[Ocf-linux-users] OCF 20080704 and 2.6.21.6 Kernel
Brought to you by:
david-m
Menu
▾
▴
[Ocf-linux-users] OCF 20080704 and 2.6.21.6 Kernel
|
From: Ramon S. <RSc...@gm...> - 2008-07-17 13:08:54
|
Hello OCF-Linux-Users,
i'm trying to run the latest OCF 20080704 Release together with
linux-2.6.21.6 Kernel + Openswan 2.6.15dr2 on an IXP4XX Architecture.
I have a Question concerning Config Options:
- In the OCF Package, in File linux/net/ipsec/defconfig and
packaging/linux/Config-all.h, CONFIG_KLIPS_OCF is not set while
CONFIG_KLIPS_ALG is set to y. According to the info in KConfig,
KLIPS_ALG should only be disabled when OCF is used - which setting
is right?
My guess is: KLIPS_ALG is necessary, but it results in Error when
used together with KLIPS_OCF set (see ipsec_xmit.c).
Mysteriously, my IPSec tunnel is established with:
"IPsecConn-0" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x5f6f06b7 <0x785d1973 xfrm=AES_128-HMAC_MD5 NATOA=none NATD=none DPD=none}"
, and incomming Packets can be decrypted. Outgoing Packets instead result in increasing TX Error Counter
and a BADALG Error Message (if both, KLIPS_ALG and KLIPS_OCF are set).
I guess there's a bug in pfkey_v2_parser.c, btw. If you compare the
old 2.4.8 Version with the current one, a pair of curly braces changed
the semantic.
>From Line 2126 it should be like:
- if ((error = ipsec_cleareroutes())) {
+ if ((error = ipsec_cleareroutes()))
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_x_delflow_parse: "
"cleareroutes returned %d.\n", error);
SENDERR(-error);
- }
+
Greetings, Ramon
--
GMX startet ShortView.de. Hier findest Du Leute mit Deinen Interessen!
Jetzt dabei sein: http://www.shortview.de/wasistshortview.php?mc=sv_ext_mf@gmx
|
