[Openswan dev] openswan 2.6.24 and kernels > 2.6.31 mostly working
David McCullough
David_Mccullough at securecomputing.com
Tue Dec 22 20:51:58 EST 2009
Jivin Paul Wouters lays it down ...
>
> Hi,
>
> An update on openswan 2.6.24
>
> The latest git now has a functioanl KLIPS module again. A few things to note.
>
> - I had to change ipsec_kversion for my Fedora based kernel (2.6.31.6-166.fc12.x86_64)
> since it needs to use USE_NETDEV_OPS despite being < 2.6.32. I am not entirely sure
> what the proper way of detecting this is. Is there a "this is a redhat kernel source"
> define for Fedora? I don't think we can use EXTRAVERSION, as that contains the arch
> as well.
I think that would be safe to turn on for 2.6.31 anyway. We have been having
warnings about not using netops since about 2.6.30 or even earlier.
> - I tried a few kernels (2.6.31, 2.6.26, 2.6.25) and they worked. But as old as 2.6.21
> is broken (possibly 2.6.22/23 as well). Some macros needs additional tuning for this.
> - Untestd on the latest 2.4.x kernels so far. (no easy compile. need to test on *old*
> machine). Last test I did on bcm-24x on openwrt failed, but was a few weeks ago.
Will see what I can do. We build 2.4 systems still.
> - Untested on RHEL/CentOS 2.6.18 based kernels (would like to see those work)
> - I lost an updated patch for Cisco ipsec gateway failover that I want to bring into
> the userland code before release (specifically for RHEL6)
> - finally, there is an oops on KLIPS unloading
>
> If the unload module is fixed, and the Cisco patch is merged in, I would like to
> release 2.6.24.
Yep, what sort of timeframe are you talking ?
Cheers,
Davidm
>
> Paul
>
> ------------[ cut here ]------------
> kernel BUG at net/core/dev.c:5165!
> invalid opcode: 0000 [#1] SMP
> last sysfs file: /sys/devices/system/cpu/cpu0/cpufreq/scaling_setspeed
> CPU 0
> Modules linked in: ipsec(-) vfat fat fuse tun ipt_MASQUERADE iptable_nat nf_nat bridge stp llc deflate zlib_deflate ctr camellia cast5 rmd160 crypto_null ccm serpent blowfish twofish_x86_64 twofish_common ecb xcbc cbc sha256_generic sha512_generic des_generic cryptd aes_x86_64 aes_generic tunnel4 xfrm_ipcomp tunnel6 nfsd lockd nfs_acl auth_rpcgss exportfs sunrpc f71882fg coretemp ipv6 p4_clockmod freq_table speedstep_lib dm_multipath kvm_intel kvm uinput snd_hda_codec_realtek iTCO_wdt iTCO_vendor_support snd_hda_intel snd_hda_codec firewire_ohci firewire_core e1000e snd_hwdep usblp snd_seq snd_seq_device e100 mii snd_pcm snd_timer i2c_i801 crc_itu_t snd soundcore snd_page_alloc usb_storage i915 drm_kms_helper drm i2c_algo_bit i2c_core video output [last unloaded: af_key]
> Pid: 30756, comm: rmmod Tainted: P 2.6.31.6-166.fc12.x86_64 #1 GV465AA-ABA a6245n
> RIP: 0010:[<ffffffff8137ad84>] [<ffffffff8137ad84>] free_netdev+0xce/0xf1
> RSP: 0018:ffff88012c6a7e58 EFLAGS: 00010202
> RAX: 0000000000000004 RBX: ffff880001e3c000 RCX: 000000000020001c
> RDX: ffff88018f175a80 RSI: ffffea000574d198 RDI: ffff880001e3c020
> RBP: ffff88012c6a7e78 R08: 0000000000000000 R09: ffff880100000000
> R10: 000000000000000f R11: 7fffffffffffffff R12: ffff880001e3c020
> R13: ffff880001e3c060 R14: 0000000000000000 R15: 0000000000000001
> FS: 00007f4823920700(0000) GS:ffff880028034000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> CR2: 000000000041e016 CR3: 000000014c9d5000 CR4: 00000000000026e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> Process rmmod (pid: 30756, threadinfo ffff88012c6a6000, task ffff880001bd2f00)
> Stack:
> ffff88012c6a7e78 ffff880001e3c000 0000000000000000 0000000000000000
> <0> ffff88012c6a7e98 ffffffffa04c80a1 0000000000000000 0000000000000880
> <0> ffff88012c6a7ee8 ffffffffa04c103e ffff88012c6a7ee8 ffffffff8108c3c3
> Call Trace:
> [<ffffffffa04c80a1>] ipsec_tunnel_cleanup_devices+0x79/0x8a [ipsec]
> [<ffffffffa04c103e>] cleanup_module+0x3e/0x160 [ipsec]
> [<ffffffff8108c3c3>] ? stop_machine+0x44/0x55
> [<ffffffff8107a121>] sys_delete_module+0x1cb/0x257
> [<ffffffff81095e6c>] ? audit_syscall_entry+0x11e/0x14a
> [<ffffffff81011cf2>] system_call_fastpath+0x16/0x1b
> Code: 8d 47 40 49 39 c5 75 e6 8b 83 b0 03 00 00 85 c0 75 14 0f b7 bb 68 01 00 00 48 29 fb 48 89 df e8 a7 87 d7 ff eb 1f 83 f8 03 74 04 <0f> 0b eb fe 48 8d bb f0 03 00 00 c7 83 b0 03 00 00 04 00 00 00
> RIP [<ffffffff8137ad84>] free_netdev+0xce/0xf1
> RSP <ffff88012c6a7e58>
> ---[ end trace 7addf0c5dad305c5 ]---
>
>
>
--
David McCullough, david_mccullough at securecomputing.com, Ph:+61 734352815
McAfee - SnapGear http://www.snapgear.com http://www.uCdot.org
More information about the Dev
mailing list