[strongSwan] Building without Kernel support

[Ryan Ruel]

One more question…

I’m trying to build strongSwan without Kernel dependencies.  I’d like to use something like the lib-ipsec module (but modified), to receive the child SA’s for use on a crypto processor.

I’m therefore trying to build with minimal dependencies on the Kernel, as strongSwan will be solely used for IKEv2 keying.  I also don’t have IPsec enabled in the Kernel, and don’t intend on doing so.

I’m currently building with:

./configure —enable-monolithic —disable-kernel-netlink
make

When I start up ipsec on the machine, I still see logs indicating charon is trying to set up netlink sockets, which I do not want:

Feb 15 14:27:41 a198-18-73-113 charon: 00[KNL] unable to create netlink socket
Feb 15 14:27:41 a198-18-73-113 charon: 00[NET] installing IKE bypass policy failed
Feb 15 14:27:41 a198-18-73-113 charon: 00[NET] installing IKE bypass policy failed

Why isn’t the flag to disable kernel netlink not working?

In addition, I see a bunch of unmet dependencies, without any indication as to why:
Feb 15 14:27:41 a198-18-73-113 charon: 00[LIB] loaded plugins: charon aes kernel-netlink des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp xcbc cmac hmac attr resolve socket-default stroke vici updown xauth-generic
Feb 15 14:27:41 a198-18-73-113 charon: 00[LIB] unable to load 7 plugin features (7 due to unmet dependencies)

Should my plug-in be required to “provide” a feature set, even if not used?  For example, do I need to provide “kernel-ipsec” to meet these dependencies?

Thanks!

/Ryan