summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--package/Config.in1
-rw-r--r--package/ipsec-tools/Config.in64
-rw-r--r--package/ipsec-tools/ipsec-tools.mk154
3 files changed, 219 insertions, 0 deletions
diff --git a/package/Config.in b/package/Config.in
index e22adfbd2..9987829dd 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -51,6 +51,7 @@ source "package/hostap/Config.in"
source "package/hotplug/Config.in"
source "package/iostat/Config.in"
source "package/iproute2/Config.in"
+source "package/ipsec-tools/Config.in"
source "package/iptables/Config.in"
source "package/jpeg/Config.in"
source "package/less/Config.in"
diff --git a/package/ipsec-tools/Config.in b/package/ipsec-tools/Config.in
new file mode 100644
index 000000000..964218e1c
--- /dev/null
+++ b/package/ipsec-tools/Config.in
@@ -0,0 +1,64 @@
+config BR2_PACKAGE_IPSEC_TOOLS
+ bool "ipsec-tools"
+ default n
+ select BR2_PACKAGE_OPENSSL
+ help
+ This package is required to support IPSec for Linux 2.6+
+
+config BR2_PACKAGE_IPSEC_TOOLS_ADMINPORT
+ default y
+ depends on BR2_PACKAGE_IPSEC_TOOLS
+ bool "Enable racoonctl(8)."
+ help
+ Lets racoon to listen to racoon admin port, which is to
+ be contacted by racoonctl(8).
+
+config BR2_PACKAGE_IPSEC_TOOLS_NATT
+ default n
+ depends on BR2_PACKAGE_IPSEC_TOOLS
+ bool "Enable NAT-Traversal"
+ help
+ This needs kernel support, which is available on Linux. On
+ NetBSD, NAT-Traversal kernel support has not been integrated
+ yet, you can get it from here:
+
+ http://ipsec-tools.sourceforge.net/netbsd_nat-t.diff If you
+
+ live in a country where software patents are legal, using
+ NAT-Traversal might infringe a patent.
+
+
+config BR2_PACKAGE_IPSEC_TOOLS_FRAG
+ default n
+ depends on BR2_PACKAGE_IPSEC_TOOLS
+ bool "Enable IKE fragmentation."
+ help
+ Enable IKE fragmentation, which is a workaround for
+ broken routers that drop fragmented packets
+
+config BR2_PACKAGE_IPSEC_TOOLS_STATS
+ default y
+ depends on BR2_PACKAGE_IPSEC_TOOLS
+ bool "Enable statistics logging function."
+
+config BR2_PACKAGE_IPSEC_TOOLS_IPV6
+ default y
+ depends on BR2_PACKAGE_IPSEC_TOOLS
+ bool "Enable IPv6 support"
+ help
+ This option has no effect if uClibc has been compiled without
+ IPv6 support.
+
+config BR2_PACKAGE_IPSEC_TOOLS_READLINE
+ default n
+ depends on BR2_PACKAGE_IPSEC_TOOLS
+ select BR2_READLINE
+ bool "Enable readline input support if available."
+
+config BR2_PACKAGE_IPSEC_TOOLS_LIBS
+ bool "Install IPSec libraries under staging_dir/lib"
+ default y
+ depends on BR2_PACKAGE_IPSEC_TOOLS
+ help
+ Install libipsec.a and libracoon.a under staging_dir/lib for further
+ development on a host machine.
