Bug#626790: openswan-modules-dkms: Kernel modules doesn't compile

Fri, 12 Aug 2011 10:09:22 -0700 

I can confirm the compilation issues with this package and have written a
working patch to address.  Many of the kernel structures have changed since
the last maintained version of this dkms package which (obviously) prevent
successful compilation.   I have tested minimally by using the openswan
configuration "protostack=mast" with the ipsec kernel module inserted with
no errors occur that I can tell.  I am able to establish an active SA and
pass traffic but have not tested much beyond that.

Try applying the patch and testing yourself---I'm sure more people that just
you and I are being hit by this issue.

Sincerely,
Christopher Dickey
cmdickey at onewiseowl.com

diff -u -r -B -N a/linux/include/openswan/nipquad.h b/linux/include/openswan/nipquad.h
--- a/linux/include/openswan/nipquad.h	1969-12-31 16:00:00.000000000 -0800
+++ b/linux/include/openswan/nipquad.h	2011-08-10 13:34:02.000000000 -0700
@@ -0,0 +1,5 @@
+#define NIPQUAD(addr) \
+    ((unsigned char *)&addr)[0], \
+    ((unsigned char *)&addr)[1], \
+    ((unsigned char *)&addr)[2], \
+    ((unsigned char *)&addr)[3]
diff -u -r -B -N a/linux/net/ipsec/alg/.cvsignore b/linux/net/ipsec/alg/.cvsignore
--- a/linux/net/ipsec/alg/.cvsignore	2010-07-29 11:45:59.000000000 -0700
+++ b/linux/net/ipsec/alg/.cvsignore	1969-12-31 16:00:00.000000000 -0800
@@ -1,4 +0,0 @@
-static_init.c
-lib*
-*.o
-.*.o*
diff -u -r -B -N a/linux/net/ipsec/arp_2635_hack.h b/linux/net/ipsec/arp_2635_hack.h
--- a/linux/net/ipsec/arp_2635_hack.h	1969-12-31 16:00:00.000000000 -0800
+++ b/linux/net/ipsec/arp_2635_hack.h	2011-08-10 14:28:32.000000000 -0700
@@ -0,0 +1,12 @@
+static void arp_solicit(struct neighbour *neigh, struct sk_buff *skb);
+static void arp_error_report(struct neighbour *neigh, struct sk_buff *skb);
+
+static const struct neigh_ops arp_broken_ops = {
+        .family =               AF_INET,
+        .solicit =              arp_solicit,
+        .error_report =         arp_error_report,
+        .output =               neigh_compat_output,
+        .connected_output =     neigh_compat_output,
+        .hh_output =            dev_queue_xmit,
+        .queue_xmit =           dev_queue_xmit,
+};
diff -u -r -B -N a/linux/net/ipsec/.cvsignore b/linux/net/ipsec/.cvsignore
--- a/linux/net/ipsec/.cvsignore	2010-07-29 11:45:59.000000000 -0700
+++ b/linux/net/ipsec/.cvsignore	1969-12-31 16:00:00.000000000 -0800
@@ -1,47 +0,0 @@
-.addrtoa.o.flags
-.adler32.o.flags
-.cbc_enc.o.flags
-.datatot.o.flags
-.deflate.o.flags
-.des_enc.o.flags
-.ecb_enc.o.flags
-.goodmask.o.flags
-.infblock.o.flags
-.infcodes.o.flags
-.inffast.o.flags
-.inflate.o.flags
-.inftrees.o.flags
-.infutil.o.flags
-.ipcomp.o.flags
-.ipsec.o.flags
-.ipsec_init.o.flags
-.ipsec_life.o.flags
-.ipsec_md5c.o.flags
-.ipsec_proc.o.flags
-.ipsec_radij.o.flags
-.ipsec_rcv.o.flags
-.ipsec_sa.o.flags
-.ipsec_sha1.o.flags
-.ipsec_tunnel.o.flags
-.pfkey_v2.o.flags
-.pfkey_v2_build.o.flags
-.pfkey_v2_debug.o.flags
-.pfkey_v2_ext_bits.o.flags
-.pfkey_v2_ext_process.o.flags
-.pfkey_v2_parse.o.flags
-.pfkey_v2_parser.o.flags
-.prng.o.flags
-.radij.o.flags
-.rangetoa.o.flags
-.satoa.o.flags
-.set_key.o.flags
-.subnetof.o.flags
-.subnettoa.o.flags
-.sysctl_net_ipsec.o.flags
-.trees.o.flags
-.ultoa.o.flags
-.version.o.flags
-.zutil.o.flags
-version.c
-.*.o.flags
-*.o
diff -u -r -B -N a/linux/net/ipsec/ipsec_alg.c b/linux/net/ipsec/ipsec_alg.c
--- a/linux/net/ipsec/ipsec_alg.c	2010-07-29 11:45:59.000000000 -0700
+++ b/linux/net/ipsec/ipsec_alg.c	2011-08-12 09:33:31.000000000 -0700
@@ -18,6 +18,7 @@
  * for more details.
  *
  */
+#define RW_LOCK_UNLOCKED      __RW_LOCK_UNLOCKED(old_style_rw_init)
 #ifndef AUTOCONF_INCLUDED
 #include <linux/config.h>
 #endif
diff -u -r -B -N a/linux/net/ipsec/ipsec_init.c b/linux/net/ipsec/ipsec_init.c
--- a/linux/net/ipsec/ipsec_init.c	2010-07-29 11:45:59.000000000 -0700
+++ b/linux/net/ipsec/ipsec_init.c	2011-08-12 09:33:31.000000000 -0700
@@ -17,7 +17,7 @@
  * /proc system code was split out into ipsec_proc.c after rev. 1.70.
  *
  */
-
+#define SPIN_LOCK_UNLOCKED	__SPIN_LOCK_UNLOCKED(old_style_spin_init)
 #ifndef AUTOCONF_INCLUDED
 #include <linux/config.h>
 #endif
diff -u -r -B -N a/linux/net/ipsec/ipsec_mast.c b/linux/net/ipsec/ipsec_mast.c
--- a/linux/net/ipsec/ipsec_mast.c	2010-07-29 11:45:59.000000000 -0700
+++ b/linux/net/ipsec/ipsec_mast.c	2011-08-12 09:33:31.000000000 -0700
@@ -57,6 +57,8 @@
 
