Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: lists.freeswan.org > 1998-summer > 98 > 070193.html (Request Expert lists.freeswan.org Support)

Re: linux-ipsec: Latest snapshot and 2.0.35

From: Michael H. Warfield <mhw(at)alcove.wittsend.com>
Date: Tue Jul 28 1998 - 21:57:40 EDT


Richard Guy Briggs enscribed thusly:
> > Henry Spencer enscribed thusly:

> Right. That is why it is encapsulated with #ifdef CONFIG_IPSEC. If I

        Uh oh.... This may be the clue... See deep at the end... This appears to be missing in the snapshot.
> wanted it for both, I would put #ifdef CONFIG_IPSEC_MODULE as well. I

        Nope... Did not clean anything... Built from ground up, from scratch. Totally reproducable. I mean, I literally did an "rm -rf" on the entire linux and freeswan directories and rebuilt them suckers totally from scratch multiple times. I also made sure that the first thing I did after unpacking the kernel sources was to uncomment that INSTALL line in the make file... You build with the latest snapshot with IPSEC as a module and you get two unsatisfied externals of "ah_recv" and "esp_recv" from "network.a". The only source of those references is protocol.c.

        But... Just to prove a point... I started with two fresh trees... Linux was in /usr/src/linux which was symlinked to /usr/src/linux-2.0.35 and freeswan was in /usr/src/freeswan-snap1998Jul28. Pure virgin sources from the tarballs. Configured the linux kernel and did a "make dep" (just to make sure all of my headers like version.h were straight - did NOT compile the kernel at this point). Did a "make", "make install", then "make insert" in the freeswan directory. All went clean with no complaints... Went back to the linux directory and reconfigured the kernel for IPSEC as a module. Then did a "make dep ; make zImage". Blew up in the link phase with the two unsatisfied externals. Then edited the file "net/ipv4/protocol.c" and "#ifdef'ed" out the two structures which referred to ah_recv and esp_recv. Returned to the linux root directory and typed "make zImage" (did NOT redo the "make depend" or run a "make clean" at this point!). Kernel compiled and linked clean at this point.

        At this point, this source tree has NEVER been compiled with IPSEC set to "yes", only set to "module".

        Conclusion... Configuring IPSEC as a module IS causing these two structures to be compiled into the kernel.

> > Structure entries have been added to the inet_protocols which

Do you need help?X

> It compiles and works for my module case. It compiles and works for

> > This may be an oversimplification and there may yet be other

> Funny, I'm doing it...I should probably download the snapshot (in fact I

        This would be A Good Thing (tm)... :-)

> Could you confirm that your net/ipv4/protocol.c looks like the attached file?

        They almost matched! And that ALMOST is REALLY significant!!!! (see below)...

> > > Henry Spencer 

	:
	: - protocol.c deleted...
	:

	Hmmm...  Something interesting there...  The two files did NOT
match up! Here is the diff between your file "protocol1.c" and the "protocol.c" file which resulted from the "make insert.c". 
] alcove:/tmp# diff -ub protocol.c protocol.email.c 
] --- protocol.c  Tue Jul 28 21:36:54 1998
] +++ protocol.email.c    Tue Jul 28 21:35:27 1998
] @@ -44,12 +44,14 @@
]  #include 
]  #include 
]  #include 
] +#ifdef CONFIG_IPSEC
^^^^^^^^^^^^^^^^^^^^^^^
]  #ifdef CONFIG_IPSEC_AH
]  # include <../net/ipsec/ipsec_ah.h>
]  #endif /* CONFIG_IPSEC_AH */
]  #ifdef CONFIG_IPSEC_ESP
]  # include <../net/ipsec/ipsec_esp.h>

] #endif /* CONFIG_IPSEC_ESP */ 
] +#endif /* CONFIG_IPSEC */
^^^^^^^^^^^^^^^^^^^^^^^
]  
]  #define NEXT_PROTO NULL
]  
] @@ -122,6 +124,7 @@
]         "UDP"                   /* name                 */
]  };

] 
] +#ifdef CONFIG_IPSEC
^^^^^^^^^^^^^^^^^^^^^^^
]  #ifdef CONFIG_IPSEC_ESP
]  struct inet_protocol esp_protocol = {
]         esp_rcv,                /* ESP handler          */
] @@ -155,6 +158,7 @@
]         "AH"                    /* name */
]  };

] #endif /* CONFIG_IPSEC_AH */ 
] +#endif /* CONFIG_IPSEC */
^^^^^^^^^^^^^^^^^^^^^^^
]  
]  struct inet_protocol *inet_protocol_base = NEXT_PROTO;
]
] alcove:/tmp#

        How about that! Your source file has two more "#ifdef's" than mine does! There is an "#ifdef CONFIG_IPSEC" wrapper around the pair of structures that is NOT showing up when I run the "make insert" from the current snapshot! Considering that I answered "yes" to CONFIG_IPSEC_ESP and CONFIG_IPSEC_AH and it was CONFIG_IPSEC that got configured to "module", and I think we have the root of the problem! We are missing those two "#ifdef CONFIG_IPSEC" in the snapshots! Yureka!

Do you need more help?X

        Mike 

-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  
http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!
Received on Tue Jul 28 21:58:07 1998

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:25 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library