5 files changed, 28 insertions, 242 deletions

diff --git a/programs/Makefile b/programs/Makefile
index 6ef59a88e..4e3ec6b10 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -17,20 +17,7 @@
 FREESWANSRCDIR=..
 include ${FREESWANSRCDIR}/Makefile.inc
 
-SUBDIRS=spi eroute spigrp tncfg klipsdebug pf_key proc pluto 
-SUBDIRS+=_confread _copyright _include _keycensor _plutoload _plutorun
-SUBDIRS+=_realsetup _secretcensor _startklips _updown _updown_espmark
-SUBDIRS+=auto barf ipsec look manual ranbits secrets starter
-SUBDIRS+=rsasigkey send-pr setup showdefaults showhostkey calcgoo mailkey
-SUBDIRS+=ikeping examples openac scepclient
-
-ifeq ($(USE_LWRES),true)
-SUBDIRS+=lwdnsq
-endif
-
-ifeq ($(USE_IPSECPOLICY),true)
-SUBDIRS+=showpolicy
-endif
+SUBDIRS=pluto _copyright _updown _updown_espmark ipsec starter openac scepclient
 
 ifeq ($(USE_IKEV2),true)
 SUBDIRS+=charon
diff --git a/programs/starter/Makefile b/programs/starter/Makefile
index 9d531d3c6..0aeceb60f 100644
--- a/programs/starter/Makefile
+++ b/programs/starter/Makefile
@@ -48,7 +48,7 @@ LDFLAGS=
 PLUTO_OBJS=defs.o
 
 OBJS=starter.o parser.tab.o lex.yy.o keywords.o args.o invokepluto.o \
-     starterwhack.o klips.o netkey.o interfaces.o exec.o cmp.o confread.o \
+     starterwhack.o netkey.o interfaces.o exec.o cmp.o confread.o \
      loglite.o ${PLUTO_OBJS}
 
 # Build charon-only objs
@@ -57,7 +57,7 @@ ifeq ($(USE_IKEV2),true)
 endif
 
 DISTSRC=$(OBJS:.o=.c)
-DISTSRC+=cmp.h confread.h confwrite.h exec.h files.h interfaces.h klips.h netkey.h
+DISTSRC+=cmp.h confread.h confwrite.h exec.h files.h interfaces.h netkey.h
 DISTSRC+=parser.h args.h invokepluto.h starterwhack.h keywords.h keywords.txt
 
 LIBS=$(FREESWANLIB)
@@ -104,18 +104,19 @@ gatherdeps:
 
 # Dependencies generated by "make gatherdeps":
 
-args.o: args.c
+aargs.o: args.c
 cmp.o: cmp.c
 confread.o: confread.c
 exec.o: exec.c
 interfaces.o: interfaces.c
+invokecharon.o: invokecharon.c
 invokepluto.o: invokepluto.c
 keywords.o: keywords.c
-klips.o: klips.c
 lex.yy.o: lex.yy.c
 netkey.o: netkey.c
 parser.tab.o: parser.tab.c
 starter.o: starter.c
+starterstroke.o: starterstroke.c
 starterwhack.o: starterwhack.c
 
