package: remove openswan

As noticed back when it was marked as broken 1 year ago. Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-02-08 17:20:41 +01:00 · 2010-02-08 17:20:41 +01:00 · 5223447b8b
commit 5223447b8b
parent 7dd0591183
26 changed files with 2 additions and 238669 deletions
--- a/2
+++ b/2
@ -14,6 +14,8 @@
 	sdl_ttf, sqlite, sshfs, tremor, u-boot, usb_modeswitch, usbutils,
 	webkit, wpa_supplicant, xfsprogs, zlib

+	Removed package: openswan
+
 	Issues resolved (http://bugs.uclibc.org):

 	#515: tcpreplay: new package
--- a/package/Config.in
+++ b/package/Config.in
@ -187,7 +187,6 @@ source "package/openntpd/Config.in"
 source "package/openssh/Config.in"
 source "package/openssl/Config.in"
 source "package/openvpn/Config.in"
-source "package/openswan/Config.in"
 source "package/portmap/Config.in"
 source "package/pppd/Config.in"
 source "package/radvd/Config.in"
--- a/package/openswan/Config.in
+++ b/package/openswan/Config.in
@ -1,18 +0,0 @@
-config BR2_PACKAGE_OPENSWAN
-        bool "openswan"
-        depends on BROKEN # doesn't compile with current kernel headers
-        select BR2_PACKAGE_LIBGMP
-        select BR2_PACKAGE_MICROPERL
-        help
-	  Openswan is an implementation of IPsec for Linux.
-          http://openswan.org/
-
-config BR2_PACKAGE_OPENSWAN_DEBUGGING
-	bool "debugging support"
-	depends on BR2_PACKAGE_OPENSWAN
-	help
-	  Enable debugging support.
-	  This is not needed if you know what you do but makes it quite
-	  hard to diagnose eventual problems.
-	  It is safe to say Yes here.
-
--- a/package/openswan/linux-2.6.20-openswan-2.4.7.kernel-2.6-klips.patch
+++ b/package/openswan/linux-2.6.20-openswan-2.4.7.kernel-2.6-klips.patch
--- a/package/openswan/linux-2.6.20-openswan-2.4.7.kernel-2.6-natt.patch
+++ b/package/openswan/linux-2.6.20-openswan-2.4.7.kernel-2.6-natt.patch
@ -1,158 +0,0 @@
-packaging/utils/nattpatch 2.6
--- /dev/null   Tue Mar 11 13:02:56 2003
-+++ nat-t/include/net/xfrmudp.h     Mon Feb  9 13:51:03 2004
-@@ -0,0 +1,10 @@
-+/*
-+ * pointer to function for type that xfrm4_input wants, to permit
-+ * decoupling of XFRM from udp.c
-+ */
-+#define HAVE_XFRM4_UDP_REGISTER
-+
-+typedef int (*xfrm4_rcv_encap_t)(struct sk_buff *skb, __u16 encap_type);
-+extern int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
-+				      , xfrm4_rcv_encap_t *oldfunc);
-+extern int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func);
--- /distros/kernel/linux-2.6.11.2/net/ipv4/Kconfig	2005-03-09 03:12:33.000000000 -0500
-+++ swan26/net/ipv4/Kconfig	2005-04-04 18:46:13.000000000 -0400
-@@ -351,2 +351,8 @@
- 
-+config IPSEC_NAT_TRAVERSAL
-+	bool "IPSEC NAT-Traversal (KLIPS compatible)"
-+	depends on INET
-+	---help---
-+          Includes support for RFC3947/RFC3948 NAT-Traversal of ESP over UDP.
-+
- config IP_TCPDIAG
--- plain26/net/ipv4/udp.c.orig	2006-01-02 22:21:10.000000000 -0500
-+++ plain26/net/ipv4/udp.c	2006-01-10 20:07:21.000000000 -0500
-@@ -108,11 +108,14 @@
- #include <net/checksum.h>
- #include <net/xfrm.h>
-+#include <net/xfrmudp.h>
- #include "udp_impl.h"
- 
- /*
-  *	Snmp MIB for the UDP layer
-  */
- 
-+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func;
-+
- DEFINE_SNMP_STAT(struct udp_mib, udp_statistics) __read_mostly;
- 
- struct hlist_head udp_hash[UDP_HTABLE_SIZE];
-@@ -894,6 +897,42 @@
- 	sk_common_release(sk);
- }
- 
-+#if defined(CONFIG_XFRM) || defined(CONFIG_IPSEC_NAT_TRAVERSAL)
-+
-+/* if XFRM isn't a module, then register it directly. */
-+#if 0 && !defined(CONFIG_XFRM_MODULE) && !defined(CONFIG_IPSEC_NAT_TRAVERSAL)
-+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = xfrm4_rcv_encap;
-+#else
-+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = NULL;
-+#endif
-+
-+int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
-+			       , xfrm4_rcv_encap_t *oldfunc)
-+{
-+  if(oldfunc != NULL) {
-+    *oldfunc = xfrm4_rcv_encap_func;
-+  }
-+
-+#if 0
-+  if(xfrm4_rcv_encap_func != NULL)
-+    return -1;
-+#endif
-+
-+  xfrm4_rcv_encap_func = func;
-+  return 0;
-+}
-+
-+int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func)
-+{
-+  if(xfrm4_rcv_encap_func != func)
-+    return -1;
-+
-+  xfrm4_rcv_encap_func = NULL;
-+  return 0;
-+}
-+#endif /* CONFIG_XFRM_MODULE || CONFIG_IPSEC_NAT_TRAVERSAL */
-+
-+
- /* return:
-  * 	1  if the the UDP system should process it
-  *	0  if we should drop this packet
-@@ -901,9 +940,9 @@
-  */
- static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
- {
-#ifndef CONFIG_XFRM
-+#if !defined(CONFIG_XFRM) && !defined(CONFIG_IPSEC_NAT_TRAVERSAL)
- 	return 1; 
-#else
-+#else /* either CONFIG_XFRM or CONFIG_IPSEC_NAT_TRAVERSAL */
- 	struct udp_sock *up = udp_sk(sk);
-   	struct udphdr *uh = skb->h.uh;
- 	struct iphdr *iph;
-@@ -915,11 +954,11 @@
- 	/* if we're overly short, let UDP handle it */
- 	len = skb->len - sizeof(struct udphdr);
- 	if (len <= 0)
-		return 1;
-+		return 2;
- 
- 	/* if this is not encapsulated socket, then just return now */
- 	if (!encap_type)
-		return 1;
-+		return 3;
- 
- 	/* If this is a paged skb, make sure we pull up
- 	 * whatever data we need to look at. */
-@@ -934,7 +973,7 @@
- 			len = sizeof(struct udphdr);
- 		} else
- 			/* Must be an IKE packet.. pass it through */
-			return 1;
-+			return 4;
- 		break;
- 	case UDP_ENCAP_ESPINUDP_NON_IKE:
- 		/* Check if this is a keepalive packet.  If so, eat it. */
-@@ -947,7 +986,7 @@
- 			len = sizeof(struct udphdr) + 2 * sizeof(u32);
- 		} else
- 			/* Must be an IKE packet.. pass it through */
-			return 1;
-+			return 5;
- 		break;
- 	}
- 
-@@ -1021,10 +1060,14 @@
- 			return 0;
- 		}
- 		if (ret < 0) {
-			/* process the ESP packet */
-			ret = xfrm4_rcv_encap(skb, up->encap_type);
-			UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, up->pcflag);
-			return -ret;
-+ 			if(xfrm4_rcv_encap_func != NULL) {
