[Openswan Users] Klips - native ipsec compiling problem

lux openswan at iotti.biz
Mon Mar 7 07:53:42 CET 2005

I ran into a problem that already appeared in list.

I just added to my kernel (Fedora 3) the ipsec patches from patch-o-matic-ng
from netfilter.
Now I fail to recompile klips (openswan 2.3.0) with errors about #defines
being redefined:

In file included from
/usr/src/redhat/BUILD/openswan-2.3.0/linux/include/pfkeyv2.h:39:1: warning:
In file included from include/net/xfrm.h:10,
                 from include/linux/netfilter_ipv4.h:93,
                 from include/net/ip.h:34,
include/linux/pfkeyv2.h:243:1: warning: this is the location of the previous
The same thing about SADB_EXT_MAX, SADB_SATYPE_MAX,... lots of constants in

The problem arises because the pom-ng patches #include netfilter_ipv4.h in
ip.h (included in ipsec_init.c), which in turn includes xfrm.h which
includes pfkeyv2.h from the current kernel, hence the conflict with
openswan's pfkeyv2.h (this problem already appeared in list on a Suse, I
think because it includes the pom-ng ipsec patches out of the box).
It would be fairly trivial to eliminate the problem, testing in either
pfkeyv2.h if the other was already included.
What looks a problem to me is that the two pfkeyv2.h are fairly different:
what is the right one?
Using one or the other makes some difference?
Maybe this issue should be posted on the dev ML?

More information about the Users mailing list