 #include <linux/if_arp.h>
 
+#include "arp_2635_hack.h"
+
 #include "openswan/ipsec_kversion.h"
 #include "openswan/radij.h"
 #include "openswan/ipsec_life.h"
@@ -872,9 +874,8 @@
 	mastdevices[vifnum]=NULL;
 	ipsec_dev_put(dev_ipsec);
 	
-	KLIPS_PRINT(debug_tunnel, "Unregistering %s (refcnt=%d)\n",
-		    dev_ipsec->name,
-		    atomic_read(&dev_ipsec->refcnt));
+	KLIPS_PRINT(debug_tunnel, "Unregistering %s\n",
+		    dev_ipsec->name);
 	unregister_netdev(dev_ipsec);
 	KLIPS_PRINT(debug_tunnel, "Unregisted %s\n", dev_ipsec->name);
 #ifndef NETDEV_23
diff -u -r -B -N a/linux/net/ipsec/ipsec_radij.c b/linux/net/ipsec/ipsec_radij.c
--- a/linux/net/ipsec/ipsec_radij.c	2010-07-29 11:45:59.000000000 -0700
+++ b/linux/net/ipsec/ipsec_radij.c	2011-08-12 09:33:31.000000000 -0700
@@ -14,7 +14,7 @@
  * for more details.
  *
  */
-
+#define SPIN_LOCK_UNLOCKED	__SPIN_LOCK_UNLOCKED(old_style_spin_init)
 #ifndef AUTOCONF_INCLUDED
 #include <linux/config.h>
 #endif
diff -u -r -B -N a/linux/net/ipsec/ipsec_rcv.c b/linux/net/ipsec/ipsec_rcv.c
--- a/linux/net/ipsec/ipsec_rcv.c	2010-07-29 11:45:59.000000000 -0700
+++ b/linux/net/ipsec/ipsec_rcv.c	2011-08-12 09:33:31.000000000 -0700
@@ -19,7 +19,7 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  */
-
+#define SPIN_LOCK_UNLOCKED	__SPIN_LOCK_UNLOCKED(old_style_spin_init)
 #ifndef AUTOCONF_INCLUDED
 #include <linux/config.h>
 #endif
@@ -97,6 +97,9 @@
 #include "openswan/ipsec_proto.h"
 #include "openswan/ipsec_alg.h"
 
