Is your new kernel missing reiserfs.o in the /lib/modules/<kernel version>/kernel/fs/reiserfs/ directory? If not then you have probably got a faulty config. If it is there then skip this next section (skip to the ***s)... Fixing your config *** One thing that I found which helped and that might help you too. You've already patched the kernel so future compiles will give you all the Ipsec options that you need. Now you need to get a good config file to use! This is the trick I did (was also backed up by others on this mailing list on this trick)... Boot using a working kernel, like the one that came with the distribution. After booting you'll see a file called /proc/config.gz, copy that somewhere to play with, unzip it and then check the resulting file. It should be a kernel configuration file, similar to /usr/src/linux/.config - the latter is the current kernel configuration as written by make xconfig (run in /usr/src/linux/). You've guessed it! Copy the unzipped file over /usr/src/linux/.config before running make xconfig again. Then you should have a configuration that's identical to your working configuration but with any changes you choose to make. The obvious changes are to switch on Ipsec, the NAT traversal and X509 patches, you can also switch on KLIPS debugging here, which I would recommend - it doesn't run unless you set it to run anyway so it *should* be built into KLIPS by default I think! After this make a kernel as before and you should get full KLIPS with the patches and your reiserfs.o! *** If the build process did make reiserfs.o but you're still getting a kernel panic then the problem is probably in the initrd. I don't have SuSE 8.2 here so you'll have to RTFM for me! If you do man -k initrd you should find the commands that make initrd and install it, etc. Come back to the group if that doesn't help. Carl
From: Elmar Marschke <elmar.marschke@epost.de> To: suse-security@suse.com Subject: [suse-security] How to apply IPSec NAT-Traversal Patch to SuSE8.2-Kernel ? Date: Sat, 27 Sep 2003 18:15:04 +0200
Hi all, i installed a VPN with a SuSE8.2 2.4.20-4GB kernel and a freeswan_1.99_0.9.23-20 as provided by the 8.2 distribution. Everything including x509-Support is tested and working fine.
Now i want to add NAT-Traversal functionality. As written in /u/s/d/p/freeswan/README.SuSE the NAT-Traversal Patches (written by Mathieu Lafon) for the *freeswan-package* are already inserted in the package provided by SuSE. But to get it running one has also to patch the *kernel* with the fswan-nat-t-kernel.diff, they write, and which is provided in the same directory.
I applied the patch to my kernel-sources (Return Code=0) and recompiled the kernel:
- make oldconfig (perhaps wrong?? don't know what this exactly is doing..) -i took a look in make xconfig and noticed that there were no possibilities to do configuration for IPSec, but at that moment i did'nt care
- changed the Makefile's Extraversion Number..
- make dep
- make clean
- make bzImage
- make modules
- make modules_install
I prepared my bootloader and did mkinitrd for that kernel. Booting with that kernel was ok, but ipsec did'nt start anymore: "ipsec_setup:modprobe: can't locate module ipsec. Kernel appears to lack KLIPS." I booted my old kernel again and according to some mails of this list i took a look into .../kernel_modules/zz_freeswan/Makefile and tried: in that directory: there, the only thing i changed was the IPSec-Stuff- and compiled
- make insert Result: make xconfig in /usr/src/linux did'nt work anymore.
- make kmodule Result: make xconfig didn't work yet.
- make klink Result: make xconfig worked again! And it had configuration-options for IPSec!! I configured this -i took all the defaults i found
another kernel exactly as described above (except that i used xconfig instead oldconfig). Every step gave a Return Code of 0. Result when booting this new kernel: "Kernel panic: unresolved symbol reiserfs.o" (which is my boot partition).
Question: can anyone give me a hint about the correct way to apply this patch and get a working kernel? *Which* make -steps / targets do i have to take in .../zz_freeswan/ (e.g. what about oldmod?) and perhaps in /usr/src/linux, and **in which order**? Any help would be greatly appreciated.. thnxalot! Kind regards Elmar
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
_________________________________________________________________ It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger