Issue #206
Building Strongswan 5.0.0 for kernel 2.6.31 (ppc) fails
| Status: | Closed | Start date: | 24.07.2012 |
|---|---|---|---|
| Priority: | Normal | ||
| Assignee: | Martin Willi | ||
| Category: | libhydra | ||
| Affected version: | 5.0.0 | Resolution: |
Description
The following occured during build of strongswan 5.0.0 for an embedded PPC Platform with Kernel 2.6.31 (cross-compiling).
I ran configure with this line (The Kernel Headers were correctly created, and the necessary kernel options are set): ./configure --prefix=/ -exec-prefix=/ --host=ppc-linux \
--with-linux-headers=${PROJECT_DIR}/output/2.6.31/usr/include \
CC=ppc-v42-gcc CPPFLAGS=-I${ROOTFS_ROOT_DIR}/include LDFLAGS=-L${ROOTFS_ROOT_DIR}/lib &> /dev/null
building libhydra/plugins/kernel_netlink fails with these errors:
Making all in plugins/kernel_netlink
make[4]: Entering directory `/home/user/projects/output/strongswan-5.0.0/src/libhydra/plugins/kernel_netlink'
/bin/sh ../../../../libtool --tag=CC --mode=compile ppc-v42-gcc -DPACKAGE_NAME=\"strongSwan\" -DPACKAGE_TARNAME=\"strongswan\" -DPACKAGE_VERSION=\"5.0.0\" -DPACKAGE_STRING=\"strongSwan\ 5.0.0\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"strongswan\" -DVERSION=\"5.0.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DWORDS_BIGENDIAN=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -DHAVE__BOOL=1 -DHAVE_STDBOOL_H=1 -DHAVE_ALLOCA_H=1 -DHAVE_ALLOCA=1 -DHAVE_DECL_STRERROR_R=1 -DHAVE_STRERROR_R=1 -DHAVE_BACKTRACE=1 -DHAVE_CLOCK_GETTIME=1 -DHAVE_DLADDR=1 -DHAVE_PTHREAD_CONDATTR_SETCLOCK=1 -DHAVE_CONDATTR_CLOCK_MONOTONIC=1 -DHAVE_PTHREAD_CONDATTR_INIT=1 -DHAVE_PTHREAD_CANCEL=1 -DHAVE_PTHREAD_RWLOCK_INIT=1 -DHAVE_GETTID=1 -DHAVE_SYS_GETTID=1 -DHAVE_PRCTL=1 -DHAVE_MALLINFO=1 -DHAVE_GETPASS=1 -DHAVE_GLOB_H=1 -DHAVE_LINUX_UDP_H=1 -DHAVE_STRUCT_SADB_X_POLICY_SADB_X_POLICY_PRIORITY=1 -DHAVE_IN6ADDR_ANY=1 -DHAVE_IN6_PKTINFO=1 -DHAVE_IPSEC_MODE_BEET=1 -DHAVE_IPSEC_DIR_FWD=1 -DHAVE_RTA_TABLE=1 -DHAVE_PRINTF_SPECIFIER=1 -DHAVE_LIBGMP=1 -DHAVE_MPZ_POWM_SEC=1 -DUSE_IKEV1=1 -DUSE_IKEV2=1 -I. -I/home/user/projects/output/2.6.31/usr/include -I../../../../src/libstrongswan -I../../../../src/libhydra -I/home/user/projects/rootfs/include -rdynamic -DROUTING_TABLE=220 -DROUTING_TABLE_PRIO=220 -g -O2 -Wall -Wno-format -Wno-pointer-sign -MT kernel_netlink_plugin.lo -MD -MP -MF .deps/kernel_netlink_plugin.Tpo -c -o kernel_netlink_plugin.lo kernel_netlink_plugin.c
libtool: compile: ppc-v42-gcc -DPACKAGE_NAME=\"strongSwan\" -DPACKAGE_TARNAME=\"strongswan\" -DPACKAGE_VERSION=\"5.0.0\" "-DPACKAGE_STRING=\"strongSwan 5.0.0\"" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"strongswan\" -DVERSION=\"5.0.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DWORDS_BIGENDIAN=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -DHAVE__BOOL=1 -DHAVE_STDBOOL_H=1 -DHAVE_ALLOCA_H=1 -DHAVE_ALLOCA=1 -DHAVE_DECL_STRERROR_R=1 -DHAVE_STRERROR_R=1 -DHAVE_BACKTRACE=1 -DHAVE_CLOCK_GETTIME=1 -DHAVE_DLADDR=1 -DHAVE_PTHREAD_CONDATTR_SETCLOCK=1 -DHAVE_CONDATTR_CLOCK_MONOTONIC=1 -DHAVE_PTHREAD_CONDATTR_INIT=1 -DHAVE_PTHREAD_CANCEL=1 -DHAVE_PTHREAD_RWLOCK_INIT=1 -DHAVE_GETTID=1 -DHAVE_SYS_GETTID=1 -DHAVE_PRCTL=1 -DHAVE_MALLINFO=1 -DHAVE_GETPASS=1 -DHAVE_GLOB_H=1 -DHAVE_LINUX_UDP_H=1 -DHAVE_STRUCT_SADB_X_POLICY_SADB_X_POLICY_PRIORITY=1 -DHAVE_IN6ADDR_ANY=1 -DHAVE_IN6_PKTINFO=1 -DHAVE_IPSEC_MODE_BEET=1 -DHAVE_IPSEC_DIR_FWD=1 -DHAVE_RTA_TABLE=1 -DHAVE_PRINTF_SPECIFIER=1 -DHAVE_LIBGMP=1 -DHAVE_MPZ_POWM_SEC=1 -DUSE_IKEV1=1 -DUSE_IKEV2=1 -I. -I/home/user/projects/output/2.6.31/usr/include -I../../../../src/libstrongswan -I../../../../src/libhydra -I/home/user/projects/rootfs/include -rdynamic -DROUTING_TABLE=220 -DROUTING_TABLE_PRIO=220 -g -O2 -Wall -Wno-format -Wno-pointer-sign -MT kernel_netlink_plugin.lo -MD -MP -MF .deps/kernel_netlink_plugin.Tpo -c kernel_netlink_plugin.c -fPIC -DPIC -o .libs/kernel_netlink_plugin.o
mv -f .deps/kernel_netlink_plugin.Tpo .deps/kernel_netlink_plugin.Plo
/bin/sh ../../../../libtool --tag=CC --mode=compile ppc-v42-gcc -DPACKAGE_NAME=\"strongSwan\" -DPACKAGE_TARNAME=\"strongswan\" -DPACKAGE_VERSION=\"5.0.0\" -DPACKAGE_STRING=\"strongSwan\ 5.0.0\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"strongswan\" -DVERSION=\"5.0.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DWORDS_BIGENDIAN=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -DHAVE__BOOL=1 -DHAVE_STDBOOL_H=1 -DHAVE_ALLOCA_H=1 -DHAVE_ALLOCA=1 -DHAVE_DECL_STRERROR_R=1 -DHAVE_STRERROR_R=1 -DHAVE_BACKTRACE=1 -DHAVE_CLOCK_GETTIME=1 -DHAVE_DLADDR=1 -DHAVE_PTHREAD_CONDATTR_SETCLOCK=1 -DHAVE_CONDATTR_CLOCK_MONOTONIC=1 -DHAVE_PTHREAD_CONDATTR_INIT=1 -DHAVE_PTHREAD_CANCEL=1 -DHAVE_PTHREAD_RWLOCK_INIT=1 -DHAVE_GETTID=1 -DHAVE_SYS_GETTID=1 -DHAVE_PRCTL=1 -DHAVE_MALLINFO=1 -DHAVE_GETPASS=1 -DHAVE_GLOB_H=1 -DHAVE_LINUX_UDP_H=1 -DHAVE_STRUCT_SADB_X_POLICY_SADB_X_POLICY_PRIORITY=1 -DHAVE_IN6ADDR_ANY=1 -DHAVE_IN6_PKTINFO=1 -DHAVE_IPSEC_MODE_BEET=1 -DHAVE_IPSEC_DIR_FWD=1 -DHAVE_RTA_TABLE=1 -DHAVE_PRINTF_SPECIFIER=1 -DHAVE_LIBGMP=1 -DHAVE_MPZ_POWM_SEC=1 -DUSE_IKEV1=1 -DUSE_IKEV2=1 -I. -I/home/user/projects/output/2.6.31/usr/include -I../../../../src/libstrongswan -I../../../../src/libhydra -I/home/user/projects/rootfs/include -rdynamic -DROUTING_TABLE=220 -DROUTING_TABLE_PRIO=220 -g -O2 -Wall -Wno-format -Wno-pointer-sign -MT kernel_netlink_ipsec.lo -MD -MP -MF .deps/kernel_netlink_ipsec.Tpo -c -o kernel_netlink_ipsec.lo kernel_netlink_ipsec.c
libtool: compile: ppc-v42-gcc -DPACKAGE_NAME=\"strongSwan\" -DPACKAGE_TARNAME=\"strongswan\" -DPACKAGE_VERSION=\"5.0.0\" "-DPACKAGE_STRING=\"strongSwan 5.0.0\"" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"strongswan\" -DVERSION=\"5.0.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DWORDS_BIGENDIAN=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -DHAVE__BOOL=1 -DHAVE_STDBOOL_H=1 -DHAVE_ALLOCA_H=1 -DHAVE_ALLOCA=1 -DHAVE_DECL_STRERROR_R=1 -DHAVE_STRERROR_R=1 -DHAVE_BACKTRACE=1 -DHAVE_CLOCK_GETTIME=1 -DHAVE_DLADDR=1 -DHAVE_PTHREAD_CONDATTR_SETCLOCK=1 -DHAVE_CONDATTR_CLOCK_MONOTONIC=1 -DHAVE_PTHREAD_CONDATTR_INIT=1 -DHAVE_PTHREAD_CANCEL=1 -DHAVE_PTHREAD_RWLOCK_INIT=1 -DHAVE_GETTID=1 -DHAVE_SYS_GETTID=1 -DHAVE_PRCTL=1 -DHAVE_MALLINFO=1 -DHAVE_GETPASS=1 -DHAVE_GLOB_H=1 -DHAVE_LINUX_UDP_H=1 -DHAVE_STRUCT_SADB_X_POLICY_SADB_X_POLICY_PRIORITY=1 -DHAVE_IN6ADDR_ANY=1 -DHAVE_IN6_PKTINFO=1 -DHAVE_IPSEC_MODE_BEET=1 -DHAVE_IPSEC_DIR_FWD=1 -DHAVE_RTA_TABLE=1 -DHAVE_PRINTF_SPECIFIER=1 -DHAVE_LIBGMP=1 -DHAVE_MPZ_POWM_SEC=1 -DUSE_IKEV1=1 -DUSE_IKEV2=1 -I. -I/home/user/projects/output/2.6.31/usr/include -I../../../../src/libstrongswan -I../../../../src/libhydra -I/home/user/projects/rootfs/include -rdynamic -DROUTING_TABLE=220 -DROUTING_TABLE_PRIO=220 -g -O2 -Wall -Wno-format -Wno-pointer-sign -MT kernel_netlink_ipsec.lo -MD -MP -MF .deps/kernel_netlink_ipsec.Tpo -c kernel_netlink_ipsec.c -fPIC -DPIC -o .libs/kernel_netlink_ipsec.o
kernel_netlink_ipsec.c:138: error: ‘XFRMA_REPLAY_ESN_VAL’ undeclared here (not in a function)
kernel_netlink_ipsec.c: In function ‘add_sa’:
kernel_netlink_ipsec.c:1304: error: ‘XFRMA_ALG_AUTH_TRUNC’ undeclared (first use in this function)
kernel_netlink_ipsec.c:1304: error: (Each undeclared identifier is reported only once
kernel_netlink_ipsec.c:1304: error: for each function it appears in.)
