[Openswan dev] Out of tree compilation?
Michael Richardson
mcr at sandelman.ottawa.on.ca
Mon Jan 5 11:10:44 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Axel" == Axel Thimm <Axel.Thimm at physik.fu-berlin.de> writes:
Axel> I'd like to add openswan to the ATrpms' rpm repo for RHL/FC.
okay.
Axel> I am examining whether it is possible to use the RH kernel w/o
Axel> rebuilding them, e.g. to build the kernel land parts in a complete OOT
Axel> build. I see the patches are rather minimal:
You can build the ipsec.o module completely outside of the kernel with OSW 2.x.x.
Just point it at an appropriate /usr/src/linux/ (could even be on CDrom..)
Axel> Documentation/Configure.help | 53 +++++++++++++++++++++++++++++
Axel> net/Config.in | 5 ++
Axel> net/Makefile | 1
These three just add the net/ipsec tree to the kernel tree. They are not required.
Axel> include/net/sock.h | 9 +++++
Axel> net/ipv4/af_inet.c | 11 ++++++
Axel> net/ipv4/udp.c | 77 +++++++++++++++++++++++++++++++++++++++++++
These three consist of the NAT-Traveral patch.
Axel> I guess some parts really cannot be removed like the af_udp member in
Axel> tcp_opt for instance. So a kernel rebuild seems to be a must.
Only if you need NAT-traversal.
If there is interest, another way of doing this has been considered - a
netfilter module.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBP/mMgYqHRg3pndX9AQElFwQAy05qtsnNObta48t/nkzN07gPfOtwz3S4
wLI57za8eVMQkl9HBxwlhUHO1uSWxuyD6j/p7VnA+m5LPEsyNJfmRHRDuA4mD1oR
DCHJENjEi0AYoobdXT3ecHo7NpHUYxESR2YL22z61syVBxVxTcfKshEjnEmO/XOP
nnlf5Y6nL/s=
=QZaT
-----END PGP SIGNATURE-----
More information about the Dev
mailing list