[Swan] Errors at compilation module.
Peter
pit11 at ukr.net
Fri Sep 1 17:24:08 UTC 2017
Thanks for help :)
About first problem:
===============
I replace subversion of kernel from 53 to 0 in ipsec_kversion.h:
#elif LINUX_VERSION_CODE < KERNEL_VERSION(3,11,0) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,10,53)
to
#elif LINUX_VERSION_CODE < KERNEL_VERSION(3,11,0) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,10,0)
And I had to replace version kernel in ipsec_param2.h:
# if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 1, 0))
to
# if (LINUX_VERSION_CODE < KERNEL_VERSION(3, 1, 0))
for apply:
# define KLIPS_IP_SELECT_IDENT(iph, skb) __ip_select_ident(dev_net(skb->dev), iph, 1)
Then warnings is gone.
Did i do it right ?
About second problem:
==================
I replace version in ipsec_xmit.c twice:
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0)
to
#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0)
After that errors is gone (module is done), but left warnings:
/home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c: In function 'ipsec_xmit_send':
/home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c:2918:11: warning: passing argument 7 of 'NF_HOOK' from incompatible pointer type [enabled by default]
ipsec_xmit_send2);
^
In file included from include/net/netns/netfilter.h:5:0,
from include/net/net_namespace.h:22,
from include/linux/netdevice.h:44,
from include/net/addrconf.h:49,
from /home/pit/rpmbuild/BUILD/libreswan-3.21/linux/include/libreswan/ipsec_kversion.h:394,
from /home/pit/rpmbuild/BUILD/libreswan-3.21/linux/include/libreswan/ipsec_param.h:34,
from /home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c:33:
include/linux/netfilter.h:245:1: note: expected 'int (*)(struct sock *, struct sk_buff *)' but argument is of type 'int (*)(struct sk_buff *)'
NF_HOOK(uint8_t pf, unsigned int hook, struct sock *sk, struct sk_buff *skb,
It’s critical ?
> 1 сент. 2017 г., в 16:32, Paul Wouters <paul at nohats.ca> написал(а):
>
> On Fri, 1 Sep 2017, pit11 at ukr.net wrote:
>
>> Centos 7.3.1611
>> kernel 3.10.0-514.26.2.el7.local.x86_64
>> 1. That kernel I built with 0001-SAREF-add-support-for-SA-selection-through-sendmsg.patch and 0002-SAREF-implement-IP_IPSEC_BINDREF.patch from 3.11.0-15.25. The assembly
>> was successful.
>> 2. Libreswan 3.21 make module.
>
> The real fix is to upgrade your users from l2tp/ipsec to either
> ikev1-xauth or to ikev2.
>
> But meanwhile:
>
>> First problem:
>> ==========
>> In file included from /home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c:57:0:
>> /home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c: In function 'ipsec_xmit_ipip':
>> /home/pit/rpmbuild/BUILD/libreswan-3.21/linux/include/libreswan/ipsec_tunnel.h:32:42: warning: passing argument 1 of '__ip_select_ident' from incompatible pointer type
>> [enabled by default]
>> #define lsw_ip4_hdr(ixirs) ((struct iphdr *)
>> (ixirs)->iph)
>> ^
>> /home/pit/rpmbuild/BUILD/libreswan-3.21/linux/include/libreswan/ipsec_param2.h:33:60: note: in definition of macro 'KLIPS_IP_SELECT_IDENT'
>> # define KLIPS_IP_SELECT_IDENT(iph, skb) __ip_select_ident(iph, skb_dst(skb), 0)
>
> Looks like the kernel has some backporting done, so you might need to
> tweak the IP_SELECT_IDENT_NEW define version conditions in
> /linux/include/libreswan/ipsec_kversion.h to match your kernel.
>
>> Second problem:
>> =============
>> /home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c: In function 'ipsec_xmit_send':
>> /home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c:2918:11: warning: passing argument 3 of 'NF_HOOK' from incompatible pointer type [enabled by default]
>> ipsec_xmit_send2);
>
>
> That one is a little harder now:
>
> err = NF_HOOK(PF_INET, LSW_NF_INET_LOCAL_OUT,
> #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)
> dev_net(ixs->skb->dev),
> #endif
> #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0)
> ixs->skb->sk,
> #endif
>
> again it looks like you have a backport and so we should change this
> hardcoded versions with a new deinfe like NEW_NF_HOOK so it can
> be set independent of the kernel version.
>
> Paul
More information about the Swan
mailing list