[Openswan Users] kernel 3.4.xxx support

Neal Murphy neal.p.murphy at alum.wpi.edu
Wed Apr 23 09:40:01 EDT 2014 

On Tuesday, April 22, 2014 04:21:37 PM users-bounces at lists.openswan.org wrote:
> Rescued from the Spam bucket.  Please remember to subscribe to the mailing
> list before posting to it.
> 
> From: Wei Chen <Wei.Chen at cortina-systems.com>
> Subject: kernel 3.4.xxx support
> Date: April 22, 2014 at 4:20:19 PM EDT
> To: <users at lists.openswan.org>
> 
> 
> Just want to confirm, does any Openswan release support Linux kernel
> 3.4.xxx?

With four patches for me (Smoothwall 3.1), Openswan 2.6.41 seems to build and 
run on linux 3.4.86 just fine.

N
----------------

--- openswan-2.6.29rc/Makefile-orig     2010-09-16 01:19:30.000000000 -0400
+++ openswan-2.6.29rc/Makefile  2010-09-16 01:36:35.000000000 -0400
@@ -462,14 +462,14 @@
                exit 93 ; \
        fi ; \
        set -x ; \
-       mkdir -p $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \
-       cp $(MOD26BUILDDIR)/ipsec.ko $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \
+       mkdir -p $(DESTDIR)$$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \
+       cp $(MOD26BUILDDIR)/ipsec.ko 
$(DESTDIR)$$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \
        if [ -f /sbin/depmod ] ; then /sbin/depmod -a ; fi; \
        if [ -n "$(OSMOD_DESTDIR)" ] ; then \
-       mkdir -p $$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \
-               if [ -f $$OSMODLIB/kernel/ipsec.ko -a -f 
$$OSMODLIB/kernel/$(OSMOD_DESTDIR)/ipsec.ko ] ; then \
-                       echo "WARNING: two ipsec.ko modules found in 
$$OSMODLIB/kernel:" ; \
-                       ls -l $$OSMODLIB/kernel/ipsec.ko 
$$OSMODLIB/kernel/$(OSMOD_DESTDIR)/ipsec.ko ; \
+       mkdir -p $(DESTDIR)$$OSMODLIB/kernel/$(OSMOD_DESTDIR) ; \
+               if [ -f $(DESTDIR)$$OSMODLIB/kernel/ipsec.ko -a -f 
$(DESTDIR)$$OSMODLIB/kernel/$(OSMOD_DESTDIR)/ipsec.ko ] ; then \
+                       echo "WARNING: two ipsec.ko modules found in 
$(DESTDIR)$$OSMODLIB/kernel:" ; \
+                       ls -l $(DESTDIR)$$OSMODLIB/kernel/ipsec.ko 
$(DESTDIR)$$OSMODLIB/kernel/$(OSMOD_DESTDIR)/ipsec.ko ; \
                        exit 1; \
                fi ; \
        fi ; \
--- openswan-2.6.39/programs/setup/setup.in-ORIG
+++ openswan-2.6.39/programs/setup/setup.in
@@ -84,7 +84,7 @@
 umask 022

 mkdir -p /var/run/pluto
-chmod 700 /var/run/pluto
+chmod 701 /var/run/pluto

 RETVAL=0

@@ -120,6 +120,10 @@
     (
     ipsec _realsetup start
     RETVAL=$?
+
+    if test -e /proc/net/ipsec/eroute/all; then
+      chmod 444 /proc/net/ipsec/eroute/all
+    fi
     ) 2>&1 | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
     return $RETVAL
 }
--- a/linux/net/ipsec/pfkey_v2.c.orig
+++ b/linux/net/ipsec/pfkey_v2.c
@@ -207,50 +207,6 @@
 }
 #endif

-/*****
-Grabbed Mr. Viro's proc_subtree backport code for older kernels
-commit 8ce584c7416d8a85a6f3edc17d1cddefe331e87e
-Author: Al Viro <v... at zeniv.linux.org.uk>
-Date:   Sat Mar 30 20:13:46 2013 -0400
-****/
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3,10,0)
-#ifdef CONFIG_PROC_FS
-
-static void backport_proc_subdir_remove(struct proc_dir_entry *dir)
-{
-       struct proc_dir_entry *pe, *tmp;
-       pe = dir->subdir;
-       while (pe) {
-               tmp = pe->next;
-               backport_proc_subdir_remove(pe);
-               remove_proc_entry(pe->name, dir);
-               pe = tmp;
-       }
-};
-
-int remove_proc_subtree(const char *name, struct proc_dir_entry *parent)
-{
-       struct proc_dir_entry *pe, *tmp;
-
-       if (!parent)
-               goto out;
-
-       pe = parent->subdir;
-       while (pe) {
-               tmp = pe->next;
-               backport_proc_subdir_remove(pe);
-               remove_proc_entry(pe->name, parent);
-               pe = tmp;
-       }
-
-out:
-       remove_proc_entry(name, parent);
-
-       return 0;
-}
-#endif /* CONFIG_PROC_FS */
-#endif /* LINUX_VERSION_CODE < KERNEL_VERSION(3,10,0) */
-
 int
 pfkey_list_remove_socket(struct socket *socketp, struct socket_list 
**sockets)
 {
@@ -1530,9 +1486,9 @@
        error |= supported_remove_all(K_SADB_X_SATYPE_IPIP);

 #ifdef CONFIG_PROC_FS
-        remove_proc_subtree("pf_key",            init_net.proc_net);
-        remove_proc_subtree("pf_key_supported",  init_net.proc_net);
-        remove_proc_subtree("pf_key_registered", init_net.proc_net);
+        remove_proc_entry("pf_key",            PROC_NET);
+        remove_proc_entry("pf_key_supported",  PROC_NET);
+        remove_proc_entry("pf_key_registered", PROC_NET);
 #endif /* CONFIG_PROC_FS */

        /* other module unloading cleanup happens here */
--- a/lib/libopenswan/constants.c.orig
+++ b/lib/libopenswan/constants.c
@@ -167,9 +167,18 @@
     NULL    /* termination for bitnamesof() */
 };

+const char *const payload_name_nat_d[] = {
+    "ISAKMP_NEXT_NAT-D",
+    "ISAKMP_NEXT_NAT-OA",
+    NULL
+};
+
+static enum_names payload_names_nat_d =
+{ ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_NATOA_DRAFTS, payload_name_nat_d, NULL 
};
+
 static enum_names payload_names_ikev2_main =
 { ISAKMP_NEXT_v2SA, ISAKMP_NEXT_v2EAP, payload_name_ikev2_main,
-  NULL };
+  &payload_names_nat_d };

 const char *const payload_name_ikev2[] = {
     "ISAKMP_NEXT_v2NONE",            /* 33 */

More information about the Users mailing list