[strongSwan] Building without Kernel support

Noel Kuntze noel at familie-kuntze.de
Sun Feb 15 18:57:07 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Ryan,

That might be a bug and yes, your plugin needs to provide certain features
so plugins that hard depend on it are loaded. I think Tobias or Martin can answer your
questions much better than I can.

Mit freundlichen Grüßen/Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 15.02.2015 um 15:35 schrieb Ryan Ruel:
> One more question…
>
> I’m trying to build strongSwan without Kernel dependencies.  I’d like to use something like the lib-ipsec module (but modified), to receive the child SA’s for use on a crypto processor.
>
> I’m therefore trying to build with minimal dependencies on the Kernel, as strongSwan will be solely used for IKEv2 keying.  I also don’t have IPsec enabled in the Kernel, and don’t intend on doing so.
>
> I’m currently building with:
>
> ./configure —enable-monolithic —disable-kernel-netlink
> make
>
> When I start up ipsec on the machine, I still see logs indicating charon is trying to set up netlink sockets, which I do not want:
>
> Feb 15 14:27:41 a198-18-73-113 charon: 00[KNL] unable to create netlink socket
> Feb 15 14:27:41 a198-18-73-113 charon: 00[NET] installing IKE bypass policy failed
> Feb 15 14:27:41 a198-18-73-113 charon: 00[NET] installing IKE bypass policy failed
>
> Why isn’t the flag to disable kernel netlink not working?
>
> In addition, I see a bunch of unmet dependencies, without any indication as to why:
> Feb 15 14:27:41 a198-18-73-113 charon: 00[LIB] loaded plugins: charon aes kernel-netlink des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp xcbc cmac hmac attr resolve socket-default stroke vici updown xauth-generic
> Feb 15 14:27:41 a198-18-73-113 charon: 00[LIB] unable to load 7 plugin features (7 due to unmet dependencies)
>
> Should my plug-in be required to “provide” a feature set, even if not used?  For example, do I need to provide “kernel-ipsec” to meet these dependencies?
>
> Thanks!
>
> /Ryan
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJU4N3zAAoJEDg5KY9j7GZYUN4QAIUFWYd3/n43Or48mzt9g8Cw
0OSv2AV29PU+7Qb1YzbqFxkOXNbBtKntZDe+Ezjiu10c5ZLFZIXtgq8QHeXeMJ8b
sunFKcZE8jreAIVBH9FiMcZ2QPx8f6xlU0ZMGPmDcaUmXswYBe4sgQfwry/zEmz9
cFYQatFKBaip0ZUmv+c/WGEoinvPcobtVeaSYNNgB2ueWz0Tfo3+gFYJp5nLes5c
copO7u7CdmaPlOPjJc6LkMYIvZukzm7NLkQQBqZU3u+FY2CZtmC4kBT7ZJG17DHB
+GDA69BJhyxcUypZl48zheG3l7XiWzLV7EqGEwybRFWxSiVV1vN3gdEFgAytk66i
hOZonxBmz+L/nYwCYnt/AkBQo0crDTsbctmpfhSBo5bcbLRd2HRPmY/xLBu7iOso
pD1/e8LD8pTsJQ5bB6OwYOl+LZcGhEyvpB9hebXpTFET+2c1tw7afMh/1P22XdAW
7gcqz3LOb0hqcZYVDQGoB1VMIF0g8lumi2wxZJIwQ4iISBCaaRbSSFEEjn/VF02q
efy0YgxhqCfG8Mxo7asikuBSf09KjALCIciKgo4yDSQu5s+bEaXJkA+TLvFMbwko
HHTrzCYJu/eQXOG+naIw7ZZH8AZIHaCUeehjyyrQE09NobNfd/oARfAog+B3nUyw
XQ5bThrXxONaiMNezm0a
=gsiS
-----END PGP SIGNATURE-----




More information about the Users mailing list