+/* NIPQUAD hack for 2.6.36+ compatibility */
+#include "openswan/nipquad.h"
+
 #ifdef CONFIG_KLIPS_OCF
 #include "ipsec_ocf.h"
 #endif
diff -u -r -B -N a/linux/net/ipsec/ipsec_sa.c b/linux/net/ipsec/ipsec_sa.c
--- a/linux/net/ipsec/ipsec_sa.c	2010-07-29 11:45:59.000000000 -0700
+++ b/linux/net/ipsec/ipsec_sa.c	2011-08-12 09:33:31.000000000 -0700
@@ -19,7 +19,7 @@
  * This is the file formerly known as "ipsec_xform.h"
  *
  */
-
+#define SPIN_LOCK_UNLOCKED	__SPIN_LOCK_UNLOCKED(old_style_spin_init)
 #ifndef AUTOCONF_INCLUDED
 #include <linux/config.h>
 #endif
diff -u -r -B -N a/linux/net/ipsec/ipsec_tunnel.c b/linux/net/ipsec/ipsec_tunnel.c
--- a/linux/net/ipsec/ipsec_tunnel.c	2010-07-29 11:45:59.000000000 -0700
+++ b/linux/net/ipsec/ipsec_tunnel.c	2011-08-12 09:33:31.000000000 -0700
@@ -18,6 +18,8 @@
  * for more details.
  */
 
+
+#define SPIN_LOCK_UNLOCKED	__SPIN_LOCK_UNLOCKED(old_style_spin_init)
 #define __NO_VERSION__
 #include <linux/module.h>
 #ifndef AUTOCONF_INCLUDED
@@ -73,6 +75,9 @@
 #include <linux/if_arp.h>
 #include <net/arp.h>
 
+// hack for 2.6.35+ (removal of exposed arp functions)
+#include "arp_2635_hack.h"
+
 #include "openswan/ipsec_kversion.h"
 #include "openswan/radij.h"
 #include "openswan/ipsec_life.h"
@@ -2182,9 +2187,8 @@
 	ipsecdevices[vifnum]=NULL;
 	ipsec_dev_put(dev_ipsec);
 	
-	KLIPS_PRINT(debug_tunnel, "Unregistering %s (refcnt=%d)\n",
-		    dev_ipsec->name,
-		    atomic_read(&dev_ipsec->refcnt));
+	KLIPS_PRINT(debug_tunnel, "Unregistering %s\n",
+		    dev_ipsec->name);
 	unregister_netdev(dev_ipsec);
 	KLIPS_PRINT(debug_tunnel, "Unregisted %s\n", dev_ipsec->name);
 #ifndef NETDEV_23
@@ -2233,9 +2237,8 @@
 		ipsecdevices[i]=NULL;
 		ipsec_dev_put(dev_ipsec);
 
-		KLIPS_PRINT(debug_tunnel, "Unregistering %s (refcnt=%d)\n",
-			    dev_ipsec->name,
-			    atomic_read(&dev_ipsec->refcnt));
+		KLIPS_PRINT(debug_tunnel, "Unregistering %s\n",
+			    dev_ipsec->name);
 		unregister_netdev(dev_ipsec);
 		KLIPS_PRINT(debug_tunnel, "Unregisted %s\n", dev_ipsec->name);
 #ifndef NETDEV_23
diff -u -r -B -N a/linux/net/ipsec/ipsec_xmit.c b/linux/net/ipsec/ipsec_xmit.c
--- a/linux/net/ipsec/ipsec_xmit.c	2010-07-29 11:45:59.000000000 -0700
+++ b/linux/net/ipsec/ipsec_xmit.c	2011-08-12 09:33:31.000000000 -0700
@@ -96,6 +96,9 @@
 #include "openswan/ipsec_alg.h"
 #include "ipsec_ocf.h"
 
+/* NIPQUAD hack for 2.6.36+ compatibility */
+#include "openswan/nipquad.h"
+
 #if defined(CONFIG_KLIPS_AH)
 #if defined(CONFIG_KLIPS_AUTH_HMAC_MD5) || defined(CONFIG_KLIPS_AUTH_HMAC_SHA1)
 static __u32 zeroes[64];
@@ -2053,16 +2056,17 @@
 	is_mast_packet = ipsec_is_mast_device(ixs->skb->dev);
 
