update openswan, try to use both IPsec implementations

package/openswan/Config.in

@@ -8,3 +8,23 @@ config ADK_PACKAGE_OPENSWAN
 	  Openswan is an implementation of IPsec for Linux.
 	  
 	  http://www.openswan.org/
+
+choice
+prompt "IPSec stack to use"
+depends ADK_PACKAGE_OPENSWAN
+config ADK_COMPILE_OPENSWAN_WITH_NETKEY
+	prompt "NETKEY - use Linux integrated IPSec Stack"
+	select ADK_KPACKAGE_KMOD_NET_KEY
+	select ADK_KPACKAGE_KMOD_INET_XFRM_MODE_TUNNEL
+	select ADK_KPACKAGE_KMOD_INET_XFRM_MODE_TRANSPORT
+	select ADK_KPACKAGE_KMOD_INET_ESP
+	select ADK_KPACKAGE_KMOD_INET_AH
+	bool
+	help
+
+config ADK_COMPILE_OPENSWAN_WITH_KLIPS
+	prompt "KLIPS - use OpenS/WAN IPSec Stack"
+	bool
+	help
+
+endchoice

package/openswan/Makefile

@@ -4,9 +4,9 @@
 include ${TOPDIR}/rules.mk
 
 PKG_NAME:=		openswan
-PKG_VERSION:=		2.6.21
+PKG_VERSION:=		2.6.22
 PKG_RELEASE:=		1
-PKG_MD5SUM:=		ba9da6c90e0f5fe856767d7510ce371f
+PKG_MD5SUM:=		9a30009bade8a1b09fba27680c87cf72
 PKG_DESCR:=		IPSec software
 PKG_SECTION:=		net
 PKG_DEPENDS:=		ip libgmp
@@ -18,42 +18,36 @@ include ${TOPDIR}/mk/package.mk
 
 $(eval $(call PKG_template,OPENSWAN,${PKG_NAME},${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
 
-FLAGS:=			${TCFLAGS} ${TCPPFLAGS} ${TLDFLAGS}
-
-do-build:
-	${MAKE} -C ${WRKBUILD} \
-		${TARGET_CONFIGURE_OPTS} \
-		KERNELSRC="${LINUX_DIR}" \
-		ARCH="${ARCH}" \
-		USERCOMPILE="${FLAGS}" \
-		EXTRA_INCLUDE="${TCPPFLAGS}" \
-		EXTRA_LIBS="${TLDFLAGS}" \
-		IPSECDIR="/usr/lib/ipsec" \
-		INC_USRLOCAL="/usr" \
-		MODPROBE="insmod" \
-		OSDEP="linux" \
-		BUILDENV="linux" \
-		programs
-
-do-install:
-	${MAKE} -C ${WRKBUILD} \
-		${TARGET_CONFIGURE_OPTS} \
-		DESTDIR="${IDIR_OPENSWAN}" \
-		KERNELSRC="${LINUX_DIR}" \
-		ARCH="${ARCH}" \
-		USERCOMPILE="${FLAGS}" \
-		IPSECDIR="/usr/lib/ipsec" \
-		INC_USRLOCAL="/usr" \
-		MODPROBE="insmod" \
-		OSDEP="linux" \
-		BUILDENV="linux" \
-		install
-	rm -rf ${IDIR_OPENSWAN}/usr/share
-	rm -rf ${IDIR_OPENSWAN}/usr/man
-	rm -rf ${IDIR_OPENSWAN}/var
-	mv ${IDIR_OPENSWAN}/etc/rc.d/init.d/ipsec \
+#ifeq ($(ADK_COMPILE_OPENSWAN_WITH_NETKEY),y)
+#XAKE_FLAGS+=		USE_KLIPS=false USE_NETKEY=true
+#endif
+
+#ifeq ($(ADK_COMPILE_OPENSWAN_WITH_KLIPS),y)
+#XAKE_FLAGS+=		USE_KLIPS=true USE_NETKEY=false
+#endif
+
+XAKE_FLAGS+=		KERNELSRC="${LINUX_DIR}" \
+			IPSECDIR="/usr/lib/ipsec" \
+			INC_USRLOCAL="/usr" \
+			MODPROBE="insmod" \
+			OSDEP="linux" \
+			BUILDENV="linux"
+
+BUILD_STYLE:=		auto
+INSTALL_STYLE:=		auto
+ALL_TARGET:=		programs
+
+post-install:
+	${INSTALL_DIR} ${IDIR_OPENSWAN}/usr/lib/ipsec
+	${INSTALL_DIR} ${IDIR_OPENSWAN}/usr/libexec/ipsec
+	${INSTALL_DIR} ${IDIR_OPENSWAN}/etc/ipsec.d 
+	${INSTALL_DIR} ${IDIR_OPENSWAN}/usr/sbin
+	${CP} ${WRKINST}/etc/ipsec.conf ${IDIR_OPENSWAN}/etc/
+	${CP} ${WRKINST}/etc/ipsec.d/* ${IDIR_OPENSWAN}/etc/ipsec.d
+	${CP} ${WRKINST}/usr/lib/ipsec/* ${IDIR_OPENSWAN}/usr/lib/ipsec
+	${CP} ${WRKINST}/usr/libexec/ipsec/* ${IDIR_OPENSWAN}/usr/libexec/ipsec
+	${INSTALL_BIN} ${WRKINST}/usr/sbin/ipsec ${IDIR_OPENSWAN}/usr/sbin
+	${INSTALL_BIN} ${WRKINST}/etc/rc.d/init.d/ipsec \
 		${IDIR_OPENSWAN}/usr/libexec/ipsec/setup
-	rm -rf ${IDIR_OPENSWAN}/etc/rc*.d
-	find ${IDIR_OPENSWAN} -name \*.old -print0 | xargs -0 rm -rf
 
