diff options
| -rw-r--r-- | package/Config.in | 1 | ||||
| -rw-r--r-- | package/ipsec-tools/Config.in | 64 | ||||
| -rw-r--r-- | package/ipsec-tools/ipsec-tools.mk | 154 |
3 files changed, 219 insertions, 0 deletions
diff --git a/package/Config.in b/package/Config.in index e22adfbd2..9987829dd 100644 --- a/package/Config.in +++ b/package/Config.in @@ -51,6 +51,7 @@ source "package/hostap/Config.in" source "package/hotplug/Config.in" source "package/iostat/Config.in" source "package/iproute2/Config.in" +source "package/ipsec-tools/Config.in" source "package/iptables/Config.in" source "package/jpeg/Config.in" source "package/less/Config.in" diff --git a/package/ipsec-tools/Config.in b/package/ipsec-tools/Config.in new file mode 100644 index 000000000..964218e1c --- /dev/null +++ b/package/ipsec-tools/Config.in @@ -0,0 +1,64 @@ +config BR2_PACKAGE_IPSEC_TOOLS + bool "ipsec-tools" + default n + select BR2_PACKAGE_OPENSSL + help + This package is required to support IPSec for Linux 2.6+ + +config BR2_PACKAGE_IPSEC_TOOLS_ADMINPORT + default y + depends on BR2_PACKAGE_IPSEC_TOOLS + bool "Enable racoonctl(8)." + help + Lets racoon to listen to racoon admin port, which is to + be contacted by racoonctl(8). + +config BR2_PACKAGE_IPSEC_TOOLS_NATT + default n + depends on BR2_PACKAGE_IPSEC_TOOLS + bool "Enable NAT-Traversal" + help + This needs kernel support, which is available on Linux. On + NetBSD, NAT-Traversal kernel support has not been integrated + yet, you can get it from here: + + http://ipsec-tools.sourceforge.net/netbsd_nat-t.diff If you + + live in a country where software patents are legal, using + NAT-Traversal might infringe a patent. + + +config BR2_PACKAGE_IPSEC_TOOLS_FRAG + default n + depends on BR2_PACKAGE_IPSEC_TOOLS + bool "Enable IKE fragmentation." + help + Enable IKE fragmentation, which is a workaround for + broken routers that drop fragmented packets + +config BR2_PACKAGE_IPSEC_TOOLS_STATS + default y + depends on BR2_PACKAGE_IPSEC_TOOLS + bool "Enable statistics logging function." + +config BR2_PACKAGE_IPSEC_TOOLS_IPV6 + default y + depends on BR2_PACKAGE_IPSEC_TOOLS + bool "Enable IPv6 support" + help + This option has no effect if uClibc has been compiled without + IPv6 support. + +config BR2_PACKAGE_IPSEC_TOOLS_READLINE + default n + depends on BR2_PACKAGE_IPSEC_TOOLS + select BR2_READLINE + bool "Enable readline input support if available." + +config BR2_PACKAGE_IPSEC_TOOLS_LIBS + bool "Install IPSec libraries under staging_dir/lib" + default y + depends on BR2_PACKAGE_IPSEC_TOOLS + help + Install libipsec.a and libracoon.a under staging_dir/lib for further + development on a host machine. diff --git a/package/ipsec-tools/ipsec-tools.mk