hi :) with the attached patch, isakmpd happily compiles for me :)
it changes sysdep/linux to use pf_key_v2.c instead of klips.
with the attached include files (copied from the linux-2.5
and freebsd source tree), this seems to work pretty well.
however, i haven't tested it yet.
will boot linux-2.5 in a minute... ;)
--
CU, / Friedrich-Alexander University Erlangen, Germany
Martin Waitz // [Tali on IRCnet] [tali.home.pages.de] _________
______________/// - - - - - - - - - - - - - - - - - - - - ///
dies ist eine manuell generierte mail, sie beinhaltet //
tippfehler und ist auch ohne grossbuchstaben gueltig. /
-
Wer bereit ist, grundlegende Freiheiten aufzugeben, um sich
kurzfristige Sicherheit zu verschaffen, der hat weder Freiheit
noch Sicherheit verdient.
Benjamin Franklin (1706 - 1790)
? autoscan.log
? exchange_num.c
? exchange_num.h
? ipsec_fld.c
? ipsec_fld.h
? ipsec_num.c
? ipsec_num.h
? isakmp_fld.c
? isakmp_fld.h
? isakmp_num.c
? isakmp_num.h
? isakmpd
? linux-2.5-port.diff
? sysdep/linux/include
Index: GNUmakefile
===================================================================
RCS file: /cvs/src/sbin/isakmpd/GNUmakefile,v
retrieving revision 1.4
diff -u -p -r1.4 GNUmakefile
--- GNUmakefile 23 Aug 2002 18:17:17 -0000 1.4
+++ GNUmakefile 10 Nov 2002 21:54:17 -0000
@@ -44,11 +44,12 @@
# openbsd means 2.5 or newer, linux is the name for Linux with FreeS/WAN
# integrated, freebsd/netbsd means FreeBSD/NetBSD with KAME IPsec.
# darwin means MacOS X 10.2 and later with KAME IPsec.
-OS= openbsd
+#OS= openbsd
#OS= netbsd
#OS= freebsd
#OS= linux
#OS= darwin
+OS= linux
.CURDIR:= $(shell pwd)
VPATH= ${.CURDIR}/sysdep/${OS}
Index: Makefile
===================================================================
RCS file: /cvs/src/sbin/isakmpd/Makefile,v
retrieving revision 1.46
diff -u -p -r1.46 Makefile
--- Makefile 10 Jun 2002 18:08:58 -0000 1.46
+++ Makefile 10 Nov 2002 21:54:17 -0000
@@ -43,10 +43,10 @@
# openbsd means OpenBSD 2.5 or newer. linux is the name for Linux with
# FreeS/WAN integrated, freebsd/netbsd means FreeBSD/NetBSD with KAME IPsec.
-OS= openbsd
+#OS= openbsd
#OS= netbsd
#OS= freebsd
-#OS= linux
+OS= linux
#OS= bsdi
# Compile-time configuration of otherwise optional features
Index: init.c
===================================================================
RCS file: /cvs/src/sbin/isakmpd/init.c,v
retrieving revision 1.20
diff -u -p -r1.20 init.c
--- init.c 7 Aug 2002 13:19:20 -0000 1.20
+++ init.c 10 Nov 2002 21:54:17 -0000
@@ -37,6 +37,8 @@
/* XXX This file could easily be built dynamically instead. */
+#include <stdlib.h>
+
#include "sysdep.h"
#include "app.h"
Index: key.c
===================================================================
RCS file: /cvs/src/sbin/isakmpd/key.c,v
retrieving revision 1.12
diff -u -p -r1.12 key.c
--- key.c 11 Sep 2002 09:50:44 -0000 1.12
+++ key.c 10 Nov 2002 21:54:17 -0000
@@ -21,6 +21,7 @@
*/
#include <string.h>
+#include <stdlib.h>
#include "sysdep.h"
Index: libcrypto.h
===================================================================
RCS file: /cvs/src/sbin/isakmpd/libcrypto.h,v
retrieving revision 1.14
diff -u -p -r1.14 libcrypto.h
