Re: [Swan] Errors at compilation module.

Fri, 01 Sep 2017 06:34:16 -0700 

On Fri, 1 Sep 2017, [email protected] wrote:


Centos 7.3.1611
kernel 3.10.0-514.26.2.el7.local.x86_64

1. That kernel I built with 
0001-SAREF-add-support-for-SA-selection-through-sendmsg.patch and 
0002-SAREF-implement-IP_IPSEC_BINDREF.patch from 3.11.0-15.25. The assembly
was successful.
2. Libreswan 3.21 make module.


The real fix is to upgrade your users from l2tp/ipsec to either
ikev1-xauth or to ikev2.

But meanwhile:


First problem:
==========
In file included from 
/home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c:57:0:
/home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c: In function 
'ipsec_xmit_ipip':
/home/pit/rpmbuild/BUILD/libreswan-3.21/linux/include/libreswan/ipsec_tunnel.h:32:42:
 warning: passing argument 1 of '__ip_select_ident' from incompatible pointer 
type
[enabled by default]
 #define lsw_ip4_hdr(ixirs)      ((struct iphdr *)
(ixirs)->iph)                                                                   
                                                        
                                          ^
/home/pit/rpmbuild/BUILD/libreswan-3.21/linux/include/libreswan/ipsec_param2.h:33:60:
 note: in definition of macro 'KLIPS_IP_SELECT_IDENT'
 # define KLIPS_IP_SELECT_IDENT(iph, skb) __ip_select_ident(iph, skb_dst(skb), 
0)                                                        


Looks like the kernel has some backporting done, so you might need to
tweak the IP_SELECT_IDENT_NEW define version conditions in
./linux/include/libreswan/ipsec_kversion.h to match your kernel.


Second problem:
=============
/home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c: In function 
'ipsec_xmit_send':
/home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c:2918:11: warning: 
passing argument 3 of 'NF_HOOK' from incompatible pointer type [enabled by 
default]
           ipsec_xmit_send2);                                                   
                                                                                



That one is a little harder now:

                        err = NF_HOOK(PF_INET, LSW_NF_INET_LOCAL_OUT,
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)
                                      dev_net(ixs->skb->dev),
#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0)
                                      ixs->skb->sk,
#endif

again it looks like you have a backport and so we should change this
hardcoded versions with a new deinfe like NEW_NF_HOOK so it can
be set independent of the kernel version.

Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Reply via email to