[Openswan Users] Do I need to patch the kernel to build OCF with Openswan?
Ankit Parikh
anks.capri20 at gmail.com
Thu Jul 19 23:01:47 EDT 2007
I am sorry for so many posts and flooding the mailing lists, but I am new to
everything..including linux and openswan..Plz don't mind..
I am running the new kernel which i recompiled. I recompiled the same
version of the kernel. (2.6.18.8). Here is what I get by dmesg. I observed
one thing while the comp. boots. When IPSec service starts, it prints out
that neither CONFIG_KLIPS or
CONFIG_NET_KEY are set and it fails and the booting of other services
continues.
Linux version 2.6.18.8 (root at localhost.localdomain) (gcc version
4.1.120070105 (Red Hat
4.1.1-52)) #1 SMP Wed Jul 18 19:10:46 PDT 2007
BIOS-provided physical RAM map:
BIOS-e820: 0000000000000000 - 000000000009f000 (usable)
BIOS-e820: 000000000009f000 - 00000000000a0000 (reserved)
BIOS-e820: 00000000000d2000 - 00000000000d4000 (reserved)
BIOS-e820: 00000000000dc000 - 0000000000100000 (reserved)
BIOS-e820: 0000000000100000 - 000000000ff70000 (usable)
BIOS-e820: 000000000ff70000 - 000000000ff7e000 (ACPI data)
BIOS-e820: 000000000ff7e000 - 000000000ff80000 (ACPI NVS)
BIOS-e820: 000000000ff80000 - 0000000010000000 (reserved)
BIOS-e820: 00000000ff800000 - 0000000100000000 (reserved)
0MB HIGHMEM available.
255MB LOWMEM available.
On node 0 totalpages: 65392
DMA zone: 4096 pages, LIFO batch:0
Normal zone: 61296 pages, LIFO batch:15
DMI present.
Using APIC driver default
ACPI: RSDP (v002 IBM ) @ 0x000f7010
ACPI: XSDT (v001 IBM TP-1I 0x00002080 LTP 0x00000000) @ 0x0ff731cd
ACPI: FADT (v001 IBM TP-1I 0x00002080 IBM 0x00000001) @ 0x0ff73300
ACPI: SSDT (v001 IBM TP-1I 0x00002080 MSFT 0x0100000d) @ 0x0ff733b4
ACPI: ECDT (v001 IBM TP-1I 0x00002080 IBM 0x00000001) @ 0x0ff7debc
ACPI: TCPA (v001 IBM TP-1I 0x00002080 PTL 0x00000001) @ 0x0ff7df0e
ACPI: BOOT (v001 IBM TP-1I 0x00002080 LTP 0x00000001) @ 0x0ff7dfd8
ACPI: DSDT (v001 IBM TP-1I 0x00002080 MSFT 0x0100000d) @ 0x00000000
ACPI: PM-Timer IO Port: 0x1008
Allocating PCI resources starting at 20000000 (gap: 10000000:ef800000)
Detected 1199.031 MHz processor.
Built 1 zonelists. Total pages: 65392
Kernel command line: ro root=LABEL=/1 rhgb quiet
Local APIC disabled by BIOS -- you can enable it with "lapic"
mapped APIC to ffffd000 (015bd000)
Enabling fast FPU save and restore... done.
Enabling unmasked SIMD FPU exception support... done.
Initializing CPU#0
CPU 0 irqstacks, hard=c1323000 soft=c1303000
PID hash table entries: 1024 (order: 10, 4096 bytes)
Console: colour VGA+ 80x25
Dentry cache hash table entries: 32768 (order: 5, 131072 bytes)
Inode-cache hash table entries: 16384 (order: 4, 65536 bytes)
Memory: 253412k/261568k available (1979k kernel code, 7532k reserved, 831k
data, 232k init, 0k highmem)
Checking if this processor honours the WP bit even in supervisor mode... Ok.
Calibrating delay using timer specific routine.. 2400.10 BogoMIPS
(lpj=1200054)
Security Framework v1.0.0 initialized
SELinux: Initializing.
SELinux: Starting in permissive mode
selinux_register_security: Registering secondary module capability
Capability LSM initialized as secondary
Mount-cache hash table entries: 512
CPU: After generic identify, caps: 3febf9ff 00000000 00000000 00000000
00000000 00000000 00000000
CPU: After vendor identify, caps: 3febf9ff 00000000 00000000 00000000
00000000 00000000 00000000
CPU: Trace cache: 12K uops, L1 D cache: 8K
CPU: L2 cache: 512K
CPU: Hyper-Threading is disabled
CPU: After all inits, caps: 3febf9ff 00000000 00000000 00000080 00000000
00000000 00000000
Intel machine check architecture supported.