diff --git a/package/ipsec-tools/ipsec-tools.mk b/package/ipsec-tools/ipsec-tools.mk
new file mode 100644
index 000000000..220d05c58
--- /dev/null
+++ b/package/ipsec-tools/ipsec-tools.mk
@@ -0,0 +1,154 @@
+#############################################################
+#
+# ipsec-tools
+#
+#############################################################
+
+IPSEC_TOOLS_VER:=0.6.1
+IPSEC_TOOLS_SOURCE:=ipsec-tools-$(IPSEC_TOOLS_VER).tar.bz2
+IPSEC_TOOLS_DIR:=$(BUILD_DIR)/ipsec-tools-$(IPSEC_TOOLS_VER)
+
+IPSEC_TOOLS_BINARY_SETKEY:=src/setkey/setkey
+IPSEC_TOOLS_BINARY_RACOON:=src/racoon/racoon
+IPSEC_TOOLS_BINARY_RACOONCTL:=src/racoon/racoonctl
+
+IPSEC_TOOLS_TARGET_BINARY_SETKEY:=usr/sbin/setkey
+IPSEC_TOOLS_TARGET_BINARY_RACOON:=usr/sbin/racoon
+IPSEC_TOOLS_TARGET_BINARY_RACOONCTL:=usr/sbin/racoonctl
+IPSEC_TOOLS_SITE=http://$(BR2_SOURCEFORGE_MIRROR).dl.sourceforge.net/sourceforge/ipsec-tools/
+
+ifeq ($(strip $(BR2_PACKAGE_IPSEC_TOOLS_ADMINPORT)), y)
+IPSEC_TOOLS_CONFIG_FLAGS+= --enable-adminport
+else
+IPSEC_TOOLS_CONFIG_FLAGS+= --disable-adminport
+endif
+
+ifeq ($(strip $(BR2_PACKAGE_IPSEC_TOOLS_NATT)), y)
+IPSEC_TOOLS_CONFIG_FLAGS+= --enable-natt
+else
+IPSEC_TOOLS_CONFIG_FLAGS+= --disable-natt
+endif
+
+ifeq ($(strip $(BR2_PACKAGE_IPSEC_TOOLS_FRAG)), y)
+IPSEC_TOOLS_CONFIG_FLAGS+= --enable-frag
+else
+IPSEC_TOOLS_CONFIG_FLAGS+= --disable-frag
+endif
+
+ifeq ($(strip $(BR2_PACKAGE_IPSEC_TOOLS_STATS)), y)
+IPSEC_TOOLS_CONFIG_FLAGS+= --enable-stats
+else
+IPSEC_TOOLS_CONFIG_FLAGS+= --disable-stats
+endif
+
+# At first check, if uClibc supports IPv6
+ifeq ($(shell grep -q '__UCLIBC_HAS_IPV6__ 1' \
+ $(STAGING_DIR)/include/bits/uClibc_config.h && echo IPV6), IPV6)
+
+ifeq ($(strip $(BR2_PACKAGE_IPSEC_TOOLS_IPV6)), y)
+IPSEC_TOOLS_CONFIG_FLAGS+= --enable-ipv6
+else
+IPSEC_TOOLS_CONFIG_FLAGS+= --disable-ipv6
+endif
+
+else # ignore user's choice if it doesn't
+IPSEC_TOOLS_CONFIG_FLAGS+= --disable-ipv6
+endif
+
+ifneq ($(strip $(BR2_PACKAGE_IPSEC_TOOLS_READLINE)), y)
+IPSEC_TOOLS_CONFIG_FLAGS+= --without-readline
+endif
+
+$(DL_DIR)/$(IPSEC_TOOLS_SOURCE):
+ $(WGET) -P $(DL_DIR) $(IPSEC_TOOLS_SITE)/$(IPSEC_TOOLS_SOURCE)
+
+
+$(IPSEC_TOOLS_DIR)/.source: $(DL_DIR)/$(IPSEC_TOOLS_SOURCE)
+ bunzip2 -c $(DL_DIR)/$(IPSEC_TOOLS_SOURCE) | tar -C $(BUILD_DIR) $(TAR_OPTIONS) -
+ touch $(IPSEC_TOOLS_DIR)/.source
+
+$(IPSEC_TOOLS_DIR)/.configured: $(IPSEC_TOOLS_DIR)/.source
+ ( cd $(IPSEC_TOOLS_DIR); \
+ $(TARGET_CONFIGURE_OPTS) \
+ CFLAGS="$(TARGET_CFLAGS)" \
+ ./configure \
+ --target=$(GNU_TARGET_NAME) \
+ --host=$(GNU_TARGET_NAME) \
+ --build=$(GNU_HOST_NAME) \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --disable-hybrid \
+ --without-libpam \
+ --disable-gssapi \
+ --with-kernel-headers=$(STAGING_DIR)/include \
