[Openswan Users] RES: KLIPS and Ubuntu 8.04.3

Wed Jul 22 09:05:55 EDT 2009

> Edit linux/include/openswan/ipsec_kversion.h and undef 
> HAVE_UDP_ENCAP_CONVERT

Yeah, done that already. I don't think the problem is that it's
compiling using the new style NAT-T. The error occurs when using the old
style code, after undef HAVE_UDP_ENCAP_CONVERT.

I was messing around just now and found a way to compile it against FC7
with kernel-2.6.23. Here is the patch I used for KLIPS:

--- openswan-2.6.22/linux/net/ipsec/ipsec_init.c.orig   2009-07-22
06:54:24.000000000 -0300
+++ openswan-2.6.22/linux/net/ipsec/ipsec_init.c        2009-07-22
06:54:44.000000000 -0300
@@ -361,7 +361,7 @@
         ipsec_sysctl_unregister();
 #endif
 #if defined(NET_26) && defined(CONFIG_IPSEC_NAT_TRAVERSAL)
-       if(udp4_unregister_esp_rcvencap(klips26_rcv_encap,
klips_old_encap) < 0) {
+       if(udp4_unregister_esp_rcvencap(klips_old_encap) < 0) {
                printk(KERN_ERR "KLIPS: can not unregister
klips_rcv_encap function\n");
        }
 #endif


And also the NF_INET_LOCAL_OUT stuff:


--- openswan-2.6.22/linux/net/ipsec/ipsec_xmit.c.orig   2009-07-11
12:07:31.000000000 -0300
+++ openswan-2.6.22/linux/net/ipsec/ipsec_xmit.c        2009-07-11
12:07:43.000000000 -0300
@@ -2068,7 +2068,7 @@
        {
                int err;

-               err = NF_HOOK(PF_INET, NF_INET_LOCAL_OUT, ixs->skb,
NULL,
+               err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, ixs->skb, NULL,
                              ixs->route->u.dst.dev,
                              ipsec_xmit_send2);
                if(err != NET_XMIT_SUCCESS && err != NET_XMIT_CN) {


Can someone tell me if this would break something?

Thanks,

Giovani
 

__________ Information from ESET NOD32 Antivirus, version of virus
signature database 4265 (20090721) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 
