[strongSwan] Porting to uclinux no mmu-version

ChihWei chihweifc at gmail.com
Mon Mar 28 12:41:43 CEST 2011 

Hello,

I think I done the porting to no-mmu uclinux.

Following is what I have done....
1. fake the dlxxxx like function to make the compile pass.
2. Add libhydra.la and libcharon.la path to Makefile in each directory 
for linking.
3. To change the dynamic link library to static, my method is simple.
I add a switch case in load_plugin function. Each time the module try to 
dynamic open a library, I make it call to the plugin entry function.
For example, if aes module will be loaded, the function 
aes_plugin_create() should be called directly.
4. Other simple modification is for compiling.

Now, strongswan can run on my nios2 platform and make a tunnel to a 
SecGW (strongswan on linux-PC).
Both certificate authentication and PSK are tested.
If anyone interested in this porting or have better method or idea, 
please let me know. We can discuss more detail.

Regards,
Jerome



於 2011/3/17 下午 10:34, David McCullough 提到:
> Jivin ChihWei lays it down ...
>> Hi David,
>>
>> Yes, I know uclinux-nommu has IPSec solution Openswan,
>> However, Openswan is IKEv1 solution not IKEv2.
> Openswan has IKEv2 support,  has for some time.  I don't think it's as
> mature as the Strongswan support,  but I am no IKEv2 expert.
>
>> In fact, I don't know what's the difference between those two
>> version........
>> I also find someone said Openswan support some IKEv2 features.
>> But, I cannot find more info. describing this.
>> Could you give me some idea about the difference between IKEv1 and
>> IKEv2, and what is the level Openswan support IKEv2?
> To be honest I am not sure on this myself.  Probably best to ask
> on the openswan list to see whats lacking in it's implemntation.
>
> Cheers,
> Davidm
>
>> ? 2011/3/17 ?? 09:41, David McCullough ??:
>>> Jivin ChihWei lays it down ...
>>>> Hi,
>>>>       Summary the issues I solved until today.
>>>>        1. dlopen liked function.
>>>>              I fake those function, and add some print to capture what
>>>> plugin the default charon will load.
>>>>              Then, I modify the load_plugin function. Let it directly open
>>>> the xxx_create_plugin functions by comparing the plugin name. Now, the
>>>> plugins can loaded.
>>>>       2. The EL: not found error while running a binary
>>>>              This is the issue about file system format. NIOS2 platform
>>>> support flt file format. So while compiling strongswan,  I added the
>>>> --elf2flt flag.
>>>>
>>>>       Could anyone have the idea that to make IPSEC IKEV2 work success
>>>> what modules are needed?
>>>>       I trace the source code. I found out the ipsec script in sbin/ wake
>>>> up the binary starter (ipsec start).
>>>>       Then the starter will wake up the charom daemon.
>>>>       Later, ipsec script wake up binary stroke ( ipsec up XXXX)
>>>>       I guess stroke will control the charon, I haven't traced that.
>>> Just in case you hadn't considered it,  Openswan has been deployed on nommu
>>> systems for years,  the uClinux-dist contains a version that has almost all
>>> the work done.  Might save you some time unless you really need strongswan :-)
>>>
>>> Cheers,
>>> Davidm
>>>
>>>> ? 2011/3/10 ?? 07:16, ChihWei ??:
>>>>>    Hello Martin,
>>>>> Thanks for your quick reply.
>>>>> I have done the compilnatoin with NIOS2 cross compiler on
>>>>> uclinux-no-mmu by switching the sequence of including library in
>>>>> Makefile.
>>>>> However, the strongswan cannot bring up by using the ipsec script.
>>>>> It is the poor ability of uclinux shell.
>>>>>
>>>>> Yes, you are right. This is not that trivial.
>>>>> To make the compile pass, I fake the dlxxxx liked function ex: dlopen,
>>>>> dlsym dlclose....
>>>>> Because the uclinux-no-mmu kernel doesn't support dynamic link library.
>>>>> I add some print message in my fake dlopen funciton.
>>>>> The target is capture what library name will include runtime. And I
>>>>> change those library from dynamic calling to static. ( Actully I never
>>>>> have such that experience........)
>>>>>
>>>>> BTW, I also tried the binary directly. (>./starter) But I got the "EL:
>>>>> not found" error.
>>>>> I even don't know where is this error comes from.............
>>>>>
>>>>> I am not that understand how  uclinux handle multi-threading.
>>>>> The versoin i used supports multi-threading and vfork.
>>>>>
>>>>> Could you give me an idea or reference about the working flow and
>>>>> interactions of strongswan module? It may help me understand the
>>>>> running flow of strongswan.
>>>>>
>>>>> Regards,
>>>>> Jerome
>>>>>
>>>>>
>>>>> ? 2011/3/8 ?? 09:36, Martin Willi ??:
>>>>>> Hi Jerome,
>>>>>>
>>>>>>> I am doing the porting to the uclinux with none mmu.
>>>>>>> Is there anyone have previous experience?
>>>>>> I've never tried it, and probably it is not that trivial.
>>>>>>
>>>>>>> However, it got some "undefined reference to xxxx" compile errors.
>>>>>> Currently our build system does not support a completely static build.
>>>>>> While plugins can be built-in using the --enable-monolithic option,
>>>>>> linking our libraries statically does not work. It probably is possible,
>>>>>> but would require some work.
>>>>>>
>>>>>> How does uClinux handle multi-threaded applications? We have at least
>>>>>> for charon rather tough requirements to the threading subsystem (should
>>>>>> be mostly POSIX compliant).
>>>>>>
>>>>>> Regards
>>>>>> Martin
>>>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.strongswan.org
>>>> https://lists.strongswan.org/mailman/listinfo/users
>>>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>>

More information about the Users mailing list