 include ${TOPDIR}/mk/pkg-bottom.mk

package/openswan/patches/patch-Makefile_inc

@@ -1,5 +1,5 @@
---- openswan-2.6.21.orig/Makefile.inc	2009-03-30 15:11:28.000000000 +0200
-+++ openswan-2.6.21/Makefile.inc	2009-06-13 14:48:55.000000000 +0200
+--- openswan-2.6.22.orig/Makefile.inc	2009-06-23 04:53:08.000000000 +0200
++++ openswan-2.6.22/Makefile.inc	2009-07-23 20:09:34.556071786 +0200
 @@ -163,7 +163,7 @@ INSTALL=install
  # how backup names are composed.
  # Note that the install procedures will never overwrite an existing config
@@ -9,3 +9,18 @@
  INSTSUIDFLAGS=--mode=u+rxs,g+rx,o+rx --group=root -b --suffix=.old
  INSTMANFLAGS=
  INSTCONFFLAGS=
+@@ -262,12 +262,12 @@ RH_KERNELSRC?=/lib/modules/2.6.9-1.681_F
+ # Note you need a locally running bind9 nameserver with lwres{} enabled
+ # to use this, or have the "lwres" package installed and running.
+ # This only affects conns that use DNS for keys in lookups.
+-USE_LWRES?=false
++USE_LWRES?=true
+ 
+ # Do a new lookup every time a connection is (re)started. This works better
+ # on hosts with some dyndns service, since DPD will cause a new dns lookup,
+ # but it could be a potential security issue if receiving spoofed dns.
+-USE_DYNAMICDNS?=true
++USE_DYNAMICDNS?=false
+ 
+ # Do we want all the configuration files like ipsec.conf and ipsec.secrets
+ # and any certificates to be in a single directory defined by 

package/openswan/patches/patch-programs_Makefile_program

@@ -1,6 +1,6 @@
 $Id: update-patches 24 2008-08-31 14:56:13Z wbx $
---- openswan-2.6.21.orig/programs/Makefile.program	2009-03-30 15:11:28.000000000 +0200
-+++ openswan-2.6.21/programs/Makefile.program	2009-06-13 14:42:38.000000000 +0200
+--- openswan-2.6.22.orig/programs/Makefile.program	2009-06-23 04:53:08.000000000 +0200
++++ openswan-2.6.22/programs/Makefile.program	2009-07-23 19:46:18.635264333 +0200
 @@ -49,9 +49,9 @@ CFLAGS+=-DFINALCONFFILE=\"${FINALCONFFIL
  CFLAGS+=-DFINALVARDIR=\"${FINALVARDIR}\"
  
