Updated kernel to 2.6.24.7

Updated iptables to 1.4.0 Updated mISDN to 1-1-8 Updated openswan to 2.6.14 This version is not completed yet todo: -natt patch -check if other kernel patches still needed (CoreTemp ...) -check rootfiles (iptables, openswan) -fix asterix -fix linux-fusion
2026-04-19 07:23:03 +02:00 · 2008-07-13 19:09:48 +02:00
parent 8a8e094a3c
commit 64cf4991cc
22 changed files with 82880 additions and 1903 deletions
--- a/src/patches/openswan-2.6.14-kernel-2.6.24.7-natt.patch
+++ b/src/patches/openswan-2.6.14-kernel-2.6.24.7-natt.patch
@@ -0,0 +1,129 @@
+--- /dev/null   Tue Mar 11 13:02:56 2003
+++ nat-t/include/net/xfrmudp.h     Mon Feb  9 13:51:03 2004
+@@ -0,0 +1,10 @@
+/*
+ * pointer to function for type that xfrm4_input wants, to permit
+ * decoupling of XFRM from udp.c
+ */
+#define HAVE_XFRM4_UDP_REGISTER
+
+typedef int (*xfrm4_rcv_encap_t)(struct sk_buff *skb, __u16 encap_type);
+extern int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
+				      , xfrm4_rcv_encap_t *oldfunc);
+extern int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func);
+--- /distros/kernel/linux-2.6.11.2/net/ipv4/Kconfig	2005-03-09 03:12:33.000000000 -0500
+++ swan26/net/ipv4/Kconfig	2005-04-04 18:46:13.000000000 -0400
+@@ -351,2 +351,8 @@
+ 
+config IPSEC_NAT_TRAVERSAL
+	bool "IPSEC NAT-Traversal (KLIPS compatible)"
+	depends on INET
+	---help---
+          Includes support for RFC3947/RFC3948 NAT-Traversal of ESP over UDP.
+
+ config IP_TCPDIAG
+--- plain26/net/ipv4/udp.c.orig	2006-12-28 20:53:17.000000000 -0500
+++ plain26/net/ipv4/udp.c	2007-05-11 10:22:50.000000000 -0400
+@@ -108,6 +108,7 @@
+ #include <net/inet_common.h>
+ #include <net/checksum.h>
+ #include <net/xfrm.h>
+#include <net/xfrmudp.h>
+ 
+ /*
+  *	Snmp MIB for the UDP layer
+@@ -881,6 +882,31 @@
+ 	sk_common_release(sk);
+ }
+ 
+#if defined(CONFIG_XFRM) || defined(CONFIG_IPSEC_NAT_TRAVERSAL)
+
+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = NULL;
+int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
+			       , xfrm4_rcv_encap_t *oldfunc)
+{
+  if(oldfunc != NULL) {
+    *oldfunc = xfrm4_rcv_encap_func;
+  }
+
+  xfrm4_rcv_encap_func = func;
+  return 0;
+}
+
+int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func)
+{
+  if(xfrm4_rcv_encap_func != func)
+    return -1;
+
+  xfrm4_rcv_encap_func = NULL;
+  return 0;
+}
+#endif /* CONFIG_XFRM_MODULE || CONFIG_IPSEC_NAT_TRAVERSAL */
+
+
+ /* return:
+  * 	1  if the the UDP system should process it
+  *	0  if we should drop this packet
+@@ -888,9 +914,9 @@
+  */
+ static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
+ {
+-#ifndef CONFIG_XFRM
+#if !defined(CONFIG_XFRM) && !defined(CONFIG_IPSEC_NAT_TRAVERSAL)
+ 	return 1; 
+-#else
+#else /* either CONFIG_XFRM or CONFIG_IPSEC_NAT_TRAVERSAL */
+ 	struct udp_sock *up = udp_sk(sk);
+   	struct udphdr *uh;
+ 	struct iphdr *iph;
+@@ -1018,10 +1044,27 @@
+ 			return 0;
+ 		}
+ 		if (ret < 0) {
+-			/* process the ESP packet */
+-			ret = xfrm4_rcv_encap(skb, up->encap_type);
+-			UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
+-			return -ret;
+ 			if(xfrm4_rcv_encap_func != NULL)
+				ret = (*xfrm4_rcv_encap_func)(skb, up->encap_type);
+	
+			switch(ret) {
+			case 1:
+				/* FALLTHROUGH to send-up */;
+				break;
+				
+			case 0:
+                                /* PROCESSED, free it */
+				UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
+				return 0;
+				
+			case -1:
+				/* PACKET wasn't for _func, or no func, pass it
+				 * to stock function
+				 */
+				ret = xfrm4_rcv_encap(skb, up->encap_type);
+				UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
+				return -ret;
+			}
+ 		}
+ 		/* FALLTHROUGH -- it's a UDP Packet */
+ 	}
+@@ -1110,7 +1153,6 @@
+ /*
+  *	All we need to do is get the socket, and then do a checksum. 