-+ 			  ret = (*xfrm4_rcv_encap_func)(skb, up->encap_type);
-+ 			  UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, up->pcflag);
-+ 			} else {
-+ 			  UDP_INC_STATS_BH(UDP_MIB_INERRORS, up->pcflag);
-+ 			  ret = 1;
-+ 			}
-+			return ret;
- 		}
- 		/* FALLTHROUGH -- it's a UDP Packet */
- 	}
-@@ -1571,3 +1613,9 @@
- EXPORT_SYMBOL(udp_proc_register);
- EXPORT_SYMBOL(udp_proc_unregister);
- #endif
-+
-+#if defined(CONFIG_IPSEC_NAT_TRAVERSAL)
-+EXPORT_SYMBOL(udp4_register_esp_rcvencap);
-+EXPORT_SYMBOL(udp4_unregister_esp_rcvencap);
-+#endif
-+
--- a/package/openswan/linux-2.6.20-openswan-2.4.7.kernel-2.6-nfmark-rename.patch
+++ b/package/openswan/linux-2.6.20-openswan-2.4.7.kernel-2.6-nfmark-rename.patch
@ -1,52 +0,0 @@
-diff -rdup linux-2.6.20.oorig/include/openswan/ipsec_sa.h linux-2.6.20/include/openswan/ipsec_sa.h
--- linux-2.6.20.oorig/include/openswan/ipsec_sa.h	2007-02-15 12:30:41.000000000 +0100
-+++ linux-2.6.20/include/openswan/ipsec_sa.h	2007-02-15 13:32:07.000000000 +0100
-@@ -99,10 +99,10 @@ typedef unsigned short int IPsecRefTable
- #define IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_SUBTABLE_IDX_WIDTH)
- 
- #ifdef CONFIG_NETFILTER
-#define IPSEC_SA_REF_HOST_FIELD(x) ((struct sk_buff*)(x))->nfmark
-+#define IPSEC_SA_REF_HOST_FIELD(x) ((struct sk_buff*)(x))->mark
- #define IPSEC_SA_REF_HOST_FIELD_TYPE typeof(IPSEC_SA_REF_HOST_FIELD(NULL))
- #else /* CONFIG_NETFILTER */
-/* just make it work for now, it doesn't matter, since there is no nfmark */
-+/* just make it work for now, it doesn't matter, since there is no mark */
- #define IPSEC_SA_REF_HOST_FIELD_TYPE unsigned long
- #endif /* CONFIG_NETFILTER */
- #define IPSEC_SA_REF_HOST_FIELD_WIDTH (8 * sizeof(IPSEC_SA_REF_HOST_FIELD_TYPE))
-diff -rdup linux-2.6.20.oorig/net/ipsec/ipsec_rcv.c linux-2.6.20/net/ipsec/ipsec_rcv.c
--- linux-2.6.20.oorig/net/ipsec/ipsec_rcv.c	2007-02-15 12:30:41.000000000 +0100
-+++ linux-2.6.20/net/ipsec/ipsec_rcv.c	2007-02-15 13:33:32.000000000 +0100
-@@ -748,13 +748,13 @@ ipsec_rcv_decap_once(struct ipsec_rcv_st
- 
- #ifdef CONFIG_NETFILTER
- 	if(proto == IPPROTO_ESP || proto == IPPROTO_AH) {
-		skb->nfmark = (skb->nfmark & (~(IPsecSAref2NFmark(IPSEC_SA_REF_MASK))))
-+		skb->mark = (skb->mark & (~(IPsecSAref2NFmark(IPSEC_SA_REF_MASK))))
- 			| IPsecSAref2NFmark(IPsecSA2SAref(irs->ipsp));
- 		KLIPS_PRINT(debug_rcv & DB_RX_PKTRX,
- 			    "klips_debug:ipsec_rcv: "
-			    "%s SA sets skb->nfmark=0x%x.\n",
-+			    "%s SA sets skb->mark=0x%x.\n",
- 			    proto == IPPROTO_ESP ? "ESP" : "AH",
-			    (unsigned)skb->nfmark);
-+			    (unsigned)skb->mark);
- 	}
- #endif /* CONFIG_NETFILTER */
- 
-@@ -1102,12 +1102,12 @@ int ipsec_rcv_decap(struct ipsec_rcv_sta
- 			goto rcvleave;
- 		}
- #ifdef CONFIG_NETFILTER
-		skb->nfmark = (skb->nfmark & (~(IPsecSAref2NFmark(IPSEC_SA_REF_TABLE_MASK))))
-+		skb->mark = (skb->mark & (~(IPsecSAref2NFmark(IPSEC_SA_REF_TABLE_MASK))))
- 			| IPsecSAref2NFmark(IPsecSA2SAref(ipsp));
- 		KLIPS_PRINT(debug_rcv & DB_RX_PKTRX,
- 			    "klips_debug:ipsec_rcv: "
-			    "IPIP SA sets skb->nfmark=0x%x.\n",
-			    (unsigned)skb->nfmark);
-+			    "IPIP SA sets skb->mark=0x%x.\n",
-+			    (unsigned)skb->mark);
- #endif /* CONFIG_NETFILTER */
- 	}
- 
--- a/package/openswan/linux-2.6.20-openswan-2.4.7.kernel-2.6-zzz-crypto_alg_available.patch
+++ b/package/openswan/linux-2.6.20-openswan-2.4.7.kernel-2.6-zzz-crypto_alg_available.patch
@ -1,11 +0,0 @@
--- linux-2.6.20.oorig/net/ipsec/ipsec_alg_cryptoapi.c	2007-02-15 12:30:41.000000000 +0100
-+++ linux-2.6.20/net/ipsec/ipsec_alg_cryptoapi.c	2007-02-15 13:47:07.000000000 +0100
-@@ -197,7 +197,7 @@ static struct ipsec_alg_capi_cipher alg_
-  */
- int setup_cipher(const char *ciphername)
- {
-	return crypto_alg_available(ciphername, 0);
-+	return crypto_has_alg(ciphername, 0, CRYPTO_ALG_ASYNC);
- }
- 
- /*
--- a/package/openswan/linux-2.6.20-openswan-2.4.7.kernel-2.6-zzz-void-sock_unregister.patch
+++ b/package/openswan/linux-2.6.20-openswan-2.4.7.kernel-2.6-zzz-void-sock_unregister.patch
@ -1,11 +0,0 @@
--- linux-2.6.20.oorig/net/ipsec/pfkey_v2.c	2007-02-15 12:30:41.000000000 +0100
-+++ linux-2.6.20/net/ipsec/pfkey_v2.c	2007-02-15 13:37:22.000000000 +0100
-@@ -1503,7 +1503,7 @@ pfkey_cleanup(void)
- 	
-         printk(KERN_INFO "klips_info:pfkey_cleanup: "
- 	       "shutting down PF_KEY domain sockets.\n");
-        error |= sock_unregister(PF_KEY);
-+        sock_unregister(PF_KEY);
- 
- 	error |= supported_remove_all(SADB_SATYPE_AH);
- 	error |= supported_remove_all(SADB_SATYPE_ESP);
--- a/package/openswan/linux-2.6.20.4-openswan-2.4.7.kernel-2.6-klips.patch
+++ b/package/openswan/linux-2.6.20.4-openswan-2.4.7.kernel-2.6-klips.patch
--- a/package/openswan/linux-2.6.20.4-openswan-2.4.7.kernel-2.6-natt.patch
+++ b/package/openswan/linux-2.6.20.4-openswan-2.4.7.kernel-2.6-natt.patch
@ -1,158 +0,0 @@
-packaging/utils/nattpatch 2.6
--- /dev/null   Tue Mar 11 13:02:56 2003
-+++ nat-t/include/net/xfrmudp.h     Mon Feb  9 13:51:03 2004
-@@ -0,0 +1,10 @@
-+/*
-+ * pointer to function for type that xfrm4_input wants, to permit
-+ * decoupling of XFRM from udp.c
-+ */
-+#define HAVE_XFRM4_UDP_REGISTER
-+
-+typedef int (*xfrm4_rcv_encap_t)(struct sk_buff *skb, __u16 encap_type);
-+extern int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
-+				      , xfrm4_rcv_encap_t *oldfunc);
-+extern int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func);
--- /distros/kernel/linux-2.6.11.2/net/ipv4/Kconfig	2005-03-09 03:12:33.000000000 -0500
-+++ swan26/net/ipv4/Kconfig	2005-04-04 18:46:13.000000000 -0400
-@@ -351,2 +351,8 @@
- 
-+config IPSEC_NAT_TRAVERSAL
-+	bool "IPSEC NAT-Traversal (KLIPS compatible)"
-+	depends on INET
-+	---help---
-+          Includes support for RFC3947/RFC3948 NAT-Traversal of ESP over UDP.