Intel machine check reporting enabled on CPU#0.
CPU0: Intel P4/Xeon Extended MCE MSRs (12) available
CPU0: Thermal monitoring enabled
Checking 'hlt' instruction... OK.
SMP alternatives: switching to UP code
Freeing SMP alternatives: 16k freed
ACPI: Core revision 20060707
ACPI: setting ELCR to 0200 (from 0800)
CPU0: Intel(R) Pentium(R) 4 Mobile CPU 1.80GHz stepping 04
SMP motherboard not detected.
Local APIC not detected. Using dummy APIC emulation.
Brought up 1 CPUs
migration_cost=0
checking if image is initramfs... it is
Freeing initrd memory: 1363k freed
NET: Registered protocol family 16
ACPI: ACPI Dock Station Driver
ACPI: bus type pci registered
PCI: PCI BIOS revision 2.10 entry at 0xfd8fe, last bus=8
PCI: Using configuration type 1
Setting up standard PCI resources
ACPI: Found ECDT
ACPI: Interpreter enabled
ACPI: Using PIC for interrupt routing
ACPI: PCI Interrupt Link [LNKA] (IRQs 3 4 5 6 7 9 10 *11)
ACPI: PCI Interrupt Link [LNKB] (IRQs 3 4 5 6 7 9 10 *11)
ACPI: PCI Interrupt Link [LNKC] (IRQs 3 4 5 6 7 9 10 *11)
ACPI: PCI Interrupt Link [LNKD] (IRQs 3 4 5 6 7 9 10 *11)
ACPI: PCI Interrupt Link [LNKE] (IRQs 3 4 5 6 7 9 10 *11)
ACPI: PCI Interrupt Link [LNKF] (IRQs 3 4 5 6 7 9 10 11) *0, disabled.
ACPI: PCI Interrupt Link [LNKG] (IRQs 3 4 5 6 7 9 10 11) *0, disabled.
ACPI: PCI Interrupt Link [LNKH] (IRQs 3 4 5 6 7 9 10 11) *0, disabled.
ACPI: PCI Root Bridge [PCI0] (0000:00)
PCI: Probing PCI hardware (bus 00)
PCI quirk: region 1000-107f claimed by ICH4 ACPI/GPIO/TCO
PCI quirk: region 1180-11bf claimed by ICH4 GPIO
PCI: Ignoring BAR0-3 of IDE controller 0000:00:1f.1
Boot video device is 0000:01:00.0
PCI: Firmware left 0000:02:08.0 e100 interrupts enabled, disabling
PCI: Transparent bridge - 0000:00:1e.0
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0._PRT]
ACPI: Embedded Controller [EC] (gpe 28) interrupt mode.
ACPI: Power Resource [PUBS] (on)
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.AGP_._PRT]
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.PCI1._PRT]
Linux Plug and Play Support v0.97 (c) Adam Belay
pnp: PnP ACPI init
pnp: PnP ACPI: found 13 devices
usbcore: registered new driver usbfs
usbcore: registered new driver hub
PCI: Using ACPI for IRQ routing
PCI: If a device doesn't work, try "pci=routeirq". If it helps, post a
report
PCI: Bridge: 0000:00:01.0
IO window: 3000-3fff
MEM window: d0100000-d01fffff
PREFETCH window: e8000000-efffffff
PCI: Bus 3, cardbus bridge: 0000:02:00.0
IO window: 00004000-000040ff
IO window: 00004400-000044ff
PREFETCH window: f0000000-f1ffffff
MEM window: d2000000-d3ffffff
PCI: Bus 7, cardbus bridge: 0000:02:00.1
IO window: 00004800-000048ff
IO window: 00004c00-00004cff
PREFETCH window: f2000000-f3ffffff
MEM window: d4000000-d5ffffff
PCI: Bridge: 0000:00:1e.0
IO window: 4000-8fff
MEM window: d0200000-dfffffff
PREFETCH window: f0000000-f80fffff
PCI: Setting latency timer of device 0000:00:1e.0 to 64
ACPI: PCI Interrupt Link [LNKA] enabled at IRQ 11
PCI: setting IRQ 11 as level-triggered
ACPI: PCI Interrupt 0000:02:00.0[A] -> Link [LNKA] -> GSI 11 (level, low) ->
IRQ 11
ACPI: PCI Interrupt Link [LNKB] enabled at IRQ 11
ACPI: PCI Interrupt 0000:02:00.1[B] -> Link [LNKB] -> GSI 11 (level, low) ->
IRQ 11
NET: Registered protocol family 2
IP route cache hash table entries: 2048 (order: 1, 8192 bytes)
TCP established hash table entries: 8192 (order: 4, 65536 bytes)
TCP bind hash table entries: 4096 (order: 3, 32768 bytes)
TCP: Hash tables configured (established 8192 bind 4096)
TCP reno registered
Simple Boot Flag at 0x35 set to 0x1
speedstep: frequency transition measured seems out of range (0 nSec),
falling back to a safe one of 500000 nSec.
