Hi,
I build module without warnings and errors: KLIPS module built successfully. ipsec.ko is in /home/pit/rpmbuild/BUILD/libreswan-3.21/modobj -rw-rw-r-- 1 pit pit 13828120 сен 4 16:41 ipsec.ko text data bss dec hex filename 372218 13592 7828 393638 601a6 ipsec.ko [root@spr1-vpn02 libreswan-3.21]# modinfo ipsec filename: /lib/modules/3.10.0-514.26.2.el7.local.x86_64/kernel/net/ipsec/ipsec.ko license: GPL version: 3.21 rhelversion: 7.3 srcversion: 0D27AD035636BF35CE10816 depends: vermagic: 3.10.0-514.26.2.el7.local.x86_64 SMP mod_unload modversions parm: ipsec_replaywin_override:override replay window (-1=no change, 0=disable, N=override value (int) parm: ipsec_irs_cache_allocated_max:Maximum outstanding receive packets (before they are dropped) (int) parm: ipsec_ixs_cache_allocated_max:Maximum outstanding transmit packets (int) parm: ocf_available:int parm: natt_available:int But after "modpobe ipsec" I have "kernel panic" :( BUG: unable to handle kernel paging request at 000000000000711c register_netdevice_notifier ipsec_device_event+0x1c/0x360 --- Исходное сообщение --- От кого: "Paul Wouters" <[email protected]> Дата: 1 сентября 2017, 16:32:53 On Fri, 1 Sep 2017, [email protected] wrote: > Centos 7.3.1611 > kernel 3.10.0-514.26.2.el7.local.x86_64 > > 1. That kernel I built with > 0001-SAREF-add-support-for-SA-selection-through-sendmsg.patch and > 0002-SAREF-implement-IP_IPSEC_BINDREF.patch from 3.11.0-15.25. The assembly > was successful. > 2. Libreswan 3.21 make module. The real fix is to upgrade your users from l2tp/ipsec to either ikev1-xauth or to ikev2. But meanwhile: > First problem: > ========== > In file included from > /home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c:57:0: > /home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c: In function > 'ipsec_xmit_ipip': > /home/pit/rpmbuild/BUILD/libreswan-3.21/linux/include/libreswan/ipsec_tunnel.h:32:42: > warning: passing argument 1 of '__ip_select_ident' from incompatible pointer > type > [enabled by default] > #define lsw_ip4_hdr(ixirs) ((struct iphdr *) > (ixirs)->iph) > > ^ > /home/pit/rpmbuild/BUILD/libreswan-3.21/linux/include/libreswan/ipsec_param2.h:33:60: > note: in definition of macro 'KLIPS_IP_SELECT_IDENT' > # define KLIPS_IP_SELECT_IDENT(iph, skb) __ip_select_ident(iph, > skb_dst(skb), 0) Looks like the kernel has some backporting done, so you might need to tweak the IP_SELECT_IDENT_NEW define version conditions in ./linux/include/libreswan/ipsec_kversion.h to match your kernel. > Second problem: > ============= > /home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c: In function > 'ipsec_xmit_send': > /home/pit/rpmbuild/BUILD/libreswan-3.21/modobj/ipsec_xmit.c:2918:11: warning: > passing argument 3 of 'NF_HOOK' from incompatible pointer type [enabled by > default] > ipsec_xmit_send2); > > That one is a little harder now: err = NF_HOOK(PF_INET, LSW_NF_INET_LOCAL_OUT, #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0) dev_net(ixs->skb->dev), #endif #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0) ixs->skb->sk, #endif again it looks like you have a backport and so we should change this hardcoded versions with a new deinfe like NEW_NF_HOOK so it can be set independent of the kernel version. Paul
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