-+
- config IP_TCPDIAG
--- plain26/net/ipv4/udp.c.orig	2006-01-02 22:21:10.000000000 -0500
-+++ plain26/net/ipv4/udp.c	2006-01-10 20:07:21.000000000 -0500
-@@ -108,11 +108,14 @@
- #include <net/checksum.h>
- #include <net/xfrm.h>
-+#include <net/xfrmudp.h>
- #include "udp_impl.h"
- 
- /*
-  *	Snmp MIB for the UDP layer
-  */
- 
-+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func;
-+
- DEFINE_SNMP_STAT(struct udp_mib, udp_statistics) __read_mostly;
- 
- struct hlist_head udp_hash[UDP_HTABLE_SIZE];
-@@ -894,6 +897,42 @@
- 	sk_common_release(sk);
- }
- 
-+#if defined(CONFIG_XFRM) || defined(CONFIG_IPSEC_NAT_TRAVERSAL)
-+
-+/* if XFRM isn't a module, then register it directly. */
-+#if 0 && !defined(CONFIG_XFRM_MODULE) && !defined(CONFIG_IPSEC_NAT_TRAVERSAL)
-+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = xfrm4_rcv_encap;
-+#else
-+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = NULL;
-+#endif
-+
-+int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
-+			       , xfrm4_rcv_encap_t *oldfunc)
-+{
-+  if(oldfunc != NULL) {
-+    *oldfunc = xfrm4_rcv_encap_func;
-+  }
-+
-+#if 0
-+  if(xfrm4_rcv_encap_func != NULL)
-+    return -1;
-+#endif
-+
-+  xfrm4_rcv_encap_func = func;
-+  return 0;
-+}
-+
-+int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func)
-+{
-+  if(xfrm4_rcv_encap_func != func)
-+    return -1;
-+
-+  xfrm4_rcv_encap_func = NULL;
-+  return 0;
-+}
-+#endif /* CONFIG_XFRM_MODULE || CONFIG_IPSEC_NAT_TRAVERSAL */
-+
-+
- /* return:
-  * 	1  if the the UDP system should process it
-  *	0  if we should drop this packet
-@@ -901,9 +940,9 @@
-  */
- static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
- {
-#ifndef CONFIG_XFRM
-+#if !defined(CONFIG_XFRM) && !defined(CONFIG_IPSEC_NAT_TRAVERSAL)
- 	return 1; 
-#else
-+#else /* either CONFIG_XFRM or CONFIG_IPSEC_NAT_TRAVERSAL */
- 	struct udp_sock *up = udp_sk(sk);
-   	struct udphdr *uh = skb->h.uh;
- 	struct iphdr *iph;
-@@ -915,11 +954,11 @@
- 	/* if we're overly short, let UDP handle it */
- 	len = skb->len - sizeof(struct udphdr);
- 	if (len <= 0)
-		return 1;
-+		return 2;
- 
- 	/* if this is not encapsulated socket, then just return now */
- 	if (!encap_type)
-		return 1;
-+		return 3;
- 
- 	/* If this is a paged skb, make sure we pull up
- 	 * whatever data we need to look at. */
-@@ -934,7 +973,7 @@
- 			len = sizeof(struct udphdr);
- 		} else
- 			/* Must be an IKE packet.. pass it through */
-			return 1;
-+			return 4;
- 		break;
- 	case UDP_ENCAP_ESPINUDP_NON_IKE:
- 		/* Check if this is a keepalive packet.  If so, eat it. */
-@@ -947,7 +986,7 @@
- 			len = sizeof(struct udphdr) + 2 * sizeof(u32);
- 		} else
- 			/* Must be an IKE packet.. pass it through */
-			return 1;
-+			return 5;
- 		break;
- 	}
- 
-@@ -1021,10 +1060,14 @@
- 			return 0;
- 		}
- 		if (ret < 0) {
-			/* process the ESP packet */
-			ret = xfrm4_rcv_encap(skb, up->encap_type);
-			UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, up->pcflag);
-			return -ret;
-+ 			if(xfrm4_rcv_encap_func != NULL) {
-+ 			  ret = (*xfrm4_rcv_encap_func)(skb, up->encap_type);
-+ 			  UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, up->pcflag);
-+ 			} else {
-+ 			  UDP_INC_STATS_BH(UDP_MIB_INERRORS, up->pcflag);
-+ 			  ret = 1;
-+ 			}
-+			return ret;
- 		}
- 		/* FALLTHROUGH -- it's a UDP Packet */
- 	}
-@@ -1571,3 +1613,9 @@
- EXPORT_SYMBOL(udp_proc_register);
- EXPORT_SYMBOL(udp_proc_unregister);
- #endif
-+
-+#if defined(CONFIG_IPSEC_NAT_TRAVERSAL)
-+EXPORT_SYMBOL(udp4_register_esp_rcvencap);
-+EXPORT_SYMBOL(udp4_unregister_esp_rcvencap);
-+#endif
-+
--- a/package/openswan/linux-2.6.20.4-openswan-2.4.7.kernel-2.6-nfmark-rename.patch
+++ b/package/openswan/linux-2.6.20.4-openswan-2.4.7.kernel-2.6-nfmark-rename.patch
@ -1,52 +0,0 @@
-diff -rdup linux-2.6.20.oorig/include/openswan/ipsec_sa.h linux-2.6.20/include/openswan/ipsec_sa.h
--- linux-2.6.20.oorig/include/openswan/ipsec_sa.h	2007-02-15 12:30:41.000000000 +0100
-+++ linux-2.6.20/include/openswan/ipsec_sa.h	2007-02-15 13:32:07.000000000 +0100
-@@ -99,10 +99,10 @@ typedef unsigned short int IPsecRefTable
- #define IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_SUBTABLE_IDX_WIDTH)
- 
- #ifdef CONFIG_NETFILTER
-#define IPSEC_SA_REF_HOST_FIELD(x) ((struct sk_buff*)(x))->nfmark
-+#define IPSEC_SA_REF_HOST_FIELD(x) ((struct sk_buff*)(x))->mark
- #define IPSEC_SA_REF_HOST_FIELD_TYPE typeof(IPSEC_SA_REF_HOST_FIELD(NULL))
- #else /* CONFIG_NETFILTER */
-/* just make it work for now, it doesn't matter, since there is no nfmark */
-+/* just make it work for now, it doesn't matter, since there is no mark */
- #define IPSEC_SA_REF_HOST_FIELD_TYPE unsigned long
- #endif /* CONFIG_NETFILTER */
- #define IPSEC_SA_REF_HOST_FIELD_WIDTH (8 * sizeof(IPSEC_SA_REF_HOST_FIELD_TYPE))
-diff -rdup linux-2.6.20.oorig/net/ipsec/ipsec_rcv.c linux-2.6.20/net/ipsec/ipsec_rcv.c
--- linux-2.6.20.oorig/net/ipsec/ipsec_rcv.c	2007-02-15 12:30:41.000000000 +0100
-+++ linux-2.6.20/net/ipsec/ipsec_rcv.c	2007-02-15 13:33:32.000000000 +0100
-@@ -748,13 +748,13 @@ ipsec_rcv_decap_once(struct ipsec_rcv_st
- 
- #ifdef CONFIG_NETFILTER
- 	if(proto == IPPROTO_ESP || proto == IPPROTO_AH) {
-		skb->nfmark = (skb->nfmark & (~(IPsecSAref2NFmark(IPSEC_SA_REF_MASK))))
-+		skb->mark = (skb->mark & (~(IPsecSAref2NFmark(IPSEC_SA_REF_MASK))))
- 			| IPsecSAref2NFmark(IPsecSA2SAref(irs->ipsp));
- 		KLIPS_PRINT(debug_rcv & DB_RX_PKTRX,
- 			    "klips_debug:ipsec_rcv: "
-			    "%s SA sets skb->nfmark=0x%x.\n",
-+			    "%s SA sets skb->mark=0x%x.\n",
- 			    proto == IPPROTO_ESP ? "ESP" : "AH",
-			    (unsigned)skb->nfmark);
-+			    (unsigned)skb->mark);
- 	}
- #endif /* CONFIG_NETFILTER */
- 
-@@ -1102,12 +1102,12 @@ int ipsec_rcv_decap(struct ipsec_rcv_sta
- 			goto rcvleave;
- 		}
- #ifdef CONFIG_NETFILTER
-		skb->nfmark = (skb->nfmark & (~(IPsecSAref2NFmark(IPSEC_SA_REF_TABLE_MASK))))
-+		skb->mark = (skb->mark & (~(IPsecSAref2NFmark(IPSEC_SA_REF_TABLE_MASK))))
- 			| IPsecSAref2NFmark(IPsecSA2SAref(ipsp));
- 		KLIPS_PRINT(debug_rcv & DB_RX_PKTRX,
- 			    "klips_debug:ipsec_rcv: "
-			    "IPIP SA sets skb->nfmark=0x%x.\n",
-			    (unsigned)skb->nfmark);
-+			    "IPIP SA sets skb->mark=0x%x.\n",
-+			    (unsigned)skb->mark);
- #endif /* CONFIG_NETFILTER */
- 	}
- 
--- a/package/openswan/linux-2.6.20.4-openswan-2.4.7.kernel-2.6-zzz-crypto_alg_available.patch
+++ b/package/openswan/linux-2.6.20.4-openswan-2.4.7.kernel-2.6-zzz-crypto_alg_available.patch
@ -1,11 +0,0 @@
--- linux-2.6.20.oorig/net/ipsec/ipsec_alg_cryptoapi.c	2007-02-15 12:30:41.000000000 +0100
-+++ linux-2.6.20/net/ipsec/ipsec_alg_cryptoapi.c	2007-02-15 13:47:07.000000000 +0100
