Here is my proposed patch to compile xfrmi on CentOS8. Any adjustments? make USE_XFRM_INTERFACE_IFLA_HEADER=true USE_XFRM_INTERFACE=true programs
On Fri, Jan 24, 2020 at 07:29:13AM -0500, Paul Wouters wrote: > On Thu, 23 Jan 2020, Antony Antony wrote: > > > > Tested outputs welcome than guessing! > > 036 ipsec-interface=1 not supported. may be missing CONFIG_XFRM_INTERFACE > support in kernel > > Note that it is using a whack error code in the wrong range. And "may > be" should be "maybe". > > > > I'm okay with a manual flag to add. That way we can put the compile > > > error in the FAQ with the workaround. > > > > I would add only after a clear testing -ve cases. What happens when running > > pluto which is compiled with USE_XFRM_HEADER_XFRMI=yes on older kernel? I > > want to see the output. > > See above. Note that we already default to using a copy of the xfrm.h by > default via USE_XFRM_HEADER_COPY?=true > > Because we know we are often on newer kernels than the installed > combination of xfrm.h/kernel-headers/glibc and we know XFRM people > only add to the API and not modify the API. So using an updated > header file works fine. this is not in xfrm.h. this is from linux/if_link.h It is not a good idea to keep a full copy of if_link.h. if_link.h may drag in more if_*.h dependencies; and there are a lot of them. ls -lt /usr/include/linux/if_*.h |wc -l 31 > > Say test with standard CentOS8 and CentOS7 kernel. > > So, lets add it after few tests. > > I tested using kernel-2.6.32-696.16.1.el6.x86_64 on centos6 thanks for testing. I added it to the commit message. It would be nice to test on CentOS8/7 too. I think those two are most important, 2.6.32-696 gives a bottom line. Here is my proposed patch to able to compile xfrmi on CentOS8. Just create a optional .h file just for this enum.
>From ad3db344bc1916dbca286e89f6a1cffeb34c6d53 Mon Sep 17 00:00:00 2001 From: Antony Antony <[email protected]> Date: Wed, 29 Jan 2020 14:31:20 +0000 Subject: [PATCH] pluto: add extra enum for xfrmi interface to compile on CentOS 6,7,8 Add enum to compile xfrmi interface on older distribution. to compile make USE_XFRM_INTERFACE_IFLA_HEADER=true USE_XFRM_INTERFACE=true programs Compile error: /root/rpmbuild/BUILD/libreswan-3.28rc1494_g7c7a490_xfrmi/programs/pluto/xfrm_interface.c:176:30: error: 'IFLA_XFRM_IF_ID' undeclared (first use in this function) nl_addattr32(&req->n, 1024, IFLA_XFRM_IF_ID, if_id); Once it is compiled to run you need kernel with xfrmi support, 4.19 If the kernel does not support xfrmi, e.g on kernel-2.6.32-696.16.1.el6.x86_64 on centos6 036 ipsec-interface=1 not supported. may be missing CONFIG_XFRM_INTERFACE support in kernel Tested by Paul diff --git a/mk/config.mk b/mk/config.mk index 26c819ac20..ac430473fa 100644 --- a/mk/config.mk +++ b/mk/config.mk @@ -264,6 +264,8 @@ endif USE_XFRM_HEADER_COPY?=true XFRM_LIFETIME_DEFAULT?=30 +USE_XFRM_INTERFACE_IFLA_HEADER?=false + # Some systems have a bogus combination of glibc and kernel-headers which # causes a conflict in the IPv6 defines. Try enabling this option as a workaround # when you see errors related to 'struct in6_addr' diff --git a/programs/pluto/Makefile b/programs/pluto/Makefile index 011492dc95..a09be32f26 100644 --- a/programs/pluto/Makefile +++ b/programs/pluto/Makefile @@ -67,6 +67,12 @@ ifeq ($(USE_XFRM_HEADER_COPY),true) CFLAGS+=-I ${LIBRESWANSRCDIR}/programs/pluto/linux-copy endif +ifeq ($(USE_XFRM_INTERFACE), true) +ifeq ($(USE_XFRM_INTERFACE_IFLA_HEADER), true) +CFLAGS+=-I ${LIBRESWANSRCDIR}/programs/pluto/linux-extra-if-link -DUSE_XFRM_INTERFACE_IFLA_HEADER +endif +endif + ifeq ($(USE_GLIBC_KERN_FLIP_HEADERS),true) CFLAGS+=-DGLIBC_KERN_FLIP_HEADERS endif diff --git a/programs/pluto/kernel_xfrm_interface.h b/programs/pluto/kernel_xfrm_interface.h index d918190c33..381fa345d6 100644 --- a/programs/pluto/kernel_xfrm_interface.h +++ b/programs/pluto/kernel_xfrm_interface.h @@ -1,4 +1,7 @@ #include <linux/if_link.h> +#if defined(USE_XFRM_INTERFACE_IFLA_HEADER) +# include "if_link_extra.h" +#endif #include "linux/xfrm.h" #include "err.h" diff --git a/programs/pluto/linux-extra-if-link/if_link_extra.h b/programs/pluto/linux-extra-if-link/if_link_extra.h new file mode 100644 index 0000000000..03271df6e0 --- /dev/null +++ b/programs/pluto/linux-extra-if-link/if_link_extra.h @@ -0,0 +1,11 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note + * this is from linux/if_link.h commit f203b76d7 + */ + +/* XFRM section */ +enum { + IFLA_XFRM_UNSPEC, + IFLA_XFRM_LINK, + IFLA_XFRM_IF_ID, + __IFLA_XFRM_MAX +};
_______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