 #ifdef NETDEV_25
-	fl->nl_u.ip4_u.daddr = ip_hdr(ixs->skb)->daddr;
-	fl->nl_u.ip4_u.saddr = ixs->pass ? 0 : ip_hdr(ixs->skb)->saddr;
-	fl->nl_u.ip4_u.tos = RT_TOS(ip_hdr(ixs->skb)->tos);
-	fl->proto = ip_hdr(ixs->skb)->protocol;
-	fl->mark = ixs->skb->mark;
-#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,24)
-	error = ip_route_output_key(&ixs->route, fl);
-#else
-	error = ip_route_output_key(&init_net, &ixs->route, fl);
-#endif
+	 fl->u.ip4.daddr = ip_hdr(ixs->skb)->daddr;
+	 fl->u.ip4.saddr = ixs->pass ? 0 : ip_hdr(ixs->skb)->saddr;
+	 fl->u.__fl_common.flowic_tos = RT_TOS(ip_hdr(ixs->skb)->tos);
+	fl->u.__fl_common.flowic_proto = ip_hdr(ixs->skb)->protocol;
+	fl->u.__fl_common.flowic_mark = ixs->skb->mark;
+//#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,24)
+//	error = ip_route_output_key(&ixs->route, fl);
+//#else
+//	error = ip_route_output_key(&init_net, &ixs->route, fl);
+	error = ip_route_output_key(&init_net, fl);
+//#endif
 	if (error) {
 
 #else
@@ -2083,7 +2087,7 @@
 		return IPSEC_XMIT_ROUTEERR;
 	}
 
-	if(ixs->dev == ixs->route->u.dst.dev) {
+	if(ixs->dev == ixs->route->dst.dev) {
 		ip_rt_put(ixs->route);
 		/* This is recursion, drop it. */
 		if (ixs->stats)
@@ -2096,7 +2100,7 @@
 	}
 
 	skb_dst_drop(ixs->skb);
-	skb_dst_set(ixs->skb, &ixs->route->u.dst);
+	skb_dst_set(ixs->skb, &ixs->route->dst);
 	if(ixs->stats) {
 		ixs->stats->tx_bytes += ixs->skb->len;
 	}
@@ -2137,7 +2141,7 @@
 
 		else
 			err = NF_HOOK(PF_INET, NF_INET_LOCAL_OUT, ixs->skb, NULL,
-					ixs->route->u.dst.dev,
+					ixs->route->dst.dev,
 					ipsec_xmit_send2);
 
 		if(err != NET_XMIT_SUCCESS && err != NET_XMIT_CN) {
@@ -2175,7 +2179,7 @@
 
 	/* new route/dst cache code from James Morris */
 	ixs->skb->dev = ixs->physdev;
- 	fl.oif = ixs->physdev->ifindex;
+ 	fl.u.__fl_common.flowic_oif = ixs->physdev->ifindex;
 
 	return ipsec_xmit_send(ixs, &fl);
 }
diff -u -r -B -N a/linux/net/ipsec/pfkey_v2.c b/linux/net/ipsec/pfkey_v2.c
--- a/linux/net/ipsec/pfkey_v2.c	2010-07-29 11:45:59.000000000 -0700
+++ b/linux/net/ipsec/pfkey_v2.c	2011-08-12 09:46:41.000000000 -0700
@@ -23,7 +23,7 @@
 #include <linux/module.h>
 #include <linux/version.h>
 #ifndef AUTOCONF_INCLUDED
-# include <linux/config.h>
+#include <linux/config.h>
 #endif
 #include <linux/kernel.h>
 
@@ -67,6 +67,10 @@
 
 #include <linux/types.h>
 
+#include <linux/rwlock_types.h>
+
+#define RW_LOCK_UNLOCKED      __RW_LOCK_UNLOCKED(old_style_rw_init)
+
 #include "openswan/ipsec_param2.h"
  
 #include <openswan.h>
@@ -155,8 +159,8 @@
 	recvmsg:	pfkey_recvmsg,
 	mmap:		sock_no_mmap,
 };
-
-#include <linux/smp_lock.h>
+/* removed per http://kerneltrap.org/mailarchive/linux-kernel/2010/11/17/4647205 */
+//#include <linux/smp_lock.h>
 SOCKOPS_WRAP(pfkey, PF_KEY);
 
 #ifdef NET_26
@@ -723,8 +727,8 @@
 	KLIPS_PRINT(debug_pfkey,
 		    "klips_debug:pfkey_create: "
 		    "sock->fasync_list=0p%p sk->sleep=0p%p.\n",
-		    sock->fasync_list,
-		    sk->sk_sleep);
+		    sock->wq->fasync_list,
+		    &sk->sk_lock.wq);
 
 	pfkey_insert_socket(sk);
 	pfkey_list_insert_socket(sock, &pfkey_open_sockets);
@@ -1157,7 +1161,7 @@
 					sk,
 					key_pid(sk),
 					sock_flag(sk, SOCK_DEAD),
-					sk->sk_sleep,
+					&sk->sk_lock.wq,
 					sk->sk_socket,
 					sk->sk_err,
 					sk->sk_reuse,

Reply via email to