--- libcrypto.h 10 Jun 2002 18:08:58 -0000 1.14
+++ libcrypto.h 10 Nov 2002 21:54:17 -0000
@@ -47,6 +47,7 @@
#include <openssl/bio.h>
#include <openssl/md5.h>
#include <openssl/pem.h>
+#include <openssl/rsa.h>
#include <openssl/x509_vfy.h>
#include <openssl/x509.h>
Index: log.c
===================================================================
RCS file: /cvs/src/sbin/isakmpd/log.c,v
retrieving revision 1.30
diff -u -p -r1.30 log.c
--- log.c 8 Aug 2002 13:25:28 -0000 1.30
+++ log.c 10 Nov 2002 21:54:18 -0000
@@ -36,7 +36,7 @@
*/
#include <sys/types.h>
-#include <sys/time.h>
+#include <time.h>
#ifdef USE_DEBUG
#include <sys/socket.h>
Index: pf_key_v2.c
===================================================================
RCS file: /cvs/src/sbin/isakmpd/pf_key_v2.c,v
retrieving revision 1.117
diff -u -p -r1.117 pf_key_v2.c
--- pf_key_v2.c 11 Sep 2002 09:50:44 -0000 1.117
+++ pf_key_v2.c 10 Nov 2002 21:54:19 -0000
@@ -823,7 +823,9 @@ pf_key_v2_setup_sockaddr (void *res, str
case AF_INET:
ip4_sa = (struct sockaddr_in *)res;
ip4_sa->sin_family = AF_INET;
+#ifndef USE_OLD_SOCKADDR
ip4_sa->sin_len = sizeof *ip4_sa;
+#endif
ip4_sa->sin_port = port;
if (dst)
p = (u_int8_t *)(ingress
@@ -837,7 +839,9 @@ pf_key_v2_setup_sockaddr (void *res, str
case AF_INET6:
ip6_sa = (struct sockaddr_in6 *)res;
ip6_sa->sin6_family = AF_INET6;
+#ifndef USE_OLD_SOCKADDR
ip6_sa->sin6_len = sizeof *ip6_sa;
+#endif
ip6_sa->sin6_port = port;
if (dst)
p = (u_int8_t *)(ingress
@@ -2312,13 +2316,17 @@ pf_key_v2_enable_sa (struct sa *sa, stru
{
case AF_INET:
((struct sockaddr_in *)hostmask)->sin_family = AF_INET;
+#ifndef USE_OLD_SOCKADDR
((struct sockaddr_in *)hostmask)->sin_len = sizeof (struct in_addr);
+#endif
memset (&((struct sockaddr_in *)hostmask)->sin_addr.s_addr, 0xff,
sizeof (struct in_addr));
break;
case AF_INET6:
((struct sockaddr_in6 *)hostmask)->sin6_family = AF_INET6;
+#ifndef USE_OLD_SOCKADDR
((struct sockaddr_in6 *)hostmask)->sin6_len = sizeof (struct in6_addr);
+#endif
memset (&((struct sockaddr_in6 *)hostmask)->sin6_addr.s6_addr, 0xff,
sizeof (struct in6_addr));
break;
@@ -2497,14 +2505,18 @@ pf_key_v2_disable_sa (struct sa *sa, int
{
case AF_INET:
((struct sockaddr_in *)hostmask)->sin_family = AF_INET;
+#ifndef USE_OLD_SOCKADDR
((struct sockaddr_in *)hostmask)->sin_len = sizeof (struct in_addr);
+#endif
memset (&((struct sockaddr_in *)hostmask)->sin_addr.s_addr, 0xff,
sizeof (struct in_addr));
break;
case AF_INET6:
((struct sockaddr_in6 *)hostmask)->sin6_family = AF_INET6;
+#ifndef USE_OLD_SOCKADDR
((struct sockaddr_in6 *)hostmask)->sin6_len =
sizeof (struct in6_addr);
+#endif
memset (&((struct sockaddr_in6 *)hostmask)->sin6_addr.s6_addr, 0xff,
sizeof (struct in6_addr));
break;
Index: udp.c
===================================================================
RCS file: /cvs/src/sbin/isakmpd/udp.c,v
retrieving revision 1.56
diff -u -p -r1.56 udp.c
--- udp.c 11 Sep 2002 09:50:44 -0000 1.56
+++ udp.c 10 Nov 2002 21:54:20 -0000
@@ -648,7 +648,9 @@ udp_init (void)
*/
memset (&dflt_stor, 0, sizeof dflt_stor);
dflt->sin_family = AF_INET;
+#ifndef USE_OLD_SOCKADDR
((struct sockaddr_in *)dflt)->sin_len = sizeof (struct sockaddr_in);
+#endif
