On Fri, 1 Sep 2017, [email protected] wrote:
Centos 7.3.1611
kernel 3.10.0-514.26.2.el7.local.x86_64
1. That kernel I built with
0001-SAREF-add-support-for-SA-selection-through-sendmsg.patch and
0002-SAREF-implement-IP_IPSEC_BINDREF.patch from 3.11.0-15.25. The assembly
was successful.
2. Libreswan 3.21 make module.
The real fix is to upgrade your users from l2tp/ipsec to either
ikev1-xauth or to ikev2.
But meanwhile:
First problem:
==========
In file included from
/home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c:57:0:
/home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c: In function
'ipsec_xmit_ipip':
/home/pit/rpmbuild/BUILD/libreswan-3.21/linux/include/libreswan/ipsec_tunnel.h:32:42:
warning: passing argument 1 of '__ip_select_ident' from incompatible pointer
type
[enabled by default]
#define lsw_ip4_hdr(ixirs) ((struct iphdr *)
(ixirs)->iph)
^
/home/pit/rpmbuild/BUILD/libreswan-3.21/linux/include/libreswan/ipsec_param2.h:33:60:
note: in definition of macro 'KLIPS_IP_SELECT_IDENT'
# define KLIPS_IP_SELECT_IDENT(iph, skb) __ip_select_ident(iph, skb_dst(skb),
0)
Looks like the kernel has some backporting done, so you might need to
tweak the IP_SELECT_IDENT_NEW define version conditions in
./linux/include/libreswan/ipsec_kversion.h to match your kernel.
Second problem:
=============
/home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c: In function
'ipsec_xmit_send':
/home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c:2918:11: warning:
passing argument 3 of 'NF_HOOK' from incompatible pointer type [enabled by
default]
ipsec_xmit_send2);
That one is a little harder now:
err = NF_HOOK(PF_INET, LSW_NF_INET_LOCAL_OUT,
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)
dev_net(ixs->skb->dev),
#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0)
ixs->skb->sk,
#endif
again it looks like you have a backport and so we should change this
hardcoded versions with a new deinfe like NEW_NF_HOOK so it can
be set independent of the kernel version.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan