[Openswan dev] Out of tree compilation?

Axel Thimm Axel.Thimm at physik.fu-berlin.de
Tue Jan 6 09:54:32 CET 2004

On Mon, Jan 05, 2004 at 03:41:26AM +0100, Paul Wouters wrote:
> On Sun, 4 Jan 2004, Axel Thimm wrote:
> > I'd like to add openswan to the ATrpms' rpm repo for RHL/FC.
> That would be nice, since I'm using those :) :)

Glad to hear! :)

> > I am examining whether it is possible to use the RH kernel w/o
> > rebuilding them, e.g. to build the kernel land parts in a complete OOT
> > build. I see the patches are rather minimal:
> Once the nat-t code has been successfully ported, we can build an ipsec.o
> module that fully works with 2.6/2.4backport kernels.

OK, that would apply to RHEL3 for instance. RH 7.3,8.0 and 9 do not
contain backported ipsec parts. So in this case for openswan 1.x one
would need a kernel patch or a netfiler module as Micheal suggested.

On Mon, Jan 05, 2004 at 11:10:44AM -0500, Michael Richardson wrote:
>   You can build the ipsec.o module completely outside of the kernel with OSW 2.x.x.
>   Just point it at an appropriate /usr/src/linux/ (could even be on CDrom..)

I'll do that.

>     Axel> I guess some parts really cannot be removed like the af_udp member in
>     Axel> tcp_opt for instance. So a kernel rebuild seems to be a must.
>   Only if you need NAT-traversal.
>   If there is interest, another way of doing this has been considered - a
> netfilter module.

Is developement of 1.x with a netfilter module worth while, or should
it concentrate on 2.x?

I was about to build openswan 2.x rpms, but the recent kernel security
bug keeps my build system occupied with rebuilding 35 ATrpms kernels
and ~350 kernel module rpms :(
Axel.Thimm at physik.fu-berlin.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20040106/6c2f58a6/attachment.bin

More information about the Dev mailing list