-@@ -197,7 +197,7 @@ static struct ipsec_alg_capi_cipher alg_
-  */
- int setup_cipher(const char *ciphername)
- {
-	return crypto_alg_available(ciphername, 0);
-+	return crypto_has_alg(ciphername, 0, CRYPTO_ALG_ASYNC);
- }
- 
- /*
--- a/package/openswan/linux-2.6.20.4-openswan-2.4.7.kernel-2.6-zzz-void-sock_unregister.patch
+++ b/package/openswan/linux-2.6.20.4-openswan-2.4.7.kernel-2.6-zzz-void-sock_unregister.patch
@ -1,11 +0,0 @@
--- linux-2.6.20.oorig/net/ipsec/pfkey_v2.c	2007-02-15 12:30:41.000000000 +0100
-+++ linux-2.6.20/net/ipsec/pfkey_v2.c	2007-02-15 13:37:22.000000000 +0100
-@@ -1503,7 +1503,7 @@ pfkey_cleanup(void)
- 	
-         printk(KERN_INFO "klips_info:pfkey_cleanup: "
- 	       "shutting down PF_KEY domain sockets.\n");
-        error |= sock_unregister(PF_KEY);
-+        sock_unregister(PF_KEY);
- 
- 	error |= supported_remove_all(SADB_SATYPE_AH);
- 	error |= supported_remove_all(SADB_SATYPE_ESP);
--- a/package/openswan/linux-2.6.21.5-openswan-2.4.8.kernel-2.6-klips.patch
+++ b/package/openswan/linux-2.6.21.5-openswan-2.4.8.kernel-2.6-klips.patch
--- a/package/openswan/linux-2.6.21.5-openswan-2.4.8.kernel-2.6-natt.patch
+++ b/package/openswan/linux-2.6.21.5-openswan-2.4.8.kernel-2.6-natt.patch
@ -1,126 +0,0 @@
-diff -rduNp linux-2.6.21.5.orig/include/net/xfrmudp.h linux-2.6.21.5/include/net/xfrmudp.h
--- linux-2.6.21.5.orig/include/net/xfrmudp.h	1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.21.5/include/net/xfrmudp.h	2007-06-21 10:53:38.000000000 +0200
-@@ -0,0 +1,10 @@
-+/*
-+ * pointer to function for type that xfrm4_input wants, to permit
-+ * decoupling of XFRM from udp.c
-+ */
-+#define HAVE_XFRM4_UDP_REGISTER
-+
-+typedef int (*xfrm4_rcv_encap_t)(struct sk_buff *skb, __u16 encap_type);
-+extern int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
-+				      , xfrm4_rcv_encap_t *oldfunc);
-+extern int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func);
-diff -rduNp linux-2.6.21.5.orig/net/ipv4/Kconfig linux-2.6.21.5/net/ipv4/Kconfig
--- linux-2.6.21.5.orig/net/ipv4/Kconfig	2007-06-11 20:37:06.000000000 +0200
-+++ linux-2.6.21.5/net/ipv4/Kconfig	2007-06-21 10:53:38.000000000 +0200
-@@ -349,6 +349,12 @@ config SYN_COOKIES
- 	  be taken as absolute truth.
- 
- 	  SYN cookies may prevent correct error reporting on clients when the
-+config IPSEC_NAT_TRAVERSAL
-+	bool "IPSEC NAT-Traversal (KLIPS compatible)"
-+	depends on INET
-+	---help---
-+          Includes support for RFC3947/RFC3948 NAT-Traversal of ESP over UDP.
-+
- 	  server is really overloaded. If this happens frequently better turn
- 	  them off.
- 
-diff -rduNp linux-2.6.21.5.orig/net/ipv4/udp.c linux-2.6.21.5/net/ipv4/udp.c
--- linux-2.6.21.5.orig/net/ipv4/udp.c	2007-06-11 20:37:06.000000000 +0200
-+++ linux-2.6.21.5/net/ipv4/udp.c	2007-06-21 10:56:18.000000000 +0200
-@@ -108,6 +108,7 @@
-  */
- 
- DEFINE_SNMP_STAT(struct udp_mib, udp_statistics) __read_mostly;
-+#include <net/xfrmudp.h>
- 
- struct hlist_head udp_hash[UDP_HTABLE_SIZE];
- DEFINE_RWLOCK(udp_hash_lock);
-@@ -915,6 +916,44 @@ int udp_disconnect(struct sock *sk, int 
- 	return 0;
- }
- 
-+#if defined(CONFIG_XFRM) || defined(CONFIG_IPSEC_NAT_TRAVERSAL)
-+
-+/* if XFRM isn't a module, then register it directly. */
-+#if !defined(CONFIG_XFRM_MODULE) 
-+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = xfrm4_rcv_encap;
-+#else
-+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = NULL;
-+#endif
-+
-+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func;
-+
-+int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
-+			       , xfrm4_rcv_encap_t *oldfunc)
-+{
-+  if(oldfunc != NULL) {
-+    *oldfunc = xfrm4_rcv_encap_func;
-+  }
-+
-+#if 0
-+  if(xfrm4_rcv_encap_func != NULL)
-+    return -1;
-+#endif
-+
-+  xfrm4_rcv_encap_func = func;
-+  return 0;
-+}
-+
-+int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func)
-+{
-+  if(xfrm4_rcv_encap_func != func)
-+    return -1;
-+
-+  xfrm4_rcv_encap_func = NULL;
-+  return 0;
-+}
-+#endif /* CONFIG_XFRM || defined(CONFIG_IPSEC_NAT_TRAVERSAL)*/
-+
-+
- /* return:
-  * 	1  if the the UDP system should process it
-  *	0  if we should drop this packet
-@@ -922,9 +961,9 @@ int udp_disconnect(struct sock *sk, int 
-  */
- static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
- {
-#ifndef CONFIG_XFRM
-+#if !defined(CONFIG_XFRM) && !defined(CONFIG_IPSEC_NAT_TRAVERSAL)
- 	return 1;
-#else
-+#else /* either CONFIG_XFRM or CONFIG_IPSEC_NAT_TRAVERSAL */
- 	struct udp_sock *up = udp_sk(sk);
- 	struct udphdr *uh;
- 	struct iphdr *iph;
-@@ -1052,9 +1091,14 @@ int udp_queue_rcv_skb(struct sock * sk, 
- 		}
- 		if (ret < 0) {
- 			/* process the ESP packet */
-			ret = xfrm4_rcv_encap(skb, up->encap_type);
-			UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, up->pcflag);
-			return -ret;
-+			if (xfrm4_rcv_encap_func != NULL) {
-+				ret = (*xfrm4_rcv_encap_func)(skb, up->encap_type);
-+				UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, up->pcflag);
-+			} else {
-+				UDP_INC_STATS_BH(UDP_MIB_INERRORS, up->pcflag);
-+				ret = 1;
-+			}
-+			return ret;
- 		}
- 		/* FALLTHROUGH -- it's a UDP Packet */
- 	}
-@@ -1733,3 +1777,9 @@ EXPORT_SYMBOL(udp_poll);
- EXPORT_SYMBOL(udp_proc_register);
- EXPORT_SYMBOL(udp_proc_unregister);
- #endif
-+
-+#if defined(CONFIG_IPSEC_NAT_TRAVERSAL)
-+EXPORT_SYMBOL(udp4_register_esp_rcvencap);
-+EXPORT_SYMBOL(udp4_unregister_esp_rcvencap);
-+#endif
-+
--- a/package/openswan/linux-2.6.21.5-openswan-2.4.8.kernel-2.6-zzz00-fixup.patch
+++ b/package/openswan/linux-2.6.21.5-openswan-2.4.8.kernel-2.6-zzz00-fixup.patch
@ -1,156 +0,0 @@
-diff -rduNp linux-2.6.21.5.openswan28/net/ipsec/ipsec_alg_cryptoapi.c linux-2.6.21.5/net/ipsec/ipsec_alg_cryptoapi.c
--- linux-2.6.21.5.openswan28/net/ipsec/ipsec_alg_cryptoapi.c	2007-06-21 10:44:07.000000000 +0200
-+++ linux-2.6.21.5/net/ipsec/ipsec_alg_cryptoapi.c	2007-06-21 23:34:05.000000000 +0200
-@@ -197,7 +197,7 @@ static struct ipsec_alg_capi_cipher alg_
-  */
- int setup_cipher(const char *ciphername)
- {
-	return crypto_alg_available(ciphername, 0);
-+	return crypto_has_alg(ciphername, 0, CRYPTO_ALG_ASYNC);
- }
- 
- /*
-@@ -272,7 +272,7 @@ static __u8 *
- _capi_new_key (struct ipsec_alg_enc *alg, const __u8 *key, size_t keylen)
- {
- 	struct ipsec_alg_capi_cipher *cptr;
-	struct crypto_tfm *tfm=NULL;
-+	struct crypto_cipher *tfm=NULL;
- 
- 	cptr = alg->ixt_common.ixt_data;
- 	if (!cptr) {
-@@ -289,7 +289,7 @@ _capi_new_key (struct ipsec_alg_enc *alg
- 	/*	
- 	 *	alloc tfm
- 	 */
-	tfm = crypto_alloc_tfm(cptr->ciphername, CRYPTO_TFM_MODE_CBC);
-+	tfm = crypto_alloc_cipher(cptr->ciphername, 0, CRYPTO_ALG_ASYNC);
- 	if (!tfm) {
- 		printk(KERN_ERR "_capi_new_key(): "
- 				"NULL tfm for \"%s\" cryptoapi (\"%s\") algo\n" 
