[strongSwan] Porting to uclinux no mmu-version

ChihWei chihweifc at gmail.com
Thu Mar 17 15:18:18 CET 2011

Hi David,

Yes, I know uclinux-nommu has IPSec solution Openswan,
However, Openswan is IKEv1 solution not IKEv2.
In fact, I don't know what's the difference between those two 
I also find someone said Openswan support some IKEv2 features.
But, I cannot find more info. describing this.
Could you give me some idea about the difference between IKEv1 and 
IKEv2, and what is the level Openswan support IKEv2?

Thanks a lot!!


於 2011/3/17 下午 09:41, David McCullough 提到:
> Jivin ChihWei lays it down ...
>> Hi,
>>      Summary the issues I solved until today.
>>       1. dlopen liked function.
>>             I fake those function, and add some print to capture what
>> plugin the default charon will load.
>>             Then, I modify the load_plugin function. Let it directly open
>> the xxx_create_plugin functions by comparing the plugin name. Now, the
>> plugins can loaded.
>>      2. The EL: not found error while running a binary
>>             This is the issue about file system format. NIOS2 platform
>> support flt file format. So while compiling strongswan,  I added the
>> --elf2flt flag.
>>      Could anyone have the idea that to make IPSEC IKEV2 work success
>> what modules are needed?
>>      I trace the source code. I found out the ipsec script in sbin/ wake
>> up the binary starter (ipsec start).
>>      Then the starter will wake up the charom daemon.
>>      Later, ipsec script wake up binary stroke ( ipsec up XXXX)
>>      I guess stroke will control the charon, I haven't traced that.
> Just in case you hadn't considered it,  Openswan has been deployed on nommu
> systems for years,  the uClinux-dist contains a version that has almost all
> the work done.  Might save you some time unless you really need strongswan :-)
> Cheers,
> Davidm
>> ? 2011/3/10 ?? 07:16, ChihWei ??:
>>>   Hello Martin,
>>> Thanks for your quick reply.
>>> I have done the compilnatoin with NIOS2 cross compiler on
>>> uclinux-no-mmu by switching the sequence of including library in
>>> Makefile.
>>> However, the strongswan cannot bring up by using the ipsec script.
>>> It is the poor ability of uclinux shell.
>>> Yes, you are right. This is not that trivial.
>>> To make the compile pass, I fake the dlxxxx liked function ex: dlopen,
>>> dlsym dlclose....
>>> Because the uclinux-no-mmu kernel doesn't support dynamic link library.
>>> I add some print message in my fake dlopen funciton.
>>> The target is capture what library name will include runtime. And I
>>> change those library from dynamic calling to static. ( Actully I never
>>> have such that experience........)
>>> BTW, I also tried the binary directly. (>./starter) But I got the "EL:
>>> not found" error.
>>> I even don't know where is this error comes from.............
>>> I am not that understand how  uclinux handle multi-threading.
>>> The versoin i used supports multi-threading and vfork.
>>> Could you give me an idea or reference about the working flow and
>>> interactions of strongswan module? It may help me understand the
>>> running flow of strongswan.
>>> Regards,
>>> Jerome
>>> ? 2011/3/8 ?? 09:36, Martin Willi ??:
>>>> Hi Jerome,
>>>>> I am doing the porting to the uclinux with none mmu.
>>>>> Is there anyone have previous experience?
>>>> I've never tried it, and probably it is not that trivial.
>>>>> However, it got some "undefined reference to xxxx" compile errors.
>>>> Currently our build system does not support a completely static build.
>>>> While plugins can be built-in using the --enable-monolithic option,
>>>> linking our libraries statically does not work. It probably is possible,
>>>> but would require some work.
>>>> How does uClinux handle multi-threaded applications? We have at least
>>>> for charon rather tough requirements to the threading subsystem (should
>>>> be mostly POSIX compliant).
>>>> Regards
>>>> Martin
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users

More information about the Users mailing list