--- ipsec-tools-0.7.orig/configure +++ ipsec-tools-0.7/configure @@ -1068,6 +1068,12 @@ | --ht=*) htmldir=$ac_optarg ;; + -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) + ac_prev=htmldir ;; + -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ + | --ht=*) + htmldir=$ac_optarg ;; + -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; @@ -1176,6 +1182,16 @@ -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) psdir=$ac_optarg ;; + -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) + ac_prev=pdfdir ;; + -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) + pdfdir=$ac_optarg ;; + + -psdir | --psdir | --psdi | --psd | --ps) + ac_prev=psdir ;; + -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) + psdir=$ac_optarg ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; @@ -1879,6 +1895,7 @@ . "$ac_site_file" fi done +IFS=$as_save_IFS if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special @@ -4591,11 +4608,6 @@ { (exit 1); exit 1; }; } fi -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu { echo "$as_me:$LINENO: checking for grep that handles long lines and -e" >&5 @@ -5115,6 +5127,7 @@ fi done done +IFS=$as_save_IFS fi @@ -5992,6 +6005,7 @@ test -n "$ac_ct_CXX" && break done +IFS=$as_save_IFS if test "x$ac_ct_CXX" = x; then CXX="g++" @@ -9518,6 +9532,11 @@ postinstall_cmds='chmod 555 $lib' ;; +interix3*) + # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$' + ;; + irix5* | irix6* | nonstopux*) case $host_os in nonstopux*) version_type=nonstopux ;; @@ -14947,6 +14966,11 @@ lt_prog_compiler_pic_F77='-fno-common' ;; + interix3*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + msdosdjgpp*) # Just because we use GCC doesn't mean we suddenly get shared libraries # on systems that don't support them. @@ -15005,6 +15029,16 @@ # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic_F77='-DDLL_EXPORT' ;; + darwin*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + case $cc_basename in + xlc*) + lt_prog_compiler_pic='-qnocommon' + lt_prog_compiler_wl='-Wl,' + ;; + esac + ;; hpux9* | hpux10* | hpux11*) lt_prog_compiler_wl_F77='-Wl,' @@ -15101,6 +15135,17 @@ lt_prog_compiler_can_build_shared_F77=no ;; + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + unicos*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_can_build_shared=no + ;; + uts4*) lt_prog_compiler_pic_F77='-pic' lt_prog_compiler_static_F77='-Bstatic' @@ -15311,6 +15356,10 @@ with_gnu_ld=no fi ;; + interix*) + # we just hope/assume this is gcc and not c89 (= MSVC++) + with_gnu_ld=yes + ;; openbsd*) with_gnu_ld=no ;; @@ -15342,6 +15391,27 @@ *) supports_anon_versioning=yes ;; esac + # Set some defaults for GNU ld with shared library support. These + # are reset later if shared libraries are not supported. Putting them + # here allows them to be overridden if necessary. + runpath_var=LD_RUN_PATH + hardcode_libdir_flag_spec='${wl}--rpath ${wl}$libdir' + export_dynamic_flag_spec='${wl}--export-dynamic' + # ancient GNU ld didn't support --whole-archive et. al. + if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then + whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + else + whole_archive_flag_spec= + fi + supports_anon_versioning=no + case `$LD -v 2>/dev/null` in + *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 + *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... + *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... + *\ 2.11.*) ;; # other 2.11 versions + *) supports_anon_versioning=yes ;; + esac + # See if GNU ld supports shared libraries. case $host_os in aix3* | aix4* | aix5*) @@ -15451,7 +15521,7 @@ fi ;; - solaris* | sysv5*) + solaris*) if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then ld_shlibs_F77=no cat <&2 @@ -15472,6 +15542,33 @@ fi ;; + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) + case `$LD -v 2>&1` in + *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) + ld_shlibs=no + cat <<_LT_EOF 1>&2 + +*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not +*** reliably create shared libraries on SCO systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.16.91.0.3 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + ;; + *) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib' + else + ld_shlibs=no + fi + ;; + esac + ;; + sunos4*) archive_cmds_F77='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' wlarc= @@ -15539,6 +15636,7 @@ break fi done + ;; esac exp_sym_flag='-bexport' @@ -15588,11 +15686,11 @@ # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else - if test "$aix_use_runtimelinking" = yes; then + if test "$aix_use_runtimelinking" = yes; then shared_flag='${wl}-G' else shared_flag='${wl}-bM:SRE' - fi + fi fi fi @@ -15909,7 +16007,7 @@ link_all_deplibs_F77=yes ;; - netbsd*) + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else @@ -16509,6 +16607,18 @@ postinstall_cmds='chmod 555 $lib' ;; +interix3*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + irix5* | irix6* | nonstopux*) case $host_os in nonstopux*) version_type=nonstopux ;; @@ -16552,7 +16662,7 @@ ;; # This must be Linux ELF. -linux*) +linux* | k*bsd*-gnu) version_type=linux need_lib_prefix=no need_version=no @@ -16581,7 +16691,7 @@ dynamic_linker='GNU/Linux ld.so' ;; -knetbsd*-gnu) +netbsdelf*-gnu) version_type=linux need_lib_prefix=no need_version=no @@ -16590,7 +16700,7 @@ shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes - dynamic_linker='GNU ld.so' + dynamic_linker='NetBSD ld.elf_so' ;; netbsd*) @@ -16673,13 +16783,6 @@ sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" ;; -sco3.2v5*) - version_type=osf - soname_spec='${libname}${release}${shared_ext}$major' - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - shlibpath_var=LD_LIBRARY_PATH - ;; - solaris*) version_type=linux need_lib_prefix=no @@ -16705,7 +16808,7 @@ need_version=yes ;; -sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) +sysv4 | sysv4.3*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' @@ -16738,6 +16841,29 @@ fi ;; +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + version_type=freebsd-elf + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + hardcode_into_libs=yes + if test "$with_gnu_ld" = yes; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + shlibpath_overrides_runpath=no + else + sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' + shlibpath_overrides_runpath=yes + case $host_os in + sco3.2v5*) + sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" + ;; + esac + fi + sys_lib_dlsearch_path_spec='/usr/lib' + ;; + uts4*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' @@ -19917,6 +20043,8 @@ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; /* dlclose (self); */ } + else + puts (dlerror ()); exit (status); } @@ -20015,6 +20143,8 @@ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; /* dlclose (self); */ } + else + puts (dlerror ()); exit (status); } @@ -20075,7 +20205,7 @@ # Now quote all the things that may contain metacharacters while being # careful not to overquote the AC_SUBSTed values. We take copies of the # variables and quote the copies for generation of the libtool script. - for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC NM \ + for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \ SED SHELL STRIP \ libname_spec library_names_spec soname_spec extract_expsyms_cmds \ old_striplib striplib file_magic_cmd finish_cmds finish_eval \ @@ -20193,6 +20323,9 @@ # A C compiler. LTCC=$lt_LTCC +# LTCC compiler flags. +LTCFLAGS=$lt_LTCFLAGS + # A language-specific compiler. CC=$lt_compiler_GCJ @@ -20549,7 +20682,7 @@ # Now quote all the things that may contain metacharacters while being # careful not to overquote the AC_SUBSTed values. We take copies of the # variables and quote the copies for generation of the libtool script. - for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC NM \ + for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \ SED SHELL STRIP \ libname_spec library_names_spec soname_spec extract_expsyms_cmds \ old_striplib striplib file_magic_cmd finish_cmds finish_eval \ @@ -20667,6 +20800,12 @@ # A C compiler. LTCC=$lt_LTCC +# LTCC compiler flags. +LTCFLAGS=$lt_LTCFLAGS + +# LTCC compiler flags. +LTCFLAGS=$lt_LTCFLAGS + # A language-specific compiler. CC=$lt_compiler_RC --- ipsec-tools-0.7.orig/config.guess +++ ipsec-tools-0.7/config.guess @@ -1,9 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003 Free Software Foundation, Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 +# Free Software Foundation, Inc. -timestamp='2003-07-02' +timestamp='2008-01-23' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -17,13 +18,15 @@ # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +# 02110-1301, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. + # Originally written by Per Bothner . # Please send patches to . Submit a context # diff and a properly formatted ChangeLog entry. @@ -53,8 +56,8 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 -Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, +2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -66,11 +69,11 @@ while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) - echo "$timestamp" ; exit 0 ;; + echo "$timestamp" ; exit ;; --version | -v ) - echo "$version" ; exit 0 ;; + echo "$version" ; exit ;; --help | --h* | -h ) - echo "$usage"; exit 0 ;; + echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. @@ -104,7 +107,7 @@ trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; : ${TMPDIR=/tmp} ; - { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; @@ -123,7 +126,7 @@ ;; ,,*) CC_FOR_BUILD=$CC ;; ,*,*) CC_FOR_BUILD=$HOST_CC ;; -esac ;' +esac ; set_cc_for_build= ;' # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 1994-08-24) @@ -158,6 +161,7 @@ arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; + sh5el) machine=sh5le-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched @@ -196,50 +200,32 @@ # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. echo "${machine}-${os}${release}" - exit 0 ;; - amiga:OpenBSD:*:*) - echo m68k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - arc:OpenBSD:*:*) - echo mipsel-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - hp300:OpenBSD:*:*) - echo m68k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - mac68k:OpenBSD:*:*) - echo m68k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - macppc:OpenBSD:*:*) - echo powerpc-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - mvme68k:OpenBSD:*:*) - echo m68k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - mvme88k:OpenBSD:*:*) - echo m88k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - mvmeppc:OpenBSD:*:*) - echo powerpc-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - pmax:OpenBSD:*:*) - echo mipsel-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - sgi:OpenBSD:*:*) - echo mipseb-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - sun3:OpenBSD:*:*) - echo m68k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - wgrisc:OpenBSD:*:*) - echo mipsel-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; + exit ;; *:OpenBSD:*:*) - echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; + UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} + exit ;; + *:ekkoBSD:*:*) + echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} + exit ;; + *:SolidBSD:*:*) + echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} + exit ;; + macppc:MirBSD:*:*) + echo powerpc-unknown-mirbsd${UNAME_RELEASE} + exit ;; + *:MirBSD:*:*) + echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} + exit ;; alpha:OSF1:*:*) - if test $UNAME_RELEASE = "V4.0"; then + case $UNAME_RELEASE in + *4.0) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` - fi + ;; + *5.*) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` + ;; + esac # According to Compaq, /usr/sbin/psrinfo has been available on # OSF/1 and Tru64 systems produced since 1995. I hope that # covers most systems running today. This code pipes the CPU @@ -277,42 +263,49 @@ "EV7.9 (21364A)") UNAME_MACHINE="alphaev79" ;; esac + # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - exit 0 ;; - Alpha*:OpenVMS:*:*) - echo alpha-hp-vms - exit 0 ;; + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + exit ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead # of the specific Alpha model? echo alpha-pc-interix - exit 0 ;; + exit ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 - exit 0 ;; + exit ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-unknown-sysv4 - exit 0;; + exit ;; *:[Aa]miga[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-amigaos - exit 0 ;; + exit ;; *:[Mm]orph[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-morphos - exit 0 ;; + exit ;; *:OS/390:*:*) echo i370-ibm-openedition - exit 0 ;; + exit ;; + *:z/VM:*:*) + echo s390-ibm-zvmoe + exit ;; + *:OS400:*:*) + echo powerpc-ibm-os400 + exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} - exit 0;; + exit ;; + arm:riscos:*:*|arm:RISCOS:*:*) + echo arm-unknown-riscos + exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) echo hppa1.1-hitachi-hiuxmpp - exit 0;; + exit ;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then @@ -320,32 +313,32 @@ else echo pyramid-pyramid-bsd fi - exit 0 ;; + exit ;; NILE*:*:*:dcosx) echo pyramid-pyramid-svr4 - exit 0 ;; + exit ;; DRS?6000:unix:4.0:6*) echo sparc-icl-nx6 - exit 0 ;; - DRS?6000:UNIX_SV:4.2*:7*) + exit ;; + DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) case `/usr/bin/uname -p` in - sparc) echo sparc-icl-nx7 && exit 0 ;; + sparc) echo sparc-icl-nx7; exit ;; esac ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; + exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; - i86pc:SunOS:5.*:*) + exit ;; + i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; + exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; + exit ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in Series*|S4*) @@ -354,10 +347,10 @@ esac # Japanese Language versions have a version number like `4.1.3-JL'. echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` - exit 0 ;; + exit ;; sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} - exit 0 ;; + exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 @@ -369,10 +362,10 @@ echo sparc-sun-sunos${UNAME_RELEASE} ;; esac - exit 0 ;; + exit ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} - exit 0 ;; + exit ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor @@ -383,37 +376,40 @@ # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) echo m68k-milan-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) echo m68k-hades-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) echo m68k-unknown-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; + m68k:machten:*:*) + echo m68k-apple-machten${UNAME_RELEASE} + exit ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} - exit 0 ;; + exit ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 - exit 0 ;; + exit ;; RISC*:ULTRIX:*:*) echo mips-dec-ultrix${UNAME_RELEASE} - exit 0 ;; + exit ;; VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} - exit 0 ;; + exit ;; 2020:CLIX:*:* | 2430:CLIX:*:*) echo clipper-intergraph-clix${UNAME_RELEASE} - exit 0 ;; + exit ;; mips:*:*:UMIPS | mips:*:*:RISCos) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c @@ -437,32 +433,33 @@ exit (-1); } EOF - $CC_FOR_BUILD -o $dummy $dummy.c \ - && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ - && exit 0 + $CC_FOR_BUILD -o $dummy $dummy.c && + dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && + SYSTEM_NAME=`$dummy $dummyarg` && + { echo "$SYSTEM_NAME"; exit; } echo mips-mips-riscos${UNAME_RELEASE} - exit 0 ;; + exit ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax - exit 0 ;; + exit ;; Motorola:*:4.3:PL8-*) echo powerpc-harris-powermax - exit 0 ;; + exit ;; Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) echo powerpc-harris-powermax - exit 0 ;; + exit ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix - exit 0 ;; + exit ;; m88k:CX/UX:7*:*) echo m88k-harris-cxux7 - exit 0 ;; + exit ;; m88k:*:4*:R4*) echo m88k-motorola-sysv4 - exit 0 ;; + exit ;; m88k:*:3*:R3*) echo m88k-motorola-sysv3 - exit 0 ;; + exit ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` @@ -478,29 +475,29 @@ else echo i586-dg-dgux${UNAME_RELEASE} fi - exit 0 ;; + exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 - exit 0 ;; + exit ;; M88*:*:R3*:*) # Delta 88k system running SVR3 echo m88k-motorola-sysv3 - exit 0 ;; + exit ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) echo m88k-tektronix-sysv3 - exit 0 ;; + exit ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) echo m68k-tektronix-bsd - exit 0 ;; + exit ;; *:IRIX*:*:*) echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` - exit 0 ;; + exit ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. - echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id - exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i*86:AIX:*:*) echo i386-ibm-aix - exit 0 ;; + exit ;; ia64:AIX:*:*) if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` @@ -508,7 +505,7 @@ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} - exit 0 ;; + exit ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then eval $set_cc_for_build @@ -523,15 +520,19 @@ exit(0); } EOF - $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 - echo rs6000-ibm-aix3.2.5 + if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` + then + echo "$SYSTEM_NAME" + else + echo rs6000-ibm-aix3.2.5 + fi elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 else echo rs6000-ibm-aix3.2 fi - exit 0 ;; - *:AIX:*:[45]) + exit ;; + *:AIX:*:[456]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 @@ -544,28 +545,28 @@ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} - exit 0 ;; + exit ;; *:AIX:*:*) echo rs6000-ibm-aix - exit 0 ;; + exit ;; ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 - exit 0 ;; + exit ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to - exit 0 ;; # report: romp-ibm BSD 4.3 + exit ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx - exit 0 ;; + exit ;; DPX/2?00:B.O.S.:*:*) echo m68k-bull-sysv3 - exit 0 ;; + exit ;; 9000/[34]??:4.3bsd:1.*:*) echo m68k-hp-bsd - exit 0 ;; + exit ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 - exit 0 ;; + exit ;; 9000/[34678]??:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "${UNAME_MACHINE}" in @@ -627,9 +628,19 @@ esac if [ ${HP_ARCH} = "hppa2.0w" ] then - # avoid double evaluation of $set_cc_for_build - test -n "$CC_FOR_BUILD" || eval $set_cc_for_build - if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null + eval $set_cc_for_build + + # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating + # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler + # generating 64-bit code. GNU and HP use different nomenclature: + # + # $ CC_FOR_BUILD=cc ./config.guess + # => hppa2.0w-hp-hpux11.23 + # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess + # => hppa64-hp-hpux11.23 + + if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | + grep __LP64__ >/dev/null then HP_ARCH="hppa2.0w" else @@ -637,11 +648,11 @@ fi fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} - exit 0 ;; + exit ;; ia64:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` echo ia64-hp-hpux${HPUX_REV} - exit 0 ;; + exit ;; 3050*:HI-UX:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c @@ -669,153 +680,192 @@ exit (0); } EOF - $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 + $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } echo unknown-hitachi-hiuxwe2 - exit 0 ;; + exit ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) echo hppa1.1-hp-bsd - exit 0 ;; + exit ;; 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd - exit 0 ;; + exit ;; *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) echo hppa1.0-hp-mpeix - exit 0 ;; + exit ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf - exit 0 ;; + exit ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf - exit 0 ;; + exit ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-unknown-osf1mk else echo ${UNAME_MACHINE}-unknown-osf1 fi - exit 0 ;; + exit ;; parisc*:Lites*:*:*) echo hppa1.1-hp-lites - exit 0 ;; + exit ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd - exit 0 ;; + exit ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi - exit 0 ;; + exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd - exit 0 ;; + exit ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd - exit 0 ;; + exit ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd - exit 0 ;; + exit ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; + exit ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' - exit 0 ;; + exit ;; CRAY*TS:*:*:*) echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; + exit ;; CRAY*T3E:*:*:*) echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; + exit ;; CRAY*SV1:*:*:*) echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; + exit ;; *:UNICOS/mp:*:*) - echo nv1-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; + echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit 0 ;; + exit ;; + 5000:UNIX_System_V:4.*:*) + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} - exit 0 ;; + exit ;; sparc*:BSD/OS:*:*) echo sparc-unknown-bsdi${UNAME_RELEASE} - exit 0 ;; + exit ;; *:BSD/OS:*:*) echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} - exit 0 ;; - *:FreeBSD:*:*|*:GNU/FreeBSD:*:*) - # Determine whether the default compiler uses glibc. - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - #if __GLIBC__ >= 2 - LIBC=gnu - #else - LIBC= - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` - # GNU/FreeBSD systems have a "k" prefix to indicate we are using - # FreeBSD's kernel, but not the complete OS. - case ${LIBC} in gnu) kernel_only='k' ;; esac - echo ${UNAME_MACHINE}-unknown-${kernel_only}freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC} - exit 0 ;; + exit ;; + *:FreeBSD:*:*) + case ${UNAME_MACHINE} in + pc98) + echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + amd64) + echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + *) + echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + esac + exit ;; i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin - exit 0 ;; - i*:MINGW*:*) + exit ;; + *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 - exit 0 ;; + exit ;; + i*:windows32*:*) + # uname -m includes "-pc" on this system. + echo ${UNAME_MACHINE}-mingw32 + exit ;; i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 - exit 0 ;; - x86:Interix*:[34]*) - echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//' - exit 0 ;; + exit ;; + *:Interix*:[3456]*) + case ${UNAME_MACHINE} in + x86) + echo i586-pc-interix${UNAME_RELEASE} + exit ;; + EM64T | authenticamd) + echo x86_64-unknown-interix${UNAME_RELEASE} + exit ;; + IA64) + echo ia64-unknown-interix${UNAME_RELEASE} + exit ;; + esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks - exit 0 ;; + exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we # UNAME_MACHINE based on the output of uname instead of i386? echo i586-pc-interix - exit 0 ;; + exit ;; i*:UWIN*:*) echo ${UNAME_MACHINE}-pc-uwin - exit 0 ;; + exit ;; + amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) + echo x86_64-unknown-cygwin + exit ;; p*:CYGWIN*:*) echo powerpcle-unknown-cygwin - exit 0 ;; + exit ;; prep*:SunOS:5.