[strongSwan-dev] Fwd: Using Strongswan 32 binaries on under 64 bit kernel

Tugrul Erdogan h.tugrul.erdogan at gmail.com
Fri Oct 31 15:32:42 CET 2014 

Hi,

I have done changes on "xfrm_userpolicy_info" struct too and I
have sucessfully started 32 bit Strongswan on 64 bit kernel at the end.

The patch below:

--- xfrm.h.orig 2014-10-31 14:58:55.026839122 +0200
+++ xfrm.h      2014-10-31 15:00:33.946839099 +0200
@@ -355,6 +355,7 @@
        __u8                            mode;           /* XFRM_MODE_xxx */
        __u8                            replay_window;
        __u8                            flags;
+       __u32                           dummy_alligner;
 #define XFRM_STATE_NOECN       1
 #define XFRM_STATE_DECAP_DSCP  2
 #define XFRM_STATE_NOPMTUDISC  4
@@ -400,6 +401,7 @@
        /* Automatically expand selector to include matching ICMP payloads.
*/
 #define XFRM_POLICY_ICMP       2

        __u8                            share;

+       __u32                           dummy_alligner;

 };



 struct xfrm_userpolicy_id {




> Alternatively you could detect a 64-bit kernel in 32-bit strongSwan
> builds, and then add four extra bytes to the xfrm_usersa_info struct.


To keep compatibility of the patched binaries at the 32bit kernel too I
have tried
duplicating "xfrm_usersa_info" and  "xfrm_userpolicy_info" struct
definitions with "_64" endings to be able to swap at runtime by
"if" statetements before each instance of this structs . But this change
affects
further struct definitions which includes that duplicated structs as an
element and causes need to duplicate them too.

Now I want to take your opinions about how can I change struct definitions
at runtime in the stongswan build.

Best regards,
Tugrul.






On Sun, Oct 26, 2014 at 1:11 PM, Tugrul Erdogan <h.tugrul.erdogan at gmail.com>
wrote:

> Thanks for your reply.
>
> I have applied the changes to the strangswan package. I will
> check compilation time of libhydra and highten the log level.
>
> On Sun, Oct 26, 2014 at 11:54 AM, Thomas Egerer <hakke_007 at gmx.de> wrote:
>
>> Hi,
>>
>> just a couple of thoughts:
>> On 10/25/2014 04:41 PM, Tugrul Erdogan wrote:
>> >
>> > Hi,
>> >
>> > I have patched the xframe.h and I am taking the errors below:
>> In what place did you patch xfrm.h, strongswan
>> or linux-kernel?
>>
>> >
>> > Oct 25 14:38:33 01[IKE] <vpntest_localne-host34_uzaknetwork|1>
>> activating new tasks
>> > Oct 25 14:38:33 01[IKE] <vpntest_localne-host34_uzaknetwork|1>
>>  activating QUICK_MODE task
>> > Oct 25 14:38:33 01[CFG] <vpntest_localne-host34_uzaknetwork|1>
>> configured proposals: ESP:3DES_CBC/HMAC_MD5_96/MODP_1024/NO_EXT_SEQ,
>> >
>> ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
>> > Oct 25 14:38:33 01[KNL] <vpntest_localne-host34_uzaknetwork|1> getting
>> SPI for reqid {1}
>> > Oct 25 14:38:33 01[KNL] <vpntest_localne-host34_uzaknetwork|1>
>> allocating SPI failed: Invalid argument (22)
>> > Oct 25 14:38:33 01[KNL] <vpntest_localne-host34_uzaknetwork|1> unable
>> to get SPI for reqid {1}
>> > Oct 25 14:38:33 01[IKE] <vpntest_localne-host34_uzaknetwork|1>
>> allocating SPI from kernel failed
>> > Oct 25 14:38:33 01[MGR] <vpntest_localne-host34_uzaknetwork|1> checkin
>> and destroy IKE_SA vpntest_localne-host34_uzaknetwork[1]
>> > Oct 25 14:38:33 01[IKE] <vpntest_localne-host34_uzaknetwork|1> IKE_SA
>> vpntest_localne-host34_uzaknetwork[1] state change: ESTABLISHED =>
>> DESTROYING
>> > Oct 25 14:38:33 01[MGR] check-in and destroy of IKE_SA successful
>> >
>> > and the patch which I had done below:
>> >
>> > --- ~/src/include/linux/xfrm.h 2014-10-25 16:27:11.000000000 +0300
>> > +++ ~/src/include/linux/xfrm.h.mod     2014-10-25 16:26:56.000000000
>> +0300
>> > @@ -355,6 +355,7 @@
>> >         __u8                            mode;           /*
>> XFRM_MODE_xxx */
>> >         __u8                            replay_window;
>> >         __u8                            flags;
>> > +        __u32                           dummy_alligner;
>> >  #define XFRM_STATE_NOECN       1
>> >  #define XFRM_STATE_DECAP_DSCP  2
>> >  #define XFRM_STATE_NOPMTUDISC  4
>> >
>> > what should be missing?
>> You surely did recompile libhydra and restart charon?
>> Also: try 'stroke loglevel knl 4' to see what's being sent
>> via netlink to the kernel.
>>
>> Cheers,
>> Thomas
>> _______________________________________________
>> Dev mailing list
>> Dev at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/dev
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20141031/9130e4fe/attachment.html>

More information about the Dev mailing list