+  */
+- 
+ int udp_rcv(struct sk_buff *skb)
+ {
+   	struct sock *sk;
+@@ -1599,3 +1641,9 @@
+ EXPORT_SYMBOL(udp_proc_register);
+ EXPORT_SYMBOL(udp_proc_unregister);
+ #endif
+
+#if defined(CONFIG_IPSEC_NAT_TRAVERSAL)
+EXPORT_SYMBOL(udp4_register_esp_rcvencap);
+EXPORT_SYMBOL(udp4_unregister_esp_rcvencap);
+#endif
+
+make[1]: Leaving directory `/usr/src/openswan-2.6.14'
--- a/src/patches/openswan-2.6.14-startklips-1.patch
+++ b/src/patches/openswan-2.6.14-startklips-1.patch
@@ -0,0 +1,55 @@
+--- _startklips.orig	2008-07-11 01:55:19.000000000 +0200
+++ _startklips	2008-07-12 09:11:56.000000000 +0200
+@@ -149,23 +149,35 @@
+ 
+ 	# figure out ifconfig for interface
+ 	addr=
+-	eval `ifconfig $phys |
+-		awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ {
+-			gsub(/:/, " ", $0)
+-			print "addr=" $3
+-			other = $5
+-			if ($4 == "Bcast")
+-				print "type=broadcast"
+-			else if ($4 == "P-t-P")
+-				print "type=pointopoint"
+-			else if (NF == 5) {
+-				print "type="
+-				other = ""
+-			} else
+-				print "type=unknown"
+-			print "otheraddr=" other
+-			print "mask=" $NF
+-		}'`
+	eval `ip addr show $phys | awk '$3 ~ /BROADCAST|POINTOPOINT/ { 
+				if ($3 ~ /BROADCAST/) 
+					print "type=broadcast"; 
+				else if ($3 ~ /POINTOPOINT/) 
+					print "type=pointopoint";
+				else {
+					print "type=";
+				}
+			}'`
+			
+	if [ "$type" == "broadcast" ]; then
+		eval `ip addr show $phys | awk '$1 == "inet"  { gsub(/\//, " "); 
+					print "addr=" $2;
+					print "mask=" $3;
+					print "otheraddr=" $5;
+					}'`
+	elif [ "$type" == "pointopoint" ]; then
+		eval `ip addr show $phys | awk '$1 == "inet"  { gsub(/\//, " "); 
+					print "addr=" $2;
+					print "mask=" $5;
+					print "otheraddr=" $4;
+					}'`
+	else
+		type="unknown"
+		otheraddr=
+	fi
+	
+	eval `whatmask /$mask | awk -F': ' '$1 ~ /^Netmask =/ { print "mask=" $2 }'`
+	
+ 	if test " $addr" = " "
+ 	then
+ 		echo "unable to determine address of \`$phys'"
--- a/src/patches/openswan-2.6.14-updown-1.patch
+++ b/src/patches/openswan-2.6.14-updown-1.patch
@@ -0,0 +1,30 @@
+--- _updown.klips.orig	2008-07-11 01:55:19.000000000 +0200
+++ _updown.klips	2008-07-12 09:20:26.000000000 +0200
+@@ -407,8 +407,8 @@
+ 		# opportunistic encryption work around
+ 		# need to provide route that eclipses default, without 
+ 		# replacing it.
+-		it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
+-			ip route $1 128.0.0.0/1 $parms2 $parms3"
+		#it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
+	#		ip route $1 128.0.0.0/1 $parms2 $parms3"
+ 		;;
+ 	*)	it="ip route $1 $parms $parms2 $parms3"
+ 		;;
+@@ -432,13 +432,13 @@
+ prepare-host:*|prepare-client:*)
+ 	# delete possibly-existing route (preliminary to adding a route)
+ 	case "$PLUTO_PEER_CLIENT" in
+-	"0.0.0.0/0")
+  "0.0.0.0/0")
+ 		# need to provide route that eclipses default, without 
+ 		# replacing it.
+ 		parms1="0.0.0.0/1"
+ 		parms2="128.0.0.0/1"
+-		it="ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1"
+-		oops="`ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1`"
+	#	it="ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1"
+	#	oops="`ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1`"
+ 		;;
+ 	*)
+ 		parms="$PLUTO_PEER_CLIENT $IPROUTEARGS"
--- a/src/patches/reiser4-for-2.6.24.patch
+++ b/src/patches/reiser4-for-2.6.24.patch