*:*) echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; + exit ;; *:GNU:*:*) + # the GNU system echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` - exit 0 ;; + exit ;; + *:GNU/*:*:*) + # other systems with GNU libc and userland + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu + exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix - exit 0 ;; + exit ;; arm*:Linux:*:*) + eval $set_cc_for_build + if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_EABI__ + then + echo ${UNAME_MACHINE}-unknown-linux-gnu + else + echo ${UNAME_MACHINE}-unknown-linux-gnueabi + fi + exit ;; + avr32*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; + exit ;; cris:Linux:*:*) echo cris-axis-linux-gnu - exit 0 ;; + exit ;; + crisv32:Linux:*:*) + echo crisv32-axis-linux-gnu + exit ;; + frv:Linux:*:*) + echo frv-unknown-linux-gnu + exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; + exit ;; + m32r*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; + exit ;; mips:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c @@ -832,8 +882,12 @@ #endif #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` - test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 + eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' + /^CPU/{ + s: ::g + p + }'`" + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; mips64:Linux:*:*) eval $set_cc_for_build @@ -851,15 +905,22 @@ #endif #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` - test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 + eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' + /^CPU/{ + s: ::g + p + }'`" + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; + or32:Linux:*:*) + echo or32-unknown-linux-gnu + exit ;; ppc:Linux:*:*) echo powerpc-unknown-linux-gnu - exit 0 ;; + exit ;; ppc64:Linux:*:*) echo powerpc64-unknown-linux-gnu - exit 0 ;; + exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in EV5) UNAME_MACHINE=alphaev5 ;; @@ -873,7 +934,7 @@ objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} - exit 0 ;; + exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in @@ -881,25 +942,31 @@ PA8*) echo hppa2.0-unknown-linux-gnu ;; *) echo hppa-unknown-linux-gnu ;; esac - exit 0 ;; + exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) echo hppa64-unknown-linux-gnu - exit 0 ;; + exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux - exit 0 ;; + exit ;; sh64*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; + exit ;; sh*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; + exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; + exit ;; + vax:Linux:*:*) + echo ${UNAME_MACHINE}-dec-linux-gnu + exit ;; x86_64:Linux:*:*) echo x86_64-unknown-linux-gnu - exit 0 ;; + exit ;; + xtensa*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; i*86:Linux:*:*) # The BFD linker knows what the default object file format is, so # first see if it will tell us. cd to the root directory to prevent @@ -917,15 +984,15 @@ ;; a.out-i386-linux) echo "${UNAME_MACHINE}-pc-linux-gnuaout" - exit 0 ;; + exit ;; coff-i386) echo "${UNAME_MACHINE}-pc-linux-gnucoff" - exit 0 ;; + exit ;; "") # Either a pre-BFD a.out linker (linux-gnuoldld) or # one that does not give us useful --help. echo "${UNAME_MACHINE}-pc-linux-gnuoldld" - exit 0 ;; + exit ;; esac # Determine whether the default compiler is a.out or elf eval $set_cc_for_build @@ -942,23 +1009,33 @@ LIBC=gnulibc1 # endif #else - #ifdef __INTEL_COMPILER + #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) LIBC=gnu #else LIBC=gnuaout #endif #endif + #ifdef __dietlibc__ + LIBC=dietlibc + #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` - test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0 - test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 + eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' + /^LIBC/{ + s: ::g + p + }'`" + test x"${LIBC}" != x && { + echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + exit + } + test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both # sysname and nodename. echo i386-sequent-sysv4 - exit 0 ;; + exit ;; i*86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... @@ -966,24 +1043,27 @@ # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} - exit 0 ;; + exit ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. echo ${UNAME_MACHINE}-pc-os2-emx - exit 0 ;; + exit ;; i*86:XTS-300:*:STOP) echo ${UNAME_MACHINE}-unknown-stop - exit 0 ;; + exit ;; i*86:atheos:*:*) echo ${UNAME_MACHINE}-unknown-atheos - exit 0 ;; + exit ;; + i*86:syllable:*:*) + echo ${UNAME_MACHINE}-pc-syllable + exit ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) echo i386-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; + exit ;; i*86:*DOS:*:*) echo ${UNAME_MACHINE}-pc-msdosdjgpp - exit 0 ;; + exit ;; i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then @@ -991,15 +1071,16 @@ else echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} fi - exit 0 ;; - i*86:*:5:[78]*) + exit ;; + i*86:*:5:[678]*) + # UnixWare 7.x, OpenUNIX and OpenServer 6. case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} - exit 0 ;; + exit ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null 2>&1 ; then echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 fi - exit 0 ;; + exit ;; mini*:CTIX:SYS*5:*) # "miniframe" echo m68010-convergent-sysv - exit 0 ;; + exit ;; mc68k:UNIX:SYSTEM5:3.51m) echo m68k-convergent-sysv - exit 0 ;; + exit ;; M680?0:D-NIX:5.3:*) echo m68k-diab-dnix - exit 0 ;; - M68*:*:R3V[567]*:*) - test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; - 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0) + exit ;; + M68*:*:R3V[5678]*:*) + test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; + 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && echo i486-ncr-sysv4.3${OS_REL} && exit 0 + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && echo i486-ncr-sysv4 && exit 0 ;; + && { echo i486-ncr-sysv4; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; + exit ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 - exit 0 ;; + exit ;; TSUNAMI:LynxOS:2.*:*) echo sparc-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; + exit ;; rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; + exit ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; + exit ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} - exit 0 ;; + exit ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 - exit 0 ;; + exit ;; RM*:SINIX-*:*:*) echo mips-sni-sysv4 - exit 0 ;; + exit ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` @@ -1091,68 +1172,81 @@ else echo ns32k-sni-sysv fi - exit 0 ;; + exit ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says echo i586-unisys-sysv4 - exit 0 ;; + exit ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm echo hppa1.1-stratus-sysv4 - exit 0 ;; + exit ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. echo i860-stratus-sysv4 - exit 0 ;; + exit ;; + i*86:VOS:*:*) + # From Paul.Green@stratus.com. + echo ${UNAME_MACHINE}-stratus-vos + exit ;; *:VOS:*:*) # From Paul.Green@stratus.com. echo hppa1.1-stratus-vos - exit 0 ;; + exit ;; mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} - exit 0 ;; + exit ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 - exit 0 ;; + exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-unknown-sysv${UNAME_RELEASE} fi - exit 0 ;; + exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos - exit 0 ;; + exit ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. echo powerpc-apple-beos - exit 0 ;; + exit ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos - exit 0 ;; + exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} - exit 0 ;; + exit ;; SX-5:SUPER-UX:*:*) echo sx5-nec-superux${UNAME_RELEASE} - exit 0 ;; + exit ;; SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} - exit 0 ;; + exit ;; + SX-7:SUPER-UX:*:*) + echo sx7-nec-superux${UNAME_RELEASE} + exit ;; + SX-8:SUPER-UX:*:*) + echo sx8-nec-superux${UNAME_RELEASE} + exit ;; + SX-8R:SUPER-UX:*:*) + echo sx8r-nec-superux${UNAME_RELEASE} + exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} - exit 0 ;; + exit ;; *:Rhapsody:*:*) echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} - exit 0 ;; + exit ;; *:Darwin:*:*) - case `uname -p` in - *86) UNAME_PROCESSOR=i686 ;; - powerpc) UNAME_PROCESSOR=powerpc ;; + UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown + case $UNAME_PROCESSOR in + unknown) UNAME_PROCESSOR=powerpc ;; esac echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} - exit 0 ;; + exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` if test "$UNAME_PROCESSOR" = "x86"; then @@ -1160,22 +1254,25 @@ UNAME_MACHINE=pc fi echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} - exit 0 ;; + exit ;; *:QNX:*:4*) echo i386-pc-qnx - exit 0 ;; - NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*) + exit ;; + NSE-?:NONSTOP_KERNEL:*:*) + echo nse-tandem-nsk${UNAME_RELEASE} + exit ;; + NSR-?:NONSTOP_KERNEL:*:*) echo nsr-tandem-nsk${UNAME_RELEASE} - exit 0 ;; + exit ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux - exit 0 ;; + exit ;; BS2000:POSIX*:*:*) echo bs2000-siemens-sysv - exit 0 ;; + exit ;; DS/*:UNIX_System_V:*:*) echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} - exit 0 ;; + exit ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 @@ -1186,28 +1283,47 @@ UNAME_MACHINE="$cputype" fi echo ${UNAME_MACHINE}-unknown-plan9 - exit 0 ;; + exit ;; *:TOPS-10:*:*) echo pdp10-unknown-tops10 - exit 0 ;; + exit ;; *:TENEX:*:*) echo pdp10-unknown-tenex - exit 0 ;; + exit ;; KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) echo pdp10-dec-tops20 - exit 0 ;; + exit ;; XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) echo pdp10-xkl-tops20 - exit 0 ;; + exit ;; *:TOPS-20:*:*) echo pdp10-unknown-tops20 - exit 0 ;; + exit ;; *:ITS:*:*) echo pdp10-unknown-its - exit 0 ;; + exit ;; SEI:*:*:SEIUX) echo mips-sei-seiux${UNAME_RELEASE} - exit 0 ;; + exit ;; + *:DragonFly:*:*) + echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit ;; + *:*VMS:*:*) + UNAME_MACHINE=`(uname -p) 2>/dev/null` + case "${UNAME_MACHINE}" in + A*) echo alpha-dec-vms ; exit ;; + I*) echo ia64-dec-vms ; exit ;; + V*) echo vax-dec-vms ; exit ;; + esac ;; + *:XENIX:*:SysV) + echo i386-pc-xenix + exit ;; + i*86:skyos:*:*) + echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' + exit ;; + i*86:rdos:*:*) + echo ${UNAME_MACHINE}-pc-rdos + exit ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 @@ -1239,7 +1355,7 @@ #endif #if defined (__arm) && defined (__acorn) && defined (__unix) - printf ("arm-acorn-riscix"); exit (0); + printf ("arm-acorn-riscix\n"); exit (0); #endif #if defined (hp300) && !defined (hpux) @@ -1328,11 +1444,12 @@ } EOF -$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0 +$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } # Apollos put the system type in the environment. -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } # Convex versions that predate uname can use getsysinfo(1) @@ -1341,22 +1458,22 @@ case `getsysinfo -f cpu_type` in c1*) echo c1-convex-bsd - exit 0 ;; + exit ;; c2*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi - exit 0 ;; + exit ;; c34*) echo c34-convex-bsd - exit 0 ;; + exit ;; c38*) echo c38-convex-bsd - exit 0 ;; + exit ;; c4*) echo c4-convex-bsd - exit 0 ;; + exit ;; esac fi @@ -1367,7 +1484,9 @@ the operating system you are using. It is advised that you download the most up to date version of the config scripts from - ftp://ftp.gnu.org/pub/gnu/config/ + http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD +and + http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD If the version you run ($0) is already up to date, please send the following data and any information you think might be --- ipsec-tools-0.7.orig/config.sub +++ ipsec-tools-0.7/config.sub @@ -1,9 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003 Free Software Foundation, Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 +# Free Software Foundation, Inc. -timestamp='2003-07-04' +timestamp='2008-01-16' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -21,14 +22,15 @@ # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, -# Boston, MA 02111-1307, USA. - +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +# 02110-1301, USA. +# # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. + # Please send patches to . Submit a context # diff and a properly formatted ChangeLog entry. # @@ -70,8 +72,8 @@ version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 -Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, +2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -83,11 +85,11 @@ while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) - echo "$timestamp" ; exit 0 ;; + echo "$timestamp" ; exit ;; --version | -v ) - echo "$version" ; exit 0 ;; + echo "$version" ; exit ;; --help | --h* | -h ) - echo "$usage"; exit 0 ;; + echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. @@ -99,7 +101,7 @@ *local*) # First pass through any local machine types. echo $1 - exit 0;; + exit ;; * ) break ;; @@ -118,7 +120,9 @@ # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in - nto-qnx* | linux-gnu* | kfreebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) + nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \ + uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ + storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; @@ -144,7 +148,7 @@ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis) + -apple | -axis | -knuth | -cray) os= basic_machine=$1 ;; @@ -169,6 +173,10 @@ -hiux*) os=-hiuxwe2 ;; + -sco6) + os=-sco5v6 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; -sco5) os=-sco3.2v5 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` @@ -185,6 +193,10 @@ # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; + -sco5v6*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; -sco*) os=-sco3.2v2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` @@ -228,14 +240,17 @@ | a29k \ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ - | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ + | am33_2.0 \ + | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ + | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ - | fr30 | frv \ + | fido | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ - | ip2k \ - | m32r | m68000 | m68k | m88k | mcore \ + | ip2k | iq2000 \ + | m32c | m32r | m32rle | m68000 | m68k | m88k \ + | maxq | mb | microblaze | mcore | mep \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ @@ -244,27 +259,33 @@ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ + | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ | mipsisa64 | mipsisa64el \ + | mipsisa64r2 | mipsisa64r2el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ + | mt \ | msp430 \ + | nios | nios2 \ | ns16k | ns32k \ - | openrisc | or32 \ + | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ - | sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ + | score \ + | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ - | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \ - | strongarm \ + | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ + | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ + | spu | strongarm \ | tahoe | thumb | tic4x | tic80 | tron \ | v850 | v850e \ | we32k \ - | x86 | xscale | xstormy16 | xtensa \ + | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ | z8k) basic_machine=$basic_machine-unknown ;; @@ -275,6 +296,9 @@ ;; m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) ;; + ms1) + basic_machine=mt-unknown + ;; # We use `pc' rather than `unknown' # because (1) that's what they normally are, and @@ -292,22 +316,22 @@ | a29k-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | amd64-* | arc-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ - | avr-* \ - | bs2000-* \ + | avr-* | avr32-* \ + | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ - | clipper-* | cydra-* \ + | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ - | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ + | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ - | ip2k-* \ - | m32r-* \ + | ip2k-* | iq2000-* \ + | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | mcore-* \ + | m88110-* | m88k-* | maxq-* | mcore-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ @@ -316,33 +340,43 @@ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ + | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ | mipsisa64-* | mipsisa64el-* \ + | mipsisa64r2-* | mipsisa64r2el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ | mipstx39-* | mipstx39el-* \ + | mmix-* \ + | mt-* \ | msp430-* \ - | none-* | np1-* | nv1-* | ns16k-* | ns32k-* \ + | nios-* | nios2-* \ + | none-* | np1-* | ns16k-* | ns32k-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ | romp-* | rs6000-* \ - | sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ - | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \ - | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ + | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ + | sparclite-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tron-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ - | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \ - | xtensa-* \ + | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ + | xstormy16-* | xtensa*-* \ | ymp-* \ | z8k-*) ;; + # Recognize the basic CPU types without company name, with glob match. + xtensa*) + basic_machine=$basic_machine-unknown + ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) @@ -359,6 +393,9 @@ basic_machine=a29k-amd os=-udi ;; + abacus) + basic_machine=abacus-unknown + ;; adobe68k) basic_machine=m68010-adobe os=-scout @@ -376,6 +413,9 @@ amd64) basic_machine=x86_64-pc ;; + amd64-*) + basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; amdahl) basic_machine=580-amdahl os=-sysv @@ -407,6 +447,14 @@ basic_machine=ns32k-sequent os=-dynix ;; + blackfin) + basic_machine=bfin-unknown + os=-linux + ;; + blackfin-*) + basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; c90) basic_machine=c90-cray os=-unicos @@ -435,12 +483,27 @@ basic_machine=j90-cray os=-unicos ;; + craynv) + basic_machine=craynv-cray + os=-unicosmp + ;; + cr16) + basic_machine=cr16-unknown + os=-elf + ;; crds | unos) basic_machine=m68k-crds ;; + crisv32 | crisv32-* | etraxfs*) + basic_machine=crisv32-axis + ;; cris | cris-* | etrax*) basic_machine=cris-axis ;; + crx) + basic_machine=crx-unknown + os=-elf + ;; da30 | da30-*) basic_machine=m68k-da30 ;; @@ -463,6 +526,10 @@ basic_machine=m88k-motorola os=-sysv3 ;; + djgpp) + basic_machine=i586-pc + os=-msdosdjgpp + ;; dpx20 | dpx20-*) basic_machine=rs6000-bull os=-bosx @@ -613,6 +680,14 @@ basic_machine=m68k-isi os=-sysv ;; + m68knommu) + basic_machine=m68k-unknown + os=-linux + ;; + m68knommu-*) + basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; m88k-omron*) basic_machine=m88k-omron ;; @@ -628,6 +703,10 @@ basic_machine=i386-pc os=-mingw32 ;; + mingw32ce) + basic_machine=arm-unknown + os=-mingw32ce + ;; miniframe) basic_machine=m68000-convergent ;; @@ -641,10 +720,6 @@ mips3*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ;; - mmix*) - basic_machine=mmix-knuth - os=-mmixware - ;; monitor) basic_machine=m68k-rom68k os=-coff @@ -657,6 +732,9 @@ basic_machine=i386-pc os=-msdos ;; + ms1-*) + basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` + ;; mvs) basic_machine=i370-ibm os=-mvs @@ -725,10 +803,6 @@ np1) basic_machine=np1-gould ;; - nv1) - basic_machine=nv1-cray - os=-unicosmp - ;; nsr-tandem) basic_machine=nsr-tandem ;; @@ -736,9 +810,12 @@ basic_machine=hppa1.1-oki os=-proelf ;; - or32 | or32-*) + openrisc | openrisc-*) basic_machine=or32-unknown - os=-coff + ;; + os400) + basic_machine=powerpc-ibm + os=-os400 ;; OSE68000 | ose68000) basic_machine=m68000-ericsson @@ -756,6 +833,14 @@ basic_machine=i860-intel os=-osf ;; + parisc) + basic_machine=hppa-unknown + os=-linux + ;; + parisc-*) + basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; pbd) basic_machine=sparc-tti ;; @@ -765,6 +850,12 @@ pc532 | pc532-*) basic_machine=ns32k-pc532 ;; + pc98) + basic_machine=i386-pc + ;; + pc98-*) + basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; pentium | p5 | k5 | k6 | nexgen | viac3) basic_machine=i586-pc ;; @@ -821,6 +912,10 @@ basic_machine=i586-unknown os=-pw32 ;; + rdos) + basic_machine=i386-pc + os=-rdos + ;; rom68k) basic_machine=m68k-rom68k os=-coff @@ -847,6 +942,10 @@ sb1el) basic_machine=mipsisa64sb1el-unknown ;; + sde) + basic_machine=mipsisa32-sde + os=-elf + ;; sei) basic_machine=mips-sei os=-seiux @@ -858,6 +957,9 @@ basic_machine=sh-hitachi os=-hms ;; + sh5el) + basic_machine=sh5le-unknown + ;; sh64) basic_machine=sh64-unknown ;; @@ -947,6 +1049,10 @@ basic_machine=tic6x-unknown os=-coff ;; + tile*) + basic_machine=tile-unknown + os=-linux-gnu + ;; tx39) basic_machine=mipstx39-unknown ;; @@ -960,6 +1066,10 @@ tower | tower-32) basic_machine=m68k-ncr ;; + tpf) + basic_machine=s390x-ibm + os=-tpf + ;; udi29k) basic_machine=a29k-amd os=-udi @@ -1003,6 +1113,10 @@ basic_machine=hppa1.1-winbond os=-proelf ;; + xbox) + basic_machine=i686-pc + os=-mingw32 + ;; xps | xps100) basic_machine=xps100-honeywell ;; @@ -1033,6 +1147,9 @@ romp) basic_machine=romp-ibm ;; + mmix) + basic_machine=mmix-knuth + ;; rs6000) basic_machine=rs6000-ibm ;; @@ -1049,13 +1166,10 @@ we32k) basic_machine=we32k-att ;; - sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele) + sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; - sh64) - basic_machine=sh64-unknown - ;; - sparc | sparcv9 | sparcv9b) + sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) basic_machine=sparc-sun ;; cydra) @@ -1128,19 +1242,23 @@ | -aos* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ - | -hiux* | -386bsd* | -netbsd* | -openbsd* | -kfreebsd* | -freebsd* | -riscix* \ - | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ + | -openbsd* | -solidbsd* \ + | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ + | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ + | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \ + | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ - | -powermax* | -dnix* | -nx6 | -nx7 | -sei*) + | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ + | -skyos* | -haiku* | -rdos* | -toppers* | -drops*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1158,12 +1276,15 @@ os=`echo $os | sed -e 's|nto|nto-qnx|'` ;; -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ - | -windows* | -osx | -abug | -netware* | -os9* | -beos* \ + | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) ;; -mac*) os=`echo $os | sed -e 's|mac|macos|'` ;; + -linux-dietlibc) + os=-linux-dietlibc + ;; -linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; @@ -1176,6 +1297,9 @@ -opened*) os=-openedition ;; + -os400*) + os=-os400 + ;; -wince*) os=-wince ;; @@ -1197,6 +1321,9 @@ -atheos*) os=-atheos ;; + -syllable*) + os=-syllable + ;; -386bsd) os=-bsd ;; @@ -1219,6 +1346,9 @@ -sinix*) os=-sysv4 ;; + -tpf*) + os=-tpf + ;; -triton*) os=-sysv3 ;; @@ -1255,6 +1385,9 @@ -kaos*) os=-kaos ;; + -zvmoe) + os=-zvmoe + ;; -none) ;; *) @@ -1277,6 +1410,12 @@ # system, and we'll never get to this point. case $basic_machine in + score-*) + os=-elf + ;; + spu-*) + os=-elf + ;; *-acorn) os=-riscix1.2 ;; @@ -1286,9 +1425,9 @@ arm*-semi) os=-aout ;; - c4x-* | tic4x-*) - os=-coff - ;; + c4x-* | tic4x-*) + os=-coff + ;; # This must come before the *-dec entry. pdp10-*) os=-tops20 @@ -1314,6 +1453,9 @@ m68*-cisco) os=-aout ;; + mep-*) + os=-elf + ;; mips*-cisco) os=-elf ;; @@ -1332,9 +1474,15 @@ *-be) os=-beos ;; + *-haiku) + os=-haiku + ;; *-ibm) os=-aix ;; + *-knuth) + os=-mmixware + ;; *-wec) os=-proelf ;; @@ -1467,9 +1615,15 @@ -mvs* | -opened*) vendor=ibm ;; + -os400*) + vendor=ibm + ;; -ptx*) vendor=sequent ;; + -tpf*) + vendor=ibm + ;; -vxsim* | -vxworks* | -windiss*) vendor=wrs ;; @@ -1494,7 +1648,7 @@ esac echo $basic_machine$os -exit 0 +exit # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) --- ipsec-tools-0.7.orig/src/racoon/gssapi.c +++ ipsec-tools-0.7/src/racoon/gssapi.c @@ -155,7 +155,7 @@ { char name[NI_MAXHOST]; struct sockaddr *sa; - char* buf = NULL; + char *buf = NULL; gss_buffer_desc name_token; OM_uint32 min_stat, maj_stat; --- ipsec-tools-0.7.orig/src/racoon/cfparse.y +++ ipsec-tools-0.7/src/racoon/cfparse.y @@ -1714,8 +1714,8 @@ EOS | PEERS_CERTFILE DNSSEC { - if (cur_rmconf->getcert_method) { - yyerror("Different peers_certfile method already defined!\n"); + if (cur_rmconf->getcert_method != ISAKMP_GETCERT_PAYLOAD ) { + yyerror("Different peers_certfile method already defined: %d!\n", cur_rmconf->getcert_method); return -1; } cur_rmconf->getcert_method = ISAKMP_GETCERT_DNS; --- ipsec-tools-0.7.orig/src/racoon/racoon.conf.5 +++ ipsec-tools-0.7/src/racoon/racoon.conf.5 @@ -1338,7 +1338,7 @@ .Sh EXAMPLES The following shows how the remote directive should be configured. .Bd -literal -offset -path pre_shared_key "/usr/local/v6/etc/psk.txt" ; +path pre_shared_key "/etc/racoon/psk.txt" ; remote anonymous { exchange_mode aggressive,main,base; --- ipsec-tools-0.7.orig/src/racoon/racoon.8 +++ ipsec-tools-0.7/src/racoon/racoon.8 @@ -130,8 +130,8 @@ The command exits with 0 on success, and non-zero on errors. .\" .Sh FILES -.Bl -tag -width /etc/racoon.conf -compact -.It Pa /etc/racoon.conf +.Bl -tag -width /etc/racoon/racoon.conf -compact +.It Pa /etc/racoon/racoon.conf default configuration file. .El .\" --- ipsec-tools-0.7.orig/src/libipsec/policy_token.c +++ ipsec-tools-0.7/src/libipsec/policy_token.c @@ -625,7 +625,7 @@ /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). */ -#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) +#define ECHO if (fwrite( yytext, yyleng, 1, yyout )) {} #endif /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, --- ipsec-tools-0.7.orig/src/libipsec/policy_parse.y +++ ipsec-tools-0.7/src/libipsec/policy_parse.y @@ -544,7 +544,7 @@ __ipsec_errcode = EIPSEC_NO_BUFS; return -1; } - pbuf = n; + pbuf = (u_int8_t *) n; p = (struct sadb_x_ipsecrequest *)&pbuf[offset]; p->sadb_x_ipsecrequest_len = reqlen; --- ipsec-tools-0.7.orig/src/setkey/setkey.c +++ ipsec-tools-0.7/src/setkey/setkey.c @@ -314,7 +314,8 @@ #else char rbuf[1024]; rbuf[0] = '\0'; - fgets (rbuf, sizeof(rbuf), stdin); + if (!fgets (rbuf, sizeof(rbuf), stdin)) + break; if (!rbuf[0]) break; if (rbuf[strlen(rbuf)-1] == '\n') --- ipsec-tools-0.7.orig/debian/watch +++ ipsec-tools-0.7/debian/watch @@ -0,0 +1,6 @@ +# Example watch control file for uscan +# Rename this file to "watch" and then you can run the "uscan" command +# to check for upstream updates and more. +# URL Version Script +version=3 +http://sf.net/ipsec-tools/ipsec-tools-([0-9.]+)\.tar\.gz debian uupdate --- ipsec-tools-0.7.orig/debian/racoon.docs +++ ipsec-tools-0.7/debian/racoon.docs @@ -0,0 +1,6 @@ +NEWS +README +src/racoon/doc/FAQ +src/racoon/doc/README.certificate + + --- ipsec-tools-0.7.orig/debian/racoon-tool.pl +++ ipsec-tools-0.7/debian/racoon-tool.pl @@ -0,0 +1,2469 @@ +#!