[Openswan Users] Openswan + OCF

[farajian amin]

Dear All,
Dear David,

Thanks for your reply.
We are restricted to use kernel 2.6.21.1. Using openswan 2.6.22 and running "make applypatch" applied patches
but in compile time , we had some major errors such as :

net/ipsec/ipsec_rcv.c : undefined refrenced to 'skb_reset_transport_header'

I searched for that function in kernel 2.6.21.1 and i could not find that. I am pretty sure that this function is in linux 2.6.22 and upper versions (in include/linux/skbuff.h)

So i think openswan2.6.22 assume using newer kernel versions.

My question is :

Which openswan version or klips patch is appropriate for us in linux2.6.21.1

Thanks in advance,

Amin.





----- Original Message ----
From: David McCullough <David_Mccullough at securecomputing.com>
To: farajian amin <amin_o_city at yahoo.com>
Cc: users at openswan.org
Sent: Sunday, August 2, 2009 5:49:01 PM
Subject: Re: [Openswan Users] Openswan + OCF

Jivin farajian amin lays it down ...
> Dear All,
> 
> As i noticed there are two ways for inclusion of HW cryprography in openswan.
> 1-   using openswan 2.6.x releases + some patches ??
> 2-  using openswan-3.0.x releases 
> 
> Currently we are running openswan2.6.19 with NETKEY on a sparc processor with a cryptoengine.
> 
> My questions are :
> 1-  is NETKEY compatible with OCF , or we must compile openswan and patch kernel for KLIPS?

No,  it uses the kernel crypto API.

> 2-  The latest OCF patch is for openswan2.6.16dr5 ,   what about our openswan 2.6.19?

OCF is fully integrated into openswan 2.6 with klips (2.6.22 would be the
best place to start).

> 2- What are openswan-3.0.x releases for??

That was the initial work with openswan and OCF.  Most if not all the things
tried there are now in 2.6.22 and the 3.0 releases are old and out of date
and should not be used.

Cheers,
Davidm

-- 
David McCullough,  david_mccullough at securecomputing.com,  Ph:+61 734352815
McAfee - SnapGear  http://www.snapgear.com                http://www.uCdot.org