((struct sockaddr_in *)dflt)->sin_port = htons (lport);
default_transport = udp_bind ((struct sockaddr *)&dflt_stor);
@@ -662,7 +664,9 @@ udp_init (void)
memset (&dflt_stor, 0, sizeof dflt_stor);
dflt->sin_family = AF_INET6;
+#ifndef USE_OLD_SOCKADDR
((struct sockaddr_in6 *)dflt)->sin6_len = sizeof (struct sockaddr_in6);
+#endif
((struct sockaddr_in6 *)dflt)->sin6_port = htons (lport);
default_transport6 = udp_bind ((struct sockaddr *)&dflt_stor);
Index: x509.h
===================================================================
RCS file: /cvs/src/sbin/isakmpd/x509.h,v
retrieving revision 1.17
diff -u -p -r1.17 x509.h
--- x509.h 7 Aug 2002 13:19:20 -0000 1.17
+++ x509.h 10 Nov 2002 21:54:20 -0000
@@ -60,8 +60,6 @@ struct x509_aca {
struct x509_attribval name2;
};
-struct X509;
-struct X509_STORE;
/* Functions provided by cert handler. */
Index: sysdep/linux/GNUmakefile.sysdep
===================================================================
RCS file: /cvs/src/sbin/isakmpd/sysdep/linux/GNUmakefile.sysdep,v
retrieving revision 1.4
diff -u -p -r1.4 GNUmakefile.sysdep
--- sysdep/linux/GNUmakefile.sysdep 10 Jun 2002 18:08:59 -0000 1.4
+++ sysdep/linux/GNUmakefile.sysdep 10 Nov 2002 21:54:20 -0000
@@ -33,13 +33,6 @@
# This code was written under funding by Ericsson Radio Systems.
#
-# In order for this to work, invocations need to set FREESWAN to the
-# directory where FreeS/WAN is installed.
-
-ifndef FREESWAN
-FREESWAN= /usr/src/freeswan
-endif
-
BINDIR= /usr/local/sbin
# Partly good for RedHat 5.2, but man(1) does not find them so I have it
# disabled for now.
@@ -48,23 +41,23 @@ BINDIR= /usr/local/sbin
#MAN8= isakmpd.0
NOMAN=
-LIBGMP= -lgmp
-LIBDES= ${FREESWAN}/libdes/libdes.a
LIBSYSDEPDIR= ${.CURDIR}/sysdep/common/libsysdep
LIBSYSDEP= ${LIBSYSDEPDIR}/libsysdep.a
+LIBGMP= -lgmp
+LIBCRYPTO= -lcrypto
-FEATURES= tripledes blowfish cast ec aggressive debug
+IPSEC_SRCS= pf_key_v2.c
+IPSEC_CFLAGS =-DUSE_PF_KEY_V2
-SRCS+= klips.c
+FEATURES= tripledes blowfish old_sockaddr ec libcrypto x509 aggressive
debug
-LDADD+= ${LIBSYSDEP} ${LIBGMP} ${LIBDES} -ldl
-DPADD+= ${LIBSYSDEP} ${LIBGMP} ${LIBDES}
+LDADD+= ${LIBSYSDEP} ${LIBGMP} ${LIBCRYPTO} -ldl
+DPADD+= ${LIBSYSDEP} ${LIBGMP} ${LIBCRYPTO}
-CFLAGS+= -I${FREESWAN}/gmp -I${FREESWAN}/libdes \
- -I${FREESWAN}/klips -I${FREESWAN}/lib -DUSE_OLD_SOCKADDR \
- -I${.CURDIR}/sysdep/common -DSYMBOL_PREFIX='"_"'
-CFLAGS+= -DMP_FLAVOUR=MP_FLAVOUR_GMP
-CFLAGS+= -D'SALEN(x)=8'
+CFLAGS+= -I${.CURDIR}/sysdep/common
+CFLAGS+= -I${.CURDIR}/sysdep/linux/include
+CFLAGS+= -I/usr/include/openssl
+CFLAGS+= -D_BSD_SOURCE
${LIBSYSDEP}:
cd ${LIBSYSDEPDIR}; \
Index: sysdep/linux/sysdep-os.h
===================================================================
RCS file: /cvs/src/sbin/isakmpd/sysdep/linux/sysdep-os.h,v
retrieving revision 1.5
diff -u -p -r1.5 sysdep-os.h
--- sysdep/linux/sysdep-os.h 16 Feb 2002 21:27:35 -0000 1.5
+++ sysdep/linux/sysdep-os.h 10 Nov 2002 21:54:20 -0000
@@ -36,16 +36,23 @@
#ifndef _SYSDEP_OS_H_
#define _SYSDEP_OS_H_
-typedef u_int16_t in_port_t;
-typedef u_int32_t in_addr_t;
-#if 0
-/*
- * Why -D__USE_GNU does not work in order to get this from stdio.h beats me.
