[Openswan dev] [Openswan Users] saref patch

Paul Wouters paul at xelerance.com
Tue Nov 24 11:58:13 EST 2009

On Tue, 24 Nov 2009, Giovani Moda wrote:

> Now that klips is almost good to go, I would like to pick up where we stopped on the saref matter. I was
> trying to port saref patch from kernel-2.6.16 to CentOS kernel-2.6.18, but I am still unable to compile
> the kernel with the patch applied. I’m attaching the patch so you can take a look. What happens is, with
> the patch applied, it complains about missing references to ip_cmsg_recv_ipsec and ip_cmsg_send_ipsec on
> ip_sockglue.c, even with klips patch applied to kerne, generated with ‘make kernelpatch’ against
> openswan-2.6.24rc3 source. The error I get during compilation is

This might be the few chunks of missing code in the patch as generated from "make klipsng".
You can see these chunks in the patches/kernel/

There is a known limitation at this point. You will have to build KLIPS inline,
and not as a module.

> Looking on klips patch, I can see those functions on the files create by the patch ipsec_rcv.c and
> ipsec_mast.c. I also noticed that both of them have a

I recently noticd that define too. It is not set anywhere. In my tests, I just #define'd it.
I don't have a full fix yet, but I've uploaded my work against 2.6.23 that I partially did last
week to ftp://ftp.openswan.org/openswan/development/saref-2.6.23.patch
Note that I just generated that against a clean kernel, there might be a lot of false positives
in there due to be having run a real build in that directory. It is also against openswan.git's
master branch from last week.

Hope that might help you a little further. Note that openswan.git still has some problems with
KLIPS that need to be addressed. But this patched kernel properly talked to xl2tpd and conveyed
the fact that SAref's were supported. But as soon as an SA comes up, we see a kernel panic, which
I think is due to non-SAref issues right now.


More information about the Dev mailing list