[Openswan Users] RES: KLIPS and Ubuntu 8.04.3
Giovani Moda
giovani at mrinformatica.com.br
Wed Jul 22 09:05:55 EDT 2009
> Edit linux/include/openswan/ipsec_kversion.h and undef
> HAVE_UDP_ENCAP_CONVERT
Yeah, done that already. I don't think the problem is that it's
compiling using the new style NAT-T. The error occurs when using the old
style code, after undef HAVE_UDP_ENCAP_CONVERT.
I was messing around just now and found a way to compile it against FC7
with kernel-2.6.23. Here is the patch I used for KLIPS:
--- openswan-2.6.22/linux/net/ipsec/ipsec_init.c.orig 2009-07-22
06:54:24.000000000 -0300
+++ openswan-2.6.22/linux/net/ipsec/ipsec_init.c 2009-07-22
06:54:44.000000000 -0300
@@ -361,7 +361,7 @@
ipsec_sysctl_unregister();
#endif
#if defined(NET_26) && defined(CONFIG_IPSEC_NAT_TRAVERSAL)
- if(udp4_unregister_esp_rcvencap(klips26_rcv_encap,
klips_old_encap) < 0) {
+ if(udp4_unregister_esp_rcvencap(klips_old_encap) < 0) {
printk(KERN_ERR "KLIPS: can not unregister
klips_rcv_encap function\n");
}
#endif
And also the NF_INET_LOCAL_OUT stuff:
--- openswan-2.6.22/linux/net/ipsec/ipsec_xmit.c.orig 2009-07-11
12:07:31.000000000 -0300
+++ openswan-2.6.22/linux/net/ipsec/ipsec_xmit.c 2009-07-11
12:07:43.000000000 -0300
@@ -2068,7 +2068,7 @@
{
int err;
- err = NF_HOOK(PF_INET, NF_INET_LOCAL_OUT, ixs->skb,
NULL,
+ err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, ixs->skb, NULL,
ixs->route->u.dst.dev,
ipsec_xmit_send2);
if(err != NET_XMIT_SUCCESS && err != NET_XMIT_CN) {
Can someone tell me if this would break something?
Thanks,
Giovani
__________ Information from ESET NOD32 Antivirus, version of virus
signature database 4265 (20090721) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
More information about the Users
mailing list