2.6-klips.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openswan-2.4.9.kernel-2.6-natt.patch
cd $(DIR_SRC)/openswan-* && sed -i -e 's/INC_USRLOCAL=\/usr\/local/INC_USRLOCAL=\/usr/' Makefile.inc

4
lfs/openswan
View File

@@ -26,7 +26,7 @@
include Config
VER = 2.4.8
VER = 2.4.9
THISAPP = openswan-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 918cc56ccf8e5d14cd2047e47450b34a
$(DL_FILE)_MD5 = 845f12d80d443cfa1a52f2b53b987bee
install : $(TARGET)

13
src/patches/openswan-2.4.8.kernel-2.6-klips.patch → src/patches/openswan-2.4.9.kernel-2.6-klips.patch
View File

@@ -41977,7 +41977,7 @@ packaging/utils/kernelpatch 2.6
+ */
--- /dev/null Tue Mar 11 13:02:56 2003
+++ linux/net/ipsec/ipsec_xmit.c Mon Feb 9 13:51:03 2004
@@ -0,0 +1,1850 @@
@@ -0,0 +1,1855 @@
+/*
+ * IPSEC Transmit code.
+ * Copyright (C) 1996, 1997 John Ioannidis.
@@ -41995,7 +41995,7 @@ packaging/utils/kernelpatch 2.6
+ * for more details.
+ */
+
+char ipsec_xmit_c_version[] = "RCSID $Id: ipsec_xmit.c,v 1.20.2.8 2006/10/06 21:39:26 paul Exp $";
+char ipsec_xmit_c_version[] = "RCSID $Id: ipsec_xmit.c,v 1.20.2.9 2007/07/06 17:18:43 paul Exp $";
+
+#define __NO_VERSION__
+#include <linux/module.h>
@@ -42519,6 +42519,7 @@ packaging/utils/kernelpatch 2.6
+ ixt_a=ixs->ipsp->ips_alg_auth;
+ if (ixt_a) {
+ tailroom += AHHMAC_HASHLEN;
+ authlen = AHHMAC_HASHLEN;
+ } else
+ switch(ixs->ipsp->ips_authalg) {
+#ifdef CONFIG_KLIPS_AUTH_HMAC_MD5
@@ -43717,6 +43718,10 @@ packaging/utils/kernelpatch 2.6
+
+/*
+ * $Log: ipsec_xmit.c,v $
+ * Revision 1.20.2.9 2007/07/06 17:18:43 paul
+ * Fix for authentication field on sent packets has size equals to zero when
+ * using custom auth algorithms. This is bug #811. Patch by "iamscared".
+ *
+ * Revision 1.20.2.8 2006/10/06 21:39:26 paul
+ * Fix for 2.6.18+ only include linux/config.h if AUTOCONF_INCLUDED is not
+ * set. This is defined through autoconf.h which is included through the
@@ -59104,7 +59109,7 @@ packaging/utils/kernelpatch 2.6
+
+#include "openswan.h"
+
+#define V "2.4.8" /* substituted in by Makefile */
+#define V "2.4.9" /* substituted in by Makefile */
+static const char openswan_number[] = V;
+static const char openswan_string[] = "Openswan " V;
+
@@ -59379,4 +59384,4 @@ packaging/utils/kernelpatch 2.6
--- /dev/null Fri May 10 13:59:54 2002
+++ linux/net/ipsec/Makefile.ver Sun Jul 28 22:10:40 2002
@@ -0,0 +1 @@
+IPSECVERSION=2.4.8
+IPSECVERSION=2.4.9

0
src/patches/openswan-2.4.8.kernel-2.6-natt.patch → src/patches/openswan-2.4.9.kernel-2.6-natt.patch
View File