kernel_netlink_ipsec.c:1305: error: invalid application of ‘sizeof’ to incomplete type ‘struct xfrm_algo_auth’
kernel_netlink_ipsec.c:1315: error: dereferencing pointer to incomplete type
kernel_netlink_ipsec.c:1316: error: dereferencing pointer to incomplete type
kernel_netlink_ipsec.c:1317: error: dereferencing pointer to incomplete type
kernel_netlink_ipsec.c:1318: error: dereferencing pointer to incomplete type
kernel_netlink_ipsec.c:1403: error: ‘XFRMA_MARK’ undeclared (first use in this function)
kernel_netlink_ipsec.c:1404: error: invalid application of ‘sizeof’ to incomplete type ‘struct xfrm_mark’
kernel_netlink_ipsec.c:1413: error: dereferencing pointer to incomplete type
kernel_netlink_ipsec.c:1414: error: dereferencing pointer to incomplete type
kernel_netlink_ipsec.c:1422: error: ‘XFRMA_TFCPAD’ undeclared (first use in this function)
kernel_netlink_ipsec.c:1445: error: invalid application of ‘sizeof’ to incomplete type ‘struct xfrm_replay_state_esn’
kernel_netlink_ipsec.c:1456: error: dereferencing pointer to incomplete type
kernel_netlink_ipsec.c:1457: error: dereferencing pointer to incomplete type
kernel_netlink_ipsec.c:1465: error: ‘XFRM_STATE_ESN’ undeclared (first use in this function)
kernel_netlink_ipsec.c: At top level:
kernel_netlink_ipsec.c:1503: warning: ‘struct xfrm_replay_state_esn’ declared inside parameter list
kernel_netlink_ipsec.c:1503: warning: its scope is only this definition or declaration, which is probably not what you want
kernel_netlink_ipsec.c: In function ‘get_replay_state’:
kernel_netlink_ipsec.c:1574: error: dereferencing pointer to incomplete type
kernel_netlink_ipsec.c: In function ‘query_sa’:
kernel_netlink_ipsec.c:1618: error: ‘XFRMA_MARK’ undeclared (first use in this function)
kernel_netlink_ipsec.c:1619: error: invalid application of ‘sizeof’ to incomplete type ‘struct xfrm_mark’
kernel_netlink_ipsec.c:1627: error: dereferencing pointer to incomplete type
kernel_netlink_ipsec.c:1628: error: dereferencing pointer to incomplete type
kernel_netlink_ipsec.c: In function ‘del_sa’:
kernel_netlink_ipsec.c:1721: error: ‘XFRMA_MARK’ undeclared (first use in this function)
kernel_netlink_ipsec.c:1722: error: invalid application of ‘sizeof’ to incomplete type ‘struct xfrm_mark’
kernel_netlink_ipsec.c:1730: error: dereferencing pointer to incomplete type
kernel_netlink_ipsec.c:1731: error: dereferencing pointer to incomplete type
kernel_netlink_ipsec.c: In function ‘update_sa’:
kernel_netlink_ipsec.c:1832: warning: passing argument 5 of ‘get_replay_state’ from incompatible pointer type
kernel_netlink_ipsec.c:1907: error: invalid application of ‘sizeof’ to incomplete type ‘struct xfrm_replay_state_esn’
kernel_netlink_ipsec.c:1916: error: invalid application of ‘sizeof’ to incomplete type ‘struct xfrm_replay_state_esn’
kernel_netlink_ipsec.c: In function ‘add_policy_internal’:
kernel_netlink_ipsec.c:2089: error: ‘XFRMA_MARK’ undeclared (first use in this function)
kernel_netlink_ipsec.c:2090: error: invalid application of ‘sizeof’ to incomplete type ‘struct xfrm_mark’
kernel_netlink_ipsec.c:2100: error: dereferencing pointer to incomplete type
kernel_netlink_ipsec.c:2101: error: dereferencing pointer to incomplete type
kernel_netlink_ipsec.c:2115: warning: dereferencing type-punned pointer will break strict-aliasing rules
kernel_netlink_ipsec.c: In function ‘add_policy’:
