Re: linux-ipsec: Latest snapshot and 2.0.35

Henry Spencer enscribed thusly:
> > > Part of the clue here might be the accidental compile. It would be a good

> > Fraid not... When working on things at this level, I do a complete
> > clean build of the entire kernel from scratch every time...

> Ah, but just how do you do that? Do you unpack fresh sources from a tar

        I bet the problem you've got with "make clean" is with this line from the Makefile:

        rm -f core `find . -name '*.[oas]' ! -regex '.*lxdialog/.*' -print`

        My guess is that it doesn't follow the "symlink" where you insert the ipsec code, so it never cleans that out. I've got mixed emotions about using that symlink idea. If I removed that freeswan directory and then found I could no longer link the kernel, I would not be a happy camper... If you're going to modify files in the kernel source tree, you might as well hard link or copy everything over to keep the tree autonomous and complete unto itself.

        In any case, I tracked the original problem down. It has to do with the modifications to the file "net/ipv4/protocol.c". It looks like we have a compile option problem with this file.

        Structure entries have been added to the inet_protocols which include references to ah_recv and esp_recv. These were NOT in the 0.85 sources. It's seem pretty clear that this has been added, and is necessary, for hard linking the ipsec code into the kernel. Unfortunately, if you compile the ipsec code as a module, these entries refer to symbols which only exist in the modules. This results in an undefined symbol reference to each. These should not be hard compiled into this file when compiling ipsec as a module. They should get added to the protocol table at module initialization time. Equally so, if you compile the ipsec code into the kernel, these structures should be present in that module. It seems that the compile time options for protocol.c are wrong and the effort to get ipsec working in the hard-link case has resulted in breaking it for the module case.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

        This may be an oversimplification and there may yet be other gotcha's in there, but this alone pretty much guarentees that you can not compile a kernel with the current freeswan snapshot and with ipsec configured as a module...

> Henry Spencer

        Mike

-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  
http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!