[Openswan dev] [Openswan Users] Klips - native ipsec compiling problem (fwd)

Paul Wouters paul at xelerance.com
Mon Mar 7 17:09:18 CET 2005

---------- Forwarded message ----------
Date: Mon, 7 Mar 2005 07:53:42 +0100
From: lux <openswan at iotti.biz>
To: users at openswan.org
Subject: [Openswan Users] Klips - native ipsec compiling problem

I ran into a problem that already appeared in list.

I just added to my kernel (Fedora 3) the ipsec patches from patch-o-matic-ng
from netfilter.
Now I fail to recompile klips (openswan 2.3.0) with errors about #defines
being redefined:

In file included from
/usr/src/redhat/BUILD/openswan-2.3.0/linux/include/pfkeyv2.h:39:1: warning:
In file included from include/net/xfrm.h:10,
                  from include/linux/netfilter_ipv4.h:93,
                  from include/net/ip.h:34,
include/linux/pfkeyv2.h:243:1: warning: this is the location of the previous
The same thing about SADB_EXT_MAX, SADB_SATYPE_MAX,... lots of constants in

The problem arises because the pom-ng patches #include netfilter_ipv4.h in
ip.h (included in ipsec_init.c), which in turn includes xfrm.h which
includes pfkeyv2.h from the current kernel, hence the conflict with
openswan's pfkeyv2.h (this problem already appeared in list on a Suse, I
think because it includes the pom-ng ipsec patches out of the box).
It would be fairly trivial to eliminate the problem, testing in either
pfkeyv2.h if the other was already included.
What looks a problem to me is that the two pfkeyv2.h are fairly different:
what is the right one?
Using one or the other makes some difference?
Maybe this issue should be posted on the dev ML?

Users mailing list
Users at openswan.org

More information about the Dev mailing list