[Openswan Users] roadwarrior over pppoe
David McCullough
David_Mccullough at securecomputing.com
Wed Aug 29 00:50:05 EDT 2007
Jivin Paul Wouters lays it down ...
> On Wed, 29 Aug 2007, David McCullough wrote:
>
> > > It would be nice if we could get compatibility with kernel 2.6.22 for
> > > 2.4.10, also... I would do it myself, but I really lack kernel
> > > programming expertise.
> >
> > The changes are not that hard, just bulk edits really.
> >
> > We did it as part of ocf-linux.sourceforge.net, and the patch for
> > openswan-2.4.9 works on 2.6.22, but is probably too much change
> > unless you really want OCF support.
> >
> > So if someone wanted to just fix up the vanilla 2.4.9 for 2.6.22 they
> > would find all the mods in the ocf-openswan-2.4.9-20070727.patch.gz
> > Specifically look at the changes in:
> >
> > openswan/linux/include/openswan/ipsec_kversion.h
> >
> > mostly revolving around the macros ip_hdr, skb_network_header,
> > skb_set_network_header and so on. Then look at how they were used in the
> > patch to know how to fix up the stock 2.4.9 source.
>
> Ahh, if you made the changes using ipsec_kversion, then I'll merge those in
> for 2.4.10.
Well, it's never that easy is it :-)
ipsec_kversion implements the code needed for the changes to work on old
kernels, so you need to mode the 'C' to use the new macros (a fair
amount of change), but then ipsec_kversion.h ensures that on old
versions of the kernel the source code is identical to what it is now.
It is too hard to run under 2.6.22 without doing it their way, but it's
easy to be backwards compat to older kernels.
I would have thought it was too much change for a stock 2.4.10, but it
is fairly easy to verify nothing is broken I guess,
Cheers,
Davidm
--
David McCullough, david_mccullough at securecomputing.com, Ph:+61 734352815
Secure Computing - SnapGear http://www.uCdot.org http://www.cyberguard.com
More information about the Users
mailing list