linux-ipsec: FreeS/WAN snapshot

From: Kai Martius <admin(at)imib.med.tu-dresden.de>
Date: Fri May 08 1998 - 09:51:12 EDT

Hi, Klips-Developers.

Finally I found the time to set up my test environment and to install Klips today.
Well, I took a plain 2.0.33 kernel and ran "make insert". The first problem now was, as I disabled debugging at all, that some errors occured during compilation in ipsec_netlink.c. I had to comment out the following lines, so it compiled for now.

Line 161++:

  switch (em->em_type)
 {
++ /* case EMT_SETDEBUG:
  if(em->em_db_nl >> (sizeof(em->em_db_nl) * 8 - 1))   {

   debug_tunnel  |= em->em_db_tn;
   debug_netlink |= em->em_db_nl;
   debug_xform   |= em->em_db_xf;
   debug_eroute  |= em->em_db_er;
   debug_spi     |= em->em_db_sp;
   debug_radij   |= em->em_db_rj;
   debug_esp     |= em->em_db_es;
   debug_ah      |= em->em_db_ah;

  }
  else
  {

   debug_tunnel  &= em->em_db_tn;
   debug_netlink &= em->em_db_nl;
   debug_xform   &= em->em_db_xf;
   debug_eroute  &= em->em_db_er;
   debug_spi     &= em->em_db_sp;
   debug_radij   &= em->em_db_rj;
   debug_esp     &= em->em_db_es;
   debug_ah      &= em->em_db_ah;

  }
  break;
++ */

Next problem during kernel "make config" was, when I selected IPSec to compile as a module, no further selection was on algorithms etc. was possible. I solved this by changing "kernelpatch":

$ rcsdiff -p Config.in

---

RCS file: RCS/Config.in,v retrieving revision 1.1 diff -p -r1.1 Config.in *** Config.in 1996/08/04 20:05:53 1.1 --- Config.in 1996/08/04 20:15:24 *************** bool 'Kernel/User network link driver' C *** 27,30 **** --- 27,34 ----
  if [ "$CONFIG_NETLINK" = "y" ]; then
    bool 'Routing messages' CONFIG_RTNETLINK   fi
+ tristate 'IP Security Protocol' CONFIG_IPSEC

!!! + if [ ! "$CONFIG_IPSEC" = "m" -> "n" ]; then

+ source net/ipsec/Config.in
+ fi

  endmenu

I stopped today with the following problem:

I tried to set up tunnel mode using (hopefully) the same configuration scripts as I used for testing previous release ipsec-0.7, first only for AH in one direction. But TCPDUMP showed me an ICMP-error "protocol 4 unreachable". I'm quite shure to set up the correct SPI on receiver who is generating this message... Hmmm, any suggestions what this could be?

Greetings
Kai  

# Kai Martius                                                           #
# Dpt. of Medical CS and Biometrics / Dresden University of Technology  #
# PGP Fingerprint:  to be compared after download of my key             #

# available at http://www.imib.med.tu-dresden.de/imib/personal/kai.html # Received on Fri May 8 09:42:55 1998