[Openswan Users] Problems using OpenSwan 2.6.23 and Linux 2.6.22

Mattias Mattsson mmattsson at edgewaternetworks.com
Mon Sep 14 17:14:17 EDT 2009

I'm attaching a patch for this second problem in case it would be useful for


A preferable patch would be to use the HAVE_ALLOC_NETDEV define in
linux/include/netdevice.h instead but then ipsec_kversion.h would have to
include this header and I don't know what your preference is on this matter.


/ Mattias




From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Mattias Mattsson
Sent: Friday, September 11, 2009 3:08 PM
To: users at openswan.org
Subject: [Openswan Users] Problems using OpenSwan 2.6.23 and Linux 2.6.22




I've been building OpenSwan 2.6.18 on a Linux kernel 2.6.22 without a
problem. But now I'm upgrading to OpenSwan version 2.6.23, and I'm running
into a couple of problems with KLIPS.


First, the file ipsec_kversion.h now defines the identifier
HAVE_KMEM_CACHE_MACRO when using a kernel version 2.6.22 (line 241) which
causes compilation to fail. This define seems to be in direct contradiction
to the next define of this identifier (at line 292) where the comment
explicitly says that "The macro got introduced in 2,6,22 but it does not
work properly".


It seems like this first define at line 242 is incorrect and should be
reverted. If I do so, I get past this hurdle.


Second, when loading the KLIPS ipsec kernel module, the network interface
statistics are all garbled in /proc/net/dev and the command "ifconfig" does
not work properly. The problem here seems to be the change from using
dev->priv to using netdev_priv(dev). The code in ipsec_tunnel.c and
ipsec_mast.c checks for the presence of alloc_netdev with #ifdefs but in
Linux kernel 2.6.22, alloc_netdev is a plain function, not a macro. This
means that kmalloc() is used rather than alloc_netdev(), which in turn means
that netdev_priv(dev) does not return the correct value. If kmalloc is used,
the old usage of dev->priv should be preserved.


I can work around this by adding the line

#define alloc_netdev alloc_netdev

to ipsec_kversion.h, but I think that the correct solution would be to only
use netdev_priv(dev) if alloc_netdev is used. That is, the use of
netdev_priv() must be tied to the same decision that the use of
alloc_netdev() is based on. The cleanest solution would probably be to
introduce a level of indirection by using another macro for both the
allocation of the device as well as the access of its private data and set
both of these macros to either kmalloc and dev->priv or alloc_netdev and


Both of these problems seem to be an issue only when using Linux kernel
2.6.22 specifically. 


Regards / Mattias


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090914/76c471ff/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenSwan-2.6.23-netdev.patch
Type: application/octet-stream
Size: 13985 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20090914/76c471ff/attachment-0001.obj 

More information about the Users mailing list