/usr/bin/perl -w +# +# Script for configuring linux 2.6.x IPSEC +# +# Copyright 2004 Matthew Grant, Catalyst IT Ltd, GPL2 +# + +# Loads and unloads all modules needed for IPSEC + +# Writes configuration files for racoon + +# Administers SPD in kernel using setkey program + +# Basically imitates Free S/WAN without all the kludgy garbage... + +# We are only dealing with IP addresses +use integer; + +sub mod_ls (); +sub mod_load ($); +sub mod_unload ($); +sub usage (); +sub mod_start(); +sub mod_stop(); +sub sad_flush(); +sub spd_flush(); +sub parse_config(); +sub ipsec_start(); +sub ipsec_stop(); +sub ipsec_load(); +sub spd_show(); +sub sad_show(); +sub parse_spd(\@\%); +sub conn_dump_list(); +sub peer_dump_list(); +sub global_dump_list(); +sub spd_dump_list(\@\%); +sub prog_warn($$;$); +sub prog_die($;$); +sub match_spd_connection(\@\%); +sub conn_down_handle($); +sub conn_down (\@\%$;$$); +sub conn_list($); +sub log_backend(); +sub conn_up_handle($); +sub conn_menu($); +sub racoon_write_config($$); +sub racoon_configure(;$); +sub peer_get_indexes (\%); +sub conn_reload_handle($); +sub check_if_running (); +sub racoon_start(); +sub racoon_stop(); +sub basename($$); +sub openlog($$$); +sub syslog($$); + +$proc_modules = "/proc/modules"; +$kver = `uname -r`; chomp $kver; +$modpath = "/lib/modules/" . $kver; +$modpath_ipsec = "$modpath/kernel/net/ipv4"; +$modpath_ipsec6 = "$modpath/kernel/net/ipv6"; +$modpath_xfrm = "$modpath/kernel/net/xfrm"; +$modpath_key = "$modpath/kernel/net/key"; +$modpath_crypto = "$modpath/kernel/crypto"; +$modpath_zlib = "$modpath/kernel/lib/zlib_deflate"; +$modext = ( $kver =~ /^2\.6\./ ? ".ko" : ".o" ); +$progname = basename($0, ""); +$proc_ipv4 = "/proc/sys/net/ipv4"; +$proc_ipv6 = "/proc/sys/net/ipv6"; + +$setkey_cmd = "/usr/sbin/setkey"; +$confdir = "/etc/racoon"; +$vardir = "/var/lib/racoon"; +$conffile = "${confdir}/racoon-tool.conf"; +$less_cmd = "/usr/bin/less"; +$more_cmd = "/bin/more"; +$pager_cmd = ( -x $less_cmd ? $less_cmd : $more_cmd ); +@pager_flags = ( -x $less_cmd ? ( '-MMXEi' ): ()); +# Handle BSD and SYSV ps... +$ps_cmd = ($^O =~ /bsd/i ? "ps axc" : "ps -e"); +$psf_cmd = ($^O =~ /bsd/i ? "ps axw" : "ps -eo pid,cmd"); +$racoon_cmd = "/usr/sbin/racoon"; +%fmt = ( 'normal' => 1, 'brief' => 2, 'comma' => 3 ); +$global_format = $fmt{'normal'}; +local $proc_id = $$; +$racoon_kill_delay = 25; # seconds + +# global settings hash +my $global_proplist = 'path_pre_shared_key|path_certificate|path_racoon_conf|racoon_command|racoon_pid_file|log|listen\[[0-9a-z]\]|complex_bundle'; +my %global = ( + 'path_pre_shared_key' => "$confdir/psk.txt", + 'path_certificate' => "$confdir/certs", + 'path_racoon_conf' => "${vardir}/racoon.conf", + 'racoon_command' => "${racoon_cmd} -f ___path_racoon_conf___", + 'racoon_pid_file' => "/var/run/racoon.pid", + ); + +# Peer related stuff +my $peer_proplist = 'exchange_mode|encryption_algorithm\[[0-9a-z]\]|hash_algorithm\[[0-9a-z]\]|dh_group\[[0-9a-z]\]|authentication_method\[[0-9a-z]\]|remote_template|lifetime|verify_identifier|verify_cert|passive|generate_policy|my_identifier|peers_identifier|certificate_type|peers_certfile|support_mip6|send_cr|send_cert|initial_contact|proposal_check|nat_traversal|nonce_size'; +my %peer_list = ( '%default' => { + 'exchange_mode' => 'main', + 'encryption_algorithm[0]' => '3des', + 'hash_algorithm[0]' => 'sha1', + 'dh_group[0]' => 'modp1024', + 'authentication_method[0]' => 'pre_shared_key', + 'remote_template' => '%default' + }, + '%anonymous' => { + 'passive' => 'on', + 'generate_policy' => 'on' + } ); + +# Connection related stuff +my $conn_proplist = 'src_range|dst_range|src_ip|dst_ip|upperspec|encap|mode|level|admin_status|spdadd_template|sadadd_template|sainfo_template|pfs_group|lifetime|encryption_algorithm|authentication_algorithm|compression'; +my @conn_required_props = ( 'src_ip', 'dst_ip'); +my %connection_list = ( '%default' => { + 'admin_status' => 'disabled', + 'upperspec' => 'any', + 'encap' => 'esp', + 'level' => 'unique', + 'spdadd_template' => '%default', + 'sadadd_template' => '%default', + 'sainfo_template' => '%default', + 'pfs_group' => 'modp1024', + 'encryption_algorithm' => 'aes,3des', + 'authentication_algorithm' => 'hmac_sha1,hmac_md5' + }, + '%anonymous' => { + 'admin_status' => 'disabled' + } ); + +my %prop_typehash = ( 'connection' => { + 'src_range' => 'range', + 'dst_range' => 'range', + 'src_ip' => 'ip', + 'dst_ip' => 'ip', + 'upperspec' => 'upperspec', + 'encap' => 'encap', + 'level' => 'level', + 'mode' => 'mode', + 'admin_status' => 'boolean', + 'spdadd_template' => 'template_name', + 'sadadd_template' => 'template_name', + 'sainfo_template' => 'template_name', + 'pfs_group' => 'pfs_group', + 'lifetime' => 'lifetime', + 'encryption_algorithm' => 'phase2_encryption', + 'authentication_algorithm' => 'phase2_auth_algorithm', + 'compression' => 'boolean' + }, + 'peer' => { + 'exchange_mode' => 'phase1_exchange_mode', + 'encryption_algorithm' => 'phase1_encryption', + 'hash_algorithm' => 'hash_algorithm', + 'dh_group' => 'dh_group', + 'authentication_method' => 'phase1_auth_method', + 'remote_template' => 'template_name', + 'lifetime' => 'lifetime', + 'verify_identifier' => 'switch', + 'verify_cert' => 'switch', + 'passive' => 'switch', + 'generate_policy' => 'switch', + 'initial_contact' => 'switch', + 'send_cr' => 'switch', + 'send_cert' => 'switch', + 'support_mip6' => 'switch', + 'my_identifier' => 'identifier', + 'peers_identifier' => 'identifier', + 'certificate_type' => 'certificate', + 'peers_certfile' => 'peers_certfile', + 'nonce_size' => 'nonce_size', + 'proposal_check' => 'proposal_check', + 'nat_traversal' => 'nat_traversal' + }, + 'global' => { + 'racoon_command' => 'shell_command', + 'racoon_pid_file' => 'path_generated_file', + 'path_pre_shared_key' => 'path_conf_file', + 'path_racoon_conf' => 'path_generated_file', + 'path_certificate' => 'path_certificate', + 'log' => 'log', + 'listen' => 'listen', + 'complex_bundle' => 'switch' + } + ); + +my %prop_syntaxhash = ( 'range' => '{ip-address|ip-address/masklen|ip-address[port]|ip-address/masklen[port]}', + 'ip' => '{ip-address} - IPv4 or IPv6', + 'uppserspec' => '{protocol} - number or /etc/protocols or any or icmp6', + 'encap' => '{ah|esp}', + 'mode' => '{tunnel|transport}', + 'boolean' => '{enabled|disabled|true|false|yes|no|up|down|on|off|0|1}', + 'template_name' => '{template-name} - can be %default or ^[-a-zA-Z0-9_]+', + 'level' => '{default|use|require|unique}', + 'phase1_exchange_mode' => '{main|aggressive|base}', + 'phase1_encryption' => '{aes|des|3des|blowfish|cast128}', + 'hash_algorithm' => '{md5|sha1}', + 'dh_group' => '{modp768|modp1024|modp1536|1|2|5}', + 'pfs_group' => '{none|modp768|modp1024|modp1536|1|2|5}', + 'phase1_auth_method' => '{pre_shared_key|rsasig}', + 'switch' => '{on|off}', + 'lifetime' => '{time} {integer} {hour|hours|min|mins|minutes|sec|secs|seconds}', + 'phase2_encryption' => '{aes|des|3des|des_iv64|des_iv32|rc5|rc4|idea|3idea|cast128|blowfish|null_enc|twofish|rijndael}', + 'phase2_auth_algorithm' => '{aes|des|3des|des_iv64|des_iv32|hmac_md5|hmac_sha1|non_auth}', + 'identifier' => '{address [ip-address]|fqdn dns-name|user_fqdn user@dns-name|keyid file-name|asn1dn [asn1-name]}', + 'certificate' => '{x509 cert-file privkey-file}', + 'peers_certfile' => '{x509|plain_rsa|dnssec} {cert-file}', + 'path_conf_file' => '{full-path-file-name}', + 'shell_command' => '{shell-command}', + 'path_generated_file' => '{full-path-file-name}', + 'path_certificate' => '{full-path-dir}', + 'log' => '{notify|debug|debug2}', + 'listen' => '{ip-address} [[port]]', + 'proposal_check' => '{obey|strict|claim|exact}', + 'nat_traversal' => '{on|off|force}', + 'nonce_size' => '{number} - between 8 and 256' + ); + +my %bool_val = ( 'enabled' => 1, + 'disabled' => 0, + 'true' => 1, + 'false' => 0, + 'yes' => 1, + 'no' => 0, + 'up' => 1, + 'down' => 0, + 'on' => 1, + 'off' => 0, + '0' => 0, + '1' =>1 ); + +# Default templates for spdadd and sadadd defined here +my $sadadd_default = ""; +my $spdadd_default = <<'EOF'; +spdadd ___src_range___ ___dst_range___ ___upperspec___ -P out ipsec + ___encap___/___mode___/___src_ip___-___dst_ip___/___level___; + +spdadd ___dst_range___ ___src_range___ ___upperspec___ -P in ipsec + ___encap___/___mode___/___dst_ip___-___src_ip___/___level___; + +EOF +%spdadd_addons = ( 'ipcomp_in' => 'ipcomp/___mode___/___dst_ip___-___src_ip___/use', + 'ipcomp_out' => 'ipcomp/___mode___/___src_ip___-___dst_ip___/use' + ); + +my $racoon_init_default = <<"EOF"; +path pre_shared_key ___path_pre_shared_key___; +path certificate ___path_certificate___; + +EOF +%init_addons = ('log' => 'log ___log___;', + 'listen' => "listen {\n\tstrict_address;\n}", + 'isakmp' => 'isakmp ___listen___;', + 'complex_bundle' => 'complex_bundle ___complex_bundle___;' + ); + + +my $remote_default = <<'EOF'; +remote ___dst_ip___ { + exchange_mode ___exchange_mode___; +} + +EOF +my $remote_proposal = <<'EOF'; + proposal { + encryption_algorithm ___encryption_algorithm___; + hash_algorithm ___hash_algorithm___; + authentication_method ___authentication_method___; + dh_group ___dh_group___; + } +EOF + +%remote_addons = ( 'verify_identifier' => 'verify_identifier ___verify_identifier___;', + 'verify_cert' => 'verify_cert ___verify_cert___;', + 'passive' => 'passive ___passive___;', + 'generate_policy' => 'generate_policy ___generate_policy___;', + 'my_identifier' => 'my_identifier ___my_identifier___;', + 'peers_identifier' => 'peers_identifier ___peers_identifier___;', + 'peers_certfile' => 'peers_certfile ___peers_certfile___;', + 'certificate_type' => 'certificate_type ___certificate_type___;', + 'lifetime' => 'lifetime ___lifetime___;', + 'initial_contact' => 'initial_contact ___initial_contact___;', + 'send_cr' => 'send_cr ___send_cr___;', + 'send_cert' => 'send_cert ___send_cert___;', + 'support_mip6' => 'support_mip6 ___support_mip6___;', + 'nonce_size' => 'nonce_size ___nonce_size___;', + 'proposal_check' => 'proposal_check ___proposal_check___;', + 'nat_traversal' => 'nat_traversal ___nat_traversal___;' + ); + +my $sainfo_default = <<'EOF'; +sainfo address ___src_range___ ___upperspec___ address ___dst_range___ ___upperspec___ { + encryption_algorithm ___encryption_algorithm___; + authentication_algorithm ___authentication_algorithm___; + compression_algorithm deflate; +} + +EOF +%sainfo_addons = ( 'pfs_group' => 'pfs_group ___pfs_group___;', + 'lifetime' => 'lifetime ___lifetime___;' + ); + +@modules = (); +@modules_ipsec = ('ah4', 'esp4', 'ipcomp'); +@modules_ipsec6 = ('ah6', 'esp6', 'ipcomp6'); + +# Make stdout and stderr unbuffered +select STDERR; +$| = 1; +select STDOUT; +$| = 1; + +# Make sure we are running as root +if ( $> != 0 ) { + print STDERR "$progname: must be root to run this.\n"; + exit 1; +} + +# 'Open' syslog +openlog ($progname, 'pid', 'daemon'); + +# Handle logging backend if '-l' switch given +log_backend (); + +# See if we are already running... +check_if_running(); + +mod_ls(); + +parse_config(); + +$have_1arg = "vpndown|vpnup|vpnreload|vpnlist|vpnmenu|vdown|vup|vreload|vlist|vmenu"; + +# Process command line... +foreach my $i ( 0..$#ARGV ) { + $ARGV[$i] = lc $ARGV[$i]; +} + +SWITCH: { + !defined $ARGV[0] && do { + usage (); + exit 1; + }; + $ARGV[0] =~ /^(${have_1arg})$/ && @ARGV > 2 && do { + usage (); + exit 1; + }; + $ARGV[0] !~ /^(${have_1arg})$/ && @ARGV > 1 && do { + usage (); + exit 1; + }; + + $ARGV[0] =~ /^start$/ && do { + + ipsec_start (); + + last SWITCH; + }; + $ARGV[0] =~ /^stop$/ && do { + + ipsec_stop (); + + last SWITCH; + }; + $ARGV[0] =~ /^reload$/ && do { + + ipsec_load (); + + last SWITCH; + }; + $ARGV[0] =~ /^(restart|force-reload)$/ && do { + + ipsec_stop (); + + @modules = (); + ipsec_start (); + + last SWITCH; + }; + + $ARGV[0] =~ /^(sadshow|saddump|dump)$/ && do { + # Show the SAD + sad_show (); + last SWITCH; + }; + $ARGV[0] =~ /^(spdshow|spddump)$/ && do { + # Show the SPD + spd_show (); + last SWITCH; + }; + + $ARGV[0] =~ /^(sadflush|flush)$/ && do { + + # Flush the SAD + print "Flushing SAD...\n"; + sad_flush (); + print "SAD flushed.\n"; + prog_warn 'info', "manually flushed SAD"; + + last SWITCH; + }; + + $ARGV[0] =~ /^spdflush$/ && do { + + # Flush the SPD + print "Flushing SPD...\n"; + spd_flush (); + print "SPD flushed.\n"; + prog_warn 'info', "manually flushed SPD"; + + last SWITCH; + }; + + $ARGV[0] =~ /^(vpndown|vdown)$/ && do { + + # Go and do it + conn_down_handle ($ARGV[1]); + + last SWITCH; + }; + + $ARGV[0] =~ /^(vpnmenu|vmenu)$/ && do { + + # Go and do it + conn_menu ($ARGV[1]); + + last SWITCH; + }; + + + $ARGV[0] =~ /^(vpnup|vup)$/ && do { + + # Go and do it + conn_up_handle ($ARGV[1]); + + last SWITCH; + }; + + $ARGV[0] =~ /^(vpnreload|vreload)$/ && do { + + # Go and do it + conn_reload_handle ($ARGV[1]); + + last SWITCH; + }; + + $ARGV[0] =~ /^(vpnlist|vlist)$/ && do { + + # Go and do it + conn_list ($ARGV[1]); + + last SWITCH; + }; + + $ARGV[0] =~ /^(racoonstart|rstart)$/ && do { + + # Go and do it + racoon_start(); + + last SWITCH; + }; + + $ARGV[0] =~ /^(racoonstop|rstop)$/ && do { + + # Go and do it + racoon_stop(); + + last SWITCH; + }; + + usage (); + exit 1; +}; + +exit 0; + +# Functions start here + +sub usage () { + print STDERR "\n"; + print STDERR " Usage: $progname [-h] sadflush|spdflush|saddump|spddump\n"; + print STDERR " |reload|restart|force-reload|start|stop\n"; + print STDERR " $progname [-h] vpndown|vdown|vpnup|vup\n"; + print STDERR " |vpnreload|vreload connection-name|all\n"; + print STDERR " $progname [-h] vpnlist|vlist [connection-name|all]\n"; + print STDERR " $progname [-h] vpnmenu|vmenu\n"; + print STDERR " $progname [-h] racoonstart|racoonstop|rstart|rstop\n"; + print STDERR "\n"; +}; + +sub basename ($$) { + my $name = shift; + my $ext = shift; + $name =~ s/^.*\/(.*)$/$1/; + $name =~ s/^(.*)${ext}$/$1/; + return $name; +} + +sub openlog ($$$) { + $log{'ident'} = shift; + $log{'logopt'} = shift; + $log{'facility'} = shift; + my $logger; + + $logger = "/usr/bin/logger"; + if ( ! -x $logger ) { + $logger = "/bin/logger"; + } elsif ( ! -x $logger ) { + die "$progname: cannot run $logger.\n"; + } + + $log{'logger'} = $logger; + +} + +sub syslog ($$) { + my $priority = shift; + my $msg = shift; + + system("$log{'logger'}", '-p', "$log{'facility'}.${priority}", '-t', "$log{'ident'}\[${proc_id}\]", "$msg"); +} + +sub check_if_running () { + my @pids = (); + my @procs = grep /\b${progname}$/, (grep ! /^\s*${proc_id}\b/, `$ps_cmd`); + foreach (@procs) { + my @fields = split; + if (!$fields[0]) { + next; + } + push @pids, $fields[0]; + } + + if (@pids) { + print STDERR "$progname: process(es) @pids are already running.\n"; + exit 2; + } +} + +sub racoon_get_pids () { + my @pids = (); + my $cmd = ''; + my $pid_file = $global{'racoon_pid_file'}; + + $cmd = $global{'racoon_command'}; + if ( $cmd =~ m/^(\S+).*$/ ) { + $cmd = $1; + } + + if ( -f $pid_file ) { + if ( ! open PID, "$pid_file" ) { + prog_die "cannot open $pid_file - $!"; + } + @pids = ( ); + close PID; + } elsif ( scalar(@pids = grep m#${cmd}[\s\n]#s, (split /^/m, `$psf_cmd`)) ) { + grep { s/^\s*([0-9]+)\s+.*$/$1/; } @pids; + } + + return @pids; +} + + +sub racoon_fill_command ($) { + my $stuff = shift; + foreach my $key (keys %global) { + my $key_reg = $key; + $key_reg =~ s/\[/\\[/g; + $key_reg =~ s/\]/\\]/g; + $stuff =~ s/___${key_reg}___/$global{"$key"}/img; + } + return $stuff; +} + +sub racoon_start () { + my $running; + my @pids = (); + + print "Starting IKE (ISAKMP/Oakley) server: "; + + # see if it is already running + @pids = racoon_get_pids(); + + if ( $running = kill ( '0', @pids ) ) { + prog_warn 'warning', "racoon already running - exiting.", $fmt{'brief'}; + exit 10; + } + + # Start it. + my $stuff = racoon_fill_command ($global{'racoon_command'}); + system "$stuff"; + + # See if it started + @pids = racoon_get_pids(); + $running = @pids; + if ( ! $running ) { + prog_die "racoon did not start."; + } + + print "racoon.\n"; + prog_warn 'info', "racoon started."; +} + +sub racoon_stop () { + my @pids = (); + my $running; + + print "Stopping IKE (ISAKMP/Oakley) server: "; + + # Find PIDs to use + @pids = racoon_get_pids(); + + # see if it is running + $running = kill ('0', @pids ); + if ( ! $running ) { + print "not found running.\n"; + return; + } + + # kill -15 it + $running = kill ( 'TERM', @pids ); + + my $delay = $racoon_kill_delay; + # Check if any still running + while ( ($running = kill ( '0', @pids )) && $delay) { + sleep 1; + $delay--; + # see if still running, and loop back to wait upto 25 secs + } + + # kill -9 it + kill ( 'KILL', @pids ); + + print "racoon.\n"; + prog_warn 'info', "racoon stopped."; +} + +sub racoon_configure (;$) { + my $format = shift; + my @pids; + my @new; + my $running = 0; + + # Prepare new config file + racoon_write_config ($global{'path_racoon_conf'}, $format); + + # HUP racoon to reconfigure it + @pids = racoon_get_pids(); + $running = @pids; + + sad_flush(); + kill ( 'HUP', @pids ); + @pids = racoon_get_pids(); + if ($running && @pids < 1 ) { + prog_warn 'err', "reconfiguring racoon failed - racoon died, check system logs.", $format; + return -1; + } elsif ( ! $running && @pids < 1) { + prog_warn 'warning', "racoon not running.", $format; + return 0; + } + return 1; +} + +sub racoon_fill_remote ($) { + my $peer = shift; + my $stuff; + + my $hndl = $peer_list{$peer}; + my $template = $hndl->{'remote_template'}; + $stuff = $remote{$template}; + if ( $template eq '%default' ) { + foreach my $property ( keys %remote_addons ) { + if (defined $hndl->{"$property"}) { + $stuff =~ s/^(\s*remote.*{\s*)$/${1}\n\t${remote_addons{"$property"}}/m; + } + } + my @pindexes = peer_get_indexes ( %$hndl ); + foreach my $ind ( @pindexes ) { + my $to_add = $remote_proposal; + $to_add =~ s/___(\S+)___/___$1\[$ind\]___/gm; + $stuff =~ s/^(\s*remote.*{\s*)$/${1}\n${to_add}/m + } + } + + + foreach my $key (keys %$hndl) { + my $key_reg = $key; + $key_reg =~ s/\[/\\[/g; + $key_reg =~ s/\]/\\]/g; + $stuff =~ s/___${key_reg}___/$$hndl{"$key"}/img; + } + + if ($peer eq '%anonymous' && $template eq '%default' ) { + $stuff =~ s/(remote\s+)\%anonymous/remote anonymous/ + } + + return $stuff; +} + +sub racoon_fill_sainfo ($) { + my $connection = shift; + my $stuff; + + my $hndl = $connection_list{$connection}; + my $template = $hndl->{'sainfo_template'}; + $stuff = $sainfo{$template}; + if ( $template eq '%default' ) { + foreach my $property ( keys %sainfo_addons ) { + next if $property eq "pfs_group" && + defined $hndl->{'pfs_group'} && $hndl->{'pfs_group'} eq 'none'; + if ( defined $hndl->{"$property"} ) { + $stuff =~ s/^(\s*sainfo.*)$/${1}\n\t${sainfo_addons{"$property"}}/m; + } + } + } + + foreach my $key (keys %$hndl) { + $stuff =~ s/___${key}___/$$hndl{$key}/img; + } + + if ($connection eq '%anonymous' && $template eq '%default' ) { + $stuff =~ s/sainfo.*{/sainfo anonymous {/ + } + + return $stuff; +} + +sub racoon_fill_init () { + my $stuff = $racoon_init; + + foreach my $key ( keys %global ) { + $key =~ s/^(\S+)\[[0-9a-z]\]$/$1/i; + if ( defined $init_addons{"$key"} ) { + $stuff =~ s/^(\s*path certificate.*)$/${1}\n${init_addons{"$key"}}/m; + } + } + my @indexes = peer_get_indexes ( %global ); + foreach my $ind ( @indexes ) { + my $to_add = $init_addons{'isakmp'}; + $to_add =~ s/___(\S+)___/___$1\[$ind\]___/gm; + $stuff =~ s/^(\s*listen.*{\s*)$/${1}\n\t${to_add}/m + } + + foreach my $key (keys %global) { + my $key_reg = $key; + $key_reg =~ s/\[/\\[/g; + $key_reg =~ s/\]/\\]/g; + $stuff =~ s/___${key_reg}___/$global{"$key"}/img; + } + + return $stuff; +} + +sub racoon_write_config ($$) { + my $file = shift; + my $format = shift; + my @spd_list; + my %conn_spd_hash; + my @remote_done = (); + + parse_spd (@spd_list, %conn_spd_hash); + + open (RCF, ">$file") + or prog_die "can't open $file - $!", $format; + + # Pretty print comments... + my $hostname = `/bin/hostname`; + my $date = scalar localtime; + print RCF <<"EOF"; +# +# Racoon configuration for $hostname +# Generated on $date by $progname +# + +EOF + # Print out the racoon header + print RCF "#\n# Global items\n#\n"; + my $stuff = racoon_fill_init(); + print RCF $stuff; + + foreach my $connection ( keys %conn_spd_hash ) { + my $stuff = ''; + my $hndl = $connection_list{$connection}; + + print RCF "#\n# Connection $connection\n#\n"; + # print remote clauses needed... + my $dst_ip = $hndl->{'dst_ip'}; + if ( ! grep { $dst_ip eq $_ } @remote_done ) { + push @remote_done, $dst_ip; + $stuff = racoon_fill_remote($dst_ip); + print RCF $stuff; + } + + # print sainfo clauses needed... + $stuff = racoon_fill_sainfo($connection); + print RCF $stuff; + } + + # Handle anonymous connection + my $hndl = $connection_list{'%anonymous'}; + my $phndl = $peer_list{'%anonymous'}; + + if ( defined $hndl && $hndl + && defined $hndl->{'admin_status'} + && $bool_val{"$hndl->{'admin_status'}"} != 0 + && $hndl->{'makelive'} != 0 + && defined $phndl + && $phndl + && $phndl->{'makelive'} != 0 ) { + my $stuff = ''; + print RCF "#\n# Anonymous connection section\n#\n"; + $stuff = racoon_fill_remote('%anonymous'); + print RCF $stuff; + $stuff = racoon_fill_sainfo('%anonymous'); + print RCF $stuff; + } + + close RCF; +} + +sub log_backend () { +foreach my $arg ( @ARGV ) { + next if $arg ne '-l'; + + my $error = 0; + while ( ) { + chomp; + prog_warn 0, "setkey said: $_"; + $error = 1; + } + + exit $error; +} + + +} + +# List all connections +sub conn_list ($) { + my $connection = shift; + + my $exit_code = 1; + + if ( ! defined $connection || $connection eq 'all' ) { + $connection = '.*'; + } + + my @conns = grep /${connection}/, keys(%connection_list); + @conns = grep !/^%default$/, @conns; + open( PAGER, '|-' ) + || exec ("$pager_cmd", @pager_flags); + foreach my $conn ( @conns ) { + print PAGER "$conn\n"; + } + close PAGER or die "$progname: conn_list () - $pager_cmd failed - exit code " . ($? >> 8) . "\n"; + + exit ( scalar(@conns) == 0 ); +} + +# Connection up +sub conn_up_handle ($) { + my $connection = shift; + + if (! defined $connection ) { + usage (); + exit 1; + } + + if ( $connection eq 'all' ) { + # Flush SPD and SAD + ipsec_flush (); + + # Load the SPD + spd_load(); + + # Do dee racoon... + exit 1 if racoon_configure() < 0; + + exit 0; + } + + print "Starting VPN $connection..."; + if ((my $ret = spd_load($connection)) <= 0 ) { + print "not found in configuration\n" if $ret == 0; + print "syntax problem in configuration.\n" if $ret == -1; + print "already in SPD.\n" if $ret == -2; + exit 1; + } + + # Do dee racoon... + exit 1 if racoon_configure($fmt{'brief'}) < 0; + + print "done.\n"; + prog_warn 'info', "$connection started."; + + + exit 0; +} + +# Connection down +sub conn_down_handle ($) { + my $connection = shift; + my @spd_list; + my %conn_spd_hash; + + if ( ! defined $connection ) { + usage (); + exit 1; + } + + if ( $connection eq 'all' ) { + # Flush SPD and SAD + ipsec_flush (); + + # Do dee racoon... + exit 1 if racoon_configure() < 0; + + exit 0; + } + + print "Shutting down VPN $connection..."; + if ( ! grep /^${connection}$/, keys %connection_list) { + print "not found in configuration.\n"; + exit 1; + } + # Read SPD list from kernel... + parse_spd(@spd_list, %conn_spd_hash); + if ( ! conn_down (@spd_list, %conn_spd_hash, $connection, 1) ) { + print "not found in SPD.\n"; + exit 0; + } + print "done.\n"; + prog_warn 'info', "$connection shutdown."; + + exit 0 +} + +sub conn_reload_handle ($) { + my $connection = shift; + my @spd_list; + my %conn_spd_hash; + + if ( ! defined $connection ) { + usage (); + exit 1; + } + + if ( $connection eq 'all' ) { + ipsec_load(); + + exit 0; + } + + print "Reloading VPN $connection..."; + if ( ! grep /^${connection}$/, keys %connection_list) { + print "not found in configuration.\n"; + exit 1; + } + # Read SPD list from kernel... + parse_spd(@spd_list, %conn_spd_hash); + if ( ! conn_down (@spd_list, %conn_spd_hash, $connection, 1, 1) ) { + print "not found in SPD, "; + } + + if ((my $ret = spd_load($connection)) <= 0 ) { + print "not found in configuration.\n" if $ret == 0; + print "syntax problem in configuration.\n" if $ret == -1; + print "already in SPD.\n" if $ret == -2; + exit 1; + } + + # Do dee racoon... + exit 1 if racoon_configure($fmt{'brief'}) < 0; + + print "done.\n"; + prog_warn 'info', "$connection reloaded."; + + exit 0; +} + +sub spd_show_header () { + print "Number Connection Name UpperSpec DirN\n"; + print " src_range\n"; + print " dst_range\n"; +} + +sub spd_show_entry ($) { + my $entry = shift; + my $conn_name; + + if (defined $$entry{'connection'}) { + $conn_name = $$entry{'connection'}; + } else { + $conn_name = ''; + } + + printf " %3.1d %-50s %-9s %-3s\n", + $$entry{'index'}, $conn_name, + $$entry{'upperspec'}, $$entry{'direction'}; + print " $$entry{'src_range'}\n"; + print " $$entry{'dst_range'}\n"; +} + +sub spd_show_footer () { + print "\n"; + print "Press for more, or enter number or VPN-name > "; +} + +sub conn_menu ($) { + my $term = shift; + my @spd_list; + my %conn_spd_hash; + + # Initialise the SPD data structure + parse_spd(@spd_list, %conn_spd_hash); + + my ($pos,$rows,$cols,$do_fill) = 0; + $term = '.*' if ! defined $term; + my @spd = grep { ( defined $$_{'connection'} && $$_{'connection'} =~ m/${term}/ ) + || $$_{'src_range'} =~ m/${term}/ + || $$_{'dst_range'} =~ m/${term}/ } @spd_list; + + if ( ! @spd ) { + print "No SPD entries found.\n"; + return; + } + +REDRAW: while ($pos < @spd_list) { + # get terminal size + ($rows, $cols) = split ' ', `stty size`; + my $ntoshow = ($rows - 6) / 3; + my $fill = $rows % $ntoshow; + if ( ($pos +$ntoshow) > @spd) { + $fill += 3*($pos + $ntoshow - @spd); + } + # display SPD list + if ( $do_fill ) { + foreach (0..$fill) { print "\n" }; + } + $do_fill = 1; + spd_show_header (); + for ($i=$pos; $i < ($pos + $ntoshow) && $i < @spd; $i++) { + + spd_show_entry ($spd[$i]); + } + spd_show_footer (); + + # wait for keypress + while ( my $chars = ) { + last if $chars =~ /^$/; + $chars = lc $chars; + exit 0 if $chars =~ /^q$/; + chomp $chars; + my @deleted = conn_down(@spd_list, %conn_spd_hash, $chars) if $chars =~ /^[-0-9a-z_]+$/; + if (! @deleted) { + print "$chars does not exist or cannot be deleted.\n"; + } + else { + foreach my $i ( @deleted ) { + @spd = grep { $i != $$_{'index'} } @spd; + $pos -= 1 if $pos > 0; + } + } + if ( ! @spd ) { + print "No selected SPD entries left.\n"; + last REDRAW; + } + sleep 2; + next REDRAW; + } + + $pos += $ntoshow; + } + + +} + +sub conn_down (\@\%$;$$) { + my $spd_list = shift; + my $conn_spd_hash = shift; + my $spd = shift; + my $conn_force = shift; + my $no_racoon = shift; + + my @ret = (); + my @spd_to_del = (); + if ( $conn_force || $spd !