speedstep-smi: you're trying to use this cpufreq driver on a Pentium 4-based
CPU. Most likely it will not work.
IBM machine detected. Enabling interrupts during APM calls.
apm: BIOS version 1.2 Flags 0x03 (Driver version 1.16ac)
apm: overridden by ACPI.
audit: initializing netlink socket (disabled)
audit(1184872903.751:1): initialized
Total HugeTLB memory allocated, 0
VFS: Disk quotas dquot_6.5.1
Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
SELinux: Registering netfilter hooks
Initializing Cryptographic API
io scheduler noop registered
io scheduler anticipatory registered
io scheduler deadline registered
io scheduler cfq registered (default)
pci_hotplug: PCI Hot Plug PCI Core version: 0.5
ACPI: CPU0 (power states: C1[C1] C2[C2] C3[C3])
ACPI: Processor [CPU] (supports 8 throttling states)
ACPI: Thermal Zone [THM0] (32 C)
Real Time Clock Driver v1.12ac
Non-volatile memory driver v1.2
Linux agpgart interface v0.101 (c) Dave Jones
agpgart: Detected an Intel i845 Chipset.
agpgart: AGP aperture is 64M @ 0xe0000000
Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing enabled
pnp: Device 00:0a activated.
00:0a: ttyS0 at I/O 0x3f8 (irq = 4) is a NS16550A
ACPI: PCI Interrupt 0000:00:1f.6[B] -> Link [LNKB] -> GSI 11 (level, low) ->
IRQ 11
ACPI: PCI interrupt for device 0000:00:1f.6 disabled
RAMDISK driver initialized: 16 RAM disks of 16384K size 4096 blocksize
Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2
ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
ICH3M: IDE controller at PCI slot 0000:00:1f.1
PCI: Enabling device 0000:00:1f.1 (0005 -> 0007)
ACPI: PCI Interrupt Link [LNKC] enabled at IRQ 11
ACPI: PCI Interrupt 0000:00:1f.1[A] -> Link [LNKC] -> GSI 11 (level, low) ->
IRQ 11
ICH3M: chipset revision 2
ICH3M: not 100% native mode: will probe irqs later
ide0: BM-DMA at 0x1860-0x1867, BIOS settings: hda:DMA, hdb:pio
ide1: BM-DMA at 0x1868-0x186f, BIOS settings: hdc:DMA, hdd:pio
Probing IDE interface ide0...
hda: IC25N040ATCS04-0, ATA DISK drive
ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
Probing IDE interface ide1...
hdc: HL-DT-STDVD-ROM GDR8081N, ATAPI CD/DVD-ROM drive
ide1 at 0x170-0x177,0x376 on irq 15
hda: max request size: 128KiB
hda: 78140160 sectors (40007 MB) w/1768KiB Cache, CHS=65535/16/63, UDMA(100)
hda: cache flushes not supported
hda: hda1 hda2
ide-floppy driver 0.99.newide
Yenta: CardBus bridge found at 0000:02:00.0 [1014:0512]
Yenta: Using INTVAL to route CSC interrupts to PCI
Yenta: Routing CardBus interrupts to PCI
Yenta TI: socket 0000:02:00.0, mfunc 0x01d21022, devctl 0x64
Yenta: ISA IRQ mask 0x04b8, PCI irq 11
Socket status: 30000006
pcmcia: parent PCI bridge I/O window: 0x4000 - 0x8fff
pcmcia: parent PCI bridge Memory window: 0xd0200000 - 0xdfffffff
pcmcia: parent PCI bridge Memory window: 0xf0000000 - 0xf80fffff
Yenta: CardBus bridge found at 0000:02:00.1 [1014:0512]
Yenta: Using INTVAL to route CSC interrupts to PCI
Yenta: Routing CardBus interrupts to PCI
Yenta TI: socket 0000:02:00.1, mfunc 0x01d21022, devctl 0x64
Yenta: ISA IRQ mask 0x04b8, PCI irq 11
Socket status: 30000006
pcmcia: parent PCI bridge I/O window: 0x4000 - 0x8fff
pcmcia: parent PCI bridge Memory window: 0xd0200000 - 0xdfffffff
pcmcia: parent PCI bridge Memory window: 0xf0000000 - 0xf80fffff
usbcore: registered new driver hiddev
usbcore: registered new driver usbhid
drivers/usb/input/hid-core.c: v2.6:USB HID core driver
PNP: PS/2 Controller [PNP0303:KBD,PNP0f13:MOU] at 0x60,0x64 irq 1,12
serio: i8042 AUX port at 0x60,0x64 irq 12
serio: i8042 KBD port at 0x60,0x64 irq 1
mice: PS/2 mouse device common for all mice
md: md driver 0.90.3 MAX_MD_DEVS=256, MD_SB_DISKS=27
md: bitmap version 4.39
TCP bic registered
Initializing IPsec netlink socket
NET: Registered protocol family 1
NET: Registered protocol family 17
Using IPI No-Shortcut mode
ACPI: (supports S0 S3 S4 S5)
Time: tsc clocksource has been installed.
Freeing unused kernel memory: 232k freed
Write protecting the kernel read-only data: 374k
Time: acpi_pm clocksource has been installed.
input: AT Translated Set 2 keyboard as /class/input/input0
USB Universal Host Controller Interface driver v3.0
ACPI: PCI Interrupt 0000:00:1d.0[A] -> Link [LNKA] -> GSI 11 (level, low) ->
IRQ 11
PCI: Setting latency timer of device 0000:00:1d.0 to 64
uhci_hcd 0000:00:1d.0: UHCI Host Controller
uhci_hcd 0000:00:1d.0: new USB bus registered, assigned bus number 1
uhci_hcd 0000:00:1d.0: irq 11, io base 0x00001800
usb usb1: configuration #1 chosen from 1 choice
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 2 ports detected
ACPI: PCI Interrupt Link [LNKD] enabled at IRQ 11
ACPI: PCI Interrupt 0000:00:1d.1[B] -> Link [LNKD] -> GSI 11 (level, low) ->
IRQ 11
PCI: Setting latency timer of device 0000:00:1d.1 to 64
uhci_hcd 0000:00:1d.1: UHCI Host Controller
uhci_hcd 0000:00:1d.1: new USB bus registered, assigned bus number 2
uhci_hcd 0000:00:1d.1: irq 11, io base 0x00001820
usb usb2: configuration #1 chosen from 1 choice
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 2 ports detected
ACPI: PCI Interrupt 0000:00:1d.2[C] -> Link [LNKC] -> GSI 11 (level, low) ->
IRQ 11
PCI: Setting latency timer of device 0000:00:1d.2 to 64
uhci_hcd 0000:00:1d.2: UHCI Host Controller
uhci_hcd 0000:00:1d.2: new USB bus registered, assigned bus number 3
uhci_hcd 0000:00:1d.2: irq 11, io base 0x00001840
usb usb3: configuration #1 chosen from 1 choice
hub 3-0:1.0: USB hub found
hub 3-0:1.0: 2 ports detected
ohci_hcd: 2005 April 22 USB 1.1 'Open' Host Controller (OHCI) Driver (PCI)
Synaptics Touchpad, model: 1, fw: 5.9, id: 0x2c6ab1, caps: 0x884793/0x0
serio: Synaptics pass-through port at isa0060/serio1/input0
input: SynPS/2 Synaptics TouchPad as /class/input/input1
kjournald starting. Commit interval 5 seconds
EXT3-fs: mounted filesystem with ordered data mode.
SELinux: Disabled at runtime.
