From bbeb7195f687042400f63cb12626275f1743cd20 Mon Sep 17 00:00:00 2001
From: RISCi_ATOM <bob@bobcall.me>
Date: Sat, 5 Oct 2024 17:27:04 -0400
Subject: [PATCH] xl2tpd : Add xl2tpd to base, pulled from upstream feed commit
 a111405eac397f4a48492e9d710cea3aeb9092c3

---
 package/network/services/xl2tpd/Makefile      |  88 +++++++++++++
 package/network/services/xl2tpd/README.md     |  45 +++++++
 package/network/services/xl2tpd/files/l2tp.sh | 121 ++++++++++++++++++
 .../services/xl2tpd/files/options.xl2tpd      |  20 +++
 .../services/xl2tpd/files/xl2tp-secrets       |   5 +
 .../network/services/xl2tpd/files/xl2tpd.conf |  23 ++++
 .../services/xl2tpd/files/xl2tpd.conf.sample  |  73 +++++++++++
 .../network/services/xl2tpd/files/xl2tpd.init |  24 ++++
 ...2tpd-control-fix-out-of-bound-access.patch |  24 ++++
 .../patches/0002-Skip-building-pfc.patch      |  59 +++++++++
 10 files changed, 482 insertions(+)
 create mode 100644 package/network/services/xl2tpd/Makefile
 create mode 100644 package/network/services/xl2tpd/README.md
 create mode 100644 package/network/services/xl2tpd/files/l2tp.sh
 create mode 100644 package/network/services/xl2tpd/files/options.xl2tpd
 create mode 100644 package/network/services/xl2tpd/files/xl2tp-secrets
 create mode 100644 package/network/services/xl2tpd/files/xl2tpd.conf
 create mode 100644 package/network/services/xl2tpd/files/xl2tpd.conf.sample
 create mode 100644 package/network/services/xl2tpd/files/xl2tpd.init
 create mode 100644 package/network/services/xl2tpd/patches/0001-xl2tpd-control-fix-out-of-bound-access.patch
 create mode 100644 package/network/services/xl2tpd/patches/0002-Skip-building-pfc.patch

diff --git a/package/network/services/xl2tpd/Makefile b/package/network/services/xl2tpd/Makefile
new file mode 100644
index 0000000000..8abf256992
--- /dev/null
+++ b/package/network/services/xl2tpd/Makefile
@@ -0,0 +1,88 @@
+#
+# Copyright (C) 2006-2015 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=xl2tpd
+PKG_VERSION:=1.3.18
+PKG_RELEASE:=1
+PKG_MAINTAINER:=Yousong Zhou <yszhou4tech@gmail.com>
+PKG_LICENSE:=GPL-2.0
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/xelerance/xl2tpd.git
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_VERSION:=v$(PKG_VERSION)
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_MIRROR_HASH:=f4faa15357063a2ac11e427adbcac6b51c755cc294f1a26fe4eb0c008840df31
+
+PKG_INSTALL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/xl2tpd
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=An L2TP (Layer 2 Tunneling Protocol) daemon
+  URL:=http://www.xelerance.com/software/xl2tpd/
+  SUBMENU:=VPN
+  DEPENDS:=+ppp-mod-pppol2tp +resolveip
+endef
+
+define Package/xl2tpd/description
+l2tpd is the open source implementation of the L2TP tunneling protocol (RFC2661).
+It does implement both LAC and LNS role in a L2TP networking architecture. The
+main goal of this protocol is to tunnel PPP frame trough an IP network.