~ m/^[0-9]+$/ ) { + # Deal with a connection name + @spd_to_del = keys %$conn_spd_hash; + return @ret if @spd_to_del <= 0; + return @ret if ! grep /^$spd$/, keys %$conn_spd_hash; + @spd_to_del = @{ $conn_spd_hash->{$spd} }; + return @ret if @spd_to_del <= 0; + } + else { + # Handle a connection number + # Check that it exists + return @ret if ! grep { $$_{'index'} == $spd } @$spd_list; + + # Follow up any connection name and add that one to + my ($spdentry) = grep { $$_{'index'} == $spd } @$spd_list; + goto GO if ! defined $$spdentry{'connection'}; + $connection = $$spdentry{'connection'}; + goto GO if @{ $conn_spd_hash->{$connection} } <= 0; + push @spd_to_del, @{ $conn_spd_hash->{$connection} }; + } + +GO: + # Delete entries from SPD + open( SETKEY, '|-') + || exec ("$setkey_cmd", '-c'); + + foreach my $spdnum ( @spd_to_del ) { + my ($spdentry) = grep { $$_{'index'} == $spdnum } @$spd_list; + print SETKEY <<"EOF"; +spddelete -n $$spdentry{'src_range'} $$spdentry{'dst_range'} $$spdentry{'upperspec'} -P $$spdentry{'direction'}; +EOF + push @ret, $spdnum; + } + + close SETKEY + or prog_die ("conn_down() - setkey connection deletion failed - exit code ". ($? >> 8) ); + + # Deal with racoon + if ( ! $no_racoon ) { + racoon_configure(); + } + + return @ret; +} + +# Process warning message + +sub prog_warn($$;$) { + my $level = shift; + my $msg = shift; + my $format = shift; + + $format = $global_format if ! $format; + $level = 'warning' if ! $level; + $msg =~ s/\t/ /g; + if ( $level ne 'info' ) { + if ( $format == $fmt{'normal'} ) { + print STDERR "$progname: $msg\n" + } elsif ( $format == $fmt{'brief'} ) { + print STDOUT "${msg}\n"; + } elsif ( $format == $fmt{'comma'} ) { + $msg =~ s/\.$//; + print STDOUT "${msg}, "; + } + } + $msg =~ s/%/%%/g; + syslog ($level, "$msg"); +} + +sub prog_die($;$) { + my $msg = shift; + my $format = shift; + prog_warn 'err', $msg, $format; + exit 255; +} + +# Dump read in SPD list +sub spd_dump_list (\@\%) { + my $spd_list = shift; + my $conn_spd_hash = shift; + + for my $spd ( @$spd_list ) { + print "{ "; + for $val ( keys %$spd ) { + print "$val=$spd->{$val} "; + } + print "}\n"; + } + + for my $conn ( keys(%$conn_spd_hash) ) { + print "$conn: @{ $conn_spd_hash->{$conn} }\n"; + } +} + +# Parse SPD to produce SPD list +sub parse_spd (\@\%) { + my $spd_list = shift; + my $conn_spd_hash = shift; + my $src_range; + my $dst_range; + my $upperspec; + my $direction; + my $onespd_flag = 0; + + @$spd_list = (); + + open (SETKEY, '-|') + || exec ($setkey_cmd, '-PD'); + + while (my $line = ) { + # print "$line"; + if ( $line =~ m/^\s*([0-9a-fny\.\:\/\[\]]+)\s+([0-9a-fny\.\:\/\[\]]+)\s+([0-9a-z]+)\s*$/ ){ + $src_range = $1; + $dst_range = $2; + $upperspec = $3; + $onespd_flag = 1 + } + elsif ($onespd_flag > 0) { + $onespd_flag = 0; + $line =~ m/^\s*(in|out)\s+(prio def)?\s?(ipsec|none|discard)\s*$/; + $direction = $1; + push @$spd_list, { 'src_range', $src_range, 'dst_range', $dst_range, + 'upperspec', $upperspec, 'direction', $direction }; + # print "[ src_range=$src_range, dst_range=$dst_range, upperspec=$upperspec, direction=$direction ]\n"; + } + } + + close (SETKEY) + or prog_die "parse_spd() - can't parse SPD - exit code " . ($? >> 8); + + # match the SPD policies to configuration data. + match_spd_connection (@$spd_list, %$conn_spd_hash); + +} + + +sub match_spd_connection (\@\%) { + my $spd_list = shift; + my $conn_spd_hash = shift; + my $index = 0; + + %$conn_spd_hash = (); + + foreach my $spd ( @$spd_list ) { + $spd->{'index'} = $index; + + # Loop over connection list to find connection name + foreach my $connection ( keys %connection_list ) { + next if "$connection" eq '%default'; + next if ! defined $connection_list{$connection}{'src_ip'}; + next if ! defined $connection_list{$connection}{'dst_ip'}; + + # Quick handle - read only + my $conn = $connection_list{$connection}; + + if ( ($spd->{'src_range' } eq $conn->{'src_range'} + && $spd->{'dst_range'} eq $conn->{'dst_range'} + && $spd->{'direction'} eq 'out' + || $spd->{'dst_range'} eq $conn->{'src_range'} + && $spd->{'src_range'} eq $conn->{'dst_range'} + && $spd->{'direction'} eq 'in') + && $spd->{'upperspec'} eq $conn->{'upperspec'} ) { + $spd->{'connection'} = $connection; + push @{ $conn_spd_hash->{$connection} }, $index; + } + } + + $index ++; + } + +} + +# start +sub ipsec_start () { + mod_start (); + ipsec_flush (); + ipsec_load (); + racoon_start(); +} + +# stop +sub ipsec_stop () { + racoon_stop(); + ipsec_flush (); + mod_stop (); +} + +# load +sub ipsec_load () { + print "Loading SAD and SPD...\n"; + sad_init (); + spd_init (); + spd_load(); + print "SAD and SPD loaded.\n"; + prog_warn 'info', "loaded SAD and SPD."; + print "Configuring racoon..."; + exit 1 if racoon_configure($fmt{'brief'}) < 0; + print "done.\n"; + prog_warn 'info', "configured racoon."; + return 1; +} + +# flush +sub ipsec_flush () { + print "Flushing SAD and SPD...\n"; + # Flush the SAD + sad_flush (); + + # Flush the SPD + spd_flush (); + print "SAD and SPD flushed.\n"; + prog_warn 'info', "flushed SAD and SPD."; +} + +# Read configuration +sub parse_config () { + my $line = 0; + my $barf = 0; + my $section = ""; + my $connection = ""; + my $peer = ""; + my $stuff = ""; + + open(CONF, "< $conffile") + || prog_die "can't open $conffile - $!"; + + LINE: while () { + $line +=1; + + # Deal with blank lines + if ( m/^\s*$/) { + next LINE; + } + + # Comments + if ( m/^[ \t]*#.*$/ ) { + next LINE; + } + # Comments at the end of lines + if ( m/^([^#]*)#.*$/ ) { + $_ = $1; + } + + chomp; + + if (! m/^[-\"{}()\[\]_;\%\@\w\s.:\/=]+$/) { + prog_warn 0, "bad data in $conffile, line $line:"; + prog_warn 0, $_; + # $barf = 1; + next LINE; + } + + if ( m/^\s*SPDADD\((\%default|[-_a-z0-9]+)\):([\S \t]*)$/i ) { + $name = $1; + $stuff = $2 . "\n"; + if ( defined $spdadd{"$name"} ) { + $spdadd{"$name"} .= $stuff; + } else { + $spdadd{"$name"} = $stuff; + } + next LINE; + } elsif ( m/^\s*SADADD\((\%default|[-_a-z0-9]+)\):([\S \t]*)$/i ) { + $name = $1; + $stuff = $2 . "\n"; + if ( defined $sadadd{"$name"} ) { + $sadadd{"$name" } .= $stuff; + } else { + $sadadd{"$name"} = $stuff; + } + next LINE; + } elsif ( m/^\s*REMOTE\((\%default|[-_a-z0-9]+)\):([\S \t]*)$/i ) { + $name = $1; + $stuff = $2 . "\n"; + if ( defined $remote{"$name"} ) { + $remote{"$name" } .= $stuff; + } else { + $remote{"$name"} = $stuff; + } + next LINE; + + } elsif ( m/^\s*SAINFO\((\%default|[-_a-z0-9]+)\):([\S \t]*)$/i ) { + $name = $1; + $stuff = $2 . "\n"; + if ( defined $sainfo{"$name"} ) { + $sainfo{"$name" } .= $stuff; + } else { + $sainfo{"$name"} = $stuff; + } + next LINE; + + } elsif ( m/^\s*SADINIT:([\S \t]*)$/i ) { + $name = ''; + $stuff = $1 . "\n"; + if ( defined $sadinit ) { + $sadinit .= $stuff; + } else { + $sadinit = $stuff; + } + next LINE; + } elsif ( m/^\s*SPDINIT:([\S \t]*)$/i ) { + $name = ''; + $stuff = $1 . "\n"; + if ( defined $spdinit ) { + $spdinit .= $stuff; + } else { + $spdinit = $stuff; + } + next LINE; + } elsif ( m/^\s*RACOONINIT:([\S \t]*)$/i ) { + $name = ''; + $stuff = $1 . "\n"; + if ( defined $racoon_init ) { + $racoon_init .= $stuff; + } else { + $racoon_init = $stuff; + } + next LINE; + + } elsif ( m/^\s*CONNECTION\((\%default|\%anonymous|[-_a-z0-9]+)\):\s*$/i ) { + $section = 'connection'; + $connection = lc $1; + # Make place holder so that error message gets generated + $connection_list{$connection}{'makelive'} = 0; + next LINE; + } + + elsif ( m/^\s*PEER\((\%default|\%anonymous|[a-f0-9:\.]+)\):\s*$/i ) { + $peer = lc $1; + if ( $peer ne '%default' && $peer ne '%anonymous' && ! ip_check_syntax ($peer)) { + prog_warn 0, "unrecognised tag in $conffile, line $line:"; + prog_warn 0, "$_"; + prog_warn 0, "invalid peer name - $peer"; + next LINE; + } + $section = 'peer'; + # Make place holder so that error message gets generated + $peer_list{$peer}{'makelive'} = 0; + next LINE; + } + + elsif ( m/^\s*GLOBAL:\s*$/i ) { + $section = 'global'; + next LINE; + } + + elsif ( $section eq 'connection' && m/^\s*($conn_proplist):\s*(.+)\s*$/i ) { + my $property = lc $1; + my $value = $2; + $value =~ s/^(.*\S)\s*$/$1/; + + if ( ! check_property_syntax($section, $property, $value) ) { + prog_warn 0, "$connection - unrecognised connection property syntax."; + prog_warn 0, "$connection - file $conffile, line $line:"; + prog_warn 0, error_getmsg($section, $property); + prog_warn 0, $_; + $connection_list{$connection}{'syntax_error'} = 1; + next LINE; + } + $value = value_lc($section, $property, $value); + $connection_list{$connection}{$property} = $value; + } elsif ( $section eq 'connection' ) { + prog_warn 0, "$connection - unrecognised tag in $conffile, line $line:"; + prog_warn 0, $_; + prog_warn 0, "$connection - allowed tags are $conn_proplist"; + $connection_list{$connection}{'syntax_error'} = 1; + next LINE; + } + + elsif ( $section eq 'peer' && m/^\s*($peer_proplist):\s*(.+)\s*$/i ) { + my $property = lc $1; + my $value = $2; + $value =~ s/^(.*\S)\s*$/$1/; + + if ( ! check_property_syntax($section, $property, $value) ) { + prog_warn 0, "$peer - unrecognised peer property syntax or unreadable file(s)."; + prog_warn 0, "$peer - file $conffile, line $line:"; + prog_warn 0, error_getmsg($section, $property); + prog_warn 0, $_; + $peer_list{$peer}{'syntax_error'} = 1; + next LINE; + } + # $value = value_lc($section, $property, $value); + $peer_list{$peer}{$property} = $value; + } elsif ( $section eq 'peer' ) { + prog_warn 0, "$peer - unrecognised tag in $conffile, line $line:"; + prog_warn 0, $_; + prog_warn 0, "$peer - allowed tags are $peer_proplist"; + $peer_list{$peer}{'syntax_error'} = 1; + next LINE; + } + + elsif ( $section eq 'global' && m /^\s*($global_proplist):\s*(.+)\s*$/i ) { + my $property = lc $1; + my $value = $2; + $value =~ s/^(.*\S)\s*$/$1/; + + if (! check_property_syntax($section, $property, $value)) { + prog_warn 0, "global - unrecognised global property syntax or unreadable file(s)."; + prog_warn 0, "global - file $conffile, line $line:"; + prog_warn 0, error_getmsg($section, $property); + prog_warn 0, $_; + prog_warn 0, "global - allowed tags are $global_proplist"; + $global{'deadly_error'} = 1; + next LINE; + } + $value = value_lc($section, $property, $value); + $global{$property} = $value; + + } elsif ( $section eq 'global' ) { + prog_warn 0, "$global - unrecognised tag in $conffile, line $line:"; + prog_warn 0, $_; + prog_warn 0, "$global - allowed tags are $global_proplist"; + } + + else { + prog_warn 0, "unrecognised tag in $conffile, line $line:"; + prog_warn 0, $_; + next LINE; + } + + } + close (CONF); + + if ( $barf ) { + exit 1; + } + + # apply defaults + $spdadd{'%default'} = $spdadd_default if ( ! defined $spdadd{'%default'} ); + $sadadd{'%default'} = $sadadd_default if ( ! defined $sadadd{'%default'} ); + $remote{'%default'} = $remote_default if ( ! defined $remote{'%default'} ); + $sainfo{'%default'} = $sainfo_default if ( ! defined $sainfo{'%default'} ); + $racoon_init = $racoon_init_default if ( ! defined $racoon_init ); + global_fillin_defaults(); + conn_fillin_defaults(); + peer_fillin_defaults(); + peer_check_required(); + conn_check_required(); + global_check_required(); +}; + +# Lower case value function +sub value_lc ($$$) { + my $section = shift; + my $property = shift; + my $value = shift; + + my $ptype = get_proptype($section, $property); + + if ( $ptype eq 'path_conf_file' ) { + $value = $value; + } elsif ( $ptype eq 'path_generated_file' ) { + $value = $value; + } elsif ( $ptype eq 'shell_command' ) { + $value = $value; + } elsif ( $ptype eq 'path_certificate' ) { + $value = $value; + } elsif ( $ptype eq 'certificate' ) { + if ( $value =~ m/^\s*x509\s+(\S+)\s+(\S+)\s*$/i ) { + $value = "x509 $1 $2"; + } + } elsif ( $ptype =~ 'peers_certfile' ) { + if ( $value =~ m/^\s*dnssec\s*$/i ) { + $value = "dnssec"; + } elsif ( $value =~ m/^\s*(plain_rsa|x509)\s+(\S+)\s*$/i ) { + $value = "$1 $2"; + } + } elsif ( $ptype eq 'identity' ) { + if ( $value =~ m/^\s*keyid\s+(\S+)\s*$/i ) { + $value = "keyid $1" + } + } else { + $value = lc $value; + } + return $value; +} + +# Error mesage lookups +sub error_getmsg ($$) { + my $section = shift; + my $property = shift; + my $ptype = get_proptype($section, $property); + + return "$property only takes $prop_syntaxhash{$ptype}"; +} + +#Fill in global defaults +sub global_fillin_defaults () { + foreach $prop ('path_pre_shared_key', 'path_certificate') { + if ( defined $global{$prop} && $global{$prop} =~ m/^"?(\S+)"?$/i ) { + $global{$prop} = "\"${1}\""; + } + } + foreach $prop ('path_racoon_conf', 'racoon_command', 'racoon_pid_file') { + if ( defined $global{$prop} && $global{$prop} =~ m/^"(\S+)"$/i ) { + $global{$prop} = "${1}"; + } + } +} + +sub global_check_required () { + if ( $global{'deadly_error'} ) { + prog_warn 'err', "deadly error in global configuration - exiting."; + exit 10; + } +} + +#Check synax of IP address +sub ip_check_syntax ($) { + my $ip = shift; + if ( $ip =~ m/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/ ) { + return 1 if ( $1 >=0 && $1 <= 255 && $2 >= 0 && $2 <= 255 + && $3 >= 0 && $3 <= 255 && $4 >= 0 && $4 <= 255 ); + } elsif ( $ip =~ m/^[0-9a-f]{1,4}:[0-9a-f:]*:[0-9a-f]{0,4}$/i ) { + my @dbytes = split /:/, $ip; + my $valid = 1; + foreach my $v ( @dbytes ) { + if ( $v ne '' && $v !~ m/^[0-9a-f]{1,4}$/i && $v < 0 && $v > 0xffff ) + { $valid = 0; } + } + return 1 if $valid; + } + return 0; +} + + +# Check syntax + +sub get_proptype($$) { + my $section = shift; + my $property = shift; + my $ptype; + + if ( $property =~ m/^(.*)\[[0-9a-z]+\]$/ ) { + $property = $1; + } + $ptype = $prop_typehash{$section}{$property}; + + return $ptype; +} + +sub check_property_syntax ($$$) { + my $section = shift; + my $property = shift; + my $value = shift; + my ($protoname, $protoaliases, $protonumber); + my $ptype; + + $ptype = get_proptype($section,$property); + + if ( $ptype eq 'boolean' ) { + $value =~ m/^(enabled|disabled|true|false|up|down|on|off|yes|no|0|1)$/i && return 1; + } elsif ( $ptype eq 'encap' ) { + $value =~ m/^(ah|esp)$/i && return 1; + } elsif ( $ptype eq 'mode' ) { + $value =~ m/^(transport|tunnel)$/i && return 1; + } elsif ( $ptype eq 'template_name' ) { + $value =~ m/^(%default|[-a-z0-9_]+)$/i && return 1; + } elsif ( $ptype eq 'phase1_exchange_mode' ) { + $value =~ m/^((main|aggressive|base),? ?){1,3}$/i && return 1; + } elsif ( $ptype eq 'phase1_encryption' ) { + $value =~ m/^(aes|des|3des|blowfish|cast128)$/i && return 1; + } elsif ( $ptype eq 'hash_algorithm' ) { + $value =~ m/^(md5|sha1)$/i && return 1; + } elsif ( $ptype eq 'phase1_auth_method' ) { + $value =~ m/^(pre_shared_key|rsasig)$/i && return 1; + } elsif ( $ptype eq 'switch' ) { + $value =~ m/^(on|off)$/i && return 1; + } elsif ( $ptype eq 'lifetime' ) { + $value =~ m/^time\s+[0-9]+\s+(hour|hours|min|mins|minutes|sec|secs|seconds)$/i && return 1; + } elsif ( $ptype eq 'phase2_encryption' ) { + $value =~ m/^((aes|des|3des|des_iv64|des_iv32|rc5|rc4|idea|3idea|cast128|blowfish|null_enc|twofish|rijndael),? ?)+$/i && return 1; + } elsif ( $ptype eq 'phase2_auth_algorithm' ) { + $value =~ m/^((des|3des|des_iv64|des_iv32|hmac_md5|hmac_sha1|non_auth),? ?)+$/i && return 1; + } elsif ( $ptype eq 'dh_group' ) { + $value =~ m/^(modp768|modp1024|modp1536|1|2|5)$/i && return 1; + } elsif ( $ptype eq 'pfs_group' ) { + $value =~ m/^(none|modp768|modp1024|modp1536|1|2|5)$/i && return 1; + } elsif ( $ptype eq 'level') { + $value =~ m/^(default|use|require|unique)$/i && return 1; + } elsif ( $ptype eq 'log') { + $value =~ m/^(notify|debug|debug2)$/i && return 1; + } elsif ( $ptype eq 'proposal_check' ) { + $value =~ m/^(obey|strict|claim|exact)$/i && return 1; + } elsif ( $ptype eq 'nat_traversal' ) { + $value =~ m/^(on|off|force)$/i && return 1; + } elsif ( $ptype =~ 'nonce_size' ) { + $value =~ m/^[0-9]{1,3}$/ && $value >= 8 && $value <= 256 && return 1; + } elsif ( $ptype eq 'listen' ) { + if ( $value =~ m/^[0-9a-f:\.]+$/i ) { + return ip_check_syntax( $value ); + } + if ( $value =~ m/^([0-9a-f:\.]+)\s+\[([0-9]{1,5})\]$/i ) { + my $ip = $1; + my $port = $2; + return 0 if ! ip_check_syntax ( $ip ); + return 0 if $port !~ m/^[0-9]{1,5}$/; + return 1; + } + return 0; + } elsif ( $ptype eq 'shell_command' ) { + if ( $value =~ m/^"?([\S]+)\s+.*"?$/i ) { + if ( ! -x $1 ) { + prog_warn 'err', "$property - cannot execute $1"; + return 0; + } + return 1; + } + return 0; + } elsif ( $ptype eq 'path_conf_file' ) { + if ( $value =~ m/^\"?([^\"\s]+)\"?$/i ) { + if ( ! -r $1 ) { + prog_warn 0, "$property - cannot read file $1"; + return 0; + } + return 1; + } + return 0; + } elsif ( $ptype eq 'path_generated_file' ) { + if ( $value =~ m/^\"?([^\"\s]+)\"?$/i ) { + my $dir = dirname($1); + if ( ! defined $dir || $dir == '' ) { + prog_warn 0, "$property - directory does not exist"; + return 0; + } + if ( ! -r $dir ) { + prog_warn 0, "$property - cannot access directory $dir"; + return 0; + } + return 1; + } + return 0; + } elsif ( $ptype eq 'path_certificate' ) { + if ( $value =~ m/^\"?([^\"\s]+)\"?$/i ) { + if ( ! -r $1 ) { + prog_warn 0, "$property - cannot read directory $1"; + return 0; + } + return 1; + } + return 0; + } elsif ( $ptype eq 'peers_certfile' ){ + # TODO - do we need do something extra for plain_rsa? + $value =~ m/^(dnssec|plain_rsa)$/i && return 1; + if ( $value =~ m/^x509\s+\"?([^\"\s]+)\"?\s*$/i ) { + if (-r "$global{'path_certificate'}/$1") { + return 1; + } else { + prog_warn 0, "$property - cannot read $global{'path_certificate'}/$1"; + return 0; + } + } + return 0; + } elsif ( $ptype eq 'certificate' ) { + if ( $value =~ m/^x509\s+\"?([^\"\s]+)\"?\s+\"?([^\"\s]+)\"?\s*$/i ) { + if ( ! -r "$global{'path_certificate'}/$1" ) { + prog_warn 0, "$property - cannot read $global{'path_certificate'}/$1"; + return 0; + } + if ( ! -r "$global{'path_certificate'}/$2" ) { + prog_warn 0, "$property - cannot read $global{'path_certificate'}/$2"; + return 0; + } + return 1; + } + return 0; + } elsif ( $ptype eq 'identifier' ) { + if ( $value =~ m/^address\s*$/i ) { + return 1; + } + if ( $value =~ m/^address\s+([0-9a-f:\.]+)\s*$/i ) { + local $ip = $1; + return ip_check_syntax($ip); + } + if ( $value =~ m/^fqdn\s+"?([-a-z0-9\._]+)"?\s*$/i ) { + return 1; + } + if ( $value =~ m/^user_fqdn\s+"?([-a-z0-9\.\@_]+)"?\s*$/i ) { + return 1; + } + if ( $value =~ m/^asn1dn\s+"?([-a-z0-9\.\@_\s\\\/='\[\]]+)"?\s*$/i ) { + return 1; + } + if ( $value =~ m/^asn1dn\s*$/i ) { + return 1; + } + if ( $value =~ m/^keyid\s+\"?(\/[^\"\s]+)\"?$/i ) { + if ( -r $1 ) { + return 1; + } else { + prog_warn 0, "$property - cannot read $1"; + return 0; + } + } + return 0; + } elsif ( $ptype eq 'upperspec' ) { + if ( ($protoname, $protoaliases, $protonumber ) + = getprotobyname $value ) { + return 1; + } + $value =~ m/^(any|icmp6)$/i && return 1; + if ( $value =~ m/^icmp6[ \t]+([0-9]{1,3})$/i ) { + return 1 if ( $1 >= 0 && $1 <= 255 ); + } + if ( $value =~ m/^icmp6[ \t]+([0-9]{1,3}),([0-9]{1,3})$/i ) { + return 1 if ( $1 >= 0 && $1 <= 255 && $2 >= 0 && $2 <= 255 ); + } + if ( $value =~ m/[0-9]{1,5}/ && $value > 0 && $value <= 65535 ) { + return 1; + } + return 0 + } elsif ( $ptype eq 'ip' ) { + return ip_check_syntax($value); + } elsif ( $ptype eq 'range' ) { + my $valid = 1; + my ($ip, $mask, $port, $type); + + # make sure we have only 1 slash; + return 0 if $value =~ m/^.*\/.*\/.*$/; + + # Split range into address, mask and port + if ( $value !~ m/^.*\[(any|[0-9]{1,5})\]$/i ) { + $value .= "[any]"; + } + if ( $value =~ m/^(.*)\/([0-9]{1,5})\[(any|[0-9]{1,5})\]$/i ) { + $ip = $1; + $mask = $2; + $port = $3; + } elsif ( $value =~ m/^(.*)\[(any|[0-9]{1,5})\]$/i ) { + $ip = $1; + $mask = 255; + $port = $2; + } elsif ( $value =~ m/^(.*)$/i ) { + $ip = $1; + $mask = 255; + $port = 'any'; + } else { + return 0; + } + + # Work out type of IP address + if ( $ip =~ m/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/ ) { + $type = 'ipv4'; + } elsif ( $ip =~ m/^::$|^[0-9a-f]{1,4}:[0-9a-f:]*:[0-9a-f]{0,4}$/i ) { + $type = 'ipv6'; + } else { + return 0; + } + + # Check IP address + if ( ! ip_check_syntax($ip) && $ip ne '::' ) { + $valid = 0; + } + + # Check mask + if ( $mask != 255 ) { + if ( $type eq 'ipv4') { + $valid = 0 if ( $mask < 0 || $mask > 32 ); + } else { + $valid = 0 if ( $mask < 0 || $mask > 128 ); + } + } + + # Check port + if ( $port ne 'any' ) { + $valid = 0 if ( $port < 0 || $port > 65535 ); + } + + return $valid; + } + else { + return 0; + } + return 0; +} + +# Check for required paarameters for activation +sub conn_check_required () { + foreach my $connection ( keys %connection_list ) { + my $makelive = 1; + next if $connection eq '%default'; + if ( $connection ne '%anonymous' ) { + foreach my $property ( @conn_required_props ) { + $makelive = 0 if ! defined $connection_list{$connection}{$property}; + } + my $dst_ip = $connection_list{$connection}{'dst_ip'}; + if ( ! defined $dst_ip + || ! defined $peer_list{$dst_ip} + || ! defined $peer_list{$dst_ip}{'makelive'} + || $peer_list{$dst_ip}{'makelive'} == 0 ) { + $makelive = 0; + } + } + $makelive = 0 if ( $connection_list{$connection}{'syntax_error'} ); + if (! $makelive) { + prog_warn 0, "$connection - required parameters missing, peer missing or syntax error."; + prog_warn 0, "$connection - not activating."; + $connection_list{$connection}{'makelive'} = 0; + next; + } + $connection_list{$connection}{'makelive'} = 1; + } +} + +# Fill in default missing parameters +sub conn_fillin_defaults () { + foreach my $connection ( keys %connection_list ) { + next if $connection eq '%default'; + foreach my $property ( keys %{ $connection_list{'%default'} } ) { + if ( ! defined $connection_list{$connection}{$property} ) { + $connection_list{$connection}{$property} = $connection_list{'%default'}{$property}; + } + } + next if ! defined $connection_list{$connection}{'src_ip'}; + next if ! defined $connection_list{$connection}{'dst_ip'}; + + # Set up default values for range and ID if they do not exist already + foreach my $p ( 'src', 'dst' ) { + if ( ! defined $connection_list{$connection}{"${p}_range"} ) { + $connection_list{$connection}{"${p}_range"} + = $connection_list{$connection}{"${p}_ip"}; + } + if ( $connection_list{$connection}{"${p}_range"} + !~ m/^.*\[(any|[0-9]{1,5})\]$/ ) { + $connection_list{$connection}{"${p}_range"} .= "[any]"; + } + # Remove full length netmasks to avoid confusing things... + $connection_list{$connection}{"${p}_range"} =~ s/\/32//; + $connection_list{$connection}{"${p}_range"} =~ s/\/128//; + + } + + # Set the mode appropriately if not already set + if ( !defined $connection_list{$connection}{'mode'} ) { + if ( $connection_list{$connection}{'src_range'} + eq $connection_list{$connection}{'src_ip'} . "[any]" + && $connection_list{$connection}{'dst_range'} + eq $connection_list{$connection}{'dst_ip'} . "[any]" ) { + $connection_list{$connection}{'mode'} = 'transport'; + } else { + $connection_list{$connection}{'mode'} = 'tunnel'; + } + } + + } +} + +sub peer_get_indexes (\%) { + my $hndl = shift; + my %tmp; + + my @keys = keys %$hndl; + @keys = grep /^.*\[[0-9]+\]$/, @keys; + map { s/^.*\[([0-9]+)\]$/$1/; } @keys; + $tmp{$_} = 1 foreach (@keys); + @keys = reverse (sort (keys (%tmp))); + + return @keys; +} + +sub peer_fillin_defaults () { + + # Copy default to defined peers + my $dhndl = $peer_list{'%default'}; + foreach my $peer ( keys %peer_list ) { + next if $peer eq '%default'; + my $phndl = $peer_list{$peer}; + + foreach my $property ( keys %{ $dhndl } ) { + if ( ! defined $phndl->{$property} ) { + $phndl->{$property} = $dhndl->{$property}; + } + } + } + + foreach my $peer ( keys %peer_list ) { + my $phndl = $peer_list{$peer}; + # Fill in all proposals... + my @pindexes = peer_get_indexes ( %$phndl ); + foreach my $property ( grep { $_ = $1 if /^(.*)\[[0-9]+\]$/; } keys %$dhndl ) { + foreach my $ind ( @pindexes ) { + next if $peer eq '%default' && $ind == 0; + my $name = "$property" . '[' . "$ind" . "]"; + my $dname = "$property" . '[0]'; + if ( ! defined $phndl->{"$name"} ) { + $phndl->{"$name"} = $dhndl->{"$dname"} + } + } + } + + } + + # If a peer does not exist, create it from %default + my @peers = keys %peer_list; + foreach my $connection ( keys %connection_list ) { + next if $connection eq '%default'; + my $conn_hndl = $connection_list{$connection}; + next if ! defined $conn_hndl->{'dst_ip'}; + my $ip_addr = $conn_hndl->{'dst_ip'}; + next if grep { $ip_addr eq $_ } @peers; + + foreach my $element ( keys %{ $peer_list{'%default'} } ) { + $peer_list{$ip_addr}{$element} = $peer_list{'%default'}{$element}; + } + } + + # fill in dst_ip property if not already done... + foreach my $peer ( keys %peer_list ) { + next if $peer eq '%default'; + $peer_list{$peer}{'dst_ip'} = $peer; + } + + # Fix up missing " ... + foreach my $peer ( keys %peer_list ) { + my $phndl = $peer_list{$peer}; + foreach my $prop ( 'my_identifier', 'peers_identifier', 'certificate_type', 'peers_certfile') { + my $ptype = get_proptype('peer', "$prop"); + next if ! defined $phndl->{"$prop"}; + my $value = $phndl->{"$prop"}; + if ( $ptype eq 'peers_certfile' ){ + next if $value =~ m/^dnssec$/i; + if ( $value =~ m/^(x509|plain_rsa)\s+\"?(\S+)\"?\s*$/i ) { + $phndl->{"$prop"} = "$1" . ' "' . "$2" . '"'; + } + } elsif ( $ptype eq 'certificate' ) { + if ( $value =~ m/^x509\s+\"?(\S+)\"?\s+\"?(\S+)\"?\s*$/ ) { + $phndl->{"$prop"} = "x509 " . '"' . $1 . '" "' . $2 . '"'; + } + } elsif ( $ptype eq 'identifier' ) { + next if $value =~ m/^address\s*$/i; + next if $value =~ m/^asn1dn\s*$/i; + if ( $value =~ m/^address\s+([0-9a-f:\.]+)\s*$/i ) { + $phndl->{"$prop"} = "address $1"; + } + if ( $value =~ m/^fqdn\s+"?([-a-z0-9\._]+)"?\s*$/i ) { + $phndl->{"$prop"} = "fqdn " . '"' . $1 . '"'; + } + if ( $value =~ m/^user_fqdn\s+"?([-a-z0-9\.\@_]+)"?\s*$/i ) { + $phndl->{"$prop"} = "user_fqdn " . '"' . $1 . '"'; + } + if ( $value =~ m/^asn1dn\s+"?([-a-z0-9\.\@_\s\\\/='\[\]]+)"?\s*$/i ) { + $phndl->{"$prop"} = "asn1dn " . '"' . $1 . '"'; + } + if ( $value =~ m/^keyid\s+"?(\/\S+)"?