SELinux: Unregistering netfilter hooks
audit(1184872910.768:2): selinux=0 auid=4294967295
IBM TrackPoint firmware: 0x0e, buttons: 3/3
input: TPPS/2 IBM TrackPoint as /class/input/input2
hdc: ATAPI 24X DVD-ROM drive, 512kB Cache, UDMA(33)
Uniform CD-ROM driver Revision: 3.20
ieee80211_crypt: registered algorithm 'NULL'
parport: PnPBIOS parport detected.
parport0: PC-style at 0x3bc, irq 7 [PCSPP,TRISTATE]
ACPI: PCI Interrupt 0000:00:1f.3[B] -> Link [LNKB] -> GSI 11 (level, low) ->
IRQ 11
e100: Intel(R) PRO/100 Network Driver, 3.5.10-k2-NAPI
e100: Copyright(c) 1999-2005 Intel Corporation
ACPI: PCI Interrupt Link [LNKE] enabled at IRQ 11
ACPI: PCI Interrupt 0000:02:08.0[A] -> Link [LNKE] -> GSI 11 (level, low) ->
IRQ 11
e100: eth0: e100_probe: addr 0xd0200000, irq 11, MAC addr 00:09:6B:C2:66:84
hostap_pci: 0.4.4-kernel (Jouni Malinen <jkmaline at cc.hut.fi>)
ACPI: PCI Interrupt 0000:02:02.0[A] -> Link [LNKC] -> GSI 11 (level, low) ->
IRQ 11
hostap_pci: Registered netdevice wifi0
wifi0: Original COR value: 0x0
intel_rng: FWH not detected
input: PC Speaker as /class/input/input3
prism2_hw_init: initialized in 598 ms
wifi0: NIC: id=0x8013 v1.0.0
wifi0: PRI: id=0x15 v1.1.0
wifi0: STA: id=0x1f v1.4.9
Floppy drive(s): fd0 is 1.44M
FDC 0 is a National Semiconductor PC87306
wifi0: defaulting to bogus WDS frame as a workaround for firmware bug in
Host AP mode WDS
wifi0: Intersil Prism2.5 PCI: mem=0xf8000000, irq=11
wifi0: registered netdevice wlan0
ACPI: PCI Interrupt 0000:00:1f.5[B] -> Link [LNKB] -> GSI 11 (level, low) ->
IRQ 11
PCI: Setting latency timer of device 0000:00:1f.5 to 64
orinoco 0.15 (David Gibson <hermes at gibson.dropbear.id.au>, Pavel Roskin <
proski at gnu.org>, et al)
orinoco_pci 0.15 (Pavel Roskin <proski at gnu.org>, David Gibson <
hermes at gibson.dropbear.id.au> & Jean Tourrilhes <jt at hpl.hp.com>)
intel8x0_measure_ac97_clock: measured 50383 usecs
intel8x0: clocking to 48000
PCI: Enabling device 0000:00:1f.6 (0000 -> 0001)
ACPI: PCI Interrupt 0000:00:1f.6[B] -> Link [LNKB] -> GSI 11 (level, low) ->
IRQ 11
PCI: Setting latency timer of device 0000:00:1f.6 to 64
lp0: using parport0 (interrupt-driven).
lp0: console ready
NET: Registered protocol family 10
lo: Disabled Privacy Extensions
IPv6 over IPv4 tunneling driver
[drm] Initialized drm 1.0.1 20051102
ACPI: PCI Interrupt 0000:01:00.0[A] -> Link [LNKA] -> GSI 11 (level, low) ->
IRQ 11
[drm] Initialized radeon 1.25.0 20060524 on minor 0
ACPI: AC Adapter [AC] (on-line)
ACPI: Battery Slot [BAT0] (battery present)
ACPI: Power Button (FF) [PWRF]
ACPI: Lid Switch [LID]
ACPI: Sleep Button (CM) [SLPB]
ibm_acpi: IBM ThinkPad ACPI Extras v0.12a
ibm_acpi: http://ibm-acpi.sf.net/
ACPI: Video Device [VID] (multi-head: yes rom: no post: no)
md: Autodetecting RAID arrays.
md: autorun ...
md: ... autorun DONE.
device-mapper: ioctl: 4.7.0-ioctl (2006-06-24) initialised:
dm-devel at redhat.com
EXT3 FS on hda1, internal journal
Adding 1180768k swap on /dev/hda2. Priority:-1 extents:1 across:1180768k
IA-32 Microcode Update Driver: v1.14a <tigran at veritas.com>
process `sysctl' is using deprecated sysctl (syscall)
net.ipv6.neigh.lo.retrans_time; Use net.ipv6.neigh.lo.retrans_time_msinstead.
