[Swan-dev] expirimental : ipsec device/interface aka XFRMi

Antony Antony antony at phenome.org
Thu Feb 6 12:04:32 UTC 2020 

I applied this patch and enabled it for CentOS 6,7,8, travis test failed on 
CentOS 8.

It seems CentOS 8 ship with a newer if_link.h inspite kernel-headers version 
4.18

Looks like something got back proted? I wonder full xfrmi or just headers
CentOS 8, 4.18 kernel

Would some one test xfrmi on CentOS 8 kernel?

Travisi compile log:
https://travis-ci.org/antonyantony/libreswan/builds/646826384

/home/build/libreswan/programs/pluto/linux-extra-if-link/if_link_extra.h:7:9: error: redeclaration of enumerator 'IFLA_XFRM_UNSPEC'

         IFLA_XFRM_UNSPEC,

         ^~~~~~~~~~~~~~~~

In file included from /usr/include/linux/rtnetlink.h:7,

                 from /home/build/libreswan/programs/pluto/kernel_xfrm.c:51:

/usr/include/linux/if_link.h:467:2: note: previous definition of 'IFLA_XFRM_UNSPEC' was here

  IFLA_XFRM_UNSPEC,

-antony

On Thu, Jan 30, 2020 at 09:06:48AM -0500, Andrew Cagney wrote:
> On Thu, 30 Jan 2020 at 06:39, Paul Wouters <paul at nohats.ca> wrote:
> >
> > On Thu, 30 Jan 2020, Antony Antony wrote:
> >
> > > Here is my proposed patch to compile xfrmi on CentOS8.
> > > Any adjustments?
> >
> > Looks good. Perhaps just add a note saying "if you see IFLA_XFRM_IF_ID
> > undefined, try enabling this" just before the
> > USE_XFRM_INTERFACE_IFLA_HEADER option ?
> 
> I assume you mean in the code and not in the .mk file.  For instance,
> if the build could barf due to a missing header, add a note at the
> #include point.
> 
> > >> 036 ipsec-interface=1 not supported. may be missing CONFIG_XFRM_INTERFACE support in kernel
> >
> > Note this should not return a 0XX code because we fail to load the
> > connection. It is a fatal error (4xx)
> >
> > We might not be fully consistent with these in our code though, so I'm
> > happy to look at this after merging it in.
> >
> > Paul
> > _______________________________________________
> > Swan-dev mailing list
> > Swan-dev at lists.libreswan.org
> > https://lists.libreswan.org/mailman/listinfo/swan-dev

More information about the Swan-dev mailing list