Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
Re: [suse-security] How to apply IPSec NAT-Traversal Patch to SuSE8.2-Kernel ?
  • From: "J J" <c_peto@xxxxxxxxxxx>
  • Date: Tue, 30 Sep 2003 16:42:49 +0000
  • Message-id: <Sea2-F584CxpAOAkK5L00005571@xxxxxxxxxxx>
Is your new kernel missing reiserfs.o in the /lib/modules/<kernel version>/kernel/fs/reiserfs/ directory?

If not then you have probably got a faulty config. If it is there then skip this next section (skip to the ***s)...

Fixing your config
***

One thing that I found which helped and that might help you too.

You've already patched the kernel so future compiles will give you all the Ipsec options that you need. Now you need to get a good config file to use!

This is the trick I did (was also backed up by others on this mailing list on this trick)...

Boot using a working kernel, like the one that came with the distribution. After booting you'll see a file called /proc/config.gz, copy that somewhere to play with, unzip it and then check the resulting file. It should be a kernel configuration file, similar to /usr/src/linux/.config - the latter is the current kernel configuration as written by make xconfig (run in /usr/src/linux/).

You've guessed it! Copy the unzipped file over /usr/src/linux/.config before running make xconfig again. Then you should have a configuration that's identical to your working configuration but with any changes you choose to make. The obvious changes are to switch on Ipsec, the NAT traversal and X509 patches, you can also switch on KLIPS debugging here, which I would recommend - it doesn't run unless you set it to run anyway so it *should* be built into KLIPS by default I think!

After this make a kernel as before and you should get full KLIPS with the patches and your reiserfs.o!

***

If the build process did make reiserfs.o but you're still getting a kernel panic then the problem is probably in the initrd. I don't have SuSE 8.2 here so you'll have to RTFM for me! If you do man -k initrd you should find the commands that make initrd and install it, etc.

Come back to the group if that doesn't help.

Carl

From: Elmar Marschke <elmar.marschke@xxxxxxxx>
To: suse-security@xxxxxxxx
Subject: [suse-security] How to apply IPSec NAT-Traversal Patch to SuSE8.2-Kernel ?
Date: Sat, 27 Sep 2003 18:15:04 +0200

Hi all,
i installed a VPN with a SuSE8.2 2.4.20-4GB kernel and a
freeswan_1.99_0.9.23-20 as provided by the 8.2 distribution.
Everything including x509-Support is tested and working fine.

Now i want to add NAT-Traversal functionality. As written in
/u/s/d/p/freeswan/README.SuSE the NAT-Traversal Patches (written by
Mathieu Lafon) for the *freeswan-package* are already inserted in
the package provided by SuSE.
But to get it running one has also to patch the *kernel* with the
fswan-nat-t-kernel.diff, they write, and which is provided in the
same directory.

I applied the patch to my kernel-sources (Return Code=0) and
recompiled the kernel:

- make oldconfig (perhaps wrong?? don't know what this exactly is
doing..)
-i took a look in make xconfig and noticed that there were no
possibilities to do configuration for IPSec, but at that moment i
did'nt care
- changed the Makefile's Extraversion Number..
- make dep
- make clean
- make bzImage
- make modules
- make modules_install

I prepared my bootloader and did mkinitrd for that kernel. Booting
with that kernel was ok, but ipsec did'nt start anymore:
"ipsec_setup:modprobe: can't locate module ipsec. Kernel appears to
lack KLIPS."
I booted my old kernel again and according to some mails of this
list i took a look into .../kernel_modules/zz_freeswan/Makefile and
tried:
in that directory:
- make insert
Result: make xconfig in /usr/src/linux did'nt work anymore.
- make kmodule
Result: make xconfig didn't work yet.
- make klink
Result: make xconfig worked again! And it had configuration-options
for IPSec!! I configured this -i took all the defaults i found
there, the only thing i changed was the IPSec-Stuff- and compiled
another kernel exactly as described above (except that i used
xconfig instead oldconfig). Every step gave a Return Code of 0.
Result when booting this new kernel:
"Kernel panic: unresolved symbol reiserfs.o" (which is my boot
partition).

Question:
can anyone give me a hint about the correct way to apply this patch
and get a working kernel?
*Which* make -steps / targets do i have to take in .../zz_freeswan/
(e.g. what about oldmod?) and perhaps in /usr/src/linux, and **in
which order**?
Any help would be greatly appreciated.. thnxalot!
Kind regards
Elmar





--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here


_________________________________________________________________
It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger


< Previous Next >
This Thread
  • No further messages