[Openswan dev] [design] some conclusions about porting super-freeswan (fwd)

Paul Wouters paul at xtdnet.nl
Thu Jan 15 11:35:12 CET 2004


Not sure how relevant these are to openswan's current tree.

Obviously the 1DES over 3DES choice is something we should ignore :)

Paul

---------- Forwarded message ----------
Date: Thu, 15 Jan 2004 14:31:32 +0800
From: swcims <swcims at 163.com>
To: design <design at lists.freeswan.org>
Subject: [design] some conclusions about porting super-freeswan 

Hi,all
	I ported super-freeswan 1.99.8 on mips r4600 (linux-2.4.17).Maybe it is easy to you,but I think that there are 3 points need to be careful:
	1.when patching kernel,you should modified the klips/net/ipsec/Makefile from:

 	"libdes/libdes.a:
 	( cd libdes && \
 	if test " `arch | sed 's/^i[3456]/x/'`" = " x86" ; \
 	then $(MAKE) CC='$(CC)' CFLAG='$(CFLAGS)' TESTING='' x86-elf ; \
 	else $(MAKE) CC='$(CC)' CFLAG='$(CFLAGS)' libdes.a ; \
 	fi )"

 	to

 	"libdes/libdes.a:
 	( cd libdes && $(MAKE) CC='$(CC)' CFLAG='$(CFLAGS)' libdes.a )
  	"
	because the former config will build dx86-elf.o from dx86unix.S,which is not for mips but for x86. This modification is from uclinux-dist-20030909.(Thank you ,uclinux)
	2.when make menuconfig,you should enable :"bool ' 3DES encryption algorithm' CONFIG_IPSEC_ENC_3DES";Then,only select AES,NULL,1DES in IPSEC Modular Extensions,should not select 3DES again.Or,faile to compile because of the conflict of 3DES and 1DES.
	3.Because of the weak function of shell on mips,you should not start ipsec by typing "ipsec setup --start",but you can using "ipsec manual --showonly --up "connectionname"" in Linux box' freeswan to get the individual step.Also,freeswan/doc/manage.d/ipsec_whack.8 is very helpful.
	I will post more details after I am through!
	Thank Sam Sgro!

¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡swcims
¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡swcims at 163.com
¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡2004-01-15
-FreeS/WAN design list.https://mj2.freeswan.org/cgi-bin/mj_wwwusr/domain=mj2.freeswan.org to unsubscribe



More information about the Dev mailing list