[Openswan Users] Do I need to patch the kernel to build OCF with Openswan?

David McCullough David_Mccullough at securecomputing.com
Thu Jul 19 19:52:19 EDT 2007


Jivin Ankit Parikh lays it down ...
> Well, I am now fed up with this KLIPS and stuff.

That was quick :-)

> Is there any other way to build OCF ?

Other than building it in some shape or form, no.

> For e.g Can I try Openswan 2.4.7 and then download OCF from this link:
> http://sourceforge.net/project/showfiles.php?group_id=133575
> 
> I tried doing this, where I get errors in building OCF.

Basically there are several steps that you will need to get OCF running.

1) You will need to patch and build a kernel.  You need to enable the correct
   OCF drivers/options in this kernel before building of course.

2) You will need to run your new patched and built kernel.

3) You will need a patched, built and installed openswan which has OCF
   support included and enabled.

Based on you previous email,  I would say you are most of the way there,
just make sure you have everything in order and installed and you should
have it working.

Cheers,
Davidm

> On 7/19/07, Ankit Parikh <anks.capri20 at gmail.com> wrote:
> >
> >I tried the attached patch:
> >
> >Here,s the output I got
> >
> >root at localhost ~]#  make KERNELSRC=/lib/modules/`uname -r`/build module
> >minstall
> >make: *** No rule to make target `module'.  Stop.
> >[root at localhost ~]# cd openswan/op
> >bash: cd: openswan/op: No such file or directory
> >[root at localhost ~]# cd openswan/openswan-3.0.06
> >[root at localhost openswan-3.0.06]#  make KERNELSRC=/lib/modules/`uname
> >-r`/build module minstall
> >which: no git in
> >(/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin)
> >Building module for a 2.6 kernel
> >which: no git in
> >(/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin)
> >
> >make[1]: Entering directory `/root/openswan/openswan-3.0.06'
> >which: no git in
> >(/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin)
> >make[2]: Entering directory `/root/openswan/openswan-3.0.06'
> >make[2]: `/root/openswan/openswan-3.0.06/modobj26/Makefile' is up to date.
> >
> >make[2]: Leaving directory `/root/openswan/openswan-3.0.06'
> >make -C /lib/modules/2.6.18.8/build  BUILDDIR=/root/openswan/openswan-
> >3.0.06/modobj26 SUBDIRS=/root/openswan/openswan-3.0.06/modobj26
> >MODULE_DEF_INCLUDE=/root/openswan/openswan-3.0.06/packaging/linus/config-
> >all.h MODULE_DEFCONFIG=/root/openswan/openswan- 
> >3.0.06/linux/net/ipsec/defconfig
> >MODULE_EXTRA_INCLUDE= ARCH=i386 modules
> >make[2]: Entering directory `/root/linux- 2.6.18.8'
> >which: no git in
> >(/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin)
> >
> >  Building modules, stage 2.
> >  MODPOST
> >WARNING: "abort" [/root/openswan/openswan-3.0.06/modobj26/ipsec.ko]
> >undefined!
> >make[2]: Leaving directory `/root/linux- 2.6.18.8'
> >
> >=========================================================
> >
> >KLIPS26 module built successfully.
> >ipsec.ko is in /root/openswan/openswan-3.0.06/modobj26
> >
> >-rw-r--r-- 1 root root 3800436 Jul 19 09:32 ipsec.ko
> >   text    data     bss     dec     hex filename
> > 270171   19752    5412  295335   481a7 ipsec.ko
> >
> >use make minstall as root to install it
> >
> >=========================================================
> >
> >make[1]: Leaving directory `/root/openswan/openswan- 3.0.06'
> >which: no git in
> >(/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin)
> >
> >make[1]: Entering directory `/root/openswan/openswan-3.0.06'
> >( OSMODLIB=`make -C /lib/modules/2.6.18.8/build -p help | ( sed -n -e
> >'/^MODLIB/p' -e '/^MODLIB/q' ; cat > /dev/null ) | sed -e 's/^MODLIB[
> >:=]*\([^;]*\).*/\1/'` ; \
> >        if [ -z "$OSMODLIB" ] ; then \