$/i ) { + $phndl->{"$prop"} = "keyid " . '"' . $1 . '"'; + } + } + } + } + +} + +sub peer_check_required () { + + # For now, every peer has required values... +PEER: foreach my $peer ( keys %peer_list ) { + my $makelive = 1; + next PEER if $peer eq '%default'; + + $makelive = 0 if ( $peer_list{$peer}{'syntax_error'} ); + if (! $makelive) { + prog_warn 0, "$peer - required parameters missing or syntax error."; + prog_warn 0, "$peer - not activating."; + $peer_list{$peer}{'makelive'} = 0; + next PEER; + } + + $peer_list{$peer}{'makelive'} = 1; + } +} + + + +# print connection output +sub global_dump_list () { + print "global: "; + foreach my $prop ( keys %global ) { + print "$prop=$global{$prop} "; + } + print "\n"; +} + +sub peer_dump_list () { + foreach my $peer ( keys %peer_list ) { + print "$peer: "; + foreach my $property ( keys %{ $peer_list{$peer} } ) { + print "$property=$peer_list{$peer}{$property} "; + } + print "\n"; + } +} + +sub conn_dump_list () { + foreach my $connection ( keys %connection_list ) { + print "$connection: "; + foreach my $property ( keys %{ $connection_list{$connection} } ) { + print "$property=$connection_list{$connection}{$property} "; + } + print "\n"; + } +} + +# setup the kernel +sub setkey_start () { + # Flush and reinit kernel + sadspd_reset(); + + # Load all peers +} + +sub setkey_stop () { + # Flush kernel + spd_flush(); + sad_flush(); +} + +# Reset SAD and SPD +sub spd_reset () { + spd_flush (); + spd_init (); +} + +sub sad_reset () { + sad_flush (); + sad_init (); +} + +# Fill in spdadd command +sub spd_fill_add ($) { + my $connection = shift; + my $stuff; + + my $hndl = $connection_list{$connection}; + $stuff = $spdadd{$$hndl{'spdadd_template'}}; + + if ($hndl->{'spdadd_template'} eq '%default') { + # Do fill in values for compression + if (defined $hndl->{'compression'} + && $bool_val{"$hndl->{'compression'}"} != 0) { + $stuff =~ s/^(\s*spdadd.*out ipsec\s*)$/${1}\n${spdadd_addons{'ipcomp_out'}}/m; + $stuff =~ s/^(\s*spdadd.*in ipsec\s*)$/${1}\n${spdadd_addons{'ipcomp_in'}}/m; + } + } + + foreach my $key (keys %$hndl) { + $stuff =~ s/___${key}___/$$hndl{$key}/img; + } + + + return $stuff; +} + +# Load the SPD +sub spd_load (;$) { + my $conn = shift; + my $setkey_buffer = ''; + my @conns = (); + my @spd_list; + my %conn_spd_hash; + + parse_spd(@spd_list, %conn_spd_hash); + if ( defined $conn ) { + return 0 if ( ! grep /^${conn}$/, (keys %connection_list) ); + return -1 if ( ! $connection_list{$conn}{'makelive'} ); + return -2 if ( grep /^${conn}$/, keys %conn_spd_hash ); + @conns = ( $conn ); + } else { + @conns = keys %connection_list; + } + + open ( SETKEY, '|-' ) + || exec ("$setkey_cmd -c 2>&1 | $0 -l" ); + for my $connection ( @conns ) { + next if $connection eq '%default'; + next if $connection eq '%anonymous'; + next if grep /^${connection}$/, keys %conn_spd_hash; + my $hndl = $connection_list{$connection}; + next if ! $$hndl{'makelive'}; + next if ! $bool_val{$$hndl{'admin_status'}}; + my $stuff = spd_fill_add ($connection); + $setkey_buffer .= $stuff. "\n"; + print SETKEY <<"EOF"; +$stuff +EOF + } + close SETKEY; + my $err = $?; + if ( $err ) { + my $i = 1; + foreach my $line ( split /^/m, $setkey_buffer ) { + chomp $line; + prog_warn 0, "setkey input: $i $line"; + $i++; + } + prog_die "loading SPD failed - exit code " . ($err >> 8); + } + return 1; +} + +# Initialise the SPD +sub spd_init() { + open ( SETKEY, '|-' ) + || exec ($setkey_cmd, '-c'); + $spdinit = '' if ! defined $spdinit; + print SETKEY <<"EOF"; +spdflush; +$spdinit +EOF + + close SETKEY or prog_die "initialising SPD failed - exit code " . ($? >> 8); + return 1; +} + +# Initialise the SAD +sub sad_init() { + open ( SETKEY, '|-' ) + || exec ($setkey_cmd, '-c'); + $sadinit = '' if ! defined $sadinit; + print SETKEY <<"EOF"; +$sadinit +EOF + + close SETKEY or prog_die "initialising SPD failed - exit code " . ($? >> 8); + return 1; +} + + +# Flush the SAD +sub sad_flush () { + setkey_flush('SAD'); +} + +# Flush the SPD +sub spd_flush() { + setkey_flush('SPD'); +} + +sub setkey_flush ($) { + my $table = shift; + my $cleanret = 0; + my $arg = ""; + + if ( $table =~ /SAD/ ) { + $arg = ""; + } + elsif ( $table =~ /SPD/ ) { + $arg = "-P"; + } else { + prog_die "setkey_flush() - wrong arg $table"; + } + + open ( SETKEY, '-|' ) + || exec ("$setkey_cmd $arg -F 2>&1"); + while ( ) { + if ( m/pfkey_open: Address family not supported by protocol/ ) { + $cleanret = 1; + next; + } + chomp; + prog_warn 0, "setkey said: $_"; + # print "$_\n"; + } + + close SETKEY; + prog_die ("flushing $table failed - exit code " . ($? >> 8)) + if ( $? && ! $cleanret); + return 0 +} + +sub spd_show () { + setkey_show('SPD'); +} + +sub sad_show () { + setkey_show('SAD'); +} + +sub setkey_show ($) { + my $table = shift; + my $cleanret = 0; + my $arg = ""; + + if ( $table =~ /SAD/ ) { + $arg = ""; + } + elsif ( $table =~ /SPD/ ) { + $arg = "-P"; + } else { + prog_die "setkey_show() - wrong arg $table"; + } + + system ("$setkey_cmd $arg -D | $pager_cmd @pager_flags"); + + return 0 +} + +sub mod_start () { + + print "Loading IPSEC/crypto modules...\n"; + + # Load cryptographic modules + mod_start_crypto (); + + # Load xfrm and af_key + mod_load "$modpath_xfrm/xfrm_user${modext}"; + mod_load "$modpath_key/af_key${modext}"; + + # Load IPv4 IPSEC + mod_start_ipsec (); + + # Load IPv6 IPSEC + mod_start_ipsec6 (); + + print "IPSEC/crypto modules loaded.\n"; + prog_warn 'info', "loaded IPSEC/crypto modules."; + + return 0; +} + +sub mod_stop () { + + print "Unloading IPSEC/crypto modules...\n"; + + # Unload crypto modules + mod_stop_crypto (); + + # Unload xfrm and af_key + mod_unload "$modpath_xfrm/xfrm_user${modext}"; + mod_unload "$modpath_key/af_key${modext}"; + + # Unload IPv4 IPSEC + mod_stop_ipsec (); + + # Unload IPv6 IPSEC + mod_stop_ipsec6 (); + + print "IPSEC/crypto modules unloaded.\n"; + prog_warn 'info', "unloaded IPSEC/crypto modules"; + + return 0; +} + +sub mod_start_ipsec6 () { + + return 0 if ! -d $proc_ipv6; + + for my $mod ( @modules_ipsec6 ) { + mod_load "${modpath_ipsec6}/${mod}${modext}"; + } + + return 0; +} + +sub mod_stop_ipsec6 () { + + for my $mod ( @modules_ipsec6 ) { + mod_unload $mod; + } + + return 0; +} + + +sub mod_start_ipsec () { + + return 0 if ! -d $proc_ipv4; + + for my $mod ( @modules_ipsec ) { + mod_load "${modpath_ipsec}/${mod}${modext}"; + } + + return 0; +} + +sub mod_stop_ipsec () { + + for my $mod ( @modules_ipsec ) { + mod_unload $mod; + } + + return 0; +} + +sub mod_start_crypto () { + local @modfiles; + + return 0 if ( ! -d $modpath_crypto ); + + # Load zlib_deflate if present + mod_load "$modpath_zlib/zlib_deflate${modext}"; + + opendir DIR, $modpath_crypto or prog_die "$modpath_crypto - $!"; + @modfiles = grep /${modext}$/, readdir DIR; + closedir DIR; + + for my $mod ( @modfiles ) { + next if ( $mod =~ /tcrypt${modext}$/ ); + mod_load "$modpath_crypto/$mod"; + } + + return 0 +} + +sub mod_stop_crypto () { + local @modfiles; + + return 0 if ( ! -d $modpath_crypto ); + + opendir DIR, $modpath_crypto or prog_die "$modpath_crypto - $!"; + @modfiles = grep /${modext}$/, readdir DIR; + closedir DIR; + for my $mod ( @modfiles ) { + mod_unload $mod; + } + + # Unload zlib_deflate if present + mod_unload "$modpath_zlib/zlib_deflate${modext}"; + + return 0 +} + +sub mod_load ($) { + local $modtoload = shift; + local $modname; + + # Check that kernel supports modules + return 1 if ( ! -f $proc_modules ); + + return 1 if ( ! -f $modtoload ); + + return 1 if ( ! -f "/sbin/modprobe" ); + + $modname = basename("$modtoload", "$modext"); + + if ( ! grep /^${modname}$/, @modules ) { + system ( "/sbin/modprobe $modname" ); + } + + return 0 + +} + +sub mod_unload ($) { + my $modname = shift; + + $modname = basename("$modname", "$modext"); + + if ( ! grep /^${modname}$/, @modules ) { + return 0; + } + + system ( "/sbin/modprobe -r $modname > /dev/null 2>&1" ); + + return 0; +} + +sub mod_ls () { + local $module; + + if (@modules > 0) { + return 0 + } + + # Check that kernel supports modules + if ( ! -f $proc_modules ) { + return 1; + } + + open MOD, "<$proc_modules"; + while ($module = ) { + chomp $module; + next if ($module =~ /^Module\s+Size/); + $module =~ s/^([a-zA-Z0-9_\-]+)\s+.*$/$1/; + push @modules, $module; + } + close MOD; + + return 0; +} + + + --- ipsec-tools-0.7.orig/debian/copyright +++ ipsec-tools-0.7/debian/copyright @@ -0,0 +1,61 @@ +This is the Debian packaged version of ipsec-tools. + +Sources for this package can be found at its homepage at +http://ipsec-tools.sourceforge.net/ . + +The code is copyright 1995, 1996, 1997, 1998, and 1999 by the WIDE Project +and licensed under the BSD license. On Debian systems a copy of the +license can be found in /usr/share/common-licenses/BSD . + +The GSSAPI code is copyright 2000 Wasabi Systems, Inc and lincensed under +the following license: + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by Wasabi Systems for + Zembu Labs, Inc. http://www.zembu.com/ + 4. The name of Wasabi Systems, Inc. may not be used to endorse + or promote products derived from this software without specific prior + written permission. + + THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC + BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +The racoon-tool perl script is: + +Copyright Matthew Grant, Catalyst IT Ltd 2004. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 dated June, 1991. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. + + A copy of the GNU General Public License is also available at + . You may also obtain + it by writing to the Free Software Foundation, Inc., 51 Franklin + St, Fifth Floor, Boston, MA 02110-1301, USA. + --- ipsec-tools-0.7.orig/debian/postinst +++ ipsec-tools-0.7/debian/postinst @@ -0,0 +1,42 @@ +#! /bin/sh +# postinst script for ipsec-tools +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package +# + +case "$1" in + configure) + + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + --- ipsec-tools-0.7.orig/debian/racoon.files +++ ipsec-tools-0.7/debian/racoon.files @@ -0,0 +1,2 @@ +ipsec-tools_0.4999pre5-20041206cvs_i386.deb net optional +racoon_0.4999pre5-20041206cvs_i386.deb net optional --- ipsec-tools-0.7.orig/debian/racoon-tool.conf +++ ipsec-tools-0.7/debian/racoon-tool.conf @@ -0,0 +1,46 @@ +# +# Configuration file for racoon-tool +# +# See racoon-tool.conf(5) for details +# + +# How to control the syslog level +global: + log: notify + +# +# Example of multiple networks to one endpoint +# +#connection(bacckdoor-doormat): +# src_range: 192.168.223.1/32 +# dst_range: 192.168.200.0/24 +# src_ip: 172.31.1.1 +# dst_ip: 10.0.0.1 +# admin_status: enabled +# compression: no +# lifetime: time 20 min +# authentication_algorithm: hmac_sha1,hmac_md5 +# encryption_algorithm: aes,3des + +#connection(backdoor-outhouse): +# src_range: 192.168.223.0/24 +# dst_range: 10.255.255.254 +# src_ip: 172.31.1.1 +# dst_ip: 10.0.0.1 +# admin_status: no +# lifetime: time 20 min +# authentication_algorithm: hmac_sha1 +# encryption_algorithm: 3des + + +#peer(10.0.0.1): +# verify_cert: on +# passive: off +# verify_identifier: off +# lifetime: time 60 min +# hash_algorithm[0]: sha1 +# encryption_algorithm[0]: 3des +## my_identifier: fqdn backdoor.foo.bar +## peers_identifier: fqdn garden-path.foo.bar +## certificate_type: x509 bLaH.pem PrIv.pem + --- ipsec-tools-0.7.orig/debian/ipsec-tools.setkey.default +++ ipsec-tools-0.7/debian/ipsec-tools.setkey.default @@ -0,0 +1,2 @@ +# Set to "no" to disable loading ipsec.conf on startup +# RUN_SETKEY=yes --- ipsec-tools-0.7.orig/debian/racoon.postinst +++ ipsec-tools-0.7/debian/racoon.postinst @@ -0,0 +1,102 @@ +#! /bin/sh +# postinst script for racoon +# +# see: dh_installdeb(1) + +set -e + +update_param() { + eval old=\"'$'$1\" + eval new=\"'$'new_$1\" + + if test "$old" = "$new"; then + return + fi + + if test -z "$old"; then + grep -Eq "^ *$1=" "$INITCONFFILE" || echo "$1=" \ + >> "$INITCONFFILE" + fi + + sed -e "s/^ *$1=.*/$1=\"$new\"/" < $INITCONFFILE > $INITCONFFILE.$$ + mv -f $INITCONFFILE.$$ $INITCONFFILE +} + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package +# + +case "$1" in + configure) + if [ -L /etc/rc2.d/S20racoon ]; then + # remove this old entry, we'll add correct one below + update-rc.d -f racoon remove > /dev/null || exit 0 + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + exit 0 + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# Handle debconf +. /usr/share/debconf/confmodule + +INITCONFFILE=/etc/default/racoon + +# We generate several files during the postinst, and we don't want +# them to be readable only by root. +umask 022 + +# Generate configuration file if it does not exist, using default values. +[ -r "${INITCONFFILE}" ] || { + echo Generating ${INITCONFFILE}... >&2 + cat >${INITCONFFILE} <<'EOFMAGICNUMBER1234' +# Defaults for racoon initscript +# sourced by /etc/init.d/racoon +# installed at /etc/default/racoon by the maintainer scripts + +# +# This is a POSIX shell fragment +# + +# Which configuration mode shall we use for racoon? +# Should be either "direct" (edit racoon.conf by hand) +# or "racoon-tool" (use this tool to do it). +# Unknown values are treated as if "direct" was given. +CONFIG_MODE="" +# Arguments to pass to racoon (ignored when config mode is racoon-tool) +RACOON_ARGS="" +EOFMAGICNUMBER1234 +} + +# ------------------------- Debconf questions start --------------------- + +db_get racoon/config_mode || true +new_CONFIG_MODE="${RET}" +update_param CONFIG_MODE +db_stop + +# ------------------------- Debconf questions end --------------------- + +# Fix psk.txt permissions +[ -f /etc/racoon/psk.txt ] && chmod 0600 /etc/racoon/psk.txt + +#DEBHELPER# + +exit 0 + + --- ipsec-tools-0.7.orig/debian/racoon-tool.conf.5 +++ ipsec-tools-0.7/debian/racoon-tool.conf.5 @@ -0,0 +1,291 @@ +.TH RACOON-TOOL.CONF 5 +.SH NAME +racoon-tool.conf \- configuration file for +.BR racoon-tool (8). +.SH "DESCRIPTION" +This manual page documents briefly the +.BR racoon-tool.conf (5) , +configuration file format. +.PP +Please consult the +.BR racoon.conf (5) +man-page first to better understand what is written about here. +.SH SYNTAX +The +.BR racoon-tool.conf (5) +file is laid out in sections. +.PP +Comments are delimited on the left by `#', and can be on a line by +themselves, or at the end of a line. +.PP +The possible sections are +.I global, +.I connection, +and +.I peer. +The possible templates are +.I spdadd, +.I spdinit, +.I sadinit, +.I sadadd, +.I remote, +.I sainfo, +and +.I racooninit. +.PP +Sections start with +.I section: +and then continue with their properties (name terminated by `:' then +value), and templates ALWAYS have to have each line started with +.I template: +Sections and templates can be named, with the name occurring in +parenthesis between the last character of their type and the final +colon. +.SH SECTIONS +The possible sections are: +.TP +.BR global: +Contains global parameters for the generated +.BR racoon.conf (5), +and global settings used by +.BR racoon-tool (8). +Available settings are: +.I path_pre_shared_key, +.I path_certificate, +.I path_racoon_conf, +.I racoon_command, +.I racoon_pid_file, +.I log, +.I listen[[0-9a-z]], +and +.I complex_bundle. + +Apart from +.I racoon-command +and +.I racoon_pid_file, +the setting map across to the similar names in +.BR racoon.conf (5). + +The +.I listen +directive is a bit different from the man-page and takes multiple +.I {ip-address} [[port]] +statements by attaching an index `0-9',`a-z' in square brackets immediately +before the colon. +.TP +.BR connection( "%default|%anonymous|[-_a-z0-9]+" ): +Connection as described by the complementary SPD entries. Creates +`sainfo' sections in the generated +.BR racoon.conf (5), +and associated SPD entries. + +Directives and values are basically one for +one with the relevant entries in +.BR racoon.conf (5). + +The `%default' VPN connection fills in entries in other specified +connections, unless they are otherwise defined within the specific +connection. The `%anonymous' connection is there for a passive VPN +server. +.TP +.BR peer( "%default|%anonymous|[a-f0-9:\.]+" ): +Defines the phase 1 attributes associated with a peer. This creates +`remote' entries in the generated +.BR racoon.conf (5). + +Directives and values are basically one for one with the relevant +entries in +.BR racoon.conf (5). +Different proposals are signified by adding an index `0-9', or `a-z' to +the +.I encryption_algorithm, +.I hash_algorithm, +.I dh_group, +and +.I authentication_method +entries, within square brackets immediately before the colon. + +The `%default' VPN connection fills in entries in other specified +connections, unless they are otherwise defined within the specific +connection. The `%anonymous' connection is there for a passive VPN +server. +.SH TEMPLATES +Templates are described briefly here. You will have to look inside the +.BR racoon-tool (8) +perl script to see exactly what you can do. +.TP +.BR spdinit: +Portion that can be used to initialise the SPD. Uses setkey syntax. +See +.BR setkey (8). +.TP +.BR sadinit: +Portion that can be used to initialise the SAD. Uses setkey syntax. +See +.BR setkey (8). +.TP +.BR spdadd(%default|[-_a-z0-9]+): +Template for adding SPD entries. Different templates can be used. +Keys for replacement are of the form `___setkey_name___', with names +found in +.BR setkey (8). +The built in template is named `%default'. +.TP +.BR sadadd(%default|[-_a-z0-9]+): +Template for adding SAD entries. Different templates can be used. +Keys for replacement are of the form `___setkey_name___', with names +found in +.BR setkey (8). +The built in template is named `%default'. +.TP +.BR remote(%default|[-_a-z0-9]+): +Template for adding 'remote' entries to the generated +.BR racoon.conf(5). +Different templates can be used. Keys for replacement are +of the form `___setkey_name___', with names found in +.BR setkey (8). +The built in template is named `%default'. +.TP +.BR sainfo(%default|[-_a-z0-9]+): +Template for adding 'sainfo' entries to the generated +.BR racoon.conf (5). +Different templates can be used. +Keys for replacement are of the form `___setkey_name___', with names +found in +.BR setkey (8). +The built in template is named `%default'. +.TP +.BR racooninit: +Template for adding your own section to the start of the generated +.BR racoon.conf (5). + +.SH "EXAMPLES" +Example of a simple configuration using PSK authentication. +.PP +.nf +# +# Configuration file for racoon-tool +# +# See racoon-tool.conf(5) for details +# + +# +# Simple PSK - authentication defaults to pre_shared_key +# +connection(bacckdoor-doormat): + src_range: 192.168.223.1/32 + dst_range: 192.168.200.0/24 + src_ip: 172.31.1.1 + dst_ip: 10.0.0.1 + admin_status: enabled + compression: no + lifetime: time 20 min + authentication_algorithm: hmac_sha1 + encryption_algorithm: 3des + +peer(10.0.0.1): + verify_cert: on + passive: off + verify_identifier: off + lifetime: time 60 min + hash_algorithm[0]: sha1 + encryption_algorithm[0]: 3des + +.fi +.PP +Example of a complex configuration with multple networks betweenthe +same endpoints, as well as use of `%default' for common settings. +.PP +.nf +# +# Configuration file for racoon-tool +# + +global: + log: notify + +# default settings to save typing +peer(%default): + certificate_type: x509 blurke-ipsec.crt blurke-ipsec.key + my_identifier: fqdn blurke.bar.com + lifetime: time 60 min + verify_identifier: on + verify_cert: on + hash_algorithm[0]: sha1 + encryption_algorithm[0]: 3des + authentication_method[0]: rsasig + +connection(%default): + authentication_algorithm: hmac_sha1 + encryption_algorithm: 3des + src_ip: 172.31.1.1 + lifetime: time 20 min + +# Connection to work +peer(10.0.0.1): + peers_identifier: fqdn blue.sky.com + +connection(blurke-blue-sky-work): + src_range: 192.168.203.1/32 + dst_range: 172.16.0.0/24 + dst_ip: 10.0.0.1 + admin_status: enabled + +# Connection to telehoused servers +connection(blurke-mail): + src_range: 192.168.203.0/24 + dst_range: 172.20.1.1 + dst_ip: 10.100.0.1 + encryption_algorithm: blowfish + compression: on + admin_status: yes + +peer(10.100.0.1): + peers_identifier: fqdn mail.bar.com + +connection(blurke-web1): + src_range: 192.168.203.0/24 + dst_range: 172.20.1.23 + dst_ip: 10.100.0.1 + encryption_algorithm: blowfish + admin_status: yes + +connection(blurke-web2): + src_range: 192.168.203.0/24 + dst_range: 172.20.1.24 + dst_ip: 10.100.0.1 + encryption_algorithm: blowfish + admin_status: yes + + + +# Test connection to Free S/WAN +connection(blurke-freeswan): + src_range: 192.168.203.0/24 + dst_range: 172.17.100.0/24 + dst_ip: 172.30.1.1 + admin_status: yes + +peer(172.30.1.1): + peers_identifier: fqdn banshee +.fi + +.SH "FILES" +.TP +.I /etc/racoon/racoon-tool.conf +The file that this man page describes. +.TP +.I /var/lib/racoon/racoon.conf +The generated racoon.conf. + +.SH "SEE ALSO" +.BR racoon.conf (5), +.BR racoon-tool (8), +.BR racoon (8), +.BR setkey (8). +.SH BUGS +This man page is by no means complete. +.SH AUTHOR +This manual page was written by Matthew Grant +for the Debian GNU/Linux system (but may be used by others). --- ipsec-tools-0.7.orig/debian/racoon.prerm +++ ipsec-tools-0.7/debian/racoon.prerm @@ -0,0 +1,39 @@ +#! /bin/sh +# prerm script for ipsec-tools +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `upgrade' +# * `failed-upgrade' +# * `remove' `in-favour' +# * `deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + remove|upgrade|deconfigure) +# install-info --quiet --remove /usr/info/ipsec-tools.info.gz + ;; + failed-upgrade) + ;; + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + --- ipsec-tools-0.7.orig/debian/ipsec-tools.postinst +++ ipsec-tools-0.7/debian/ipsec-tools.postinst @@ -0,0 +1,43 @@ +#! /bin/sh +# postinst script for ipsec-tools +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package +# + +case "$1" in + configure) + if [ -L /etc/rc2.d/S20setkey -o -L /etc/rc0.d/K37setkey ]; then + # remove this old entry, we'll add correct one below + update-rc.d -f setkey remove > /dev/null || exit 0 + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + exit 0 + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + + +#DEBHELPER# + +exit 0 + + --- ipsec-tools-0.7.orig/debian/racoon.dirs +++ ipsec-tools-0.7/debian/racoon.dirs @@ -0,0 +1,3 @@ +usr/sbin +usr/lib + --- ipsec-tools-0.7.orig/debian/control +++ ipsec-tools-0.7/debian/control @@ -0,0 +1,25 @@ +Source: ipsec-tools +Section: net +Priority: extra +Maintainer: Ubuntu Core Developers +XSBC-Original-Maintainer: Ganesan Rajagopal +Build-Depends: debhelper (>= 4.0.0), flex, bison, libkrb5-dev, libssl-dev (>= 0.9.6), libpam0g-dev, po-debconf, chrpath +Build-Conflicts: bison++ +Standards-Version: 3.7.3 + +Package: ipsec-tools +Architecture: any +Depends: ${shlibs:Depends}, lsb-base (>= 3.0) +Description: IPsec tools for Linux + IPsec-Tools is a port of the KAME IPsec utilities for Linux. It can be + used with the ipsec implementation in 2.6 and later kernels or with + the 2.4 backport of the ipsec changes. + +Package: racoon +Architecture: any +Provides: ike-server +Depends: ${shlibs:Depends}, debconf (>= 0.2.26) | debconf-2.0, ${perl:Depends} +Description: IPsec IKE keying daemon + racoon is the KAME IKE (ipsec key exchange) server. It can be used with + the Linux ipsec implementation in 2.6 and later kernels or with + the 2.4 backport of the ipsec changes. --- ipsec-tools-0.7.orig/debian/racoon.postrm +++ ipsec-tools-0.7/debian/racoon.postrm @@ -0,0 +1,30 @@ +#! /bin/sh +# postrm script for ipsec-tools +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' overwrit>r> +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +if [ "$1" = purge ]; then + rm -f /etc/default/racoon +fi + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- ipsec-tools-0.7.orig/debian/racoon-tool.8 +++ ipsec-tools-0.7/debian/racoon-tool.8 @@ -0,0 +1,143 @@ +.TH RACOON-TOOL 8 +.\" NAME should be all caps, SECTION should be 1-8, maybe w/ subsection +.