-@@ -300,7 +300,7 @@ _capi_new_key (struct ipsec_alg_enc *alg
- 		printk(KERN_ERR "_capi_new_key(): "
- 				"failed new_key() for \"%s\" cryptoapi algo (keylen=%d)\n" 
- 			, alg->ixt_common.ixt_name, keylen);
-		crypto_free_tfm(tfm);
-+		crypto_free_cipher(tfm);
- 		tfm=NULL;
- 	}
- err:
-@@ -317,23 +317,26 @@ err:
- static int 
- _capi_cbc_encrypt(struct ipsec_alg_enc *alg, __u8 * key_e, __u8 * in, int ilen, const __u8 * iv, int encrypt) {
- 	int error =0;
-	struct crypto_tfm *tfm=(struct crypto_tfm *)key_e;
-+	struct crypto_blkcipher *tfm=(struct crypto_blkcipher *)key_e;
-+	struct blkcipher_desc desc;
- 	struct scatterlist sg = { 
- 		.page = virt_to_page(in),
- 		.offset = (unsigned long)(in) % PAGE_SIZE,
- 		.length=ilen,
- 	};
-+	desc.tfm = tfm;
-+	desc.flags = 0;
- 	if (debug_crypto > 1)
- 		printk(KERN_DEBUG "klips_debug:_capi_cbc_encrypt:"
- 				"key_e=%p "
- 				"in=%p out=%p ilen=%d iv=%p encrypt=%d\n"
- 				, key_e
- 				, in, in, ilen, iv, encrypt);
-	crypto_cipher_set_iv(tfm, iv, crypto_tfm_alg_ivsize(tfm));
-+	crypto_blkcipher_set_iv(tfm, iv, crypto_blkcipher_ivsize(tfm));
- 	if (encrypt)
-		error = crypto_cipher_encrypt (tfm, &sg, &sg, ilen);
-+		error = crypto_blkcipher_encrypt (&desc, &sg, &sg, ilen);
- 	else
-		error = crypto_cipher_decrypt (tfm, &sg, &sg, ilen);
-+		error = crypto_blkcipher_decrypt (&desc, &sg, &sg, ilen);
- 	if (debug_crypto > 1)
- 		printk(KERN_DEBUG "klips_debug:_capi_cbc_encrypt:"
- 				"error=%d\n"
-@@ -370,8 +373,9 @@ setup_cipher_list (struct ipsec_alg_capi
- 		 * 	use a local ci to avoid touching cptr->ci,
- 		 * 	if register ipsec_alg success then bind cipher
- 		 */
-		if(cptr->alg.ixt_common.ixt_support.ias_name == NULL) {
-		  cptr->alg.ixt_common.ixt_support.ias_name = cptr->ciphername;
-+		if (cptr->alg.ixt_common.ixt_support.ias_name == NULL) {
-+printk(KERN_DEBUG "klips_debug: ias_name was nil\n");
-+//		  cptr->alg.ixt_common.ixt_support.ias_name = cptr->ciphername;
- 		}
- 
- 		if( setup_cipher(cptr->ciphername) ) {
-diff -rduNp linux-2.6.21.5.openswan28/net/ipsec/sysctl_net_ipsec.c linux-2.6.21.5/net/ipsec/sysctl_net_ipsec.c
--- linux-2.6.21.5.openswan28/net/ipsec/sysctl_net_ipsec.c	2007-06-21 10:44:07.000000000 +0200
-+++ linux-2.6.21.5/net/ipsec/sysctl_net_ipsec.c	2007-06-21 22:33:51.000000000 +0200
-@@ -74,45 +74,45 @@ enum {
- static ctl_table ipsec_table[] = {
- #ifdef CONFIG_KLIPS_DEBUG
- 	{ NET_IPSEC_DEBUG_AH, "debug_ah", &debug_ah,
-	  sizeof(int), 0644, NULL, &proc_dointvec},    
-+	  sizeof(int), 0644,  &proc_dointvec},
- 	{ NET_IPSEC_DEBUG_ESP, "debug_esp", &debug_esp,
-	  sizeof(int), 0644, NULL, &proc_dointvec},    
-+	  sizeof(int), 0644,  &proc_dointvec},
- 	{ NET_IPSEC_DEBUG_TUNNEL, "debug_tunnel", &debug_tunnel,
-	  sizeof(int), 0644, NULL, &proc_dointvec},    
-+	  sizeof(int), 0644,  &proc_dointvec},
- 	{ NET_IPSEC_DEBUG_EROUTE, "debug_eroute", &debug_eroute,
-	  sizeof(int), 0644, NULL, &proc_dointvec},    
-+	  sizeof(int), 0644,  &proc_dointvec},
- 	{ NET_IPSEC_DEBUG_SPI, "debug_spi", &debug_spi,
-	  sizeof(int), 0644, NULL, &proc_dointvec},    
-+	  sizeof(int), 0644,  &proc_dointvec},
- 	{ NET_IPSEC_DEBUG_RADIJ, "debug_radij", &debug_radij,
-	  sizeof(int), 0644, NULL, &proc_dointvec},    
-+	  sizeof(int), 0644,  &proc_dointvec},
- 	{ NET_IPSEC_DEBUG_NETLINK, "debug_netlink", &debug_netlink,
-	  sizeof(int), 0644, NULL, &proc_dointvec},    
-+	  sizeof(int), 0644,  &proc_dointvec},
- 	{ NET_IPSEC_DEBUG_XFORM, "debug_xform", &debug_xform,
-	  sizeof(int), 0644, NULL, &proc_dointvec},    
-+	  sizeof(int), 0644,  &proc_dointvec},
- 	{ NET_IPSEC_DEBUG_RCV, "debug_rcv", &debug_rcv,
-	  sizeof(int), 0644, NULL, &proc_dointvec},    
-+	  sizeof(int), 0644,  &proc_dointvec},
- 	{ NET_IPSEC_DEBUG_PFKEY, "debug_pfkey", &debug_pfkey,
-	  sizeof(int), 0644, NULL, &proc_dointvec},    
-+	  sizeof(int), 0644,  &proc_dointvec},
- 	{ NET_IPSEC_DEBUG_VERBOSE, "debug_verbose",&sysctl_ipsec_debug_verbose,
-	  sizeof(int), 0644, NULL, &proc_dointvec},    
-+	  sizeof(int), 0644,  &proc_dointvec},
- #ifdef CONFIG_KLIPS_IPCOMP
- 	{ NET_IPSEC_DEBUG_IPCOMP, "debug_ipcomp", &sysctl_ipsec_debug_ipcomp,
-	  sizeof(int), 0644, NULL, &proc_dointvec},    
-+	  sizeof(int), 0644,  &proc_dointvec},
- #endif /* CONFIG_KLIPS_IPCOMP */
- 
- #ifdef CONFIG_KLIPS_REGRESS
- 	{ NET_IPSEC_REGRESS_PFKEY_LOSSAGE, "pfkey_lossage",
- 	  &sysctl_ipsec_regress_pfkey_lossage,
-	  sizeof(int), 0644, NULL, &proc_dointvec},
-+	  sizeof(int), 0644,  &proc_dointvec},
- #endif /* CONFIG_KLIPS_REGRESS */
- 
- #endif /* CONFIG_KLIPS_DEBUG */
- 	{ NET_IPSEC_ICMP, "icmp", &sysctl_ipsec_icmp,
-	  sizeof(int), 0644, NULL, &proc_dointvec},    
-+	  sizeof(int), 0644,  &proc_dointvec},
- 	{ NET_IPSEC_INBOUND_POLICY_CHECK, "inbound_policy_check", &sysctl_ipsec_inbound_policy_check,
-	  sizeof(int), 0644, NULL, &proc_dointvec},    
-+	  sizeof(int), 0644,  &proc_dointvec},
- 	{ NET_IPSEC_TOS, "tos", &sysctl_ipsec_tos,
-	  sizeof(int), 0644, NULL, &proc_dointvec},    
-+	  sizeof(int), 0644, &proc_dointvec},
- 	{0}
- };
- 
-@@ -130,7 +130,7 @@ static struct ctl_table_header *ipsec_ta
- 
- int ipsec_sysctl_register(void)
- {
-        ipsec_table_header = register_sysctl_table(ipsec_root_table, 0);
-+        ipsec_table_header = register_sysctl_table(ipsec_root_table);
-         if (!ipsec_table_header) {
-                 return -ENOMEM;
- 	}
--- a/package/openswan/linux-2.6.22.6-openswan-2.4.9.kernel-2.6-klips.patch
+++ b/package/openswan/linux-2.6.22.6-openswan-2.4.9.kernel-2.6-klips.patch
--- a/package/openswan/linux-2.6.22.6-openswan-2.4.9.kernel-2.6-natt.patch
+++ b/package/openswan/linux-2.6.22.6-openswan-2.4.9.kernel-2.6-natt.patch
@ -1,131 +0,0 @@
-diff -rdupN linux-2.6.22.6.oorig/include/net/xfrmudp.h linux-2.6.22.6/include/net/xfrmudp.h
--- linux-2.6.22.6.oorig/include/net/xfrmudp.h	1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.22.6/include/net/xfrmudp.h	2007-09-17 06:10:19.000000000 +0200
-@@ -0,0 +1,10 @@
-+/*
-+ * pointer to function for type that xfrm4_input wants, to permit
-+ * decoupling of XFRM from udp.c
-+ */
-+#define HAVE_XFRM4_UDP_REGISTER
-+
-+typedef int (*xfrm4_rcv_encap_t)(struct sk_buff *skb, __u16 encap_type);
-+extern int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
-+				      , xfrm4_rcv_encap_t *oldfunc);
-+extern int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func);
-diff -rdupN linux-2.6.22.6.oorig/net/ipv4/Kconfig linux-2.6.22.6/net/ipv4/Kconfig
--- linux-2.6.22.6.oorig/net/ipv4/Kconfig	2007-08-31 08:21:01.000000000 +0200
-+++ linux-2.6.22.6/net/ipv4/Kconfig	2007-09-17 06:13:08.000000000 +0200
-@@ -362,6 +360,15 @@ config SYN_COOKIES
- 
- 	  If unsure, say N.