+endef
+
+ifneq (0,0)
+  # debugging options from Makefile of xl2tpd package
+  EXTRA_CFLAGS += \
+	-DDEBUG_ZLB \
+	-DDEBUG_HELLO \
+	-DDEBUG_CLOSE \
+	-DDEBUG_FLOW \
+	-DDEBUG_FILE \
+	-DDEBUG_AAA \
+	-DDEBUG_PAYLOAD \
+	-DDEBUG_CONTROL \
+	-DDEBUG_PPPD \
+	-DDEBUG_HIDDEN \
+	-DDEBUG_ENTROPY \
+	-DDEBUG_CONTROL_XMIT \
+	-DDEBUG_MAGIC \
+	-DDEBUG_FLOW_MORE \
+	-DDEBUG_AUTH
+endif
+
+define Package/xl2tpd/conffiles
+/etc/xl2tpd/xl2tpd.conf
+/etc/xl2tpd/xl2tp-secrets
+/etc/ppp/options.xl2tpd
+endef
+
+define Package/xl2tpd/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/local/sbin/xl2tpd $(1)/usr/sbin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/local/sbin/xl2tpd-control $(1)/usr/sbin/
+
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/xl2tpd.init $(1)/etc/init.d/xl2tpd
+
+	$(INSTALL_DIR) $(1)/etc/xl2tpd
+	$(INSTALL_DATA) ./files/xl2tpd.conf $(1)/etc/xl2tpd/
+	$(INSTALL_CONF) ./files/xl2tp-secrets $(1)/etc/xl2tpd/
+
+	$(INSTALL_DIR) $(1)/etc/ppp
+	$(INSTALL_DATA) ./files/options.xl2tpd $(1)/etc/ppp/
+
+	$(INSTALL_DIR) $(1)/lib/netifd/proto
+	$(INSTALL_BIN) ./files/l2tp.sh $(1)/lib/netifd/proto
+endef
+
+$(eval $(call BuildPackage,xl2tpd))
diff --git a/package/network/services/xl2tpd/README.md b/package/network/services/xl2tpd/README.md
new file mode 100644
index 0000000000..f6beead6b2
--- /dev/null
+++ b/package/network/services/xl2tpd/README.md
@@ -0,0 +1,45 @@
+# OpenWrt Package for xl2tpd
+
+xl2tpd is a development from the original l2tpd package originally written by
+Mark Spencer, subsequently forked by Scott Balmos and David Stipp, inherited
+by Jeff McAdams, modified substantially by Jacco de Leeuw and then forked
+again by Xelerance (after it was abandoned by l2tpd.org).
+
+## Rationale for inclusion in OpenWrt
+
+l2tpd has some serious alignment problems on RISC platforms. It also runs
+purely in userspace.
+
+Some of the features added in this fork include:
+
+1. IPSec SA reference tracking inconjunction with openswan's IPSec transport
+   mode, which adds support for multiple clients behind the same NAT router
+   and multiple clients on the same internal IP behind different NAT routers.
+
+2. Support for the pppol2tp kernel mode L2TP.
+
+3. Alignment and endian problems resolved.
+
+hcg
+
+## UCI options
+
+`server` takes the form `host[:port]` with port defaults to `1701`.  It
+specifies the l2tp server's address.
+
+`checkup_interval` tells netifd to check after that many seconds since last
+setup attempt to see if the interface is up.  If not it should issue another
+teardown/setup round to retry the negotiation.  This option defaults to 0 and
+netifd will not do the check and retry.
+
+The following are generic ppp options and should have the same format and
+semantics as with other ppp-related protocols.  See
+[uci/network#protocol_ppp](https://openwrt.org/docs/guide-user/network/wan/wan_interface_protocols#protocol_ppp_ppp_over_modem)
+for details.
