[Openswan dev] Out of tree compilation?

Michael Richardson mcr at sandelman.ottawa.on.ca
Mon Jan 5 11:10:44 CET 2004


>>>>> "Axel" == Axel Thimm <Axel.Thimm at physik.fu-berlin.de> writes:
    Axel> I'd like to add openswan to the ATrpms' rpm repo for RHL/FC.


    Axel> I am examining whether it is possible to use the RH kernel w/o
    Axel> rebuilding them, e.g. to build the kernel land parts in a complete OOT
    Axel> build. I see the patches are rather minimal:

  You can build the ipsec.o module completely outside of the kernel with OSW 2.x.x.
  Just point it at an appropriate /usr/src/linux/ (could even be on CDrom..)

    Axel>  Documentation/Configure.help |   53 +++++++++++++++++++++++++++++
    Axel>  net/Config.in                |    5 ++
    Axel>  net/Makefile                 |    1 

  These three just add the net/ipsec tree to the kernel tree. They are not required.

    Axel>  include/net/sock.h           |    9 +++++
    Axel>  net/ipv4/af_inet.c           |   11 ++++++
    Axel>  net/ipv4/udp.c               |   77 +++++++++++++++++++++++++++++++++++++++++++

  These three consist of the NAT-Traveral patch.

    Axel> I guess some parts really cannot be removed like the af_udp member in
    Axel> tcp_opt for instance. So a kernel rebuild seems to be a must.

  Only if you need NAT-traversal.
  If there is interest, another way of doing this has been considered - a
netfilter module.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys


More information about the Dev mailing list