\" other parms are allowed: see man(7), man(1) +.SH NAME +racoon-tool \- program to manage the +.BR racoon (8) +IPSEC IKE daemon. +.SH SYNOPSIS +.B racoon-tool +.I "[-h] reload|restart|force-reload|start|stop" +.br +.B racoon-tool +.I "[-h] sadflush|spdflush|saddump|spddump" +.br +.B racoon-tool +.I "[-h] vpndown|vdown|vpnup|vup connection-name|all" +.br +.B racoon-tool +.I "[-h] vpnreload|vreload connection-name|all" +.br +.B racoon-tool +.I "[-h] vpnlist|vlist [connection-name|all]" +.br +.B racoon-tool +.I "[-h] vpnmenu|vmenu [connection-name-regexp]" +.br +.B racoon-tool +.I "[-h] racoonstart|racoonstop|rstart|rstop" +.br +.SH "DESCRIPTION" +This manual page documents briefly the +.BR racoon-tool +command. +.BR racoon-tool (8) +is a perl script that can be used to control the +.BR racoon (8) +IKE daemon and the SPD database within the kernel via the +.BR setkey (8) +command. Various operations that it can do +are described below. +.PP +You can also optionally choose not to use it via reconfiguring the +.I racoon +package using +.BR dpkg-reconfigure (8). + +.SH OPTIONS +A summary of options are included below. +.TP +.B \-h +Show summary of options. + +.SH COMMANDS +.TP +.B start +Start +.BR racoon (8), +loading any needed modules, configuring the SPD, and generating +a configuration from +.I /etc/racoon/racoon-tool.conf. +.TP +.B stop +Stop +.BR racoon (8) +unloading any crypto/IPSEC modules, flushing the SAD and SPD. +.TP +.B reload +Regenerate configuration from +.I /etc/racoon/racoon.conf, HUP +.BR racoon (8) +and reinitialise the SPD and SAD. +.TP +.B restart|force-reload +Perform a +.I stop +followed by a +.I start +.TP +.B sadflush +Flush the SAD via +.BR setkey (8). +.TP +.B spdflush +Flush the SPD via +.BR setkey (8). +.TP +.B saddump|dump +Dump the SAD to screen via +.BR setkey (8), +paginating via your pager. +.TP +.B spddump +Dump the SPD to screen via +.BR setkey (8), +paginating via your pager. +.TP +.BR "vpnup|vup" " connection-name|all" +Bring up the VPN connection(s). +.TP +.BR "vpndown|vdown" " connection-name|all" +Take down the VPN connection(s). +.TP +.BR "vpnreload|vreload" " connection-name|all" +Reload the VPN connection(s). +.TP +.BR "vpnlist|vlist" " [connection-name|all]" +List the known VPN connections in +.I /etc/racoon/racoon-tool.conf. +Can be used by a script or administrator to see +if a VPN connection exists. +.TP +.BR "vpnmenu|vmenu" " [connection-name-regexp]" +Start the VPN menu management mode. This displays the SPD, +and you can shutdown VPNs from here. Latter on support will +be added for checking status and reloading the chosen connection. +.TP +.B racoonstart|rstart +Start only the +.BR racoon (8) +daemon. +.TP +.B racoonstop|rstop +Stop only the +.BR racoon (8) +daemon. +.SH "FILES" +.TP +.I /etc/racoon/racoon-tool.conf +\- configuration file. +.TP +.I /var/lib/racoon/racoon.conf +\- generated racoon.conf +.SH "SEE ALSO" +.BR racoon (8), +.BR racoon.conf (5), +.BR setkey (8), +.BR racoon-tool.conf (5). + +.SH AUTHOR +This manual page was written by Matthew Grant , +for the Debian GNU/Linux system (but may be used by others). + +\" LocalWords: RACOON --- ipsec-tools-0.7.orig/debian/ipsec-tools.setkey.init +++ ipsec-tools-0.7/debian/ipsec-tools.setkey.init @@ -0,0 +1,61 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: setkey +# Required-Start: $remote_fs +# Required-Stop: $remote_fs +# Default-Start: S +# Default-Stop: +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +SETKEY=/usr/sbin/setkey +SETKEY_CONF=/etc/ipsec-tools.conf +NAME=setkey + +test -x $SETKEY -a -f $SETKEY_CONF || exit 0 + +RUN_SETKEY="yes" +if [ -f /etc/default/setkey ] ; then + . /etc/default/setkey +fi + +if [ $RUN_SETKEY != "yes" ] ; then + exit 0 +fi + +set -e + +. /lib/lsb/init-functions + +case "$1" in + start) + log_begin_msg "Loading IPsec SA/SP database from $SETKEY_CONF: " + if $SETKEY -f $SETKEY_CONF; then + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + stop) + log_begin_msg "Flushing IPsec SA/SP database: " + if $SETKEY -F -FP; then + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + restart|force-reload) + echo -n "Reloading IPsec SA/SP database: " + $SETKEY -F + $SETKEY -FP + $SETKEY -f $SETKEY_CONF + echo "done." + ;; + *) + N=/etc/init.d/$NAME + log_success_msg "Usage: $N {start|stop|restart|force-reload}" + exit 1 + ;; +esac + +exit 0 --- ipsec-tools-0.7.orig/debian/changelog +++ ipsec-tools-0.7/debian/changelog @@ -0,0 +1,773 @@ +ipsec-tools (1:0.7-2.1ubuntu2) karmic; urgency=low + + * No-change rebuild against libkrb5-3. + + -- Steve Langasek Tue, 21 Jul 2009 08:26:53 +0000 + +ipsec-tools (1:0.7-2.1ubuntu1) intrepid; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/control: + - Set Ubuntu maintainer address. + - Depend on lsb-base. + - debian/ipsec-tools.setkey.init: + - LSB init script. + * Dropped: + - debian/ipsec-tools.setkey.init: + - restart method: stop then start. + - Use {} instead of () in usage (bash_completion). + - debian/racoon.init: + - Create /var/run/racoon. + - Use {} instead of () in usage (bash_completion). + * Bug fixed by this merge: + - fix XAuth with U-FQDN (LP: #234166). + * Enable build with hardened options: + - src/libipsec/policy_token.c: don't check return code of fwrite. + - src/setkey/setkey.c: stop scanning stdin if fgets fails. + + -- Mathias Gug Wed, 18 Jun 2008 17:34:55 -0400 + +ipsec-tools (1:0.7-2.1) unstable; urgency=low + + * Non-maintainer upload to fix pending l10n issues. + * Debconf translations: + - German. Closes: #479257 + - French. Closes: #477771 + - Galician. Closes: #480984 + - Spanish. Closes: #482343 + - Vietnamese. Closes: #482363 + - Czech. Closes: #482429 + - Basque. Closes: #482847 + - Portuguese. Closes: #482892 + - Dutch. Closes: #483006 + - Brazilian Portuguese. Closes: #483684 + * [Lintian] Remove useless debian/preinst script + + -- Christian Perrier Sat, 10 May 2008 19:36:28 +0200 + +ipsec-tools (1:0.7-2) unstable; urgency=low + + * Really apply patch from Ubuntu to racoon.init for bash completion + (closes: #453031). + * Fix module loading bug with hyphen in kernel version (closes: 376934). + + -- Ganesan Rajagopal Tue, 22 Apr 2008 14:40:39 +0530 + +ipsec-tools (1:0.7-1) unstable; urgency=low + + * New upstream release (closes: #448056). + * Thanks Peter Eisentraut and Jérémy Bobbio for NMUs. + * Apply patch from Ubuntu to racoon.init to create /var/run/racoon if it + doesn't already exist (closes: #453029). + * Apply patch from Ubuntu to racoon.init for bash completion + (closes: #453031). + * Fix bad config location in README.Debian (closes: #412674). + * Remove unneeded Build-Depends on libreadline5-dev. + * Add Build-Depends on chrpath and remove rpath lintian warnings. + * Fix racoon-tool bug which causes racoon to fail to start (closes: #470736). + * Update Standards-Version to 3.7.3 (no packaging changes required). + + -- Ganesan Rajagopal Tue, 22 Apr 2008 14:37:51 +0530 + +ipsec-tools (1:0.6.7-1.2) unstable; urgency=low + + * Non-maintainer upload + * Remove all configuration files on purge (closes: #298496) + * Remove PID file and socket file on daemon stop (closes: #298496) + * Corrected restart logic in setkey init script (closes: #460324) + * Added LSB-formatted dependency info in init.d scripts (closes: #458488) + * Fixed watch file (closes: #449659) + + -- Peter Eisentraut Tue, 18 Mar 2008 01:24:48 +0100 + +ipsec-tools (1:0.6.7-1.1ubuntu1) hardy; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/control: + - Set Ubuntu maintainer address. + - Depend on lsb-base. + - debian/ipsec-tools.setkey.init: + - LSB init script. + - restart method: stop then start. + - Use {} instead of () in usage (bash_completion). + - debian/racoon.init: + - Create /var/run/racoon. + - Use {} instead of () in usage (bash_completion). + * Dropped: + - src/racoon/isakmp_inf.c: upstream fix for unecrypted ISAKMP packets. + - src/racoon/grabmyaddr.c: Define IFA_RTA and #include . + + -- Mathias Gug Mon, 26 Nov 2007 11:57:18 -0500 + +ipsec-tools (1:0.6.7-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix null pointer checks in: (Closes: #362213) + * GETNAMEINFO and GETNAMEINFO_NULL in src/racoon/var.h, + * certtest() in src/racoon/eaytest.c. + * Fix debian-rules-ignores-make-clean-error lintian warning. + + -- Jérémy Bobbio Sat, 29 Sep 2007 14:37:50 +0200 + +ipsec-tools (1:0.6.7-1) unstable; urgency=low + + * New upstream release (closes: #429711) + * Thanks Dann Frazier and Christian Perrier + for NMUs. + * Fixed bug in parsing for DNSSEC. Patch from Marc Dequènes + (closes: #321159). + * Included Galician translation provided by Jacobo Tarrio + for debconf templates (closes: #412867). + * Included Dutch translation proivded by cobaco (aka Bart Cornelis) + (closes: #413885). + * Fix racoon-tool bug setting lifetime when the setting pfs_group=none. + Patch by Pallai Roland (closes: #406684). + * Re-ran automake/autoconf because of a bug in libtool versions older than + 1.5.20 which insists on checking for a C++ compiler though racoon doesn't + require it. + + -- Ganesan Rajagopal Sat, 30 Jun 2007 19:31:39 +0530 + +ipsec-tools (1:0.6.6-3.2) unstable; urgency=low + + * Non-maintainer upload + * Fix remote DoS condition that makes it possible for remote attackers to + crash a tunnel. See CVE-2007-1841 (closes: #423252) + * Fix typo in initscript (s/force_reload/force-reload). Patch from + Robie Basak (closes: #380103) + * setkey does not honor both -FP and -F in a single run, split into + separate calls. Patch from Benjamin Sonntag (closes: #403511) + + -- dann frazier Tue, 19 Jun 2007 11:26:58 -0600 + +ipsec-tools (1:0.6.6-3.1ubuntu3) gutsy; urgency=low + + * fix racoon.init to work with bash_completion (LP: #88153) + + -- Patrick Hetu Tue, 10 Jul 2007 10:59:25 -0400 + +ipsec-tools (1:0.6.6-3.1ubuntu2) gutsy; urgency=low + + * Fix compilation errors with GCC-4.2. + + -- Matthias Klose Tue, 29 May 2007 09:05:02 +0200 + +ipsec-tools (1:0.6.6-3.1ubuntu1) gutsy; urgency=low + + * Merge from debian unstable, remaining changes: + - src/racoon/isakmp_inf.c: upstream fix for unecrypted ISAKMP packets. + - src/racoon/grabmyaddr.c: Define IFA_RTA and #include . + - debian/control: Set Ubuntu maintainer address. + - LSB init script. + - debian/racoon.init: Create /var/run/racoon. + + -- Kees Cook Tue, 08 May 2007 05:29:33 -0700 + +ipsec-tools (1:0.6.6-3.1) unstable; urgency=low + + * Non-maintainer upload to fix pending l10n issues. + * Debconf translations: + - Russian. Closes: #373925 + - German. Closes: #401468 + - Japanese. Closes: #402623 + - Spanish. Closes: #403484 + * Fix typos in the debconf templates and unfuzzy translations + Closes: #397187 + + -- Christian Perrier Sun, 4 Feb 2007 19:34:49 +0100 + +ipsec-tools (1:0.6.6-3ubuntu3) feisty; urgency=low + + * SECURITY UPDATE: remote ipsec tunnel disruption. + * src/racoon/isakmp_inf.c: upstream fix for unecrypted ISAKMP packets + causing tunnels to be disconnected. + * References + CVE-2007-1841 + + -- Kees Cook Wed, 4 Apr 2007 13:46:40 -0700 + +ipsec-tools (1:0.6.6-3ubuntu2) feisty; urgency=low + + * Rebuild for changes in the amd64 toolchain. + * Set Ubuntu maintainer address. + + -- Matthias Klose Mon, 5 Mar 2007 01:19:03 +0000 + +ipsec-tools (1:0.6.6-3ubuntu1) feisty; urgency=low + + * Merge from debian unstable. + - LSB init script. + - debian/racoon.init: Create /var/run/racoon. + * src/racoon/grabmyaddr.c: Define IFA_RTA and #include . + + -- Martin Pitt Fri, 3 Nov 2006 10:15:57 +0100 + +ipsec-tools (1:0.6.6-3) unstable; urgency=low + + * Remove old rc*.d symlinks to fix existing installations. + + -- Ganesan Rajagopal Wed, 19 Jul 2006 19:59:57 +0530 + +ipsec-tools (1:0.6.6-2) unstable; urgency=low + + * Fix typo in enabling PAM. + * Include russian translation. + * Don't flush keys on reboot/shutdown (closes: #340740). + * Start racoon in rcS.d to help VPN configurations (closes: #372665). + + -- Ganesan Rajagopal Wed, 19 Jul 2006 17:10:15 +0530 + +ipsec-tools (1:0.6.6-1ubuntu1) edgy; urgency=low + + * Merge from Debian. Only changes left: + - LSB init script. + - debian/racoon.init: Create /var/run/racoon. + + -- Martin Pitt Fri, 30 Jun 2006 10:21:40 +0200 + +ipsec-tools (1:0.6.6-1) unstable; urgency=low + + * New upstream release. + * Added debconf-updatepo in clean target (closes: #372910). + * Compiled with PAM support (closes: #299806, #371053). + * Fixed typo in racoon.templates and corresponding po files. + * Updated Brazilian Portugese, Vietnamese, Swedish, French and Czech + translations for debconf templates (closes: #370148, #369409). + + -- Ganesan Rajagopal Thu, 15 Jun 2006 17:47:58 +0530 + +ipsec-tools (1:0.6.5-6) unstable; urgency=low + + * Fix regex in racoon-tool.conf man page (closes: #352157). + * Switch to "/sbin/modprobe" instead of "/sbin/insmod" for module loading + in racoon-tool (closes: #298286). + * Apply patch by Teddy Hogeborn to fix as1dn handling + by racoon-tool (closes: #296259). + * Apply patch by Kristjan Räts to make sure + racoon is configured before it's started (closes: #304573). + * Officially deprecate racoon-tool and cleanup debconf template + (closes: #338216). + * Update Standards-Version to 3.7.2 (no packaging changes required). + + -- Ganesan Rajagopal Mon, 29 May 2006 15:43:05 +0530 + +ipsec-tools (1:0.6.5-5) unstable; urgency=low + + * Fix "dereferencing type-punned...." gcc-4.1 FTBFS bug (closes: #361334). + * Include updated French translation (closes: #338642). + * Include swedish debconf translation (closes: #330569). + * Fix racoon-tool tool braindead shutdown delay (closes: #332814). + + -- Ganesan Rajagopal Wed, 17 May 2006 17:03:11 +0530 + +ipsec-tools (1:0.6.5-4ubuntu1) dapper; urgency=low + + * Synchronize to Debian to bring in new upstream version. + - UVF exception approved by Matt Zimmerman. + - New version repairs racoon for road warrior setup (which broke in + earlier Dapper versions, but worked fine in Breezy). Closes: LP#40386 + + -- Martin Pitt Tue, 9 May 2006 11:33:01 +0200 + +ipsec-tools (1:0.6.5-4) unstable; urgency=low + + * Fixed FTBFS on another source file on 64-bit platforms. (closes: #359092). + * Include samples directory in package. + + -- Ganesan Rajagopal Thu, 30 Mar 2006 14:30:45 +0530 + +ipsec-tools (1:0.6.5-3) unstable; urgency=low + + * Fixed FTBFS on 64-bit platforms (closes: #359092). + + -- Ganesan Rajagopal Mon, 27 Mar 2006 17:41:45 +0530 + +ipsec-tools (1:0.6.5-2) unstable; urgency=low + + * Enable GSSAPI/Kerberos 5 support (closes: #352040). + + -- Ganesan Rajagopal Sun, 26 Mar 2006 09:48:51 +0530 + +ipsec-tools (1:0.6.5-1) unstable; urgency=low + + * New upstream release. + * Don't rerun bootstrap because upstream libtool problem is fixed. + + -- Ganesan Rajagopal Tue, 7 Feb 2006 13:40:27 +0530 + +ipsec-tools (1:0.6.4-1ubuntu2) dapper; urgency=low + + * Create /var/run/racoon in the init script. + + -- Scott James Remnant Wed, 19 Apr 2006 14:26:13 +0100 + +ipsec-tools (1:0.6.4-1ubuntu1) dapper; urgency=low + + * Resynchronise with Debian. + + -- Martin Pitt Tue, 7 Feb 2006 11:45:50 +0100 + +ipsec-tools (1:0.6.4-1) unstable; urgency=low + + * New upstream release. + * Apply racoon-tool patch to use modprobe instead of insmod + (closes: #320087). + * Rerun bootstrap because upstream libtool appears to be broken (configure + breaks if g++ is not installed). + + -- Ganesan Rajagopal Tue, 24 Jan 2006 10:20:11 +0530 + +ipsec-tools (1:0.6.3-1) unstable; urgency=low + + * New upstream release with fix for CVE-2005-3732 (closes: #340584). + + -- Ganesan Rajagopal Mon, 28 Nov 2005 11:58:31 +0530 + +ipsec-tools (1:0.6.2-2ubuntu2) dapper; urgency=low + + * Rebuild against openssl 0.9.8. + + -- Martin Pitt Mon, 30 Jan 2006 10:48:21 +0000 + +ipsec-tools (1:0.6.2-2ubuntu1) dapper; urgency=low + + * Resynchronise with Debian. + + -- Tollef Fog Heen Fri, 11 Nov 2005 09:59:03 +0100 + +ipsec-tools (1:0.6.2-2) unstable; urgency=low + + * Fix build breakage with OpenSSL 0.9.8 (closes: #334669). + + -- Ganesan Rajagopal Mon, 31 Oct 2005 11:19:53 +0530 + +ipsec-tools (1:0.6.2-1) unstable; urgency=low + + * New upstream release. + * Update FSF address in copyright. + * Remove bashism in postinst. + + -- Ganesan Rajagopal Tue, 18 Oct 2005 10:30:53 +0530 + +ipsec-tools (1:0.6.1-1) unstable; urgency=low + + * New upstream release + + -- Ganesan Rajagopal Sun, 21 Aug 2005 13:24:15 +0530 + +ipsec-tools (1:0.6-2) unstable; urgency=low + + * Add debconf-2.0 as an alternate for debconf dependency. + * Updated standards version. + * Fixed racoonctl breakage (closes: #320535). + + -- Ganesan Rajagopal Sat, 13 Aug 2005 09:27:43 +0530 + +ipsec-tools (1:0.6-1ubuntu1) breezy; urgency=low + + * LSB init scripts. + + -- LaMont Jones Wed, 28 Sep 2005 18:33:52 -0600 + +ipsec-tools (1:0.6-1) unstable; urgency=low + + * New upstream release. + * Include Vietnamese translation for debconf template (closes: #312031). + * Include Japanese translation for debconf template (closes: #309732). + * Registering /etc/init.d/setkey in rcS.d before ifupdown (closes: #303451). + + -- Ganesan Rajagopal Wed, 29 Jun 2005 10:16:54 +0530 + +ipsec-tools (1:0.5.2-1) unstable; urgency=high + + * New upstream release. This release fixes ph2handle unlink bug + (closes: #307233). + * Urgency high because of fix for security problem with single DES. + * Applied patch from Richard Lucassen to pass options to racoon via + /etc/default/racoon file. + + -- Ganesan Rajagopal Wed, 4 May 2005 13:46:45 +0530 + +ipsec-tools (1:0.5.1-2) unstable; urgency=low + + * Disabled readline support because it introduces a bug in setkey and + confuses a lot of people (closes: #303573). + * Added Build-Conflicts for bison++ (closes: #305974). + + -- Ganesan Rajagopal Mon, 2 May 2005 10:18:04 +0530 + +ipsec-tools (1:0.5.1-1) unstable; urgency=low + + * New upstream release (closes: #305310). + * Removed --enabled-stats while building (closes: #300718). + * Removed --enable-ipv6 while build; this enables IPv6 automatically. + (closes: #304000). + + -- Ganesan Rajagopal Tue, 19 Apr 2005 15:47:29 +0530 + +ipsec-tools (1:0.5-5) unstable; urgency=high + + * Fix ISAKMP Header Parsing DoS bug (closes: #299716). + * Quote URL in README.Debian to avoid confusion (closes: #297179). + + -- Ganesan Rajagopal Wed, 16 Mar 2005 09:31:30 +0530 + +ipsec-tools (1:0.5-4) unstable; urgency=low + + * Fix typo in ipsec-tools.setkey.init (closes: #296912). + + -- Ganesan Rajagopal Sat, 26 Feb 2005 11:39:19 +0530 + +ipsec-tools (1:0.5-3) unstable; urgency=low + + * Renamed ipsec.conf to ipsec-tools.conf to avoid conflict with openswan + (closes: #296079). + * Fix bug in quotes handling for peers_certfile (closes: #296105). + + -- Ganesan Rajagopal Sun, 20 Feb 2005 21:51:41 +0530 + +ipsec-tools (1:0.5-2) unstable; urgency=low + + * Fix compile warnings to avoid build failures on 64-bit platforms. + + -- Ganesan Rajagopal Sat, 19 Feb 2005 10:03:27 +0530 + +ipsec-tools (1:0.5-1) unstable; urgency=low + + * New upstream stable release. + * Forced to introduce epoch because I misunderstood how comparing + version strings works (0.4999 > 0.5). I can't believe I screwed up + this one :-(. + * Added initscript to run setkey on boot (closes: #276970). + * Renamed racoon.init.d to racoon.init as per dh_installinit documentation. + * Added note in README.Debian that racoon-tool may lag behind in features. + * Included racoon.conf samples directory. + * Added note in sample racoon.conf that it will not be used if racoon-tool + is used. + + -- Ganesan Rajagopal Fri, 18 Feb 2005 11:00:23 +0530 + +ipsec-tools (0.4999pre0.5rc2-3) unstable; urgency=low + + * Added libssl-dev to build-deps (closes: #295263). + * Updated racoon-tool.pl to handle certtype for peers_certfile + (closes: #295035). + * Escape quote ('"') characters in racoon-tool.pl to prevent messing up + syntax highlighting in emacs. + + -- Ganesan Rajagopal Thu, 17 Feb 2005 14:34:06 +0530 + +ipsec-tools (0.4999pre0.5rc2-2) unstable; urgency=low + + * Applied patch to support SPD levels and NAT traversl from + Lockenvitz Jan EXT + (closes: #277285). + * Included debconf template Czech translation by + Miroslav Kure (closes: #294779). + + -- Ganesan Rajagopal Mon, 14 Feb 2005 18:27:14 +0530 + +ipsec-tools (0.4999pre0.5rc2-1) unstable; urgency=low + + * New upstream release. + * Redone packaging using debhelper. + * Upstream supports Linux fwd policy (closes: #292850). + * Source address patch applied upstream (closes: #289604). + * Enabled NATT support (closes: #238795). + * Removed empty racoon.conf (closes: #255124). + * Fixed paths in man pages (closes: #276854). + + -- Ganesan Rajagopal Tue, 1 Feb 2005 13:55:37 +0530 + +ipsec-tools (0.3.3-7) unstable; urgency=low + + * Fixed fix memory leak in crypto_openssl.c (closes: #292732). + * French translation already included (closes: #245583). + * Brazilian portugese translation already included (closes: #262550). + * We don't include a debbugs URL anymore (closes: #220089). + + -- Ganesan Rajagopal Tue, 1 Feb 2005 13:48:22 +0530 + +ipsec-tools (0.3.3-6) unstable; urgency=low + + * Taking over as maintainer from Matthew Grant with his approval. + + -- Ganesan Rajagopal Mon, 31 Jan 2005 20:52:43 +0530 + +ipsec-tools (0.3.3-5) unstable; urgency=low + + * Removed unneeded dependency on ed from control file, which I forgot to do. + + -- Matthew Grant Sat, 18 Dec 2004 16:14:10 +1300 + +ipsec-tools (0.3.3-4) unstable; urgency=medium + + * Didn't properly fix Bug #285103. This upload fixes it by adjusting the + config scripts. Priority set to medium to make sure that the 3 RC bugs get + cleared promptly from testing version. Removed use of ed as this tool + is only used in racoon.postint, and is not needed by any package essential + to run a firewall. + + -- Matthew Grant Sat, 18 Dec 2004 11:46:36 +1300 + +ipsec-tools (0.3.3-3) unstable; urgency=low + + * Fix use of 'find' in debian/rules. Thanks to Christian Ospelkaus + for patch. (closes: #285788) + * Fix use of $? after another command execution in if statement at line 2161 + of racoon-tool. Thanks to shonorio@alpargatas.com.br + for analysis. (closes: #285549) + * debian/racoon.init.d: In stop target, pass option --name instead of + --exec to start-stop-daemon to make sure old versions of the daemon + are properly stopped even if a new version is already on disk. + (closes: #285117) (Daniel Kobras ) + * debian/racoon.{config,postinst}: Seed debconf settings from + configuration file, and take care to preserve manual changes. + (closes: #285103) (Daniel Kobras ) + * debian/control: Add ed to racoon's dependencies as it is used in the + postinst script. (Daniel Kobras ) + + -- Matthew Grant Thu, 16 Dec 2004 22:29:48 +1300 + +ipsec-tools (0.3.3-2) unstable; urgency=medium + + * Fix spelling mistake for 'available' in racoon init script. (closes: #249288) + * Fixed URL in README.certificate (closes: #252513) + * Fixed gzipping of under sized files (closes: #279739) + * Added french debconf translation for racoon (closes: #245251) + * Added pt_BR.po Brazilian Portuguese translation for raccon debconf + (closes #262550) + * Added German de.po for raccon debconf (closes: #263055) + * Applied patch from Wilfried Weissmann who + forwarded a fix for "initial_contact" spelling error (closes: #280837) + * Fixed racoon-tool address type parsing bug. Fix forwarded by + Kolja Waschk (closes: #269934) + * Fixed racoon-tool port parsing bug with port numbers more than 3 chars. + Patch from Jeremy Jackson (closes: #260875) + * Fixed parsing of file paths delimited by optional double quotes. + (closes: #257350) + + -- Matthew Grant Fri, 26 Nov 2004 08:34:17 +1300 + +ipsec-tools (0.3.3-1) unstable; urgency=high + + * Security upload. Updated to vesion 0.3.3 which fixes a "authentication + bug in KAME's racoon" in eay_check_x509cert() (Bugtraq + http://seclists.org/lists/bugtraq/2004/Jun/0219.html) (closes: #254663). + * Fix for "racooninit" in racoon-tool.conf. Applied patch submitted by + Teddy Hogeborn . (closes: #249222) + * Stopped patching racoon.conf.5 manpage as the "Japlish" fix is now in the + source tree. + + -- Matthew Grant Thu, 17 Jun 2004 09:05:50 +1200 + +ipsec-tools (0.3.1-4) unstable; urgency=low + + * Fixed autoconf more so that it only gets called by maintainer. This is to + fix the woody backport support. + + -- Matthew Grant Thu, 22 Apr 2004 15:55:45 +1200 + +ipsec-tools (0.3.1-3) unstable; urgency=high + + * Security upload. Correct urgency so that it will be accepted into + testing in 2 days because version in testing suffers from CAN-2004-0403 + and CAN-2004-0155. + * New upstrem release. Fixes remote DoS in racoon (CAN-2004-0403) + (closes: #244182). Repeated for sake of BTS. + + -- Matthew Grant Thu, 22 Apr 2004 10:42:49 +1200 + +ipsec-tools (0.3.1-2) unstable; urgency=high + + * Security upload. Correct urgency so that it will be accepted into + testing in 2 days because version in testing suffers from CAN-2004-0403 + and CAN-2004-0155. + * New upstrem release. Fixes remote DoS in racoon (CAN-2004-0403) + (closes: #244182). Repeated for sake of BTS. + + -- Matthew Grant Thu, 22 Apr 2004 10:00:58 +1200 + +ipsec-tools (0.3.1-1) unstable; urgency=high (Fixes remote DoS CAN-2004-0403) + + * New upstrem release. Fixes remote DoS in racoon (CAN-2004-0403) + (closes: #244182) + * Enable shared libraries for libipsec - had been turned off upstream. + * Removed support for GNU readline as there is definitely a licensing + conflist, and it breadks the stdin processing of setkey which is needed + for racoon-tool. + * rpm building Makefile was causing a lot of grief by recursively calling + toplevel makefile. Removed from configure.ac + * Removed autoconf from build targets as rebuilding Makefile.in makes + debian/rules clean target non-idempotent. + * Security release, set urgency to high. + + -- Matthew Grant Thu, 22 Apr 2004 08:42:28 +1200 + +ipsec-tools (0.2.5-2) unstable; urgency=low + + * New upstream release. Fixes the the X509 security authentication bug. + (CAN-2004-0155) Closes: #242327 + * Finally worked out autoconf so that it is dependable. Package needs to + use 2 DIFFERENT versions of autoconf so that it works! + * Fixed some 'Japlish' in the racoon.conf.5 manpage. Closes: #235456 + + -- Matthew Grant Wed, 7 Apr 2004 16:05:34 +1200 + +ipsec-tools (0.2.5-1) unstable; urgency=low + + * Botched upload due to Ctrl-C-ing dupload... + + -- Matthew Grant Wed, 7 Apr 2004 13:18:03 +1200 + +ipsec-tools (0.2.4-3) unstable; urgency=low + + * Fixed start and stop being in the wrong order in legacy init.d target. + Closes: #198755 + * Rearranged racoon maintainer scripts starting and stopping of daemon. + Dropped testing of kernel in postinst - test in init script is enough. + Closes: #233642 + * Reorganised the debconf screens as there was too many of them. + Closes: #240056. Removal of one of the screens - Closes: #240010 + * Installed a README.Debian in the racoon package, describing most + things needed to get racoon starting properly. + * Replaced racoon.conf with a far simpler one to make sure racoon + has a good chance of starting properly. Closes: #209226 + * Made sure packaged is autoconfed correctly. This was causing + trouble when building with set CC, CPP and CFLAGS in environment. + Closes: #229614 + * Set racoon and ipsec-tools priorities to optional, shouldn't be extra. + Closes: #212985 + + -- Matthew Grant Sun, 28 Mar 2004 23:19:16 +1200 + +ipsec-tools (0.2.4-2) unstable; urgency=low + + * Fix problem with do_patch do_unpatch not having execute bits set on + dpkg-source -x causing build failures. Closes: Bug#239668 + * Forgot to mention that upgrade to upstream does this: Closes: Bug#216650 + * Upstream release also Closes: Bug#233642 Closes: Bug#231006, Bug#224960 + * This build also Closes: Bug#230269, lintian checks found it! + + -- Matthew Grant Thu, 25 Mar 2004 22:32:34 +1200 + +ipsec-tools (0.2.4-1) unstable; urgency=low + + * Upload takes over maintainership of ipsec-tools. I have already emailed + Wichert Akkerman , and he has said this is good and OK. + * Converted templates to po-debconf. + * Built support into debian/rules, templates and control files to allow + easy building on woody as well as unstable. + * Rebuilt autoconf and libtool using latest versions in sid. This should + fix ARM compilation problems. + * Ported to sid. + * Included patches and portablilty in debian/rules to make building + on either tons easier. + + -- Matthew Grant Wed, 24 Mar 2004 08:41:14 +1200 + +ipsec-tools (0.2.4-0.mag.4) unstable; urgency=low + + * Set up a quick and dirty patching scheme so that all changes are in + debian directory. Make source tree easier to maintain. + * Make a test build. + + -- Matthew Grant Mon, 22 Mar 2004 02:40:53 +0000 + +ipsec-tools (0.2.4-0.mag.3) unstable; urgency=low + + * Made it generate a .diff file. + + -- Matthew Grant Mon, 22 Mar 2004 01:51:20 +0000 + +ipsec-tools (0.2.4-0.mag.2) unstable; urgency=low + + * Added manpages for racoon-tool(8) and racoon-tool.conf(5) + * Updated copyright file etc. + * Fixed a lot of problems lintian detected. + + -- Matthew Grant Sun, 21 Mar 2004 21:01:07 +0000 + +ipsec-tools (0.2.4-0.mag.1) unstable; urgency=low + + * Fix install so that racoon goes into /usr/sbin. + * Fix restart operation of racoon init script. + * Set up debconf to either select racoon-tool or use direct editing + of the configuration. Default to direct configuration mode. + * Fix dependency generation for racoon package. + * Fix racoon init scripts and posinst script to detect if a suitable + kernel is installed. + + -- Matthew Grant Wed, 17 Mar 2004 00:34:24 +0000 + +ipsec-tools (0.2.4-0.mag.0) unstable; urgency=low + + * Updated to new upstream release. + + -- Matthew Grant Tue, 2 Mar 2004 03:05:17 +0000 + +ipsec-tools (0.2.2-8) unstable; urgency=low + + * Give libtool and auto* the deserved kick in the pants and upgrade them + to newer versions which do not break on ARM. Closes: Bug#221553 + + -- Wichert Akkerman Wed, 19 Nov 2003 13:42:19 +0100 + +ipsec-tools (0.2.2-7) unstable; urgency=low + + * Tell configure that our kernel includes are in /usr/include. + Closes: Bug#221380 + * Stop using debian email address in changelog as well + + -- Wichert Akkerman Tue, 18 Nov 2003 11:13:48 +0100 + +ipsec-tools (0.2.2-6) unstable; urgency=low + + * Build using the new linux-kernel-headers package + * Split out racoon into its own package + + -- Wichert Akkerman Fri, 14 Nov 2003 00:09:21 +0100 + +ipsec-tools (0.2.2-5) unstable; urgency=low + + * Update kernel headers so DES and 3DES work again with current kernels. + + -- Wichert Akkerman Mon, 23 Jun 2003 14:01:40 +0200 + +ipsec-tools (0.2.2-4) unstable; urgency=low + + * Fix logic error in init script which prevented racoon from being + started + * Update link to the PKIX certificate documentation + * Use invoke-rc.d. Note that whoever decided its --query option should + return 104 on an obvious success case should be shot. + * Include GSSAPI copyright. Closes: Bug#192281 + + -- Wichert Akkerman Wed, 14 May 2003 11:21:47 +0200 + +ipsec-tools (0.2.2-3) unstable; urgency=low + + * Add libssl-dev Build-Depend. Closes: Bug#186750 + * Add a Standards-Version. Closes: Bug#186748 + * Update config.{guess,sub} to version from autotools-dev 20030110.1. + Closes: Bug#186587 + * Don't abort if make distclean fails. Closes: Bug#186751 + + -- Wichert Akkerman Sat, 29 Mar 2003 18:16:01 +0100 + +ipsec-tools (0.2.2-2) unstable; urgency=low + + * Add a real description and copyright + * Install all racoon documentation + * Install conffiles + * Fix permissions, compress manpages + * Properly restart and stop racoon on upgrade and removal + + -- Wichert Akkerman Sat, 22 Mar 2003 18:42:03 +0100 + +ipsec-tools (0.2.2-1) unstable; urgency=low + + * First trivial packaging + + -- Wichert Akkerman Sat, 15 Mar 2003 11:53:05 +0100 + --- ipsec-tools-0.7.orig/debian/ipsec-tools.conf +++ ipsec-tools-0.7/debian/ipsec-tools.conf @@ -0,0 +1,20 @@ +#!/usr/sbin/setkey -f + +# NOTE: Do not use this file if you use racoon with racoon-tool +# utility. racoon-tool will setup SAs and SPDs automatically using +# /etc/racoon/racoon-tool.conf configuration. +# + +## Flush the SAD and SPD +# +# flush; +# spdflush; + +## Some sample SPDs for use racoon +# +# spdadd 10.10.100.1 10.10.100.2 any -P out ipsec +# esp/transport//require; +# +# spdadd 10.10.100.2 10.10.100.1 any -P in ipsec +# esp/transport//require; +# --- ipsec-tools-0.7.orig/debian/racoon.conf +++ ipsec-tools-0.7/debian/racoon.conf @@ -0,0 +1,40 @@ +# +# NOTE: This file will not be used if you use racoon-tool(8) to manage your +# IPsec connections. racoon-tool will process racoon-tool.conf(5) and +# generate a configuration (/var/lib/racoon/racoon.conf) and use it, instead +# of this file. +# +# Simple racoon.conf +# +# +# Please look in /usr/share/doc/racoon/examples for +# examples that come with the source. +# +# Please read racoon.conf(5) for details, and alsoread setkey(8). +# +# +# Also read the Linux IPSEC Howto up at +# http://www.ipsec-howto.org/t1.html +# + +path pre_shared_key "/etc/racoon/psk.txt"; +path certificate "/etc/racoon/certs"; + +#remote 172.31.1.1 { +# exchange_mode main,aggressive; +# proposal { +# encryption_algorithm 3des; +# hash_algorithm sha1; +# authentication_method pre_shared_key; +# dh_group modp1024; +# } +# generate_policy off; +#} +# +#sainfo address 192.168.203.10[any] any address 192.168.22.0/24[any] any { +# pfs_group modp768; +# encryption_algorithm 3des; +# authentication_algorithm hmac_md5; +# compression_algorithm deflate; +#} + --- ipsec-tools-0.7.orig/debian/postrm +++ ipsec-tools-0.7/debian/postrm @@ -0,0 +1,38 @@ +#! /bin/sh +# postrm script for ipsec-tools +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' overwrit>r> +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + + + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- ipsec-tools-0.7.orig/debian/compat +++ ipsec-tools-0.7/debian/compat @@ -0,0 +1 @@ +4 --- ipsec-tools-0.7.orig/debian/racoon.config +++ ipsec-tools-0.7/debian/racoon.config @@ -0,0 +1,25 @@ +#!/bin/sh -e +CONFFILE=/etc/default/racoon + +# Source debconf library. +. /usr/share/debconf/confmodule + +CONFIG_MODE="" + +if test -e "$CONFFILE"; then + . "$CONFFILE" + + # Guard against admin writing silly things into the + # config file... + if test "$CONFIG_MODE" != "racoon-tool"; then + db_set racoon/config_mode "direct" + else + db_set racoon/config_mode "racoon-tool" + fi + +fi + +# Setup and select the configuration mode +db_input high racoon/config_mode || true +db_go + --- ipsec-tools-0.7.orig/debian/racoon.init +++ ipsec-tools-0.7/debian/racoon.init @@ -0,0 +1,101 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: racoon +# Required-Start: $remote_fs +# Required-Stop: $remote_fs +# Default-Start: S +# Default-Stop: 1 +### END INIT INFO +# +# netscript script to fire up netscript network configuration system +# +# Written by Miquel van Smoorenburg . +# Modified for Debian GNU/Linux +# by Ian Murdock . +# Modified from /etc/init.d/skeleton +# by Matthew Grant +# + +set -e + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +TOOL=/usr/sbin/racoon-tool +DAEMON=/usr/sbin/racoon +NAME=racoon +DESC="racoon" +DEF_CFG="/etc/default/racoon" +PID_FILE="/var/run/racoon.pid" +PROC_FILE="/proc/net/pfkey" + +test -f $TOOL || exit 0 +test -f $DAEMON || exit 0 + +CONFIG_MODE="direct" +RACOON_ARGS="" + +[ -f "$DEF_CFG" ] && . $DEF_CFG + +if [ ! -d /var/run/racoon ]; then + mkdir -p /var/run/racoon +fi + +check_kernel () { + local MOD_DIR=/lib/modules/`uname -r` + local FOUT + + [ -f "$PROC_FILE" ] && return 0 + [ ! -d "$MOD_DIR" ] && return 1 + FOUT=`find $MOD_DIR -name "*af_key*"` + [ -z "$FOUT" ] && return 1 + return 0 +} + +if ! check_kernel ; then + echo "racoon - IKE keying daemon will not be started as $PROC_FILE is not" 1>&2 + echo " available or a suitable 2.6 (or 2.4 with IPSEC backport)" 1>&2 + echo " kernel with af_key.[k]o module is not installed." 1>&2 + exit 0 +fi + +case $CONFIG_MODE in + racoon-tool) + # /usr/sbin/racoon-tool command complies with Debian Policy so just do this: + # NB the following makes lintian happy + case "$1" in + start|stop|reload|force-reload|restart) + $TOOL $* + ;; + *) + $TOOL $* + ;; + esac + ;; + *) + case "$1" in + start) + echo -n "Starting IKE (ISAKMP/Oakley) server: racoon" + start-stop-daemon --start --quiet --exec /usr/sbin/racoon -- ${RACOON_ARGS} + echo "." + ;; + + stop) + echo -n "Stopping IKE (ISAKMP/Oakley) server: racoon" + start-stop-daemon --stop --retry 25 --quiet --oknodo \ + --pidfile $PID_FILE --name racoon + rm -f $PID_FILE /var/run/racoon/racoon.sock + echo "." + ;; + + reload|force-reload|restart) + $0 stop + $0 start + ;; + + *) + echo "Usage: $0 {start|stop|reload|force-reload|restart}" >&2 + exit 1 + esac + ;; +esac + +exit 0 --- ipsec-tools-0.7.orig/debian/rules +++ ipsec-tools-0.7/debian/rules @@ -0,0 +1,138 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# +# This file was originally written by Joey Hess and Craig Small. +# As a special exception, when this file is copied by dh-make into a +# dh-make output file, you may use that output file without restriction. +# This special exception was added by Craig Small in version 0.37 of dh-make. +# +# Modified to make a template file for a multi-binary package with separated +# build-arch and build-indep targets by Bill Allombert 2001 + +# Uncomment this to turn on verbose mode. +export DH_VERBOSE=1 + +# This has to be exported to make some magic below work. +export DH_OPTIONS + +# These are used for cross-compiling and for saving the configure script +# from having to guess our platform (since we know it already) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + + +CFLAGS = -Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +config.status: configure + dh_testdir + # Add here commands to configure the package. + CFLAGS="$(CFLAGS)" ./configure --verbose --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --sysconfdir=/etc/racoon --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --localstatedir=/var/run --enable-shared --disable-static --enable-frag --enable-gssapi --enable-hybrid --enable-xauth --enable-dpd --enable-adminport --enable-natt --with-kernel-headers=/usr/include --with-libpam --without-readline --disable-security-context + +#Architecture +build: build-arch build-indep + +build-arch: build-arch-stamp +build-arch-stamp: config.status + + # Add here commands to compile the arch part of the package. + #$(MAKE) + touch build-arch-stamp + +build-indep: build-indep-stamp +build-indep-stamp: config.status + + # Add here commands to compile the indep part of the package. + #$(MAKE) doc + touch build-indep-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-arch-stamp build-indep-stamp #CONFIGURE-STAMP# + + # Add here commands to clean up after the build process. + rm -f config.log + [ ! -f Makefile ] || $(MAKE) distclean +ifneq "$(wildcard /usr/share/misc/config.sub)" "" + cp -f /usr/share/misc/config.sub config.sub +endif +ifneq "$(wildcard /usr/share/misc/config.guess)" "" + cp -f /usr/share/misc/config.guess config.guess +endif + + debconf-updatepo + dh_clean + +install: install-indep install-arch +install-indep: + # we have no indep packages + +install-arch: + dh_testdir + dh_testroot + dh_clean -k -s + dh_installdirs -s + + # Add here commands to install the arch part of the package into + # debian/tmp. + $(MAKE) install DESTDIR=$(CURDIR)/debian/racoon + + chrpath -d debian/racoon/usr/lib/*.so.0.* \ + debian/racoon/usr/sbin/* + dh_movefiles -pipsec-tools --sourcedir=debian/racoon \ + usr/sbin/setkey usr/share/man/man8/setkey.8 \ + /usr/lib/libipsec.so.0 /usr/lib/libipsec.so.0.0.1 + rm debian/racoon/usr/lib/*.so debian/racoon/usr/lib/*.la + + mkdir -p debian/racoon/var/lib/racoon + install -m 755 -o root -g root debian/racoon-tool.pl \ + debian/racoon/usr/sbin/racoon-tool + install -D -m 600 -o root -g root src/racoon/samples/psk.txt.sample \ + debian/racoon/etc/racoon/psk.txt + install -m 644 -o root -g root debian/racoon-tool.conf \ + debian/racoon/etc/racoon + install -m 644 -o root -g root debian/racoon.conf \ + debian/racoon/etc/racoon/racoon.conf + mkdir -p debian/ipsec-tools/etc + install -m 755 -o root -g root debian/ipsec-tools.conf \ + debian/ipsec-tools/etc/ipsec-tools.conf + +# Must not depend on anything. This is to be called by +# binary-arch/binary-indep +# in another 'make' thread. +binary-arch: build-arch install-arch + dh_testdir + dh_testroot + dh_installchangelogs ChangeLog + dh_installdocs + dh_installexamples -pracoon src/racoon/samples + dh_installdebconf + dh_installinit -pracoon -- start 40 S . stop 89 1 . + dh_installinit -pipsec-tools --name=setkey --no-start -- \ + start 37 S . + dh_installman -pracoon debian/racoon-tool.8 debian/racoon-tool.conf.5 + dh_link + dh_strip + dh_compress + dh_fixperms + dh_perl + dh_makeshlibs + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +# Build architecture independant packages using the common target. +binary-indep: build-indep install-indep + # we have no architecture independant stuff yet + +binary: binary-arch binary-indep +.PHONY: build clean binary-indep binary-arch binary install install-indep install-arch --- ipsec-tools-0.7.orig/debian/racoon.templates +++ ipsec-tools-0.7/debian/racoon.templates @@ -0,0 +1,12 @@ +Template: racoon/config_mode +Type: select +__Choices: direct, racoon-tool +# The above choices have to be left as they are as the values are used directly +# in the postinst script. They do not need translation. +# Please explain what they are in any rewritten description. +Default: direct +_Description: Configuration mode for racoon IKE daemon. + Racoon can be configured two ways, either by directly editing + /etc/racoon/racoon.conf or using the racoon-tool administrative front end. + racoon-tool is now deprecated and is only available for backward + compatibility. New installations should always use the "direct" method. --- ipsec-tools-0.7.orig/debian/racoon.README.Debian +++ ipsec-tools-0.7/debian/racoon.README.Debian @@ -0,0 +1,34 @@ +Debian README for racoon +------------------------ + +This package requires a 2.6 kernel with IPSEC available, or a 2.4 kernel +with the new IPSEC backport as in the latest 2.4 kernel source in sid and +sarge. + +Please note that the xfrm_user.o module must be loaded unless statically +compiled into the kernel so that the /proc/net/pfkey file is available for +setkey and racoon. + +If a suitable kernel is not installed, or /proc/net/pfkey is not available +racoon will fail to start properly. + +You will also have to make sure all required kernel encryption and xfrm +modules are loaded, or that they are statically linked if using 'direct' +debconf configuration. + +racoon-tool +----------- +racoon-tool is now officially deprecated. It used to be the preferred method +of configuration in older releases (till 0.3.1) but is now deprecated because +of several reasons; it's debian specific, upstream doesn't like it, it lags +behind in features when compared to racoon.conf(5). If you're interested in +using the latest and greatest feature in racoon, use /etc/racoon/racoon.conf +directly. + +Further Information +------------------- +Further information about the new Linux KAME/racoon IPSEC can be found +up at http://ipsec-tools.sourceforge.net, and a HOWTO can be found up at +"http://www.ipsec-howto.org/t1.html". + + -- Ganesan Rajagopal , Mon, 21 Apr 2008 13:47:57 +0530 --- ipsec-tools-0.7.orig/debian/examples/racoon-tool.conf-complex +++ ipsec-tools-0.7/debian/examples/racoon-tool.conf-complex @@ -0,0 +1,71 @@ +# +# Configuration file for racoon-tool +# + +global: + log: notify + +# default settings to save typing +peer(%default): + certificate_type: x509 blurke-ipsec.crt blurke-ipsec.key + my_identifier: fqdn blurke.bar.com + lifetime: time 60 min + verify_identifier: on + verify_cert: on + hash_algorithm[0]: sha1 + encryption_algorithm[0]: 3des + authentication_method[0]: rsasig + +connection(%default): + authentication_algorithm: hmac_sha1 + encryption_algorithm: 3des + src_ip: 172.31.1.1 + lifetime: time 20 min + +# Connection to work +peer(10.0.0.1): + peers_identifier: fqdn blue.sky.com + +connection(blurke-blue-sky-work): + src_range: 192.168.203.1/32 + dst_range: 172.16.0.0/24 + dst_ip: 10.0.0.1 + admin_status: enabled + +# Connection to telehoused servers +connection(blurke-mail): + src_range: 192.168.203.0/24 + dst_range: 172.20.1.1 + dst_ip: 10.100.0.1 + encryption_algorithm: blowfish + compression: on + admin_status: yes + +peer(10.100.0.1): + peers_identifier: fqdn mail.bar.com + +connection(blurke-web1): + src_range: 192.168.203.0/24 + dst_range: 172.20.1.23 + dst_ip: 10.100.0.1 + encryption_algorithm: blowfish + admin_status: yes + +connection(blurke-web2): + src_range: 192.168.203.0/24 + dst_range: 172.20.1.24 + dst_ip: 10.100.0.1 + encryption_algorithm: blowfish + admin_status: yes + + + +# Test connection to Free S/WAN +connection(blurke-freeswan): + src_range: 192.168.203.0/24 + dst_range: 172.17.100.0/24 + dst_ip: 172.30.1.1 + admin_status: yes + +peer(172.30.1.1): + peers_identifier: fqdn banshee --- ipsec-tools-0.7.orig/debian/examples/racoon-tool.conf-basic +++ ipsec-tools-0.7/debian/examples/racoon-tool.conf-basic @@ -0,0 +1,28 @@ +# +# Configuration file for racoon-tool +# +# See racoon-tool.conf(5) for details +# + +# +# Simple PSK - authentication defaults to pre_shared_key +# +connection(bacckdoor-doormat): + src_range: 192.168.223.1/32 + dst_range: 192.168.200.0/24 + src_ip: 172.31.1.1 + dst_ip: 10.0.0.1 + admin_status: enabled + compression: no + lifetime: time 20 min + authentication_algorithm: hmac_sha1 + encryption_algorithm: 3des + +peer(10.0.0.1): + verify_cert: on + passive: off + verify_identifier: off + lifetime: time 60 min + hash_algorithm[0]: sha1 + encryption_algorithm[0]: 3des + --- ipsec-tools-0.7.orig/debian/examples/racoon.conf-upstream-install +++ ipsec-tools-0.7/debian/examples/racoon.conf-upstream-install @@ -0,0 +1,125 @@ +# $KAME: racoon.conf.in,v 1.18 2001/08/16 06:33:40 itojun Exp $ + +# "path" must be placed before it should be used. +# You can overwrite which you defined, but it should not use due to confusing. +path include "/etc/racoon" ; +#include "remote.conf" ; + +# search this file for pre_shared_key with various ID key. +path pre_shared_key "/etc/racoon/psk.txt" ; + +# racoon will look for certificate file in the directory, +# if the certificate/certificate request payload is received. +path certificate "/etc/cert" ; + +# "log" specifies logging level. It is followed by either "notify", "debug" +# or "debug2". +#log debug; + +# "padding" defines some parameter of padding. You should not touch these. +padding +{ + maximum_length 20; # maximum padding length. + randomize off; # enable randomize length. + strict_check off; # enable strict check. + exclusive_tail off; # extract last one octet. +} + +# if no listen directive is specified, racoon will listen to all +# available interface addresses. +listen +{ + #isakmp ::1 [7000]; + #isakmp 202.249.11.124 [500]; + #admin [7002]; # administrative's port by kmpstat. + #strict_address; # required all addresses must be bound. +} + +# Specification of default various timer. +timer +{ + # These value can be changed per remote node. + counter 5; # maximum trying count to send. + interval 20 sec; # maximum interval to resend. + persend 1; # the number of packets per a send. + + # timer for waiting to complete each phase. + phase1 30 sec; + phase2 15 sec; +} + +remote anonymous +{ + #exchange_mode main,aggressive; + exchange_mode aggressive,main; + doi ipsec_doi; + situation identity_only; + + #my_identifier address; + my_identifier user_fqdn "sakane@kame.net"; + peers_identifier user_fqdn "sakane@kame.net"; + #certificate_type x509 "mycert" "mypriv"; + + nonce_size 16; + lifetime time 1 min; # sec,min,hour + initial_contact on; + support_mip6 on; + proposal_check obey; # obey, strict or claim + + proposal { + encryption_algorithm 3des; + hash_algorithm sha1; + authentication_method pre_shared_key ; + dh_group 2 ; + } +} + +remote ::1 [8000] +{ + #exchange_mode main,aggressive; + exchange_mode aggressive,main; + doi ipsec_doi; + situation identity_only; + + my_identifier user_fqdn "sakane@kame.net"; + peers_identifier user_fqdn "sakane@kame.net"; + #certificate_type x509 "mycert" "mypriv"; + + nonce_size 16; + lifetime time 1 min; # sec,min,hour + + proposal { + encryption_algorithm 3des; + hash_algorithm sha1; + authentication_method pre_shared_key ; + dh_group 2 ; + } +} + +sainfo anonymous +{ + pfs_group 1; + lifetime time 30 sec; + encryption_algorithm 3des ; + authentication_algorithm hmac_sha1; + compression_algorithm deflate ; +} + +sainfo address 203.178.141.209 any address 203.178.141.218 any +{ + pfs_group 1; + lifetime time 30 sec; + encryption_algorithm des ; + authentication_algorithm hmac_md5; + compression_algorithm deflate ; +} + +sainfo address ::1 icmp6 address ::1 icmp6 +{ + pfs_group 1; + lifetime time 60 sec; + encryption_algorithm 3des, blowfish 448, des ; + authentication_algorithm hmac_sha1, hmac_md5 ; + compression_algorithm deflate ; +} + --- ipsec-tools-0.7.orig/debian/po/ru.po +++ ipsec-tools-0.7/debian/po/ru.po @@ -0,0 +1,53 @@ +# Russian translation of ipsec-tools_1:0.6.5-6.po. +# This file is distributed under the same license as the ipsec-tools package. +# Aleksandr Bouksha , 2006.A , 2006. +# +# +msgid "" +msgstr "" +"Project-Id-Version: ipsec-tools 1:0.6.5-6\n" +"Report-Msgid-Bugs-To: ipsec-tools@packages.debian.org\n" +"POT-Creation-Date: 2008-06-18 14:09-0400\n" +"PO-Revision-Date: 2006-06-16 16:00+0600\n" +"Last-Translator: Aleksandr Bouksha \n" +"Language-Team: Russian \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=koi8-r\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "direct" +msgstr "òÅÄÁËÔÉÒÏ×ÁÎÉÅ ×ÒÕÞÎÕÀ" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "racoon-tool" +msgstr "ðÒÉ ÐÏÍÏÝÉ racoon-tool" + +# | msgid "Please select the configuration mode for racoon IKE daemon." +#. Type: select +#. Description +#: ../racoon.templates:1002 +#, fuzzy +msgid "Configuration mode for racoon IKE daemon." +msgstr "÷ÙÂÅÒÉÔÅ ÐÏÖÁÌÕÊÓÔÁ ÓÐÏÓÏ ËÏÎÆÉÇÕÒÉÒÏ×ÁÎÉÑ ÄÅÍÏÎÁ rakoon IKE" + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "" +"Racoon can be configured two ways, either by directly editing /etc/racoon/" +"racoon.conf or using the racoon-tool administrative front end. racoon-tool " +"is now deprecated and is only available for backward compatibility. New " +"installations should always use the \"direct\" method." +msgstr "" +"racoon ÍÏÖÅÔ ÂÙÔØ ÓËÏÎÆÉÇÕÒÉÒÏ×ÁÎ Ä×ÕÍÑ ÓÐÏÓÏÂÁÍÉ: ÒÅÄÁËÔÉÒÏ×ÁÎÉÅÍ/etc/init." +"d/racoon.conf ×ÒÕÞÎÕÀ ÉÌÉ ÐÒÉ ÐÏÍÏÝÉ ÉÎÓÔÒÕÍÅÎÔÁ racoon-tool.racoon-tool " +"Ñ×ÌÑÅÔÓÑ ÕÓÔÁÒÅ×ÛÉÍ É ÄÏÓÔÕÐÅÎ ÔÏÌØËÏ ÄÌÑ ÏÂÒÁÔÎÏÊ ÓÏ×ÍÅÓÔÉÍÏÓÔÉ.