@@ -14,7 +14,7 @@ $Id: update-patches 24 2008-08-31 14:56:13Z wbx $
  
  CFLAGS+= ${WERROR}
  
-@@ -108,67 +108,67 @@ endif
+@@ -104,67 +104,67 @@ endif
  ifneq ($(NOINSTALL),true)
  
  doinstall:: $(PROGRAM) $(CONFFILES) $(EXTRA8MAN) $(EXTRA5MAN) $(EXTRA5PROC) $(LIBFILES) $(CONFDFILES)

package/openswan/patches/patch-programs_ikeping_ikeping_c

@@ -1,7 +1,7 @@
 $Id: update-patches 24 2008-08-31 14:56:13Z wbx $
---- openswan-2.6.18.orig/programs/ikeping/ikeping.c	2008-10-06 18:52:49.000000000 +0200
-+++ openswan-2.6.18/programs/ikeping/ikeping.c	2008-10-14 13:09:06.000000000 +0200
-@@ -316,7 +316,7 @@ main(int argc, char **argv)
+--- openswan-2.6.22.orig/programs/ikeping/ikeping.c	2009-06-23 04:53:08.000000000 +0200
++++ openswan-2.6.22/programs/ikeping/ikeping.c	2009-07-23 19:46:18.643265912 +0200
+@@ -319,7 +319,7 @@ main(int argc, char **argv)
    natt=0;
    listen_only=0;
    noDNS=0;

target/linux/config/Config.in.ipsec

@@ -0,0 +1,52 @@
+menu "IPSec support"
+
+config ADK_KPACKAGE_KMOD_NET_KEY
+	prompt "kmod-net-ipsec-netkey............. PF_KEYv2 socket family"
+	tristate
+	default n
+	help
+	  PF_KEYv2 socket family, compatible to KAME ones.
+
+config ADK_KPACKAGE_KMOD_INET_AH
+	prompt "kmod-net-ipsec-ah................. IPsec AH support"
+	tristate
+	default n
+	help
+	  Support for IPsec AH.
+
+config ADK_KPACKAGE_KMOD_INET_ESP
+	prompt "kmod-net-ipsec-esp................ IPsec ESP support"
+	tristate
+	default n
+	help
+	  Support for IPsec ESP.
+
+config ADK_KPACKAGE_KMOD_INET_IPCOMP
+	prompt "kmod-net-ipsec-comp................ IP Payload Compression"
+	tristate
+	default n
+	help
+	  Support for IP Payload Compression Protocol (IPComp) (RFC3173),
+	  typically needed for IPsec.
+
+config ADK_KPACKAGE_KMOD_INET_XFRM_MODE_TRANSPORT
+	prompt "kmod-net-ipsec-transport........... IPsec transport mode"
+	tristate
+	default n
+	help
+	  Support for IPsec transport mode.
+
+config ADK_KPACKAGE_KMOD_INET_XFRM_MODE_TUNNEL
+	prompt "kmod-net-ipsec-tunnel.............. IPsec tunnel mode"
+	tristate
+	default n
+	help
+	  Support for IPsec tunnel mode.
+
+config ADK_KPACKAGE_KMOD_INET_XFRM_MODE_BEET
+	prompt "kmod-net-ipsec-beet................ IPsec BEET mode"
+	tristate
+	default n
+	help
+	  Support for IPsec BEET mode.
+endmenu

target/linux/config/Config.in.network

@@ -234,6 +234,7 @@ config ADK_KPACKAGE_KMOD_BONDING
 	  information.
 
 source target/linux/config/Config.in.sched
+source target/linux/config/Config.in.ipsec
 
 endmenu