- */
-extern int asprintf(char **, const char *, ...);
-#endif
+#define IPSEC_SPI_SIZE 4
+
+#define IPV6_VERSION 6
+
+#define HAVE_GETNAMEINFO
+#define MP_FLAVOUR MP_FLAVOUR_GMP
+
+
+int strlcat(char*, char*, int);
+int strlcpy(char*, char*, int);
+
+/* linux does not yet support these... simply use pseudo values */
+#define CPI_RESERVED_MAX 0
+#define CPI_PRIVATE_MIN 0
+
+#define SADB_X_AALG_RIPEMD160HMAC96 0
-#define DL_LAZY RTLD_LAZY
#endif /* _SYSDEP_OS_H_ */
Index: sysdep/linux/sysdep.c
===================================================================
RCS file: /cvs/src/sbin/isakmpd/sysdep/linux/sysdep.c,v
retrieving revision 1.11
diff -u -p -r1.11 sysdep.c
--- sysdep/linux/sysdep.c 9 Jun 2002 08:13:07 -0000 1.11
+++ sysdep/linux/sysdep.c 10 Nov 2002 21:54:20 -0000
@@ -49,10 +49,14 @@
#include "app.h"
#include "conf.h"
#include "ipsec.h"
-#include "klips.h"
+
+#ifdef USE_PF_KEY_V2
+#include "pf_key_v2.h"
+#define KEY_API(x) pf_key_v2_##x
+#endif
+
#endif /* NEED_SYSDEP_APP */
#include "log.h"
-#include "sysdep.h"
extern char *__progname;
@@ -114,19 +118,20 @@ sysdep_sa_len (struct sockaddr *sa)
int
sysdep_app_open ()
{
- return klips_open ();
+ return KEY_API (open) ();
}
void
sysdep_app_handler (int fd)
{
+ KEY_API (handler) (fd);
}
/* Check that the connection named NAME is active, or else make it active. */
void
sysdep_connection_check (char *name)
{
- klips_connection_check (name);
+ KEY_API (connection_check) (name);
}
/*
@@ -144,7 +149,7 @@ sysdep_ipsec_get_spi (size_t *sz, u_int8
return strdup ("\x12\x34\x56\x78");
}
- return klips_get_spi (sz, proto, src, dst, seq);
+ return KEY_API (get_spi) (sz, proto, src, dst, seq);
}
int
@@ -156,26 +161,34 @@ sysdep_cleartext (int fd, int af)
int
sysdep_ipsec_delete_spi (struct sa *sa, struct proto *proto, int incoming)
{
- return klips_delete_spi (sa, proto, incoming);
+ if (app_none)
+ return 0;
+ return KEY_API (delete_spi) (sa, proto, incoming);
}
int
sysdep_ipsec_enable_sa (struct sa *sa, struct sa *isakmp_sa)
{
- return klips_enable_sa (sa, isakmp_sa);
+ if (app_none)
+ return 0;
+ return KEY_API (enable_sa) (sa, isakmp_sa);
}
int
sysdep_ipsec_group_spis (struct sa *sa, struct proto *proto1,
struct proto *proto2, int incoming)
{
- return klips_group_spis (sa, proto1, proto2, incoming);
+ if (app_none)
+ return 0;
+ return KEY_API (group_spis) (sa, proto1, proto2, incoming);
}
int
sysdep_ipsec_set_spi (struct sa *sa, struct proto *proto, int incoming,
struct sa *isakmp_sa)
{
- return klips_set_spi (sa, proto, incoming, isakmp_sa);
+ if (app_none)
+ return 0;
+ return KEY_API (set_spi) (sa, proto, incoming, isakmp_sa);
}
#endif
linux-2.5-port.tar.gz
Description: Binary data
pgppYVzdEzxiY.pgp
Description: PGP signature
