[strongSwan] Porting to uclinux no mmu-version

David McCullough david_mccullough at mcafee.com
Thu Mar 17 15:34:36 CET 2011 

Jivin ChihWei lays it down ...
> Hi David,
> 
> Yes, I know uclinux-nommu has IPSec solution Openswan,
> However, Openswan is IKEv1 solution not IKEv2.

Openswan has IKEv2 support,  has for some time.  I don't think it's as
mature as the Strongswan support,  but I am no IKEv2 expert.

> In fact, I don't know what's the difference between those two 
> version........
> I also find someone said Openswan support some IKEv2 features.
> But, I cannot find more info. describing this.
> Could you give me some idea about the difference between IKEv1 and 
> IKEv2, and what is the level Openswan support IKEv2?

To be honest I am not sure on this myself.  Probably best to ask
on the openswan list to see whats lacking in it's implemntation.

Cheers,
Davidm

> ? 2011/3/17 ?? 09:41, David McCullough ??:
> > Jivin ChihWei lays it down ...
> >> Hi,
> >>      Summary the issues I solved until today.
> >>       1. dlopen liked function.
> >>             I fake those function, and add some print to capture what
> >> plugin the default charon will load.
> >>             Then, I modify the load_plugin function. Let it directly open
> >> the xxx_create_plugin functions by comparing the plugin name. Now, the
> >> plugins can loaded.
> >>      2. The EL: not found error while running a binary
> >>             This is the issue about file system format. NIOS2 platform
> >> support flt file format. So while compiling strongswan,  I added the
> >> --elf2flt flag.
> >>
> >>      Could anyone have the idea that to make IPSEC IKEV2 work success
> >> what modules are needed?
> >>      I trace the source code. I found out the ipsec script in sbin/ wake
> >> up the binary starter (ipsec start).
> >>      Then the starter will wake up the charom daemon.
> >>      Later, ipsec script wake up binary stroke ( ipsec up XXXX)
> >>      I guess stroke will control the charon, I haven't traced that.
> > Just in case you hadn't considered it,  Openswan has been deployed on nommu
> > systems for years,  the uClinux-dist contains a version that has almost all
> > the work done.  Might save you some time unless you really need strongswan :-)
> >
> > Cheers,
> > Davidm
> >
> >> ? 2011/3/10 ?? 07:16, ChihWei ??:
> >>>   Hello Martin,
> >>> Thanks for your quick reply.
> >>> I have done the compilnatoin with NIOS2 cross compiler on
> >>> uclinux-no-mmu by switching the sequence of including library in
> >>> Makefile.
> >>> However, the strongswan cannot bring up by using the ipsec script.
> >>> It is the poor ability of uclinux shell.
> >>>
> >>> Yes, you are right. This is not that trivial.
> >>> To make the compile pass, I fake the dlxxxx liked function ex: dlopen,
> >>> dlsym dlclose....
> >>> Because the uclinux-no-mmu kernel doesn't support dynamic link library.
> >>> I add some print message in my fake dlopen funciton.
> >>> The target is capture what library name will include runtime. And I
> >>> change those library from dynamic calling to static. ( Actully I never
> >>> have such that experience........)
> >>>
> >>> BTW, I also tried the binary directly. (>./starter) But I got the "EL:
> >>> not found" error.
> >>> I even don't know where is this error comes from.............
> >>>
> >>> I am not that understand how  uclinux handle multi-threading.
> >>> The versoin i used supports multi-threading and vfork.
> >>>
> >>> Could you give me an idea or reference about the working flow and
> >>> interactions of strongswan module? It may help me understand the
> >>> running flow of strongswan.
> >>>
> >>> Regards,
> >>> Jerome
> >>>
> >>>
> >>> ? 2011/3/8 ?? 09:36, Martin Willi ??:
> >>>> Hi Jerome,
> >>>>
> >>>>> I am doing the porting to the uclinux with none mmu.
> >>>>> Is there anyone have previous experience?
> >>>> I've never tried it, and probably it is not that trivial.
> >>>>
> >>>>> However, it got some "undefined reference to xxxx" compile errors.
> >>>> Currently our build system does not support a completely static build.
> >>>> While plugins can be built-in using the --enable-monolithic option,
> >>>> linking our libraries statically does not work. It probably is possible,
> >>>> but would require some work.
> >>>>
> >>>> How does uClinux handle multi-threaded applications? We have at least
> >>>> for charon rather tough requirements to the threading subsystem (should
> >>>> be mostly POSIX compliant).
> >>>>
> >>>> Regards
> >>>> Martin
> >>>>
> >>
> >> _______________________________________________
> >> Users mailing list
> >> Users at lists.strongswan.org
> >> https://lists.strongswan.org/mailman/listinfo/users
> >>
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
> 

-- 
David McCullough,      david_mccullough at mcafee.com,  Ph:+61 734352815
McAfee - SnapGear      http://www.mcafee.com         http://www.uCdot.org

More information about the Users mailing list