ADDRCONF(NETDEV_UP): eth0: link is not ready
audit(1184898145.203:3): audit_pid=1905 old=0 by auid=4294967295
Bluetooth: Core ver 2.10
NET: Registered protocol family 31
Bluetooth: HCI device and connection manager initialized
Bluetooth: HCI socket layer initialized
Bluetooth: L2CAP ver 2.8
Bluetooth: L2CAP socket layer initialized
Bluetooth: RFCOMM socket layer initialized
Bluetooth: RFCOMM TTY layer initialized
Bluetooth: RFCOMM ver 1.8
Bluetooth: HIDP (Human Interface Emulation) ver 1.1
ipsec: Unknown symbol abort
padlock: VIA PadLock not detected.
ipsec: Unknown symbol abort
mtrr: 0xe8000000,0x8000000 overlaps existing 0xe8000000,0x1000000
mtrr: 0xe8000000,0x8000000 overlaps existing 0xe8000000,0x1000000
mtrr: 0xe8000000,0x8000000 overlaps existing 0xe8000000,0x1000000
agpgart: Found an AGP 2.0 compliant device at 0000:00:00.0.
agpgart: Putting AGP V2 device at 0000:00:00.0 into 1x mode
agpgart: Putting AGP V2 device at 0000:01:00.0 into 1x mode
[drm] Setting GART location based on new memory map
[drm] writeback test succeeded in 2 usecs
==============================
>
> ===========================
> >
> > KLIPS26 module built successfully.
> > ipsec.ko is in /root/openswan/openswan-3.0.06/modobj26
> >
> > -rw-r--r-- 1 root root 3800436 Jul 19 09:32 ipsec.ko
> > text data bss dec hex filename
> > 270171 19752 5412 295335 481a7 ipsec.ko
> >
> > use make minstall as root to install it
> >
> > =========================================================
Do i need to run make minstall again? i tried it and gives me the error !!
Ok, so it looks to me like you have not loaded OCF.
I havn't touched the OCF part yet, but for openswan 3.x.x, do I need to do
anything for loading OCF? And if I do, then what should be done?
On 7/19/07, David McCullough <David_Mccullough at securecomputing.com> wrote:
>
>
> Jivin Ankit Parikh lays it down ...
> > I tried the attached patch:
> >
> > Here,s the output I got
> ...
> > =========================================================
> >
> > KLIPS26 module built successfully.
> > ipsec.ko is in /root/openswan/openswan-3.0.06/modobj26
> >
> > -rw-r--r-- 1 root root 3800436 Jul 19 09:32 ipsec.ko
> > text data bss dec hex filename
> > 270171 19752 5412 295335 481a7 ipsec.ko
> >
> > use make minstall as root to install it
> >
> > =========================================================
>
> Looks good.
>
> > make[1]: Leaving directory `/root/openswan/openswan-3.0.06'
> > which: no git in
> >
> (/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin)
> > make[1]: Entering directory `/root/openswan/openswan-3.0.06'
> > ( OSMODLIB=`make -C /lib/modules/2.6.18.8/build -p help | ( sed -n -e
> > '/^MODLIB/p' -e '/^MODLIB/q' ; cat > /dev/null ) | sed -e 's/^MODLIB[
> > :=]*\([^;]*\).*/\1/'` ; \
> > if [ -z "$OSMODLIB" ] ; then \
> > OSMODLIB=`make -C /lib/modules/2.6.18.8/build -n -p
> > modules_install | ( sed -n -e '/^MODLIB/p' -e '/^MODLIB/q' ; cat >
> /dev/null
> > ) | sed -e 's/^MODLIB[ :=]*\([^;]*\).*/\1/'` ; \
> > fi ; \
> > if [ -z "$OSMODLIB" ] ; then \
> > echo "No known place to install module. Aborting." ; \
> > exit 93 ; \
> > fi ; \
> > set -x ; \
> > mkdir -p $OSMODLIB/kernel/net/ipsec ; \
> > cp /root/openswan/openswan-3.0.06/modobj26/ipsec.ko
> > $OSMODLIB/kernel/net/ipsec ; \
> > if [ -f /sbin/depmod ] ; then depmod -a ; fi; \
> > if [ -n "net/ipsec" ] ; then \
> > mkdir -p $OSMODLIB/kernel/net/ipsec ; \
> > if [ -f $OSMODLIB/kernel/ipsec.ko -a -f
> > $OSMODLIB/kernel/net/ipsec/ipsec.ko ] ; then \
> > echo "WARNING: two ipsec.ko modules found in
> > $OSMODLIB/kernel:" ; \
> > ls -l $OSMODLIB/kernel/ipsec.ko
> > $OSMODLIB/kernel/net/ipsec/ipsec.ko ; \
> > exit 1; \
> > fi ; \
> > fi ; \
> > set -x ) ;
> > + mkdir -p /lib/modules/2.6.18.8/kernel/net/ipsec
> > + cp /root/openswan/openswan-3.0.06/modobj26/ipsec.ko
> > /lib/modules/2.6.18.8/kernel/net/ipsec
> > + '[' -f /sbin/depmod ']'
> > + depmod -a
> > + '[' -n net/ipsec ']'
> > + mkdir -p /lib/modules/2.6.18.8/kernel/net/ipsec
> > + '[' -f /lib/modules/2.6.18.8/kernel/ipsec.ko -a -f
> > /lib/modules/2.6.18.8/kernel/net/ipsec/ipsec.ko ']'
> > + set -x
> > make[1]: Leaving directory `/root/openswan/openswan-3.0.06'
> >
> > But when i did service ipsec start , I got the following: Also, it
> takes a
> > around a min to get the output after trying to start the service !