 args.o: ../pluto/constants.h
@@ -149,6 +150,12 @@ interfaces.o: ../pluto/log.h
 interfaces.o: interfaces.h
 interfaces.o: exec.h
 interfaces.o: files.h
+invokecharon.o: ../pluto/constants.h
+invokecharon.o: ../pluto/defs.h
+invokecharon.o: ../pluto/log.h
+invokecharon.o: confread.h
+invokecharon.o: invokecharon.h
+invokecharon.o: files.h
 invokepluto.o: ../pluto/constants.h
 invokepluto.o: ../pluto/defs.h
 invokepluto.o: ../pluto/log.h
@@ -157,13 +164,6 @@ invokepluto.o: invokepluto.h
 invokepluto.o: files.h
 invokepluto.o: starterwhack.h
 keywords.o: keywords.h
-klips.o: ../pluto/constants.h
-klips.o: ../pluto/defs.h
-klips.o: ../pluto/log.h
-klips.o: confread.h
-klips.o: klips.h
-klips.o: files.h
-klips.o: exec.h
 lex.yy.o: parser.tab.h
 netkey.o: ../pluto/constants.h
 netkey.o: ../pluto/defs.h
@@ -171,6 +171,7 @@ netkey.o: ../pluto/log.h
 netkey.o: files.h
 parser.tab.o: ../pluto/constants.h
 parser.tab.o: ../pluto/defs.h
+parser.tab.o: ../pluto/log.h
 parser.tab.o: parser.h
 starter.o: ../pluto/constants.h
 starter.o: ../pluto/defs.h
@@ -179,10 +180,17 @@ starter.o: confread.h
 starter.o: files.h
 starter.o: starterwhack.h
 starter.o: invokepluto.h
-starter.o: klips.h
+starter.o: invokecharon.h
 starter.o: netkey.h
 starter.o: cmp.h
 starter.o: interfaces.h
+starterstroke.o: ../pluto/constants.h
+starterstroke.o: ../pluto/defs.h
+starterstroke.o: ../pluto/log.h
+starterstroke.o: ../charon/stroke/stroke.h
+starterstroke.o: starterstroke.h
+starterstroke.o: confread.h
+starterstroke.o: files.h
 starterwhack.o: ../pluto/constants.h
 starterwhack.o: ../pluto/defs.h
 starterwhack.o: ../pluto/log.h
diff --git a/programs/starter/klips.c b/programs/starter/klips.c
deleted file mode 100644
index 5595eb6eb..000000000
--- a/programs/starter/klips.c
+++ /dev/null
@@ -1,134 +0,0 @@
-/* strongSwan KLIPS starter
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: klips.c,v 1.8 2006/02/15 18:33:57 as Exp $
- */
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <freeswan.h>
-
-#include "../pluto/constants.h"
-#include "../pluto/defs.h"
-#include "../pluto/log.h"
-
-#include "confread.h"
-#include "klips.h"
-#include "files.h"
-#include "exec.h"
-
-static int _klips_module_loaded = 0;
-
-bool
-starter_klips_init(void)
-{
-    struct stat stb;
-
-    if (stat(PROC_IPSECVERSION, &stb) != 0)
-    {
-	if (stat(PROC_MODULES, &stb) == 0)
-	{
-	    unsetenv("MODPATH");
-	    unsetenv("MODULECONF");
-	    system("depmod -a >/dev/null 2>&1");
-	    system("modprobe -qv ipsec");
-	}
-	if (stat(PROC_IPSECVERSION, &stb) == 0)
-	{
-	    _klips_module_loaded = 1;
-	}
-	else
-	{
-	    DBG(DBG_CONTROL,
-		DBG_log("kernel appears to lack KLIPS")
-	    )
-	    return FALSE;
-	}
-    }
-
-    /* make sure that all available crypto algorithms are loaded */
-    if (stat(PROC_MODULES, &stb) == 0)
-    {
-	system("modprobe -qv ipsec_aes");
-	system("modprobe -qv ipsec_serpent");
-	system("modprobe -qv ipsec_twofish");
-	system("modprobe -qv ipsec_blowfish");
-	system("modprobe -qv ipsec_sha2");
-    }
-
-    starter_klips_clear();
-
-    DBG(DBG_CONTROL,
-	DBG_log("Found KLIPS IPsec stack")
-    )
-    return TRUE;
-}
-
-static void
-_sysflags (char *name, int value)
-{
-    int res = starter_exec("echo %d >%s/%s 2>/dev/null"
-			, value? 1 : 0, PROC_SYSFLAGS, name);
-
-    if (res)
-	plog("can't set sysflag %s to %d", name, value? 1 : 0);
-}
-
-void
-starter_klips_set_config(starter_config_t *cfg)
-{
-    char **l;
-
-    _sysflags("icmp", cfg->setup.fragicmp);
-    _sysflags("inbound_policy_check", 1);
-    /* _sysflags("no_eroute_pass", 0); */
-    /* _sysflags("opportunistic", 0);  */
-    _sysflags("tos", cfg->setup.hidetos);
-
-    starter_exec("%s/klipsdebug --none", IPSEC_EXECDIR);
-    for (l = cfg->setup.klipsdebug; l && *l; l++)
-    {
-	if ((streq(*l, "none")) || (streq(*l, "all")))
-	    starter_exec("%s/klipsdebug --%s", IPSEC_EXECDIR, *l);
-	else
-	    starter_exec("%s/klipsdebug --set %s", IPSEC_EXECDIR, *l);
-    }
-
-    starter_exec("%s/eroute --del --eraf inet --src 0/0 --dst 0/0 2>/dev/null"
-		, IPSEC_EXECDIR);
-    starter_exec("%s/eroute --label packetdefault --replace --eraf inet "
-		 "--src 0/0 --dst 0/0 --said %%%s", IPSEC_EXECDIR
-		, cfg->setup.packetdefault ? cfg->setup.packetdefault : "drop");
-}
-
-void
-starter_klips_clear(void)
-{
-    system(IPSEC_EXECDIR"/eroute --clear");
-    system(IPSEC_EXECDIR"/spi --clear");
-    system(IPSEC_EXECDIR"/klipsdebug --none");
-}
-
-void
-starter_klips_cleanup(void)
-{
-    starter_klips_clear();
-    if (_klips_module_loaded)
-    {
-	system("rmmod ipsec");
-	_klips_module_loaded = 0;
-    }
-}
diff --git a/programs/starter/klips.h b/programs/starter/klips.h
deleted file mode 100644
index d07c6cca4..000000000
--- a/programs/starter/klips.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/* strongSwan klips initialization and cleanup 
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: klips.h,v 1.2 2005/12/30 19:03:56 as Exp $
- */
-
-#ifndef _STARTER_KLIPS_H_
-#define _STARTER_KLIPS_H_
-
-extern bool starter_klips_init (void);
-extern void starter_klips_set_config (struct starter_config *);
-extern void starter_klips_cleanup (void);
-extern void starter_klips_clear (void);
-
-#endif /* _STARTER_KLIPS_H_ */
-
diff --git a/programs/starter/starter.c b/programs/starter/starter.c
index 42c98574a..4b4e23fb3 100644
--- a/programs/starter/starter.c
+++ b/programs/starter/starter.c
@@ -38,7 +38,6 @@
 #include "starterwhack.h"
 #include "invokepluto.h"
 #include "invokecharon.h"
-#include "klips.h"
 #include "netkey.h"
 #include "cmp.h"
 #include "interfaces.h"
@@ -158,7 +157,6 @@ int main (int argc, char **argv)
     struct timeval tv;
     unsigned long auto_update = 0;
     time_t last_reload;
-    bool has_netkey;
     bool no_fork = FALSE;
 