+
+	username
+	password
+	keepalive
+	ipv6
+	mtu
+	pppd_options
diff --git a/package/network/services/xl2tpd/files/l2tp.sh b/package/network/services/xl2tpd/files/l2tp.sh
new file mode 100644
index 0000000000..294c3ddecc
--- /dev/null
+++ b/package/network/services/xl2tpd/files/l2tp.sh
@@ -0,0 +1,121 @@
+#!/bin/sh
+
+[ -x /usr/sbin/xl2tpd ] || exit 0
+
+[ -n "$INCLUDE_ONLY" ] || {
+	. /lib/functions.sh
+	. ../netifd-proto.sh
+	init_proto "$@"
+}
+
+proto_l2tp_init_config() {
+	proto_config_add_string "username"
+	proto_config_add_string "password"
+	proto_config_add_string "keepalive"
+	proto_config_add_string "pppd_options"
+	proto_config_add_boolean "ipv6"
+	proto_config_add_int "mtu"
+	proto_config_add_int "checkup_interval"
+	proto_config_add_string "server"
+	available=1
+	no_device=1
+	no_proto_task=1
+	teardown_on_l3_link_down=1
+}
+
+proto_l2tp_setup() {
+	local interface="$1"
+	local optfile="/tmp/l2tp/options.${interface}"
+	local ip serv_addr server host
+
+	json_get_var server server
+	host="${server%:*}"
+	for ip in $(resolveip -t 5 "$host"); do
+		( proto_add_host_dependency "$interface" "$ip" )
+		serv_addr=1
+	done
+	[ -n "$serv_addr" ] || {
+		echo "Could not resolve server address" >&2
+		sleep 5
+		proto_setup_failed "$interface"
+		exit 1
+	}
+
+	# Start and wait for xl2tpd
+	if [ ! -p /var/run/xl2tpd/l2tp-control -o -z "$(pidof xl2tpd)" ]; then
+		/etc/init.d/xl2tpd restart
+
+		local wait_timeout=0
+		while [ ! -p /var/run/xl2tpd/l2tp-control ]; do
+			wait_timeout=$(($wait_timeout + 1))
+			[ "$wait_timeout" -gt 5 ] && {
+				echo "Cannot find xl2tpd control file." >&2
+				proto_setup_failed "$interface"
+				exit 1
+			}
+			sleep 1
+		done
+	fi
+
+	local ipv6 keepalive username password pppd_options mtu
+	json_get_vars ipv6 keepalive username password pppd_options mtu
+	[ "$ipv6" = 1 ] || ipv6=""
+
+	local interval="${keepalive##*[, ]}"
+	[ "$interval" != "$keepalive" ] || interval=5
+
+	keepalive="${keepalive:+lcp-echo-interval $interval lcp-echo-failure ${keepalive%%[, ]*}}"
+	username="${username:+user \"$username\" password \"$password\"}"
+	ipv6="${ipv6:++ipv6}"
+	mtu="${mtu:+mtu $mtu mru $mtu}"
+
+	mkdir -p /tmp/l2tp
+	cat <<EOF >"$optfile"
+usepeerdns
+nodefaultroute
+ipparam "$interface"
+ifname "l2tp-$interface"
+ip-up-script /lib/netifd/ppp-up
+ipv6-up-script /lib/netifd/ppp-up
+ip-down-script /lib/netifd/ppp-down
+ipv6-down-script /lib/netifd/ppp-down
+# Don't wait for LCP term responses; exit immediately when killed.
+lcp-max-terminate 0
+$keepalive
+$username
+$ipv6
+$mtu
+$pppd_options
+EOF
+
+	xl2tpd-control add-lac l2tp-${interface} pppoptfile=${optfile} lns=${server} || {
+		echo "xl2tpd-control: Add l2tp-$interface failed" >&2
+		proto_setup_failed "$interface"
+		exit 1
+	}
+	xl2tpd-control connect-lac l2tp-${interface} || {
+		echo "xl2tpd-control: Connect l2tp-$interface failed" >&2
+		proto_setup_failed "$interface"
+		exit 1
+	}
+}
+
+proto_l2tp_teardown() {
+	local interface="$1"
+	local optfile="/tmp/l2tp/options.${interface}"
+
+	rm -f ${optfile}
+	if [ -p /var/run/xl2tpd/l2tp-control ]; then
+		xl2tpd-control remove-lac l2tp-${interface} || {
+			echo "xl2tpd-control: Remove l2tp-$interface failed" >&2
+		}
+	fi
+	# Wait for interface to go down
+        while [ -d /sys/class/net/l2tp-${interface} ]; do
+		sleep 1
+	done
+}
+
+[ -n "$INCLUDE_ONLY" ] || {
+	add_protocol l2tp
+}
diff --git a/package/network/services/xl2tpd/files/options.xl2tpd b/package/network/services/xl2tpd/files/options.xl2tpd
new file mode 100644
index 0000000000..5ef0d94414
--- /dev/null
+++ b/package/network/services/xl2tpd/files/options.xl2tpd