+ $(IPSEC_TOOLS_CONFIG_FLAGS) \
+ );
+ touch $(IPSEC_TOOLS_DIR)/.configured
+
+$(IPSEC_TOOLS_DIR)/$(IPSEC_TOOLS_BINARY_SETKEY) \
+$(IPSEC_TOOLS_DIR)/$(IPSEC_TOOLS_BINARY_RACOON) \
+$(IPSEC_TOOLS_DIR)/$(IPSEC_TOOLS_BINARY_RACOONCTL): \
+ $(IPSEC_TOOLS_DIR)/.configured
+ $(MAKE) CC=$(TARGET_CC) -C $(IPSEC_TOOLS_DIR)
+
+$(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_SETKEY) \
+$(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_RACOON) \
+$(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_RACOONCTL): \
+ $(IPSEC_TOOLS_DIR)/$(IPSEC_TOOLS_BINARY_SETKEY) \
+ $(IPSEC_TOOLS_DIR)/$(IPSEC_TOOLS_BINARY_RACOON) \
+ $(IPSEC_TOOLS_DIR)/$(IPSEC_TOOLS_BINARY_RACOONCTL)
+ make -C $(IPSEC_TOOLS_DIR) DESTDIR=$(TARGET_DIR) install
+ strip --strip-unneeded --remove-section=.comment \
+ --remove-section=.note \
+ $(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_SETKEY) \
+ $(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_RACOON) \
+ $(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_RACOONCTL)
+ -rm -f $(TARGET_DIR)/usr/man/man3/ipsec_strerror.3 \
+ $(TARGET_DIR)/usr/man/man3/ipsec_set_policy.3 \
+ $(TARGET_DIR)/usr/man/man5/racoon.conf.5 \
+ $(TARGET_DIR)/usr/man/man8/racoonctl.8 \
+ $(TARGET_DIR)/usr/man/man8/racoon.8 \
+ $(TARGET_DIR)/usr/man/man8/plainrsa-gen.8 \
+ $(TARGET_DIR)/usr/man/man8/setkey.8
+ifeq ($(strip $(BR2_PACKAGE_IPSEC_TOOLS_LIBS)), y)
+ install -D $(IPSEC_TOOLS_DIR)/src/libipsec/.libs/libipsec.a \
+ $(IPSEC_TOOLS_DIR)/src/libipsec/.libs/libipsec.la \
+ $(IPSEC_TOOLS_DIR)/src/racoon/.libs/libracoon.a \
+ $(IPSEC_TOOLS_DIR)/src/racoon/.libs/libracoon.la \
+ $(STAGING_DIR)/lib
+endif
+ifneq ($(strip $(BR2_PACKAGE_IPSEC_TOOLS_ADMINPORT)), y)
+ -rm -f $(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_RACOONCTL)
+endif
+
+IPSEC_TOOLS_PROGS= $(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_SETKEY) \
+ $(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_RACOON)
+
+ifeq ($(strip $(BR2_PACKAGE_IPSEC_TOOLS_ADMINPORT)), y)
+IPSEC_TOOLS_PROGS+= $(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_RACOONCTL)
+endif
+
+ipsec-tools: uclibc openssl $(IPSEC_TOOLS_PROGS)
+
+ipsec-tools-source: $(DL_DIR)/$(IPSEC_TOOLS_SOURCE)
+
+ipsec-tools-uninstall:
+
+ipsec-tools-clean:
+ make -C $(IPSEC_TOOLS_DIR) DESTDIR=$(TARGET_DIR) uninstall
+ make -C $(IPSEC_TOOLS_DIR) clean
+ifeq ($(strip $(BR2_PACKAGE_IPSEC_TOOLS_LIBS)), y)
+ -rm -f $(STAGING_DIR)/lib/libipsec.a
+ -rm -f $(STAGING_DIR)/lib/libipsec.la
+ -rm -f $(STAGING_DIR)/lib/libracoon.a
+ -rm -f $(STAGING_DIR)/lib/libracoon.la
+endif
+ -rm $(IPSEC_TOOLS_DIR)/.configured
+
+ipsec-tools-dirclean:
+ @echo $(LINUX_DIR)
+ -rm -rf $(IPSEC_TOOLS_DIR)
+
+ifeq ($(strip $(BR2_PACKAGE_IPSEC_TOOLS)), y)
+TARGETS+=ipsec-tools
+endif