> >
> > root at localhost openswan-3.0.06]# service ipsec start
> > ipsec_setup: Starting Openswan IPsec 3.0.06GITGITGIT...
> > ipsec_setup: FATAL: Error inserting ipsec
> > (/lib/modules/2.6.18.8/kernel/net/ipsec/ipsec.ko): Unknown symbol in
> module,
> > or unknown parameter (see dmesg)
> > ipsec_setup: calcgoo: warning: 2.6 kernel with kallsyms not supported
> yet
> > ipsec_setup: insmod
> /lib/modules/2.6.18.8/kernel/drivers/crypto/padlock.ko
> > ipsec_setup: FATAL: Error inserting padlock
> > (/lib/modules/2.6.18.8/kernel/drivers/crypto/padlock.ko): No such device
> > ipsec_setup: insmod /lib/modules/2.6.18.8/kernel/net/ipsec/ipsec.ko
> > ipsec_setup: FATAL: Error inserting ipsec
> > (/lib/modules/2.6.18.8/kernel/net/ipsec/ipsec.ko): Unknown symbol in
> module,
> > or unknown parameter (see dmesg)
> > ipsec_setup: kernel appears to lack IPsec support (neither CONFIG_KLIPS
> or
> > CONFIG_NET_KEY are set)
>
> Ok, so it looks to me like you have not loaded OCF.
>
> If you had run "dmesg" you probably would have seen which modules were
> missing and that would be a big help.
>
> Alternatively you are not runnin gteh new kernel that you just build.
> Remember you had to patch the kernel, and unless you are running that
> kernel the support for klips will not be there.
>
> Cheers,
> Davidm
>
> > Isn't the KLIPS stack set by above make ?
> > I have attached both the files for reference !
> >
> > Regards,
> > Ankit
> >
> >
> >
> > On 7/18/07, David McCullough <David_Mccullough at securecomputing.com>
> wrote:
> > >
> > >
> > >Jivin Ankit Parikh lays it down ...
> > >> I recompiled the kernel(ver 2.6.18.8) and did make
> > >> KERNELSRC=/lib/modules/'uname -r'/build module minstall
> > >
> > >Try the attached patch.
> > >
> > >Cheers,
> > >Davidm
> > >
> > >--
> > >David McCullough, david_mccullough at securecomputing.com, Ph:+61
> > >734352815
> > >Secure Computing - SnapGear http://www.uCdot.org
> > >http://www.cyberguard.com
> > >
> > >
> >
> >
> > --
> > Ankit Parikh
> > MS, Computer Science
> > University of Southern California
> > Los Angeles
> > California
> > (M) 213.448.9394
>
>
>
>
> --
> David McCullough, david_mccullough at securecomputing.com, Ph:+61
> 734352815
> Secure Computing - SnapGear http://www.uCdot.org
> http://www.cyberguard.com
>
--
Ankit Parikh
MS, Computer Science
University of Southern California
Los Angeles
California
(M) 213.448.9394
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070719/a70be347/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dmesg_output
Type: application/octet-stream
Size: 16823 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20070719/a70be347/attachment-0001.obj
More information about the Users
mailing list