@@ -0,0 +1,20 @@
+#
+noauth
+debug
+dump
+logfd 2
+logfile /var/log/xl2tpd.log
+noccp
+novj
+novjccomp
+nopcomp
+noaccomp
+mtu 1400
+mru 1400
+require-mschap-v2
+lcp-echo-interval 20
+lcp-echo-failure 5
+connect-delay 5000
+nodefaultroute
+noipdefault
+proxyarp
diff --git a/package/network/services/xl2tpd/files/xl2tp-secrets b/package/network/services/xl2tpd/files/xl2tp-secrets
new file mode 100644
index 0000000000..0fb513f6fb
--- /dev/null
+++ b/package/network/services/xl2tpd/files/xl2tp-secrets
@@ -0,0 +1,5 @@
+# Secrets for authenticating l2tp tunnels
+# us		them		secret
+# *		marko		blah2
+# zeus		marko		blah
+# *		*		interop
diff --git a/package/network/services/xl2tpd/files/xl2tpd.conf b/package/network/services/xl2tpd/files/xl2tpd.conf
new file mode 100644
index 0000000000..2423ff6454
--- /dev/null
+++ b/package/network/services/xl2tpd/files/xl2tpd.conf
@@ -0,0 +1,23 @@
+[global]
+port = 1701
+auth file = /etc/xl2tpd/xl2tp-secrets
+access control = no
+
+;[lns default]
+;exclusive = yes
+;ip range = 192.168.254.202-192.168.254.210
+;lac = 10.0.1.2
+;hidden bit = no
+;local ip = 192.168.254.200
+;length bit = yes
+;refuse authentication = yes
+;name = VersaLink
+;ppp debug = yes
+;pppoptfile = /etc/ppp/options.xl2tpd
+
+;[lac left]
+;lns = 10.0.1.2
+;refuse authentication = yes
+;name = VersaLink
+;ppp debug = yes
+;pppoptfile = /etc/ppp/options.xl2tpd
diff --git a/package/network/services/xl2tpd/files/xl2tpd.conf.sample b/package/network/services/xl2tpd/files/xl2tpd.conf.sample
new file mode 100644
index 0000000000..477afa5a69
--- /dev/null
+++ b/package/network/services/xl2tpd/files/xl2tpd.conf.sample
@@ -0,0 +1,73 @@
+;
+; Sample l2tpd configuration file
+;
+; This example file should give you some idea of how the options for l2tpd
+; should work.  The best place to look for a list of all options is in
+; the source code itself, until I have the time to write better documetation :)
+; Specifically, the file "file.c" contains a list of commands at the end.
+;
+; You most definitely don't have to spell out everything as it is done here
+;
+; [global]										; Global parameters:
+; port = 1701									; * Bind to port 1701
+; auth file = /etc/xl2tpd/xl2tp-secrets			; * Where our challenge secrets are
+; access control = yes							; * Refuse connections without IP match
+; rand source = dev								; Source for entropy for random
+; 												; numbers, options are:
+; 												; dev - reads of /dev/urandom
+; 												; sys - uses rand()
+; 												; egd - reads from egd socket
+; 												; egd is not yet implemented
+;
+; [lns default]									; Our fallthrough LNS definition
+; exclusive = no								; * Only permit one tunnel per host
+; ip range = 192.168.0.1-192.168.0.20			; * Allocate from this IP range
+; no ip range = 192.168.0.3-192.168.0.9			; * Except these hosts
+; ip range = 192.168.0.5						; * But this one is okay
+; ip range = lac1-lac2							; * And anything from lac1 to lac2's IP
+; lac = 192.168.1.4 - 192.168.1.8				; * These can connect as LAC's
+; no lac = untrusted.marko.net					; * This guy can't connect
+; hidden bit = no								; * Use hidden AVP's?
+; local ip = 192.168.1.2						; * Our local IP to use
+; length bit = yes								; * Use length bit in payload?
+; require chap = yes							; * Require CHAP auth. by peer
+; refuse pap = yes								; * Refuse PAP authentication
+; refuse chap = no								; * Refuse CHAP authentication
+; refuse authentication = no					; * Refuse authentication altogether
+; require authentication = yes					; * Require peer to authenticate
+; unix authentication = no						; * Use /etc/passwd for auth.
