[Openswan Users] saref patch

Giovani Moda giovani at mrinformatica.com.br
Wed Nov 25 14:13:31 EST 2009 

> This might be the few chunks of missing code in the patch as generated
from "make klipsng".
> You can see these chunks in the
patches/kernel/2.6.16.54-0.2.5/saref.patch

Actually it only happens when I port those chunks from
patches/kernel/2.6.16.54-0.2.5/saref.patch to the patch generated by
"make klipsng", so they are not missing, but complaining about a missing
reference to the code I inserted on the patch.

> There is a known limitation at this point. You will have to build
KLIPS inline,
> and not as a module.

I've been told (by you actually), and klips patch is indeed applied.
Setting CONFIG_KLIPS=m or CONFIG_KLIPS=y on .config makes no difference.

> I recently noticd that define too. It is not set anywhere. In my
tests, I just #define'd it.
> I don't have a full fix yet, but I've uploaded my work against 2.6.23
that I partially did last
> week to ftp://ftp.openswan.org/openswan/development/saref-2.6.23.patch

Yes, I can see from your patch that you defined it at ipsec_param.h. My
hunch is that is the key to solve my problem also. I also noticed that
you have merged old-style NAT-T patch in it. I thought that was not
necessary anymore for kernel-2.6.23>. Is that a requirement for saref?

> Hope that might help you a little further. Note that openswan.git
still has some problems with
> KLIPS that need to be addressed. But this patched kernel properly
talked to xl2tpd and conveyed
> the fact that SAref's were supported. But as soon as an SA comes up,
we see a kernel panic, which
> I think is due to non-SAref issues right now.

I'm sure it will help me a lot. I'm also aware of those problems on
openswan.git. I'm just trying to get a base for developing my servers so
it can support new openswan versions and (hopefully) saref when your
(hard) work is done. And that work I must leave to you guys, since,
unfortunately, I'm nowhere near qualified to help you out. All I can do
is test anything you need on different scenarios, as I have the
structure to do so.

I'll test your patch on my environment and report back to you. Let me
know if you need me for something.

Thanks again Paul.

Giovani
 

__________ Information from ESET NOD32 Antivirus, version of virus
signature database 4636 (20091125) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

More information about the Users mailing list