[Openswan dev] problems with 2.4.10
Laszlo Attila Toth
panther at balabit.hu
Thu Dec 6 07:32:24 EST 2007
Paul Wouters írta:
> On Wed, 5 Dec 2007, Laszlo Attila Toth wrote:
>
>> 1)
>> There are scripts in packaging/utils started by '#!/bin/sh'
>> however they are using the "source" command which doesn't exist in sh, only in
>> bash, also the scripts should be started with "#!/bin/bash" or
>> use dot (.) instead of source.
>>
>> for instance in:
>> packaging/utils/kernelpatch
>
> I will fix these.
>
>> 2) KLIPS should be depend on NF_CONNTRACK but it isn't. Without it (kernel
>> 2.6.22, ubuntu gutsy):
>
> That is fixed in 2.4.11, released yesterday.
But only for kernels earlier than 2.4.22 because I got this issue:
/home/panther/src/kernel-2.6.x/main/balabit-linux-2.6.x/net/ipv4/udp.c:1100:42:
error: macro "UDP_INC_STATS_BH" requires 2 arguments, but only 1 given
udplite is exists in 2.6.22, and is_udplite is the macro's second parameter.
>> 3) natt or klips patch doesn't contains include/net/xfrmudp.h
>> (the klips patch is made by make kpatch)
>
> The include file comes from the nat-t patch. If you want KLIPS with
> NAT-T you have to apply the NAT-T patch. Are you saying you compiled
> without NAT-T support and still got this error?
I don't think so.
grep diff ~/kernel-patches/openswan-2.4.10.kernel-2.6.22-natt.patch
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
zgrep '+++' ~/openswan-2.4.11.kernel-2.6-natt.patch.gz
+++ swan26/net/ipv4/Kconfig 2005-04-04 18:46:13.000000000 -0400
+++ plain26/net/ipv4/udp.c 2006-01-12 20:18:57.000000000 -0500
But if I don't download the patch, but generate it:
make nattpatch | grep '+++'
+++ nat-t/include/net/xfrmudp.h Mon Feb 9 13:51:03 2004
+++ swan26/net/ipv4/Kconfig 2005-04-04 18:46:13.000000000 -0400
+++ plain26/net/ipv4/udp.c 2006-01-12 20:18:57.000000000 -0500
>
>> 5) undeclared variables
>>
>> /home/panther/src/kernel-2.6.x/net/ipsec/ipsec_xmit.c: In function
>> 'ipsec_xmit_encap_bundle':
>> /home/panther/src/kernel-2.6.x/net/ipsec/ipsec_xmit.c:1343: error: 'ixt_e'
>> undeclared (first use in this function)
>> /home/panther/src/kernel-2.6.x/net/ipsec/ipsec_xmit.c:1343: error: (Each
>> undeclared identifier is reported only once
>> /home/panther/src/kernel-2.6.x/net/ipsec/ipsec_xmit.c:1343: error: for each
>> function it appears in.)
>> /home/panther/src/kernel-2.6.x/net/ipsec/ipsec_xmit.c:1345: error: 'blocksize'
>> undeclared (first use in this function)
>> /home/panther/src/kernel-2.6.x/net/ipsec/ipsec_xmit.c:1354: error: 'ixt_a'
>> undeclared (first use in this function)
>>
>> This is because CONFIG_KLIPS_ALG is unset, but CONFIG_KLIPS_ESP is set.
>
> Are you building using openswan's "make module", or a kernel build after
> running make kpatch? We define CONFIG_KLIPS_ALG in KLIPSCOMPILE in Makefile.inc
No, because natt and klips patches are downloadable (in fact, make
kpatch is required for 2.4.10 but not for 2.4.11)
What I did: I run make kpatch, then reverted the source changed and
patched the kernel by the generated openswan.patch.
Because include/net/xfrmudp.h was missing, I copied from another (test)
source directory, where I also made make KERNELSCR=... kpatch, but I
left the source code as is.
--
Attila
More information about the Dev
mailing list