+; name = myhostname								; * Report this as our hostname
+; ppp debug = no								; * Turn on PPP debugging
+; pppoptfile = /etc/ppp/options.xl2tpd.lns		; * ppp options file
+; call rws = 10									; * RWS for call (-1 is valid)
+; tunnel rws = 4								; * RWS for tunnel (must be > 0)
+; flow bit = yes								; * Include sequence numbers
+; challenge = yes								; * Challenge authenticate peer ;
+;
+; [lac marko]									; Example VPN LAC definition
+; lns = lns.marko.net							; * Who is our LNS?
+; lns = lns2.marko.net							; * A backup LNS (not yet used)
+; redial = yes									; * Redial if disconnected?
+; redial timeout = 15							; * Wait n seconds between redials
+; max redials = 5								; * Give up after n consecutive failures
+; hidden bit = yes								; * User hidden AVP's?
+; local ip = 192.168.1.1						; * Force peer to use this IP for us
+; remote ip = 192.168.1.2						; * Force peer to use this as their IP
+; length bit = no								; * Use length bit in payload?
+; require pap = no								; * Require PAP auth. by peer
+; require chap = yes							; * Require CHAP auth. by peer
+; refuse pap = yes								; * Refuse PAP authentication
+; refuse chap = no								; * Refuse CHAP authentication
+; refuse authentication = no					; * Refuse authentication altogether
+; require authentication = yes					; * Require peer to authenticate
+; name = marko									; * Report this as our hostname
+; ppp debug = no								; * Turn on PPP debugging
+; pppoptfile = /etc/ppp/options.xl2tpd.marko	; * ppp options file for this lac
+; call rws = 10									; * RWS for call (-1 is valid)
+; tunnel rws = 4								; * RWS for tunnel (must be > 0)
+; flow bit = yes								; * Include sequence numbers
+; challenge = yes								; * Challenge authenticate peer
+;
+; [lac cisco]									; Another quick LAC
+; lns = cisco.marko.net							; * Required, but can take from default
+; require authentication = yes
diff --git a/package/network/services/xl2tpd/files/xl2tpd.init b/package/network/services/xl2tpd/files/xl2tpd.init
new file mode 100644
index 0000000000..7d2e9ea30c
--- /dev/null
+++ b/package/network/services/xl2tpd/files/xl2tpd.init
@@ -0,0 +1,24 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2006-2015 OpenWrt.org
+
+START=60
+USE_PROCD=1
+
+BIN=xl2tpd
+RUN_D="/var/run/xl2tpd"
+PID_F="/var/run/xl2tpd.pid"
+
+start_service() {
+	rm -rf "$RUN_D"
+	mkdir -p "$RUN_D"
+
+	procd_open_instance
+	procd_set_param command $BIN -D -l -p "$PID_F"
+	procd_set_param respawn
+	procd_close_instance
+}
+
+stop_service() {
+	rm -rf "$RUN_D"
+	rm -rf "$PID_F"
+}
diff --git a/package/network/services/xl2tpd/patches/0001-xl2tpd-control-fix-out-of-bound-access.patch b/package/network/services/xl2tpd/patches/0001-xl2tpd-control-fix-out-of-bound-access.patch
new file mode 100644
index 0000000000..0ee0376f2a
--- /dev/null
+++ b/package/network/services/xl2tpd/patches/0001-xl2tpd-control-fix-out-of-bound-access.patch
@@ -0,0 +1,24 @@
+From f94ffac18ddfe72b00ec849a34c71d6bc5bcb767 Mon Sep 17 00:00:00 2001