- 
-+config IPSEC_NAT_TRAVERSAL
-+	bool "IPSEC NAT-Traversal (KLIPS compatible)"
-+	depends on INET
-+	---help---
-+          Includes support for RFC3947/RFC3948 NAT-Traversal of ESP over UDP.
-+
-+	  server is really overloaded. If this happens frequently better turn
-+	  them off.
-+
- config INET_AH
- 	tristate "IP: AH transformation"
- 	select XFRM
-diff -rdupN linux-2.6.22.6.oorig/net/ipv4/udp.c linux-2.6.22.6/net/ipv4/udp.c
--- linux-2.6.22.6.oorig/net/ipv4/udp.c	2007-08-31 08:21:01.000000000 +0200
-+++ linux-2.6.22.6/net/ipv4/udp.c	2007-09-17 06:10:19.000000000 +0200
-@@ -108,6 +108,7 @@
-  */
- 
- DEFINE_SNMP_STAT(struct udp_mib, udp_statistics) __read_mostly;
-+#include <net/xfrmudp.h>
- 
- struct hlist_head udp_hash[UDP_HTABLE_SIZE];
- DEFINE_RWLOCK(udp_hash_lock);
-@@ -919,6 +920,44 @@ int udp_disconnect(struct sock *sk, int 
- 	return 0;
- }
- 
-+#if defined(CONFIG_XFRM) || defined(CONFIG_IPSEC_NAT_TRAVERSAL)
-+
-+/* if XFRM isn't a module, then register it directly. */
-+#if !defined(CONFIG_XFRM_MODULE) 
-+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = xfrm4_rcv_encap;
-+#else
-+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = NULL;
-+#endif
-+
-+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func;
-+
-+int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
-+			       , xfrm4_rcv_encap_t *oldfunc)
-+{
-+  if(oldfunc != NULL) {
-+    *oldfunc = xfrm4_rcv_encap_func;
-+  }
-+
-+#if 0
-+  if(xfrm4_rcv_encap_func != NULL)
-+    return -1;
-+#endif
-+
-+  xfrm4_rcv_encap_func = func;
-+  return 0;
-+}
-+
-+int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func)
-+{
-+  if(xfrm4_rcv_encap_func != func)
-+    return -1;
-+
-+  xfrm4_rcv_encap_func = NULL;
-+  return 0;
-+}
-+#endif /* CONFIG_XFRM || defined(CONFIG_IPSEC_NAT_TRAVERSAL)*/
-+
-+
- /* return:
-  * 	1  if the UDP system should process it
-  *	0  if we should drop this packet
-@@ -926,9 +965,9 @@ int udp_disconnect(struct sock *sk, int 
-  */
- static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
- {
-#ifndef CONFIG_XFRM
-+#if !defined(CONFIG_XFRM) && !defined(CONFIG_IPSEC_NAT_TRAVERSAL)
- 	return 1;
-#else
-+#else /* either CONFIG_XFRM or CONFIG_IPSEC_NAT_TRAVERSAL */
- 	struct udp_sock *up = udp_sk(sk);
- 	struct udphdr *uh;
- 	struct iphdr *iph;
-@@ -1056,10 +1095,14 @@ int udp_queue_rcv_skb(struct sock * sk, 
- 			return 0;
- 		}
- 		if (ret < 0) {
-			/* process the ESP packet */
-			ret = xfrm4_rcv_encap(skb, up->encap_type);
-			UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, up->pcflag);
-			return -ret;
-+ 			if(xfrm4_rcv_encap_func != NULL) {
-+ 			  ret = (*xfrm4_rcv_encap_func)(skb, up->encap_type);
-+ 			  UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, up->pcflag);
-+ 			} else {
-+ 			  UDP_INC_STATS_BH(UDP_MIB_INERRORS, up->pcflag);
-+ 			  ret = 1;
-+ 			}
-+			return ret;
- 		}
- 		/* FALLTHROUGH -- it's a UDP Packet */
- 	}
-@@ -1742,3 +1785,9 @@ EXPORT_SYMBOL(udp_poll);
- EXPORT_SYMBOL(udp_proc_register);
- EXPORT_SYMBOL(udp_proc_unregister);
- #endif
-+
-+#if defined(CONFIG_IPSEC_NAT_TRAVERSAL)
-+EXPORT_SYMBOL(udp4_register_esp_rcvencap);
-+EXPORT_SYMBOL(udp4_unregister_esp_rcvencap);
-+#endif
-+
-
--- a/package/openswan/openswan-2.4.9-001-oswlog.patch
+++ b/package/openswan/openswan-2.4.9-001-oswlog.patch
@ -1,30 +0,0 @@
--- openswan-2.4.7.orig/lib/libopenswan/oswlog.c	2004-10-17 01:42:13.000000000 +0200
-+++ openswan-2.4.7/lib/libopenswan/oswlog.c	2006-11-28 16:08:18.000000000 +0100
-@@ -41,9 +41,11 @@ bool
- bool
-     logged_txt_warning = FALSE;  /* should we complain about finding KEY? */
- 
-+#if !defined(NO_DEBUG)
- void openswanlib_passert_fail(const char *pred_str, const char *file_str,
- 			      unsigned long line_no);
- openswan_passert_fail_t openswan_passert_fail = openswanlib_passert_fail;
-+#endif /* NO_DEBUG */
- 
- void
- tool_init_log(void)
-@@ -104,6 +106,7 @@ openswan_log(const char *message, ...)
- 	syslog(LOG_WARNING, "%s", m);
- }
- 
-+#if !defined(NO_DEBUG)
- void
- openswan_loglog(int mess_no, const char *message, ...)
- {
-@@ -119,6 +122,7 @@ openswan_loglog(int mess_no, const char 
-     if (log_to_syslog)
- 	syslog(LOG_WARNING, "%s", m);
- }
-+#endif
- 
- void
- openswan_log_errno_routine(int e, const char *message, ...)
