[Openswan dev] Out of tree compilation?
Axel Thimm
Axel.Thimm at physik.fu-berlin.de
Tue Jan 6 09:54:32 CET 2004
On Mon, Jan 05, 2004 at 03:41:26AM +0100, Paul Wouters wrote:
> On Sun, 4 Jan 2004, Axel Thimm wrote:
>
> > I'd like to add openswan to the ATrpms' rpm repo for RHL/FC.
>
> That would be nice, since I'm using those :) :)
Glad to hear! :)
> > I am examining whether it is possible to use the RH kernel w/o
> > rebuilding them, e.g. to build the kernel land parts in a complete OOT
> > build. I see the patches are rather minimal:
>
> Once the nat-t code has been successfully ported, we can build an ipsec.o
> module that fully works with 2.6/2.4backport kernels.
OK, that would apply to RHEL3 for instance. RH 7.3,8.0 and 9 do not
contain backported ipsec parts. So in this case for openswan 1.x one
would need a kernel patch or a netfiler module as Micheal suggested.
On Mon, Jan 05, 2004 at 11:10:44AM -0500, Michael Richardson wrote:
> You can build the ipsec.o module completely outside of the kernel with OSW 2.x.x.
> Just point it at an appropriate /usr/src/linux/ (could even be on CDrom..)
I'll do that.
> Axel> I guess some parts really cannot be removed like the af_udp member in
> Axel> tcp_opt for instance. So a kernel rebuild seems to be a must.
>
> Only if you need NAT-traversal.
> If there is interest, another way of doing this has been considered - a
> netfilter module.
Is developement of 1.x with a netfilter module worth while, or should
it concentrate on 2.x?
I was about to build openswan 2.x rpms, but the recent kernel security
bug keeps my build system occupied with rebuilding 35 ATrpms kernels
and ~350 kernel module rpms :(
--
Axel.Thimm at physik.fu-berlin.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20040106/6c2f58a6/attachment.bin
More information about the Dev
mailing list