[Swan-dev] Libreswan 3.6, kernel 3.10.17, klips, module loading
Roel van Meer
roel.vanmeer at bokxing-it.nl
Thu Oct 31 16:09:34 EET 2013
Hi!
today I built kernel 3.10.17 with libreswan 3.6. Building went fine, but the
ipsec module couldn't be loaded.
This seems to be caused by commit 547472b8e1da72ae226430c0c4273e36fc8ca768
in the linux kernel, that introduces code that checks if protocols have
namespace support before adding them.
The relevant lines from the logs are:
Oct 31 10:06:29 darkstar kernel: [ 51.594786] klips_info:ipsec_init: KLIPS startup, Libreswan KLIPS IPsec stack version: 3.6
Oct 31 10:06:29 darkstar kernel: [ 51.594858] NET: Registered protocol family 15
Oct 31 10:06:29 darkstar kernel: [ 51.594862] Protocol 50 is not namespace aware, cannot register.
Oct 31 10:06:29 darkstar kernel: [ 51.594863] KLIPS: can not register ESP protocol - recompile with CONFIG_INET_ESP disabled or as module
Oct 31 10:06:29 darkstar kernel: [ 51.641090] klips_info:pfkey_cleanup: shutting down PF_KEY domain sockets.
Oct 31 10:06:29 darkstar kernel: [ 51.701114] NET: Unregistered protocol family 15
The relevant part from my kernel config:
root at darkstar:~# grep CONFIG_INET /boot/config-3.10.17-2b
CONFIG_INET=y
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_XFRM_TUNNEL=m
CONFIG_INET_TUNNEL=m
CONFIG_INET_XFRM_MODE_TRANSPORT=m
CONFIG_INET_XFRM_MODE_TUNNEL=m
CONFIG_INET_XFRM_MODE_BEET=m
CONFIG_INET_LRO=y
CONFIG_INET_DIAG=y
CONFIG_INET_TCP_DIAG=y
CONFIG_INET_UDP_DIAG=y
I have a patch that works around this and lets me load the module, but then
I get crashes, so my patch must be faulty. If I find out more I'll let you
know.
If you need any more info please don't hesitate to ask. I'm also available
for testing of patches etc.
Thanks for all the hard work!
Best regards,
Roel
More information about the Swan-dev
mailing list