--- a/package/openswan/openswan-2.4.9-002-oswlog.patch
+++ b/package/openswan/openswan-2.4.9-002-oswlog.patch
@ -1,34 +0,0 @@
-diff -urp openswan-2.4.7.orig/include/oswlog.h openswan-2.4.7/include/oswlog.h
--- openswan-2.4.7.orig/include/oswlog.h	2005-01-26 01:52:16.000000000 +0100
-+++ openswan-2.4.7/include/oswlog.h	2006-11-28 17:56:59.000000000 +0100
-@@ -53,6 +53,16 @@ extern void tool_close_log(void);
- #else /*!DEBUG*/
- 
- #define DBG(cond, action)	{ }	/* do nothing */
-+#define DBGP(...) (0)
-+#define exit_tool exit
-+#define loglog(...) do { } while(0)
-+#define openswan_loglog(...) do { } while(0)
-+#define openswan_DBG_dump(...) do { } while(0)
-+#define plog    openswan_log
-+extern void openswan_log(const char *message, ...) PRINTF_LIKE(1);
-+#define DBG_log(...) do { } while(0)
-+extern void tool_init_log(void);
-+extern void tool_close_log(void);
- 
- #endif /*!DEBUG*/
- 
-diff -urp openswan-2.4.7.orig/include/pluto_constants.h openswan-2.4.7/include/pluto_constants.h
--- openswan-2.4.7.orig/include/pluto_constants.h	2005-11-16 23:41:30.000000000 +0100
-+++ openswan-2.4.7/include/pluto_constants.h	2006-11-28 17:34:20.000000000 +0100
-@@ -175,6 +175,10 @@ extern const char *const debug_bit_names
- 
- #define DBG_NONE	0	/* no options on, including impairments */
- #define DBG_ALL		LRANGES(DBG_RAW, DBG_X509)  /* all logging options on EXCEPT DBG_PRIVATE */
-+#else
-+/* FIXME: better cleanup ac.c instead of this */
-+#define DBG_RAW         LELEM(0)
-+#define DBG_PRIVATE     LELEM(20)
- #endif
- 
- /* State of exchanges
--- a/package/openswan/openswan-2.4.9-003-spi.patch
+++ b/package/openswan/openswan-2.4.9-003-spi.patch
@ -1,12 +0,0 @@
--- openswan-2.4.7.orig/programs/spi/spi.c	2006-02-15 05:36:36.000000000 +0100
-+++ openswan-2.4.7/programs/spi/spi.c	2006-11-28 15:52:41.000000000 +0100
-@@ -538,7 +538,9 @@ main(int argc, char *argv[])
- 		case 'g':
- 			debug = 1;
- 			pfkey_lib_debug = PF_KEY_DEBUG_PARSE_MAX;
-+#if !defined(NO_DEBUG)
- 			cur_debugging = 0xffffffff;
-+#endif
- 			argcount--;
- 			break;
- 
--- a/package/openswan/openswan-2.4.9-004-alloc.patch
+++ b/package/openswan/openswan-2.4.9-004-alloc.patch
@ -1,12 +0,0 @@
--- openswan-2.4.7.orig/lib/libopenswan/alloc.c	2004-10-17 01:42:13.000000000 +0200
-+++ openswan-2.4.7/lib/libopenswan/alloc.c	2006-11-28 16:06:27.000000000 +0100
-@@ -26,7 +26,9 @@
- #include "constants.h"
- #include "oswlog.h"
- 
-+#if !defined(NO_DEBUG)
- #define LEAK_DETECTIVE
-+#endif
- #include "oswalloc.h"
- 
- const chunk_t empty_chunk = { NULL, 0 };
--- a/package/openswan/openswan-2.4.9-005-pluto.patch
+++ b/package/openswan/openswan-2.4.9-005-pluto.patch
@ -1,148 +0,0 @@
-diff -urp openswan-2.4.7.orig/programs/pluto/connections.c openswan-2.4.7/programs/pluto/connections.c
--- openswan-2.4.7.orig/programs/pluto/connections.c	2006-09-04 19:00:01.000000000 +0200
-+++ openswan-2.4.7/programs/pluto/connections.c	2006-11-28 16:53:33.000000000 +0100
-@@ -2084,10 +2084,10 @@ initiate_connection(const char *name, in
-     if (c != NULL)
-     {
- 	set_cur_connection(c);
-
-+#ifdef DEBUG
- 	/* turn on any extra debugging asked for */
- 	c->extra_debugging |= moredebug;
-
-+#endif
- 	if (!oriented(*c))
- 	{
- 	    loglog(RC_ORIENT, "We cannot identify ourselves with either end of this connection.");
-@@ -2577,6 +2577,7 @@ initiate_opportunistic_body(struct find_
-     ourport = ntohs(portof(&b->our_client));
-     hisport = ntohs(portof(&b->peer_client));
- 
-+#ifdef DEBUG
-     snprintf(demandbuf, 256, "initiate on demand from %s:%d to %s:%d proto=%d state: %s because: %s"
- 	     , ours, ourport, his, hisport, b->transport_proto
- 	     , oppo_step_name[b->step], b->want);
-@@ -2588,7 +2589,7 @@ initiate_opportunistic_body(struct find_
- 	whack_log(RC_COMMENT, "%s", demandbuf);
- 	loggedit = TRUE;
-     }
-
-+#endif
-     if (isanyaddr(&b->our_client) || isanyaddr(&b->peer_client))
-     {
- 	cannot_oppo(NULL, b, "impossible IP address");
-@@ -4465,6 +4467,7 @@ show_connections_status(void)
- 		      , c->dpd_delay, c->dpd_timeout);
- 	}
- 
-+#ifdef DEBUG
- 	if(c->extra_debugging) {
- 	    whack_log(RC_COMMENT, "\"%s\"%s:   debug: %s"
- 		      , c->name
-@@ -4472,6 +4475,7 @@ show_connections_status(void)
- 		      , bitnamesof(debug_bit_names
- 				   , c->extra_debugging));
- 	}
-+#endif
- 
- 	whack_log(RC_COMMENT
- 	    , "\"%s\"%s:   newest ISAKMP SA: #%ld; newest IPsec SA: #%ld; "
-diff -urp openswan-2.4.7.orig/programs/pluto/demux.c openswan-2.4.7/programs/pluto/demux.c
--- openswan-2.4.7.orig/programs/pluto/demux.c	2005-10-06 02:57:26.000000000 +0200
-+++ openswan-2.4.7/programs/pluto/demux.c	2006-11-28 17:04:27.000000000 +0100
-@@ -1009,7 +1009,9 @@ send_packet(struct state *st, const char
- 		      , len, 0
- 		      , sockaddrof(&st->st_remoteaddr)
- 		      , sockaddrlenof(&st->st_remoteaddr));
-+#ifdef DEBUG
-     }
-+#endif
- 
- 	
- #endif
-diff -urp openswan-2.4.7.orig/programs/pluto/log.c openswan-2.4.7/programs/pluto/log.c
--- openswan-2.4.7.orig/programs/pluto/log.c	2005-07-18 21:40:15.000000000 +0200
-+++ openswan-2.4.7/programs/pluto/log.c	2006-11-28 16:56:53.000000000 +0100
-@@ -424,6 +424,7 @@ openswan_log(const char *message, ...)
-     whack_log(RC_LOG, "~%s", m);
- }
- 
-+#if !defined(NO_DEBUG)
- void
- loglog(int mess_no, const char *message, ...)
- {
-@@ -443,6 +444,7 @@ loglog(int mess_no, const char *message,
- 
-     whack_log(mess_no, "~%s", m);
- }
-+#endif
- 
- void
- log_errno_routine(int e, const char *message, ...)
-diff -urp openswan-2.4.7.orig/programs/pluto/log.h openswan-2.4.7/programs/pluto/log.h
--- openswan-2.4.7.orig/programs/pluto/log.h	2004-10-21 21:13:37.000000000 +0200
-+++ openswan-2.4.7/programs/pluto/log.h	2006-11-28 16:13:26.000000000 +0100
-@@ -151,10 +151,12 @@ extern void exit_log_errno_routine(int e
- 
- extern void whack_log(int mess_no, const char *message, ...) PRINTF_LIKE(2);
- 
-+#if !defined(NO_DEBUG)
- /* Log to both main log and whack log
-  * Much like log, actually, except for specifying mess_no.
