[Swan-dev] expirimental : ipsec device/interface aka XFRMi
antony at phenome.org
Wed Jan 22 21:13:00 UTC 2020
On Wed, Jan 22, 2020 at 03:08:45PM -0500, Paul Wouters wrote:
> On Wed, 22 Jan 2020, Antony Antony wrote:
> > > I still believe yes/no is not appropriate here. As for using numbers or
> > > %unique, we already have that being used for the mark keyword(s) in the
> > > parser. So that functionality is already there.
> > I disagree. I think no|yes|<n> is cleaner for this kind of option.
> > Hence I choose the new convention.
> As no other people are weighing in, I'll stop objecting provided the
> parser crashers are resolved.
thanks! lets give the new idea a shot.
The crasher is gone since this afternoon. another xauth error appeared.
I pushed a fix for and starting testrun.
> I grabbed the latest code.
> It still has this issue on machines with newer kernel but older glibc
> (and thus older kernel-haeders):
Is it from glibc?
As far as I see it is in kernel-headers-5.4.7-100.fc30.x86_64 If the kernel
and headers match IFLA_XFRM_IF_ID will be defined.
grep IFLA_XFRM_IF_ID /usr/include/linux/if_link.h IFLA_XFRM_IF_ID,
dnf provides /usr/include/linux/if_link.h
> -c /root/rpmbuild/BUILD/libreswan-3.28rc1494_g7c7a490_xfrmi/programs/pluto/xfrm_interface.c
> /root/rpmbuild/BUILD/libreswan-3.28rc1494_g7c7a490_xfrmi/programs/pluto/xfrm_interface.c: In function 'link_add_nl_msg':
> /root/rpmbuild/BUILD/libreswan-3.28rc1494_g7c7a490_xfrmi/programs/pluto/xfrm_interface.c:176:30: error: 'IFLA_XFRM_IF_ID' undeclared (first use in this function)
> nl_addattr32(&req->n, 1024, IFLA_XFRM_IF_ID, if_id);
> My fix was:
> diff --git a/include/libreswan.h b/include/libreswan.h
> index c3bab15..b134435 100644
> --- a/include/libreswan.h
> +++ b/include/libreswan.h
> @@ -18,6 +18,9 @@
> #ifndef _LIBRESWAN_H
> #define _LIBRESWAN_H /* seen it, no need to see it again */
> +#define IFLA_XFRM_IF_ID 2
> +#define IFLA_XFRM_LINK 1
note it is an enum not define.
/* XFRM section */
> #include "err.h"
> #include <stdbool.h>
> It should probably do an ifndef check first. And possibly do this not in
> libreswan.h but in kernel_netlink.h.
you can't ifndef check, it is an enum. which means you would need something
which we are resisting so far?
One concern is if we add a local defination for this enum and compile on
CentOS7, at run time on old kernel dragons way be woken up:) Try compiling
with enum defination and run it on CentOS/RHEL 7 or old Fedora.
> Otherwise, the branch compiled and ran, and no longer needs my patch.
> Traffic flows from/to the VPN client properly.
that is promising. thanks for testing.
More information about the Swan-dev