[Swan] Errors at compilation module.
pit11 at ukr.net
pit11 at ukr.net
Mon Sep 4 13:51:43 UTC 2017
Hi,
I build module without warnings and errors:
KLIPS module built successfully.
ipsec.ko is in /home/pit/rpmbuild/BUILD/libreswan-3.21/modobj
-rw-rw-r-- 1 pit pit 13828120 сен 4 16:41 ipsec.ko
text data bss dec hex filename
372218 13592 7828 393638 601a6 ipsec.ko
[root at spr1-vpn02 libreswan-3.21]# modinfo ipsec
filename: /lib/modules/3.10.0-514.26.2.el7.local.x86_64/kernel/net/ipsec/ipsec.ko
license: GPL
version: 3.21
rhelversion: 7.3
srcversion: 0D27AD035636BF35CE10816
depends:
vermagic: 3.10.0-514.26.2.el7.local.x86_64 SMP mod_unload modversions
parm: ipsec_replaywin_override:override replay window (-1=no change, 0=disable, N=override value (int)
parm: ipsec_irs_cache_allocated_max:Maximum outstanding receive packets (before they are dropped) (int)
parm: ipsec_ixs_cache_allocated_max:Maximum outstanding transmit packets (int)
parm: ocf_available:int
parm: natt_available:int
But after "modpobe ipsec" I have "kernel panic" :(
BUG: unable to handle kernel paging request at 000000000000711c
register_netdevice_notifier
ipsec_device_event+0x1c/0x360
--- Исходное сообщение ---
От кого: "Paul Wouters" <paul at nohats.ca>
Дата: 1 сентября 2017, 16:32:53
On Fri, 1 Sep 2017, pit11 at ukr.net wrote:
> Centos 7.3.1611
> kernel 3.10.0-514.26.2.el7.local.x86_64
>
> 1. That kernel I built with 0001-SAREF-add-support-for-SA-selection-through-sendmsg.patch and 0002-SAREF-implement-IP_IPSEC_BINDREF.patch from 3.11.0-15.25. The assembly
> was successful.
> 2. Libreswan 3.21 make module.
The real fix is to upgrade your users from l2tp/ipsec to either
ikev1-xauth or to ikev2.
But meanwhile:
> First problem:
> ==========
> In file included from /home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c:57:0:
> /home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c: In function 'ipsec_xmit_ipip':
> /home/pit/rpmbuild/BUILD/libreswan-3.21/linux/include/libreswan/ipsec_tunnel.h:32:42: warning: passing argument 1 of '__ip_select_ident' from incompatible pointer type
> [enabled by default]
> #define lsw_ip4_hdr(ixirs) ((struct iphdr *)
> (ixirs)->iph)
> ^
> /home/pit/rpmbuild/BUILD/libreswan-3.21/linux/include/libreswan/ipsec_param2.h:33:60: note: in definition of macro 'KLIPS_IP_SELECT_IDENT'
> # define KLIPS_IP_SELECT_IDENT(iph, skb) __ip_select_ident(iph, skb_dst(skb), 0)
Looks like the kernel has some backporting done, so you might need to
tweak the IP_SELECT_IDENT_NEW define version conditions in
./linux/include/libreswan/ipsec_kversion.h to match your kernel.
> Second problem:
> =============
> /home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c: In function 'ipsec_xmit_send':
> /home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c:2918:11: warning: passing argument 3 of 'NF_HOOK' from incompatible pointer type [enabled by default]
> ipsec_xmit_send2);
That one is a little harder now:
err = NF_HOOK(PF_INET, LSW_NF_INET_LOCAL_OUT,
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)
dev_net(ixs->skb->dev),
#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0)
ixs->skb->sk,
#endif
again it looks like you have a backport and so we should change this
hardcoded versions with a new deinfe like NEW_NF_HOOK so it can
be set independent of the kernel version.
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20170904/0f1ea8c5/attachment.html>
More information about the Swan
mailing list