     /* global variables defined in log.h */
@@ -257,22 +255,10 @@ int main (int argc, char **argv)
     }
 
     /* determine if we have a native netkey IPsec stack */
-    has_netkey = starter_netkey_init();
-
-    if (!has_netkey)
+    if (!starter_netkey_init())
     {
-	/* determine if we have a KLIPS IPsec stack instead */
-	if (starter_klips_init())
-	{
-	    starter_klips_set_config(cfg);
-	    starter_ifaces_init();
-	    starter_ifaces_clear();
-	}
-	else
-	{
-	    plog("neither netkey nor KLIPS IPSec stack detected");
-	    exit(1);
-	}
+	plog("nor netkey IPSec stack detected");
+	exit(1);
     }
 
     last_reload = time(NULL);
@@ -322,14 +308,6 @@ int main (int argc, char **argv)
 	}
     }
 
-    if (!has_netkey)
-    {
-	starter_ifaces_load(cfg->setup.interfaces
-		      , cfg->setup.overridemtu
-		      , cfg->setup.nat_traversal
-		      , &cfg->defaultroute);
-    }
-
     for (;;)
     {
 	/*
@@ -343,13 +321,7 @@ int main (int argc, char **argv)
 		if (starter_charon_pid())
 		starter_stop_charon();
 #endif IKEV2
-	    if (has_netkey)
-		starter_netkey_cleanup();
-	    else
-	    {
-	        starter_ifaces_clear();
-		starter_klips_cleanup();
-	    }
+	    starter_netkey_cleanup();
 	    confread_free(cfg);
 	    unlink(MY_PID_FILE);
 	    unlink(INFO_FILE);
@@ -405,29 +377,10 @@ int main (int argc, char **argv)
 	    if (new_cfg)
 	    {
 		/* Switch to new config. New conn will be loaded below */
-		if (has_netkey)
-		{
-		    if (!starter_cmp_defaultroute(&new_cfg->defaultroute
-						, &cfg->defaultroute))
-		    {
-			_action_ |= FLAG_ACTION_LISTEN;
-		    }
-		}
-		else
+		if (!starter_cmp_defaultroute(&new_cfg->defaultroute
+		    , &cfg->defaultroute))
 		{
-		    if (!starter_cmp_klips(cfg, new_cfg))
-		    {
-			plog("KLIPS has changed");
-			starter_klips_set_config(new_cfg);
-		    }
-
-		    if (starter_ifaces_load(new_cfg->setup.interfaces
-					  , new_cfg->setup.overridemtu
-				          , new_cfg->setup.nat_traversal
-				          , &new_cfg->defaultroute))
-		    {
-			_action_ |= FLAG_ACTION_LISTEN;
-		    }
+		    _action_ |= FLAG_ACTION_LISTEN;
 		}
 
 		if (!starter_cmp_pluto(cfg, new_cfg)) 
@@ -517,8 +470,6 @@ int main (int argc, char **argv)
 		DBG(DBG_CONTROL,
 		    DBG_log("Attempting to start pluto...")
 		)
-		if (!has_netkey)
-		    starter_klips_clear();
 
 		if (starter_start_pluto(cfg, no_fork) == 0)
 		{