[Openswan dev] problems with 2.4.10

Laszlo Attila Toth panther at balabit.hu
Wed Dec 5 09:40:32 EST 2007 

Hello,

I found several problems with openswan 2.4.10.

1)
There are scripts in packaging/utils started by '#!/bin/sh'
however they are using the "source" command which doesn't exist in sh, 
only in bash, also the scripts should be started with "#!/bin/bash" or
use dot (.) instead of source.

for instance in:
packaging/utils/kernelpatch


2) KLIPS should be depend on NF_CONNTRACK but it isn't. Without it 
(kernel 2.6.22, ubuntu gutsy):


/home/panther/src/kernel-2.6.x/net/ipsec/ipsec_tunnel.c:626: warning: 
implicit declaration of function ‘nf_conntrack_put’
/home/panther/src/kernel-2.6.x/net/ipsec/ipsec_tunnel.c:626: error: 
‘struct sk_buff’ has no member named ‘nfct’
/home/panther/src/kernel-2.6.x/net/ipsec/ipsec_tunnel.c:627: error: 
‘struct sk_buff’ has no member named ‘nfct’ 


(in file net/ipsec/Kconfig:
config KLIPS
         tristate "Openswan IPsec (KLIPS26)"
+        depends on NF_CONNTRACK
)

3) natt or klips patch doesn't contains include/net/xfrmudp.h
(the klips patch is made by make kpatch)

4) The natt patch can't be applied properly (some parts of 
net/ipv4/udp.c is rejected). It is attached (as an stgit patch).

5) undeclared variables


/home/panther/src/kernel-2.6.x/net/ipsec/ipsec_xmit.c: In function 
‘ipsec_xmit_encap_bundle’:
/home/panther/src/kernel-2.6.x/net/ipsec/ipsec_xmit.c:1343: error: 
‘ixt_e’ undeclared (first use in this function)
/home/panther/src/kernel-2.6.x/net/ipsec/ipsec_xmit.c:1343: error: (Each 
undeclared identifier is reported only once
/home/panther/src/kernel-2.6.x/net/ipsec/ipsec_xmit.c:1343: error: for 
each function it appears in.)
/home/panther/src/kernel-2.6.x/net/ipsec/ipsec_xmit.c:1345: error: 
‘blocksize’ undeclared (first use in this function)
/home/panther/src/kernel-2.6.x/net/ipsec/ipsec_xmit.c:1354: error: 
‘ixt_a’ undeclared (first use in this function)

This is because CONFIG_KLIPS_ALG is unset, but CONFIG_KLIPS_ESP is set.

I found:
./net/ipsec/Kconfig:130:# remove all of CONFIG_KLIPS_ALG

Why this define is used if it is unused? It quite confusing.

Please remove from ipsec_xmit_encap_bundle(), and so on, here is the 
list. Which one is required and which is pontless?

net/ipsec/pfkey_v2_ext_process.c:146:#ifdef CONFIG_KLIPS_ALG
net/ipsec/ipsec_init.c:245:#ifdef CONFIG_KLIPS_ALG
net/ipsec/ipsec_sa.c:1020:#ifdef CONFIG_KLIPS_ALG
net/ipsec/ipsec_sa.c:1046:#if defined CONFIG_KLIPS_ALG
net/ipsec/ipsec_sa.c:1271:#ifdef CONFIG_KLIPS_ALG
net/ipsec/ipsec_proc.c:119:#ifdef CONFIG_KLIPS_ALG
net/ipsec/ipsec_proc.c:863:#ifdef CONFIG_KLIPS_ALG
net/ipsec/ipsec_esp.c:156:#ifdef CONFIG_KLIPS_ALG
net/ipsec/ipsec_esp.c:216:#ifdef CONFIG_KLIPS_A


I tried 2.4.11 but it is also buggy, I couldn't compile it.

Regards,
Attila

-- 
Panther
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openswan-2.4.10-natt-2.6.22.patch
Type: text/x-patch
Size: 3388 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20071205/0756fe12/attachment.bin

More information about the Dev mailing list