ðÒÉ ÎÏ×ÏÊ " +"ÕÓÔÁÎÏ×ËÅ ×ÓÅÇÄÁ ×ÙÂÉÒÁÊÔÅ ËÏÎÆÉÇÕÒÉÒÏ×ÁÎÉÅ ×ÒÕÞÎÕÀ." + +#~ msgid "Please select the configuration mode for racoon IKE daemon." +#~ msgstr "÷ÙÂÅÒÉÔÅ ÐÏÖÁÌÕÊÓÔÁ ÓÐÏÓÏ ËÏÎÆÉÇÕÒÉÒÏ×ÁÎÉÑ ÄÅÍÏÎÁ rakoon IKE" --- ipsec-tools-0.7.orig/debian/po/gl.po +++ ipsec-tools-0.7/debian/po/gl.po @@ -0,0 +1,50 @@ +# Galician translation of ipsec-tools's debconf templates +# This file is distributed under the same license as the ipsec-tools package. +# Jacobo Tarrio , 2007, 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: ipsec-tools\n" +"Report-Msgid-Bugs-To: ipsec-tools@packages.debian.org\n" +"POT-Creation-Date: 2008-06-18 14:09-0400\n" +"PO-Revision-Date: 2008-05-13 00:54+0100\n" +"Last-Translator: Jacobo Tarrio \n" +"Language-Team: Galician \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "direct" +msgstr "directo" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "racoon-tool" +msgstr "racoon-tool" + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "Configuration mode for racoon IKE daemon." +msgstr "Modo de configuración para o servizo IKE racoon." + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "" +"Racoon can be configured two ways, either by directly editing /etc/racoon/" +"racoon.conf or using the racoon-tool administrative front end. racoon-tool " +"is now deprecated and is only available for backward compatibility. New " +"installations should always use the \"direct\" method." +msgstr "" +"Pódese configurar racoon de dous xeitos: editando /etc/racoon/racoon.conf " +"directamente, ou empregando a interface administrativa racoon-tool. racoon-" +"tool está obsoleto e só está dispoñible para compatibilidade con versións " +"anteriores. As instalacións novas deberían empregar só o método \"directo\"." + +#~ msgid "Please select the configuration mode for racoon IKE daemon." +#~ msgstr "Escolla o modo de configuración para o servizo IKE racoon." --- ipsec-tools-0.7.orig/debian/po/fr.po +++ ipsec-tools-0.7/debian/po/fr.po @@ -0,0 +1,56 @@ +# Translation of iodine debconf templates to French +# Copyright (C) Sylvain Archenault +# This file is distributed under the same license as the iodine package. +# +# Jean-Luc Coulon (f5ibh)" +# Christian Perrier +# et Denis Barbier +# Sylvain Archenault , 2005. +# +msgid "" +msgstr "" +"Project-Id-Version: fr\n" +"Report-Msgid-Bugs-To: ipsec-tools@packages.debian.org\n" +"POT-Creation-Date: 2008-06-18 14:09-0400\n" +"PO-Revision-Date: 2006-05-29 14:10+0200\n" +"Last-Translator: Sylvain Archenault \n" +"Language-Team: French >\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "direct" +msgstr "Modification directe" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "racoon-tool" +msgstr "Utilisation de racoon-tool" + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "Configuration mode for racoon IKE daemon." +msgstr "Mode de configuration pour le démon IKE racoon :" + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "" +"Racoon can be configured two ways, either by directly editing /etc/racoon/" +"racoon.conf or using the racoon-tool administrative front end. racoon-tool " +"is now deprecated and is only available for backward compatibility. New " +"installations should always use the \"direct\" method." +msgstr "" +"Racoon peut être configuré de deux façons, soit en modifiant directement le " +"fichier /etc/racoon/racoon.conf, soit en utilisant l'outil d'administration " +"racoon-tool. Racoon-tool est désormais obsolète et est seulement disponible " +"pour la rétrocompatibilité. Les nouvelles installations ne doivent utiliser " +"que la méthode « directe »." + +#~ msgid "Please select the configuration mode for racoon IKE daemon." +#~ msgstr "Mode de configuration pour le dmon IKE racoon:" --- ipsec-tools-0.7.orig/debian/po/cs.po +++ ipsec-tools-0.7/debian/po/cs.po @@ -0,0 +1,59 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: ipsec-tools\n" +"Report-Msgid-Bugs-To: ipsec-tools@packages.debian.org\n" +"POT-Creation-Date: 2008-06-18 14:09-0400\n" +"PO-Revision-Date: 2008-05-22 18:09+0200\n" +"Last-Translator: Miroslav Kure \n" +"Language-Team: Czech \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "direct" +msgstr "přímo" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "racoon-tool" +msgstr "racoon-tool" + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "Configuration mode for racoon IKE daemon." +msgstr "Způsob nastavení racoon IKE daemona." + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "" +"Racoon can be configured two ways, either by directly editing /etc/racoon/" +"racoon.conf or using the racoon-tool administrative front end. racoon-tool " +"is now deprecated and is only available for backward compatibility. New " +"installations should always use the \"direct\" method." +msgstr "" +"racoon můžete nastavit dvÄ›ma způsoby. BuÄ přímou úpravou souboru /etc/racoon/" +"racoon.conf, nebo použitím administraÄního rozhraní racoon-tool. racoon-tool " +"je nyní zastaralý a je poskytován jen pro zachování zpÄ›tné kompatibility. U " +"nových instalací byste vždy mÄ›li použít „přímý“ způsob." + +#~ msgid "Please select the configuration mode for racoon IKE daemon." +#~ msgstr "Vyberte způsob nastavení racoon IKE daemona." --- ipsec-tools-0.7.orig/debian/po/templates.pot +++ ipsec-tools-0.7/debian/po/templates.pot @@ -0,0 +1,45 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: ipsec-tools@packages.debian.org\n" +"POT-Creation-Date: 2008-06-18 14:09-0400\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "direct" +msgstr "" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "racoon-tool" +msgstr "" + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "Configuration mode for racoon IKE daemon." +msgstr "" + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "" +"Racoon can be configured two ways, either by directly editing /etc/racoon/" +"racoon.conf or using the racoon-tool administrative front end. racoon-tool " +"is now deprecated and is only available for backward compatibility. New " +"installations should always use the \"direct\" method." +msgstr "" --- ipsec-tools-0.7.orig/debian/po/vi.po +++ ipsec-tools-0.7/debian/po/vi.po @@ -0,0 +1,53 @@ +# Vietnamese Translation for ipsec-tools. +# Copyright © 2008 Free Software Foundation, Inc. +# Clytie Siddall , 2005-2008. +# +msgid "" +msgstr "" +"Project-Id-Version: ipsec-tools 1:0.7-2.1\n" +"Report-Msgid-Bugs-To: ipsec-tools@packages.debian.org\n" +"POT-Creation-Date: 2008-06-18 14:09-0400\n" +"PO-Revision-Date: 2008-05-22 14:29+0930\n" +"Last-Translator: Clytie Siddall \n" +"Language-Team: Vietnamese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: LocFactoryEditor 1.7b3\n" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "direct" +msgstr "trá»±c tiếp" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "racoon-tool" +msgstr "racoon-tool" + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "Configuration mode for racoon IKE daemon." +msgstr "Chế Ä‘á»™ cấu hình cho trình ná»n IKE racoon." + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "" +"Racoon can be configured two ways, either by directly editing /etc/racoon/" +"racoon.conf or using the racoon-tool administrative front end. racoon-tool " +"is now deprecated and is only available for backward compatibility. New " +"installations should always use the \"direct\" method." +msgstr "" +"Trình racoon có thể được cấu hình bằng hai cách khác nhau, hoặc bằng cách " +"hiệu chỉnh trá»±c tiếp tập tin cấu hình « /etc/init.d/racoon.conf », hoặc bằng " +"cách sá»­ dụng tiá»n tiêu quản trị racoon-tool. Tùy nhiên, racoon-tool lúc bây " +"giá» bị phản đối và công bố chỉ để tÆ°Æ¡ng thích ngược. Việc cài đặt má»›i lúc " +"nào cÅ©ng nên dùng phÆ°Æ¡ng pháp « trá»±c tiếp »." + +#~ msgid "Please select the configuration mode for racoon IKE daemon." +#~ msgstr "Hãy chá»n chế Ä‘á»™ cấu hình cho trình ná»n IKE racoon." --- ipsec-tools-0.7.orig/debian/po/pt.po +++ ipsec-tools-0.7/debian/po/pt.po @@ -0,0 +1,53 @@ +# translation of ipsec-tools debconf to Portuguese +# Portuguese translation of ipsec-tools debconf messages. +# This file is distributed under the same license as the ipsec-tools package. +# +# Manuel Padilha , 2006. +# Américo Monteiro , 2008. +msgid "" +msgstr "" +"Project-Id-Version: ipsec-tools 1:0.7-2\n" +"Report-Msgid-Bugs-To: ipsec-tools@packages.debian.org\n" +"POT-Creation-Date: 2008-06-18 14:09-0400\n" +"PO-Revision-Date: 2008-05-25 19:39+0100\n" +"Last-Translator: Américo Monteiro \n" +"Language-Team: Portuguese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "direct" +msgstr "directo" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "racoon-tool" +msgstr "raccon-tool" + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "Configuration mode for racoon IKE daemon." +msgstr "Modo de configuração para o daemon racoon IKE." + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "" +"Racoon can be configured two ways, either by directly editing /etc/racoon/" +"racoon.conf or using the racoon-tool administrative front end. racoon-tool " +"is now deprecated and is only available for backward compatibility. New " +"installations should always use the \"direct\" method." +msgstr "" +"O racoon pode ser configurado de duas formas, ou editando directamente o " +"ficheiro /etc/racoon/racoon.conf ou usando o front-end administrativo racoon-" +"tool. O racoon-tool está obsoleto e só é disponibilizado para garantir retro-" +"compatibilidade. As instalações novas devem usar sempre o método \"directo\"." + +#~ msgid "Please select the configuration mode for racoon IKE daemon." +#~ msgstr "Escolha o modo de configurao para o 'daemon' IKE racoon." --- ipsec-tools-0.7.orig/debian/po/eu.po +++ ipsec-tools-0.7/debian/po/eu.po @@ -0,0 +1,50 @@ +# translation of xd-ipsec-tools-eu.po to Euskara +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# xabier bilbao , 2008. +# Piarres Beobide , 2008. +msgid "" +msgstr "" +"Project-Id-Version: xd-ipsec-tools-eu\n" +"Report-Msgid-Bugs-To: ipsec-tools@packages.debian.org\n" +"POT-Creation-Date: 2008-04-21 08:51+0000\n" +"PO-Revision-Date: 2008-05-24 23:47+0200\n" +"Last-Translator: Piarres Beobide \n" +"Language-Team: Euskara \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "direct" +msgstr "zuzena" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "racoon-tool" +msgstr "racoon-tool bidez" + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "Configuration mode for racoon IKE daemon." +msgstr "Racoon IKE deabrua konfiguratzeko modua:" + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "" +"Racoon can be configured two ways, either by directly editing /etc/racoon/" +"racoon.conf or using the racoon-tool administrative front end. racoon-tool " +"is now deprecated and is only available for backward compatibility. New " +"installations should always use the \"direct\" method." +msgstr "" +"Bi era daude Racoon konfiguratzeko: /etc/racoon/racoon.conf zuzenean " +"editatuz, edo racoon-tool administrazio interfazea erabiliz. Racoon-tool " +"zaharkitua geratu da, eta atzeranzko bateragarritasunagatik soilik dago " +"eskura. Instalazio berrietan erabili beti \"zuzena\" modua." --- ipsec-tools-0.7.orig/debian/po/de.po +++ ipsec-tools-0.7/debian/po/de.po @@ -0,0 +1,63 @@ +# translation of ipsec-tools_1:0.7-2_de.po to German +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +# Erik Schanze , 2004-2008. +msgid "" +msgstr "" +"Project-Id-Version: ipsec-tools_1:0.7-2_de\n" +"Report-Msgid-Bugs-To: ipsec-tools@packages.debian.org\n" +"POT-Creation-Date: 2008-06-18 14:09-0400\n" +"PO-Revision-Date: 2008-05-04 00:25+0200\n" +"Last-Translator: Erik Schanze \n" +"Language-Team: German \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "direct" +msgstr "direkt" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "racoon-tool" +msgstr "Racoon-tool" + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "Configuration mode for racoon IKE daemon." +msgstr "Art der Einrichtung des Racoon-IKE-Diensts." + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "" +"Racoon can be configured two ways, either by directly editing /etc/racoon/" +"racoon.conf or using the racoon-tool administrative front end. racoon-tool " +"is now deprecated and is only available for backward compatibility. New " +"installations should always use the \"direct\" method." +msgstr "" +"Racoon kann auf zwei Arten eingerichtet werden, entweder durch direktes " +"Ändern der Datei /etc/racoon/racoon.conf oder mit Hilfe der " +"Systemverwaltungsoberfläche »Racoon-tool«. Racoon-tool ist veraltet und nur " +"noch wegen der Rückwärtsverträglichkeit dabei. Neuinstallationen sollten " +"immer die Methode »direkt« verwenden." + +#~ msgid "Please select the configuration mode for racoon IKE daemon." +#~ msgstr "" +#~ "Bitte wählen Sie aus, wie Sie den Racoon-IKE-Dienst einrichten wollen." --- ipsec-tools-0.7.orig/debian/po/pt_BR.po +++ ipsec-tools-0.7/debian/po/pt_BR.po @@ -0,0 +1,58 @@ +# ipsec-tools Brazilian Portuguese translation +# Copyright (C) 2006 ipsec-tools's COPYRIGHT HOLDER +# This file is distributed under the same license as the ipsec-tools package. +# André Luís Lopes , 2006. +# Eder L. Marques (frolic) , 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: ipsec-tools 1:0.7-2.1\n" +"Report-Msgid-Bugs-To: ipsec-tools@packages.debian.org\n" +"POT-Creation-Date: 2008-06-18 14:09-0400\n" +"PO-Revision-Date: 2008-05-26 11:23-0300\n" +"Last-Translator: Eder L. Marques (frolic) \n" +"Language-Team: Brazilian Portuguese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"pt_BR utf-8\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "direct" +msgstr "direta" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "racoon-tool" +msgstr "racoon-tool" + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "Configuration mode for racoon IKE daemon." +msgstr "Modo de configuração para o daemon IKE racoon." + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "" +"Racoon can be configured two ways, either by directly editing /etc/racoon/" +"racoon.conf or using the racoon-tool administrative front end. racoon-tool " +"is now deprecated and is only available for backward compatibility. New " +"installations should always use the \"direct\" method." +msgstr "" +"O racoon pode ser configurado de duas maneiras, tanto editando diretamente o " +"arquivo /etc/racoon/racoon.conf ou usando a interface administrativa racoon-" +"tool. O racoon-tool está obsoleto agora e está disponível somente para " +"compatibilidade com versões anteriores. Novas instalações deveriam sempre " +"utilizar o método \"direto\"." + +#~ msgid "Please select the configuration mode for racoon IKE daemon." +#~ msgstr "" +#~ "Por favor, selecione o modo de configuração para o daemon IKE racoon." --- ipsec-tools-0.7.orig/debian/po/sv.po +++ ipsec-tools-0.7/debian/po/sv.po @@ -0,0 +1,100 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# Developers do not need to manually edit POT or PO files. +# , fuzzy +# +# +msgid "" +msgstr "" +"Project-Id-Version: ipsec-tools 1:0.6.1-1\n" +"Report-Msgid-Bugs-To: ipsec-tools@packages.debian.org\n" +"POT-Creation-Date: 2008-06-18 14:09-0400\n" +"PO-Revision-Date: 2006-05-30 17:06+0100\n" +"Last-Translator: Daniel Nylander \n" +"Language-Team: Swedish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=iso-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "direct" +msgstr "direkt" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "racoon-tool" +msgstr "racoon-tool" + +# | msgid "Please select the configuration mode for racoon IKE daemon." +#. Type: select +#. Description +#: ../racoon.templates:1002 +#, fuzzy +msgid "Configuration mode for racoon IKE daemon." +msgstr "Välj konfigurationsläget för racoon IKE-demonen." + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "" +"Racoon can be configured two ways, either by directly editing /etc/racoon/" +"racoon.conf or using the racoon-tool administrative front end. racoon-tool " +"is now deprecated and is only available for backward compatibility. New " +"installations should always use the \"direct\" method." +msgstr "" +"racoon kan konfigureras på två sätt, antingen genom att direkt redigera /etc/" +"racoon/racoon.conf eller genom att använda verktyget racoon-tool. racoon-" +"tool är nu föråldrat och finns endast tillgängligt för kompatibilitet bakåt. " +"Nya installationer bör alltid använda metoden \"direkt\"." + +#~ msgid "Please select the configuration mode for racoon IKE daemon." +#~ msgstr "Välj konfigurationsläget för racoon IKE-demonen." + +#~ msgid "Please select the racoon configuration mode." +#~ msgstr "Välj konfigurationsläget för racoon IKE daemon." + +#~ msgid "Racoon can now be configured two ways." +#~ msgstr "Racoon kan konfigureras på två sätt." + +#~ msgid "" +#~ "The traditional one (direct), which is for direct editing of /etc/racoon/" +#~ "racoon.conf and setup of the SPD using setkey via a shell script written " +#~ "by the systems administrator. You will have to make sure that the kernel " +#~ "has all required modules loaded or the racoon daemon can exit with a " +#~ "'failed to parse configuration file' error." +#~ msgstr "" +#~ "Den traditionella metoden (direkt) som är för att direkt göra ändringar " +#~ "i /etc/racoon/racoon.conf och sätta upp SPD med setkey via shellskript " +#~ "(skrivet av systemadministratören). Du måste kontrollera att kerneln har " +#~ "alla nödvändiga moduler laddade annars kommer racoon daemonen att " +#~ "avslutas med ett 'failed to parse configuration file' fel." + +#~ msgid "" +#~ "The new one is the racoon-tool administration front end which configures " +#~ "both, as well as handling module loading and can handle most common " +#~ "setups. Please read /usr/share/doc/racoon/README.Debian for more " +#~ "details." +#~ msgstr "" +#~ "Det nya är racoon-tools administrationsgränssnitt som konfigurerar dem " +#~ "båda och som även hanterar laddning av moduler och kan även hantera de " +#~ "flesta allmänna inställningar. Vänligen läs /usr/share/doc/racoon/README." +#~ "Debian för mer information." + +#~ msgid "" +#~ "Would you like to use the new racoon-tool program to configure VPNs, or " +#~ "the direct editing of /etc/racoon/racoon.conf?" +#~ msgstr "" +#~ "Vill du använda det nya programmet racoon-tool för att konfigurera VPN " +#~ "eller direkt ändra /etc/racoon/racoon.conf manuellt?" + +#~ msgid "Please select from either 'direct' or 'racoon-tool'." +#~ msgstr "Välj mellan antingen 'direkt' eller 'racoon-tool'." --- ipsec-tools-0.7.orig/debian/po/es.po +++ ipsec-tools-0.7/debian/po/es.po @@ -0,0 +1,118 @@ +# ipsec-tools po-debconf translation to Spanish +# Copyright (C) 2005 Software in the Public Interest +# This file is distributed under the same license as the ipsec-tools package. +# +# Changes: +# - Initial translation +# César Gómez Martín +# - Translation update +# Javier Fernández-Sanguino +# +# Traductores, si no conoce el formato PO, merece la pena leer la +# documentación de gettext, especialmente las secciones dedicadas a este +# formato, por ejemplo ejecutando: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Equipo de traducción al español, por favor, lean antes de traducir +# los siguientes documentos: +# +# - El proyecto de traducción de Debian al español +# http://www.debian.org/intl/spanish/ +# especialmente las notas de traducción en +# http://www.debian.org/intl/spanish/notas +# +# - La guía de traducción de po's de debconf: +# /usr/share/doc/po-debconf/README-trans +# o http://www.debian.org/intl/l10n/po-debconf/README-trans +# +msgid "" +msgstr "" +"Project-Id-Version: ipsec-tools 1:0.6.6-3\n" +"Report-Msgid-Bugs-To: ipsec-tools@packages.debian.org\n" +"POT-Creation-Date: 2008-06-18 14:09-0400\n" +"PO-Revision-Date: 2008-05-22 01:00+0200\n" +"Last-Translator: Javier Fernández-Sanguino \n" +"Language-Team: Debian l10n spanish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Spanish\n" +"X-Poedit-Country: SPAIN\n" +"X-Poedit-SourceCharset: utf-8\n" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "direct" +msgstr "directo" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "racoon-tool" +msgstr "racoon-tool" + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "Configuration mode for racoon IKE daemon." +msgstr "Modo de configuración para el demonio IKE de racoon" + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "" +"Racoon can be configured two ways, either by directly editing /etc/racoon/" +"racoon.conf or using the racoon-tool administrative front end. racoon-tool " +"is now deprecated and is only available for backward compatibility. New " +"installations should always use the \"direct\" method." +msgstr "" +"Puede configurar racoon de dos formas distintas: editando directamente el " +"fichero «/etc/racoon/racoon.conf» o utilizando la interfaz de administración " +"«racoon-tool». La herramienta «Racoon-tool» está ahora obsoleta y sólo se " +"proporciona para tener compatibilidad hacia atrás. Las nuevas instalaciones " +"deberían siempre utilizar el método «directo»." + +#~ msgid "Please select the configuration mode for racoon IKE daemon." +#~ msgstr "" +#~ "Por favor, seleccione el modo de configuración para el demonio IKE de " +#~ "racoon." + +#~ msgid "Racoon can now be configured two ways." +#~ msgstr "Racoon puede configurarse de dos formas." + +#~ msgid "" +#~ "The traditional one (direct), which is for direct editing of /etc/racoon/" +#~ "racoon.conf and setup of the SPD using setkey via a shell script written " +#~ "by the systems administrator. You will have to make sure that the kernel " +#~ "has all required modules loaded or the racoon daemon can exit with a " +#~ "'failed to parse configuration file' error." +#~ msgstr "" +#~ "El modo tradicional (directo), que se usa para la edición directa de /etc/" +#~ "racoon/racoon.conf y para la instalación de SPD usando setkey a través de " +#~ "un shell script escrito por el administrador del sistema. Tendrá que " +#~ "asegurarse de que el núcleo tiene cargados todos los módulos requeridos o " +#~ "el demonio racoon se finalizará con el mensaje de error «fallo al analizar " +#~ "el fichero de configuración»." + +#~ msgid "" +#~ "The new one is the racoon-tool administration front end which configures " +#~ "both, as well as handling module loading and can handle most common " +#~ "setups. Please read /usr/share/doc/racoon/README.Debian for more " +#~ "details." +#~ msgstr "" +#~ "El nuevo modo es el administrador de racoon-tool que configura ambos, " +#~ "también gestiona la carga de módulos y puede gestionar la mayoría de " +#~ "instalaciones habituales. Por favor, lea /usr/share/doc/racoon/README." +#~ "Debian para más detalles." + +#~ msgid "" +#~ "Would you like to use the new racoon-tool program to configure VPNs, or " +#~ "the direct editing of /etc/racoon/racoon.conf?" +#~ msgstr "" +#~ "¿Le gustaría utilizar el administrador racoon-tool para configurar VPNs " +#~ "(Redes privadas virtuales) o prefiere la edición directa de «/etc/racoon/" +#~ "racoon.conf»?" + +#~ msgid "Please select from either 'direct' or 'racoon-tool'." +#~ msgstr "Por favor, seleccione «direct» o «racoon-tool»." --- ipsec-tools-0.7.orig/debian/po/nl.po +++ ipsec-tools-0.7/debian/po/nl.po @@ -0,0 +1,52 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: ipsec-tools\n" +"Report-Msgid-Bugs-To: ipsec-tools@packages.debian.org\n" +"POT-Creation-Date: 2008-06-18 14:09-0400\n" +"PO-Revision-Date: 2008-05-26 15:23+0100\n" +"Last-Translator: Bart Cornelis \n" +"Language-Team: debian-l10n-dutch \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Dutch\n" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "direct" +msgstr "direct" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "racoon-tool" +msgstr "racoon-tool" + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "Configuration mode for racoon IKE daemon." +msgstr "Configuratiemodus voor de racoon IKE-achtergronddienst." + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "" +"Racoon can be configured two ways, either by directly editing /etc/racoon/" +"racoon.conf or using the racoon-tool administrative front end. racoon-tool " +"is now deprecated and is only available for backward compatibility. New " +"installations should always use the \"direct\" method." +msgstr "" +"Racoon kan ingesteld worden door of het configuratiebestand /etc/racoon/" +"racoon.conf direct aan te passen, of via het racoon-tool administratieve " +"programma. Racoon-tool is verouderd en enkel beschikbaar voor teruggaande " +"compatibiliteit. Nieuwe installaties dienen de 'direct'-methode te gebruiken." + +#~ msgid "Please select the configuration mode for racoon IKE daemon." +#~ msgstr "Wat is de configuratiemodus voor de racoon IKE-achtergronddienst?" --- ipsec-tools-0.7.orig/debian/po/POTFILES.in +++ ipsec-tools-0.7/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] racoon.templates --- ipsec-tools-0.7.orig/debian/po/ja.po +++ ipsec-tools-0.7/debian/po/ja.po @@ -0,0 +1,99 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: ipsec-tools 1-0.6.6-3\n" +"Report-Msgid-Bugs-To: ipsec-tools@packages.debian.org\n" +"POT-Creation-Date: 2008-06-18 14:09-0400\n" +"PO-Revision-Date: 2006-12-12 02:00+0900\n" +"Last-Translator: Atsushi Shimono \n" +"Language-Team: Japanese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "direct" +msgstr "直接" + +#. Type: select +#. Choices +#: ../racoon.templates:1001 +msgid "racoon-tool" +msgstr "racoon-tool" + +# | msgid "Please select the configuration mode for racoon IKE daemon." +#. Type: select +#. Description +#: ../racoon.templates:1002 +#, fuzzy +msgid "Configuration mode for racoon IKE daemon." +msgstr "racoon IKE デーモンã®è¨­å®šæ–¹æ³•ã‚’é¸æŠžã—ã¦ãã ã•ã„。" + +#. Type: select +#. Description +#: ../racoon.templates:1002 +msgid "" +"Racoon can be configured two ways, either by directly editing /etc/racoon/" +"racoon.conf or using the racoon-tool administrative front end. racoon-tool " +"is now deprecated and is only available for backward compatibility. New " +"installations should always use the \"direct\" method." +msgstr "" +"racoon ã¯ã€/etc/racoon/racoon.conf を直接編集ã™ã‚‹ã€ã‚‚ã—ã㯠racoon-tool 管ç†" +"フロントエンドを利用ã™ã‚‹ã¨ã„ã†ã€2 ã¤ã®æ–¹æ³•ã®ã©ã¡ã‚‰ã‚’使ã£ã¦ã‚‚設定å¯èƒ½ã§ã™ã€‚" +"racoon-tool ã¯ã™ã§ã«å»ƒæ­¢ã•ã‚Œã‚‹äºˆå®šã«ãªã£ã¦ãŠã‚Šã€å¾Œæ–¹äº’æ›æ€§ã®ãŸã‚ã«ã®ã¿æ®‹ã•ã‚Œ" +"ã¦ã„ã¾ã™ã€‚æ–°è¦ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã§ã¯å¿…ãš \"直接\" 設定ã—ã¦ãã ã•ã„。" + +#~ msgid "Please select the configuration mode for racoon IKE daemon." +#~ msgstr "racoon IKE デーモンã®è¨­å®šæ–¹æ³•ã‚’é¸æŠžã—ã¦ãã ã•ã„。" + +#~ msgid "Please select the racoon configuration mode." +#~ msgstr "racoon IKE デーモンã®è¨­å®šæ–¹æ³•ã‚’é¸æŠžã—ã¦ãã ã•ã„。" + +#~ msgid "Racoon can now be configured two ways." +#~ msgstr "racoon 㯠2 ã¤ã®æ–¹æ³•ã§è¨­å®šå¯èƒ½ã§ã™ã€‚" + +#~ msgid "" +#~ "The traditional one (direct), which is for direct editing of /etc/racoon/" +#~ "racoon.conf and setup of the SPD using setkey via a shell script written " +#~ "by the systems administrator. You will have to make sure that the kernel " +#~ "has all required modules loaded or the racoon daemon can exit with a " +#~ "'failed to parse configuration file' error." +#~ msgstr "" +#~ "従æ¥ã®æ–¹æ³• (直接) ã§ã¯ã€/etc/racoon/racoon.conf を直接編集ã—ã€ç®¡ç†è€…ã«ã‚ˆã£" +#~ "ã¦æ›¸ã‹ã‚ŒãŸã‚·ã‚§ãƒ«ã‚¹ã‚¯ãƒªãƒ—トã«ã‚ˆã‚‹ setkey を用ã„㦠SPD を設定ã—ã¾ã™ã€‚カーãƒ" +#~ "ルã«å¿…è¦ãªå…¨ã¦ã®ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ãŒèª­ã¿è¾¼ã¾ã‚Œã¦ã„ãªã‘ã‚Œã°ã€racoon デーモン㯠'設" +#~ "定ファイルã®è§£æžã‚¨ãƒ©ãƒ¼' ã§çµ‚了ã—ã¾ã™ã€‚" + +#~ msgid "" +#~ "The new one is the racoon-tool administration front end which configures " +#~ "both, as well as handling module loading and can handle most common " +#~ "setups. Please read /usr/share/doc/racoon/README.Debian for more " +#~ "details." +#~ msgstr "" +#~ "æ–°ã—ã„方法ã¯ã€racoon-tool 管ç†ãƒ•ãƒ­ãƒ³ãƒˆã‚¨ãƒ³ãƒ‰ã§ã¯ã€ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã®ãƒ­ãƒ¼ãƒ‰ã¨ã€ä¸€" +#~ "般的ãªã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ—ã®ä¸¡æ–¹ãŒè¡Œãˆã¾ã™ã€‚より詳細ãªæƒ…å ±ã«ã¤ã„ã¦ã¯ã€/usr/share/" +#~ "doc/racoon/README.Debian を読んã§ãã ã•ã„。" + +#~ msgid "" +#~ "Would you like to use the new racoon-tool program to configure VPNs, or " +#~ "the direct editing of /etc/racoon/racoon.conf?" +#~ msgstr "" +#~ "VPN ã®è¨­å®šã«æ–°ã—ã„ racoon-tool プログラムを利用ã—ã¾ã™ã‹ï¼Ÿã‚‚ã—ãã¯ã€ç›´æŽ¥ /" +#~ "etc/racoon/racoon.conf を編集ã—ã¾ã™ã‹ï¼Ÿ" + +#~ msgid "Please select from either 'direct' or 'racoon-tool'." +#~ msgstr "'直接' ã‚‚ã—ã㯠'racoon-tool' ã®ã„ã¥ã‚Œã‹ã‚’é¸æŠžã—ã¦ãã ã•ã„"