58130
src/patches/openswan-2.5.13.kernel-2.6-klips.patch
View File

File diff suppressed because it is too large Load Diff

125
src/patches/openswan-2.5.13.kernel-2.6-natt.patch
View File

@@ -1,125 +0,0 @@
packaging/utils/nattpatch 2.6
--- /dev/null Tue Mar 11 13:02:56 2003
+++ nat-t/include/net/xfrmudp.h Mon Feb 9 13:51:03 2004
@@ -0,0 +1,10 @@
+/*
+ * pointer to function for type that xfrm4_input wants, to permit
+ * decoupling of XFRM from udp.c
+ */
+#define HAVE_XFRM4_UDP_REGISTER
+
+typedef int (*xfrm4_rcv_encap_t)(struct sk_buff *skb, __u16 encap_type);
+extern int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
+ , xfrm4_rcv_encap_t *oldfunc);
+extern int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func);
--- /distros/kernel/linux-2.6.11.2/net/ipv4/Kconfig 2005-03-09 03:12:33.000000000 -0500
+++ swan26/net/ipv4/Kconfig 2005-04-04 18:46:13.000000000 -0400
@@ -351,2 +351,8 @@
+config IPSEC_NAT_TRAVERSAL
+ bool "IPSEC NAT-Traversal (KLIPS compatible)"
+ depends on INET
+ ---help---
+ Includes support for RFC3947/RFC3948 NAT-Traversal of ESP over UDP.
+
config IP_TCPDIAG
--- plain26/net/ipv4/udp.c.orig 2006-01-02 22:21:10.000000000 -0500
+++ plain26/net/ipv4/udp.c 2006-01-12 20:18:57.000000000 -0500
@@ -110,2 +110,3 @@
#include <net/xfrm.h>
+#include <net/xfrmudp.h>
@@ -894,6 +897,44 @@
sk_common_release(sk);
}
+#if defined(CONFIG_XFRM) || defined(CONFIG_IPSEC_NAT_TRAVERSAL)
+
+/* if XFRM isn't a module, then register it directly. */
+#if !defined(CONFIG_XFRM_MODULE)
+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = xfrm4_rcv_encap;
+#else
+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = NULL;
+#endif
+
+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func;
+
+int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
+ , xfrm4_rcv_encap_t *oldfunc)
+{
+ if(oldfunc != NULL) {
+ *oldfunc = xfrm4_rcv_encap_func;
+ }
+
+#if 0
+ if(xfrm4_rcv_encap_func != NULL)
+ return -1;
+#endif
+
+ xfrm4_rcv_encap_func = func;
+ return 0;
+}
+
+int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func)
+{
+ if(xfrm4_rcv_encap_func != func)
+ return -1;
+
+ xfrm4_rcv_encap_func = NULL;
+ return 0;
+}
+#endif /* CONFIG_XFRM_MODULE || CONFIG_IPSEC_NAT_TRAVERSAL */
+
+
/* return:
* 1 if the the UDP system should process it
* 0 if we should drop this packet
@@ -901,9 +940,9 @@
*/
static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
{
-#ifndef CONFIG_XFRM
+#if !defined(CONFIG_XFRM) && !defined(CONFIG_IPSEC_NAT_TRAVERSAL)
return 1;
-#else
+#else /* either CONFIG_XFRM or CONFIG_IPSEC_NAT_TRAVERSAL */
struct udp_sock *up = udp_sk(sk);
struct udphdr *uh = skb->h.uh;
struct iphdr *iph;
@@ -1021,10 +1060,14 @@
return 0;
}
if (ret < 0) {
- /* process the ESP packet */
- ret = xfrm4_rcv_encap(skb, up->encap_type);
- UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
- return -ret;
+ if(xfrm4_rcv_encap_func != NULL) {
+ ret = (*xfrm4_rcv_encap_func)(skb, up->encap_type);
+ UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
+ } else {
+ UDP_INC_STATS_BH(UDP_MIB_INERRORS);
+ ret = 1;
+ }
+ return ret;
}
/* FALLTHROUGH -- it's a UDP Packet */
}
@@ -1114,7 +1157,6 @@
/*
* All we need to do is get the socket, and then do a checksum.
*/
-
int udp_rcv(struct sk_buff *skb)
{
struct sock *sk;
@@ -1571,3 +1613,9 @@
EXPORT_SYMBOL(udp_proc_register);
EXPORT_SYMBOL(udp_proc_unregister);
#endif
+
+#if defined(CONFIG_IPSEC_NAT_TRAVERSAL)
+EXPORT_SYMBOL(udp4_register_esp_rcvencap);
+EXPORT_SYMBOL(udp4_unregister_esp_rcvencap);
+#endif
+