b/package/ipsec-tools/ipsec-tools.mk new file mode 100644 index 000000000..220d05c58 --- /dev/null +++ b/package/ipsec-tools/ipsec-tools.mk @@ -0,0 +1,154 @@ +############################################################# +# +# ipsec-tools +# +############################################################# + +IPSEC_TOOLS_VER:=0.6.1 +IPSEC_TOOLS_SOURCE:=ipsec-tools-$(IPSEC_TOOLS_VER).tar.bz2 +IPSEC_TOOLS_DIR:=$(BUILD_DIR)/ipsec-tools-$(IPSEC_TOOLS_VER) + +IPSEC_TOOLS_BINARY_SETKEY:=src/setkey/setkey +IPSEC_TOOLS_BINARY_RACOON:=src/racoon/racoon +IPSEC_TOOLS_BINARY_RACOONCTL:=src/racoon/racoonctl + +IPSEC_TOOLS_TARGET_BINARY_SETKEY:=usr/sbin/setkey +IPSEC_TOOLS_TARGET_BINARY_RACOON:=usr/sbin/racoon +IPSEC_TOOLS_TARGET_BINARY_RACOONCTL:=usr/sbin/racoonctl +IPSEC_TOOLS_SITE=http://$(BR2_SOURCEFORGE_MIRROR).dl.sourceforge.net/sourceforge/ipsec-tools/ + +ifeq ($(strip $(BR2_PACKAGE_IPSEC_TOOLS_ADMINPORT)), y) +IPSEC_TOOLS_CONFIG_FLAGS+= --enable-adminport +else +IPSEC_TOOLS_CONFIG_FLAGS+= --disable-adminport +endif + +ifeq ($(strip $(BR2_PACKAGE_IPSEC_TOOLS_NATT)), y) +IPSEC_TOOLS_CONFIG_FLAGS+= --enable-natt +else +IPSEC_TOOLS_CONFIG_FLAGS+= --disable-natt +endif + +ifeq ($(strip $(BR2_PACKAGE_IPSEC_TOOLS_FRAG)), y) +IPSEC_TOOLS_CONFIG_FLAGS+= --enable-frag +else +IPSEC_TOOLS_CONFIG_FLAGS+= --disable-frag +endif + +ifeq ($(strip $(BR2_PACKAGE_IPSEC_TOOLS_STATS)), y) +IPSEC_TOOLS_CONFIG_FLAGS+= --enable-stats +else +IPSEC_TOOLS_CONFIG_FLAGS+= --disable-stats +endif + +# At first check, if uClibc supports IPv6 +ifeq ($(shell grep -q '__UCLIBC_HAS_IPV6__ 1' \ + $(STAGING_DIR)/include/bits/uClibc_config.h && echo IPV6), IPV6) + +ifeq ($(strip $(BR2_PACKAGE_IPSEC_TOOLS_IPV6)), y) +IPSEC_TOOLS_CONFIG_FLAGS+= --enable-ipv6 +else +IPSEC_TOOLS_CONFIG_FLAGS+= --disable-ipv6 +endif + +else # ignore user's choice if it doesn't +IPSEC_TOOLS_CONFIG_FLAGS+= --disable-ipv6 +endif + +ifneq ($(strip $(BR2_PACKAGE_IPSEC_TOOLS_READLINE)), y) +IPSEC_TOOLS_CONFIG_FLAGS+= --without-readline +endif + +$(DL_DIR)/$(IPSEC_TOOLS_SOURCE): + $(WGET) -P $(DL_DIR) $(IPSEC_TOOLS_SITE)/$(IPSEC_TOOLS_SOURCE) + + +$(IPSEC_TOOLS_DIR)/.source: $(DL_DIR)/$(IPSEC_TOOLS_SOURCE) + bunzip2 -c $(DL_DIR)/$(IPSEC_TOOLS_SOURCE) | tar -C $(BUILD_DIR) $(TAR_OPTIONS) - + touch $(IPSEC_TOOLS_DIR)/.source + +$(IPSEC_TOOLS_DIR)/.configured: $(IPSEC_TOOLS_DIR)/.source + ( cd $(IPSEC_TOOLS_DIR); \ + $(TARGET_CONFIGURE_OPTS) \ + CFLAGS="$(TARGET_CFLAGS)" \ + ./configure \ + --target=$(GNU_TARGET_NAME) \ + --host=$(GNU_TARGET_NAME) \ + --build=$(GNU_HOST_NAME) \ + --prefix=/usr \ + --sysconfdir=/etc \ + --disable-hybrid \ + --without-libpam \ + --disable-gssapi \ + --with-kernel-headers=$(STAGING_DIR)/include \ + $(IPSEC_TOOLS_CONFIG_FLAGS) \ + ); + touch $(IPSEC_TOOLS_DIR)/.configured + +$(IPSEC_TOOLS_DIR)/$(IPSEC_TOOLS_BINARY_SETKEY) \ +$(IPSEC_TOOLS_DIR)/$(IPSEC_TOOLS_BINARY_RACOON) \ +$(IPSEC_TOOLS_DIR)/$(IPSEC_TOOLS_BINARY_RACOONCTL): \ + $(IPSEC_TOOLS_DIR)/.configured + $(MAKE) CC=$(TARGET_CC) -C $(IPSEC_TOOLS_DIR) + +$(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_SETKEY) \ +$(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_RACOON) \ +$(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_RACOONCTL): \ + $(IPSEC_TOOLS_DIR)/$(IPSEC_TOOLS_BINARY_SETKEY) \ + $(IPSEC_TOOLS_DIR)/$(IPSEC_TOOLS_BINARY_RACOON) \ + $(IPSEC_TOOLS_DIR)/$(IPSEC_TOOLS_BINARY_RACOONCTL) + make -C $(IPSEC_TOOLS_DIR) DESTDIR=$(TARGET_DIR) install + strip --strip-unneeded --remove-section=.comment \ + --remove-section=.note \ + $(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_SETKEY) \ + $(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_RACOON) \ + $(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_RACOONCTL) + -rm -f $(TARGET_DIR)/usr/man/man3/ipsec_strerror.3 \ + $(TARGET_DIR)/usr/man/man3/ipsec_set_policy.3 \ + $(TARGET_DIR)/usr/man/man5/racoon.conf.5 \ + $(TARGET_DIR)/usr/man/man8/racoonctl.8 \ + $(TARGET_DIR)/usr/man/man8/racoon.8 \ + $(TARGET_DIR)/usr/man/man8/plainrsa-gen.8 \ + $(TARGET_DIR)/usr/man/man8/setkey.8 +ifeq ($(strip $(BR2_PACKAGE_IPSEC_TOOLS_LIBS)), y) + install -D $(IPSEC_TOOLS_DIR)/src/libipsec/.libs/libipsec.a \ + $(IPSEC_TOOLS_DIR)/src/libipsec/.libs/libipsec.la \ + $(IPSEC_TOOLS_DIR)/src/racoon/.libs/libracoon.a \ + $(IPSEC_TOOLS_DIR)/src/racoon/.libs/libracoon.la \ + $(STAGING_DIR)/lib +endif +ifneq ($(strip $(BR2_PACKAGE_IPSEC_TOOLS_ADMINPORT)), y) + -rm -f $(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_RACOONCTL) +endif + +IPSEC_TOOLS_PROGS= $(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_SETKEY) \ + $(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_RACOON) + +ifeq ($(strip $(BR2_PACKAGE_IPSEC_TOOLS_ADMINPORT)), y) +IPSEC_TOOLS_PROGS+= $(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_RACOONCTL) +endif + +ipsec-tools: uclibc openssl $(IPSEC_TOOLS_PROGS) + +ipsec-tools-source: $(DL_DIR)/$(IPSEC_TOOLS_SOURCE) + +ipsec-tools-uninstall: + +ipsec-tools-clean: + make -C $(IPSEC_TOOLS_DIR) DESTDIR=$(TARGET_DIR) uninstall + make -C $(IPSEC_TOOLS_DIR) clean +ifeq ($(strip $(BR2_PACKAGE_IPSEC_TOOLS_LIBS)), y) + -rm -f $(STAGING_DIR)/lib/libipsec.a + -rm -f $(STAGING_DIR)/lib/libipsec.la + -rm -f $(STAGING_DIR)/lib/libracoon.a + -rm -f $(STAGING_DIR)/lib/libracoon.la +endif + -rm $(IPSEC_TOOLS_DIR)/.configured + +ipsec-tools-dirclean: + @echo $(LINUX_DIR) + -rm -rf $(IPSEC_TOOLS_DIR) + +ifeq ($(strip $(BR2_PACKAGE_IPSEC_TOOLS)), y) +TARGETS+=ipsec-tools +endif |