-  */
- extern void loglog(int mess_no, const char *message, ...) PRINTF_LIKE(2);
-+#endif
- 
- /* show status, usually on whack log */
- extern void show_status(void);
-diff -urp openswan-2.4.7.orig/programs/pluto/pluto_crypt.c openswan-2.4.7/programs/pluto/pluto_crypt.c
--- openswan-2.4.7.orig/programs/pluto/pluto_crypt.c	2005-07-13 04:14:08.000000000 +0200
-+++ openswan-2.4.7/programs/pluto/pluto_crypt.c	2006-11-28 17:25:43.000000000 +0100
-@@ -658,7 +658,9 @@ static void init_crypto_helper(struct pl
- 	pluto_init_log();
- 	init_rnd_pool();
- 	free_preshared_secrets();
-+#if !defined(NO_DEBUG)
- 	openswan_passert_fail = helper_passert_fail;
-+#endif
- 	debug_prefix='!';
- 
- 	pluto_crypto_helper(fds[1], n);
-diff -urp openswan-2.4.7.orig/programs/pluto/plutomain.c openswan-2.4.7/programs/pluto/plutomain.c
--- openswan-2.4.7.orig/programs/pluto/plutomain.c	2006-10-27 05:00:30.000000000 +0200
-+++ openswan-2.4.7/programs/pluto/plutomain.c	2006-11-28 17:00:56.000000000 +0100
-@@ -85,9 +85,9 @@
- 
- const char *ipsec_dir = IPSECDIR;
- const char *ctlbase = "/var/run/pluto";
-
-+#if !defined(NO_DEBUG)
- openswan_passert_fail_t openswan_passert_fail = passert_fail;
-
-+#endif
- /** usage - print help messages
-  *
-  * @param mess String - alternate message to print
-@@ -282,7 +282,9 @@ main(int argc, char **argv)
- 
-     global_argv = argv;
-     global_argc = argc;
-+#if !defined(NO_DEBUG)
-     openswan_passert_fail = passert_fail;
-+#endif
- 
-     /* see if there is an environment variable */
-     coredir = getenv("PLUTO_CORE_DIR");
-@@ -564,10 +566,12 @@ main(int argc, char **argv)
- 	case '4':	/* --disable_port_floating */
- 	    nat_t_spf = FALSE;
- 	    continue;
-+#ifdef DEBUG
- 	case '5':	/* --debug-nat_t */
- 	    base_debugging |= DBG_NATT;
- 	    continue;
- #endif
-+#endif
- #ifdef VIRTUAL_IP
- 	case '6':	/* --virtual_private */
- 	    virtual_private = optarg;
--- a/package/openswan/openswan-2.4.9-006-linux-include.patch
+++ b/package/openswan/openswan-2.4.9-006-linux-include.patch
@ -1,12 +0,0 @@
-diff -urp openswan-2.4.7.orig/linux/include/openswan/passert.h openswan-2.4.7/linux/include/openswan/passert.h
--- openswan-2.4.7.orig/linux/include/openswan/passert.h	2004-10-21 20:44:42.000000000 +0200
-+++ openswan-2.4.7/linux/include/openswan/passert.h	2006-11-28 17:50:03.000000000 +0100
-@@ -69,7 +69,7 @@ extern void switch_fail(int n
- # define bad_case(n) abort()
- # define passert(pred)  { }	/* do nothing */
- # define happy(x)  { (void) x; }	/* evaluate non-judgementally */
-
-+# define pexpect(x) do { } while(0)
- #endif /*!DEBUG*/
- 
- #endif /* _OPENSWAN_PASSERT_H */
--- a/package/openswan/openswan-2.4.9-010-susv3-legacy.patch
+++ b/package/openswan/openswan-2.4.9-010-susv3-legacy.patch
@ -1,22 +0,0 @@
--- openswan-2.4.7.oorig/lib/libopenswan/alg_info.c	2006-10-06 18:47:38.000000000 +0200
-+++ openswan-2.4.7/lib/libopenswan/alg_info.c	2006-12-14 14:27:29.000000000 +0100
-@@ -649,7 +649,7 @@ alg_info_esp_create_from_str (const char
- 
-     if (!alg_info_esp) goto out;
- 
-    pfs_name=index (alg_str, ';');
-+    pfs_name=strchr (alg_str, ';');
- 
-     if (pfs_name) {
- 	memcpy(esp_buf, alg_str, pfs_name-alg_str);
--- openswan-2.4.7.oorig/programs/ikeping/ikeping.c	2005-07-08 04:56:38.000000000 +0200
-+++ openswan-2.4.7/programs/ikeping/ikeping.c	2006-12-14 14:31:36.000000000 +0100
-@@ -315,7 +315,7 @@ main(int argc, char **argv)
-   natt=0;
-   listen_only=0;
-   noDNS=0;
-  bzero(&laddr, sizeof(laddr));
-+  memset(&laddr, 0, sizeof(laddr));
- 
-   while((c = getopt_long(argc, argv, "hVnvsp:b:46E:w:", long_opts, 0))!=EOF) {
-       switch (c) {
--- a/package/openswan/openswan.mk
+++ b/package/openswan/openswan.mk
@ -1,66 +0,0 @@
-#############################################################
-#
-# openswan
-#
-# NOTE: Uses start-stop-daemon in init script, so be sure
-# to enable that within busybox
-#
-#############################################################
-OPENSWAN_VERSION:=2.4.9
-OPENSWAN_SOURCE:=openswan-$(OPENSWAN_VERSION).tar.gz
-OPENSWAN_SITE:=http://www.openswan.org/download/old/
-OPENSWAN_DIR:=$(BUILD_DIR)/openswan-$(OPENSWAN_VERSION)
-OPENSWAN_CAT:=$(ZCAT)
-OPENSWAN_BINARY:=programs/pluto/pluto
-OPENSWAN_TARGET_BINARY:=usr/sbin/ipsec
-
-ifneq ($(BR2_PACKAGE_OPENSWAN_DEBUGGING),y)
-OPENSWAN_CFLAGS=-UDEBUG -DNO_DEBUG -ULEAK_DETECTIVE
-endif
-
-$(DL_DIR)/$(OPENSWAN_SOURCE):
-	 $(call DOWNLOAD,$(OPENSWAN_SITE),$(OPENSWAN_SOURCE))
-
-openswan-source: $(DL_DIR)/$(OPENSWAN_SOURCE)
-
-$(OPENSWAN_DIR)/.unpacked: $(DL_DIR)/$(OPENSWAN_SOURCE)
-	$(OPENSWAN_CAT) $(DL_DIR)/$(OPENSWAN_SOURCE) | tar -C $(BUILD_DIR) $(TAR_OPTIONS) -
-	toolchain/patch-kernel.sh $(OPENSWAN_DIR) package/openswan/ openswan\*.patch
-	touch $(OPENSWAN_DIR)/.unpacked
-
-$(OPENSWAN_DIR)/$(OPENSWAN_BINARY): $(OPENSWAN_DIR)/.unpacked
-	@echo "using kernel $(LINUX_KERNEL)"
-	$(TARGET_CONFIGURE_OPTS) \
-	$(MAKE) -C $(OPENSWAN_DIR) \
-		CC="$(TARGET_CC)" LD="$(TARGET_LD)" \
-		LDFLAGS="$(TARGET_LDFLAGS) $(BR2_SYSROOT)" \
-		LD_LIBRARY_PATH= \
-		KERNELSRC=$(LINUX_DIR) DESTDIR=$(TARGET_DIR) INC_USRLOCAL=/usr \
-		USERCOMPILE="$(OPENSWAN_CFLAGS) $(TARGET_CFLAGS) $(BR2_ISYSROOT) -I$(TARGET_DIR)/usr/include" programs
-
-$(TARGET_DIR)/$(OPENSWAN_TARGET_BINARY): $(OPENSWAN_DIR)/$(OPENSWAN_BINARY)
-	$(TARGET_CONFIGURE_OPTS) \
-	$(MAKE) -C $(OPENSWAN_DIR) \
-		CC=$(TARGET_CC) LD=$(TARGET_LD) \
-		KERNELSRC=$(LINUX_DIR) DESTDIR=$(TARGET_DIR) INC_USRLOCAL=/usr \
-		USERCOMPILE="$(OPENSWAN_CFLAGS) $(TARGET_CFLAGS) -I$(TARGET_DIR)/usr/include" install
-	rm -rf $(TARGET_DIR)/share/locale $(TARGET_DIR)/usr/info \
-		$(TARGET_DIR)/usr/man $(TARGET_DIR)/usr/share/doc
-
-openswan: libgmp kernel-headers $(TARGET_DIR)/$(OPENSWAN_TARGET_BINARY)
-
-openswan-clean:
-	$(MAKE) DESTDIR=$(TARGET_DIR) -C $(OPENSWAN_DIR) uninstall
-	-$(MAKE) -C $(OPENSWAN_DIR) clean
-
-openswan-dirclean:
-	rm -rf $(OPENSWAN_DIR)
-
-#############################################################
-#
-# Toplevel Makefile options
-#
-#############################################################
-ifeq ($(BR2_PACKAGE_OPENSWAN),y)
-TARGETS+=openswan
-endif