+From: Yousong Zhou <yszhou4tech@gmail.com>
+Date: Thu, 12 Nov 2020 14:31:23 +0800
+Subject: [PATCH] xl2tpd-control: fix out-of-bound access
+
+It can cause segfault when presented with unknown command name
+
+Fixes 90884c62 ("xl2tpd-control refactoring")
+---
+ xl2tpd-control.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/xl2tpd-control.c
++++ b/xl2tpd-control.c
+@@ -83,7 +83,8 @@ struct command_t commands[] = {
+     {"available",     &command_available,     TUNNEL_NOT_REQUIRED},
+     {"add-lns",       &command_add_lns,       TUNNEL_REQUIRED},
+     {"status-lns",    &command_status_lns,    TUNNEL_REQUIRED},
+-    {"remove-lns",    &command_remove_lns,    TUNNEL_REQUIRED}
++    {"remove-lns",    &command_remove_lns,    TUNNEL_REQUIRED},
++    {},
+ };
+ 
+ void usage()
diff --git a/package/network/services/xl2tpd/patches/0002-Skip-building-pfc.patch b/package/network/services/xl2tpd/patches/0002-Skip-building-pfc.patch
new file mode 100644
index 0000000000..4ec98f38a8
--- /dev/null
+++ b/package/network/services/xl2tpd/patches/0002-Skip-building-pfc.patch
@@ -0,0 +1,59 @@
+From f374c10c77d25863606566edcddaf02481f25032 Mon Sep 17 00:00:00 2001
+From: Yousong Zhou <zhouyousong@yunionyun.com>
+Date: Fri, 18 Oct 2019 11:29:03 +0000
+Subject: [PATCH] Skip building pfc
+
+It can cause build failure, see [1]
+
+ [1] https://github.com/openwrt/packages/issues/10270
+---
+ Makefile | 15 +++------------
+ 1 file changed, 3 insertions(+), 12 deletions(-)
+
+--- a/Makefile
++++ b/Makefile
+@@ -115,10 +115,10 @@ BINDIR?=$(DESTDIR)${PREFIX}/bin
+ MANDIR?=$(DESTDIR)${PREFIX}/share/man
+ 
+ 
+-all: $(EXEC) pfc $(CONTROL_EXEC)
++all: $(EXEC) $(CONTROL_EXEC)
+ 
+ clean:
+-	rm -f $(OBJS) $(EXEC) pfc.o pfc $(CONTROL_EXEC)
++	rm -f $(OBJS) $(EXEC) $(CONTROL_EXEC)
+ 
+ $(EXEC): $(OBJS) $(HDRS)
+ 	$(CC) $(LDFLAGS) -o $@ $(OBJS) $(LDLIBS)
+@@ -126,10 +126,6 @@ $(EXEC): $(OBJS) $(HDRS)
+ $(CONTROL_EXEC): $(CONTROL_SRCS)
+ 	$(CC) $(CFLAGS) $(LDFLAGS) $(CONTROL_SRCS) -o $@
+ 
+-pfc:
+-	$(CC) $(CFLAGS) -c contrib/pfc.c
+-	$(CC) $(LDFLAGS) -o pfc pfc.o -lpcap $(LDLIBS)
+-
+ romfs:
+ 	$(ROMFSINST) /bin/$(EXEC)
+ 
+@@ -142,7 +138,7 @@ packagingprep:
+ 	sed -i "s/Version: .*/Version: ${XL2TPDBASEVERSION}/" packaging/*/*.spec
+ 	sed -i "s/PKG_VERSION:=.*/PKG_VERSION:=${XL2TPDBASEVERSION}/" packaging/openwrt/Makefile
+ 
+-install: ${EXEC} pfc ${CONTROL_EXEC}
++install: ${EXEC} ${CONTROL_EXEC}
+ 	install -d -m 0755 ${SBINDIR}
+ 	install -m 0755 $(EXEC) ${SBINDIR}/$(EXEC)
+ 	install -d -m 0755 ${MANDIR}/man5
+@@ -151,11 +147,6 @@ install: ${EXEC} pfc ${CONTROL_EXEC}
+ 	install -m 0644 doc/xl2tpd-control.8 ${MANDIR}/man8/
+ 	install -m 0644 doc/xl2tpd.conf.5 doc/l2tp-secrets.5 \
+ 		 ${MANDIR}/man5/
+-	# pfc
+-	install -d -m 0755 ${BINDIR}
+-	install -m 0755 pfc ${BINDIR}/pfc
+-	install -d -m 0755 ${MANDIR}/man1
+-	install -m 0644 contrib/pfc.1 ${MANDIR}/man1/
+ 	# control exec
+ 	install -d -m 0755 ${SBINDIR}
+ 	install -m 0755 $(CONTROL_EXEC) ${SBINDIR}/$(CONTROL_EXEC)
-- 
2.25.1