> >                OSMODLIB=`make -C /lib/modules/2.6.18.8/build -n -p
> >modules_install | ( sed -n -e '/^MODLIB/p' -e '/^MODLIB/q' ; cat > 
> >/dev/null
> >) | sed -e 's/^MODLIB[ :=]*\([^;]*\).*/\1/'` ; \
> >        fi ; \
> >        if [ -z "$OSMODLIB" ] ; then \
> >                echo "No known place to install module. Aborting." ; \
> >                exit 93 ; \
> >        fi ; \
> >        set -x ; \
> >        mkdir -p $OSMODLIB/kernel/net/ipsec ; \
> >        cp /root/openswan/openswan- 3.0.06/modobj26/ipsec.ko
> >$OSMODLIB/kernel/net/ipsec ; \
> >        if [ -f /sbin/depmod ] ; then depmod -a ; fi; \
> >        if [ -n "net/ipsec" ] ; then \
> >        mkdir -p $OSMODLIB/kernel/net/ipsec ; \
> >                if [ -f $OSMODLIB/kernel/ipsec.ko -a -f
> >$OSMODLIB/kernel/net/ipsec/ipsec.ko ] ; then \
> >                        echo "WARNING: two ipsec.ko modules found in
> >$OSMODLIB/kernel:" ; \
> >                        ls -l $OSMODLIB/kernel/ipsec.ko
> >$OSMODLIB/kernel/net/ipsec/ipsec.ko ; \
> >                        exit 1; \
> >                fi ; \
> >        fi ; \
> >        set -x ) ;
> >+ mkdir -p /lib/modules/2.6.18.8/kernel/net/ipsec
> >+ cp /root/openswan/openswan-3.0.06/modobj26/ipsec.ko
> >/lib/modules/2.6.18.8/kernel/net/ipsec
> >+ '[' -f /sbin/depmod ']'
> >+ depmod -a
> >+ '[' -n net/ipsec ']'
> >+ mkdir -p /lib/modules/2.6.18.8/kernel/net/ipsec
> >+ '[' -f /lib/modules/2.6.18.8/kernel/ipsec.ko -a -f
> >/lib/modules/2.6.18.8/kernel/net/ipsec/ipsec.ko ']'
> >+ set -x
> >make[1]: Leaving directory `/root/openswan/openswan- 3.0.06'
> >
> >But when i did service ipsec start   , I got the following: Also, it takes
> >a around a min to get the output after trying to start the service !
> >
> >
> >root at localhost openswan-3.0.06]# service ipsec start
> >ipsec_setup: Starting Openswan IPsec 3.0.06GITGITGIT...
> >ipsec_setup: FATAL: Error inserting ipsec
> >(/lib/modules/2.6.18.8/kernel/net/ipsec/ipsec.ko): Unknown symbol in 
> >module,
> >or unknown parameter (see dmesg)
> >ipsec_setup: calcgoo: warning: 2.6 kernel with kallsyms not supported yet
> >ipsec_setup: insmod /lib/modules/2.6.18.8/kernel/drivers/crypto/padlock.ko
> >
> >ipsec_setup: FATAL: Error inserting padlock
> >(/lib/modules/2.6.18.8/kernel/drivers/crypto/padlock.ko): No such device
> >ipsec_setup: insmod /lib/modules/2.6.18.8/kernel/net/ipsec/ipsec.ko
> >ipsec_setup: FATAL: Error inserting ipsec
> >(/lib/modules/2.6.18.8/kernel/net/ipsec/ipsec.ko): Unknown symbol in 
> >module,
> >or unknown parameter (see dmesg)
> >ipsec_setup: kernel appears to lack IPsec support (neither CONFIG_KLIPS or
> >CONFIG_NET_KEY are set)
> >
> >Isn't the KLIPS stack set by above make ?
> >I have attached both the files for reference !
> >
> >Regards,
> >Ankit
> >
> >
> >
> >On 7/18/07, David McCullough < David_Mccullough at securecomputing.com>
> >wrote:
> >>
> >>
> >> Jivin Ankit Parikh lays it down ...
> >> > I recompiled the kernel(ver 2.6.18.8) and did make
> >> > KERNELSRC=/lib/modules/'uname -r'/build module minstall
> >>
> >> Try the attached patch.
> >>
> >> Cheers,
> >> Davidm
> >>
> >> --
> >> David McCullough,  david_mccullough at securecomputing.com,   Ph:+61
> >> 734352815
> >> Secure Computing - SnapGear  http://www.uCdot.org
> >> http://www.cyberguard.com
> >>
> >>
> >
> >
> >--
> >Ankit Parikh
> >MS, Computer Science
> >University of Southern California
> >Los Angeles
> >California
> >(M) 213.448.9394
> >
> >
> 
> 
> -- 
> Ankit Parikh
> MS, Computer Science
> University of Southern California
> Los Angeles
> California
> (M) 213.448.9394

-- 
David McCullough,  david_mccullough at securecomputing.com,   Ph:+61 734352815
Secure Computing - SnapGear  http://www.uCdot.org http://www.cyberguard.com


More information about the Users mailing list