kernel_netlink_ipsec.c:2251: warning: dereferencing type-punned pointer will break strict-aliasing rules
kernel_netlink_ipsec.c: In function ‘query_policy’:
kernel_netlink_ipsec.c:2321: error: ‘XFRMA_MARK’ undeclared (first use in this function)
kernel_netlink_ipsec.c:2322: error: invalid application of ‘sizeof’ to incomplete type ‘struct xfrm_mark’
kernel_netlink_ipsec.c:2331: error: dereferencing pointer to incomplete type
kernel_netlink_ipsec.c:2332: error: dereferencing pointer to incomplete type
kernel_netlink_ipsec.c: In function ‘del_policy’:
kernel_netlink_ipsec.c:2434: warning: dereferencing type-punned pointer will break strict-aliasing rules
kernel_netlink_ipsec.c:2449: warning: dereferencing type-punned pointer will break strict-aliasing rules
kernel_netlink_ipsec.c:2467: warning: dereferencing type-punned pointer will break strict-aliasing rules
kernel_netlink_ipsec.c:2493: error: ‘XFRMA_MARK’ undeclared (first use in this function)
kernel_netlink_ipsec.c:2494: error: invalid application of ‘sizeof’ to incomplete type ‘struct xfrm_mark’
kernel_netlink_ipsec.c:2503: error: dereferencing pointer to incomplete type
kernel_netlink_ipsec.c:2504: error: dereferencing pointer to incomplete type
make[4]: *** [kernel_netlink_ipsec.lo] Error 1
The cause of the error is obvious: XFRMA_REPLAY_ESN_VAL, XFRMA_ALG_AUTH_TRUNC, XFRMA_MARK, XFRMA_TFCPAD, struct xfrm_replay_state_esn, struct xfrm_mark don't exist before linux-2.6.39.
I did try to build strongswan with --enable-kernel-pfkey and --disable-kernel-netlink and that worked fine, but I still want to report this because I couldn't find any reference to this in the wiki.
Anyway, I would appreciate either a fix of the sourcecode to support netlink for kernels older than 2.6.39 or some kind of documentation, which plugin to use in different scenarios (pfkey is still marked as experimental, so I'm not really happy with this).
Thanks in advance.
History
#1 Updated by Martin Willi 10 months ago
--with-linux-headers=${PROJECT_DIR}/output/2.6.31/usr/include \
kernel_netlink_ipsec.c:138: error: ‘XFRMA_REPLAY_ESN_VAL’ undeclared here (not in a function)
On many distributions, especially the xfrm.h header is (or was) in terrible, outdated state. Building our XFRM interface against such a header is not possible. Hence, we ship our own up-to-date version of this and some other headers to have a convenient solution for most people. This has worked just fine for years, as there are no problematic ABI/API changes in these interfaces.
Our shipped headers are used by default. If you sepcify --with-linux-headers, these are not used anymore, but your own headers will be used. These must be up-to-date with all features we use. I don't think #ifdefing these features for the header makes much sense. Usually these headers are outdated, but a recent kernel runs on the system. This disables many features that the kernel actually has.
If you build against an older kernel, I'd recommend to not specify --with-linux-headers. That works just fine. Switching to another kernel interface is not recommended in Linux, it works with > 2.6.16 kernels if built against a recent header.
#2 Updated by Christian Liebscher 10 months ago
As you suggested I did build strongswan without --with-linux-header and it works fine. But I still would recommend to mention this somewhere in the wiki. Maybe right there: Autoconf
Thank you again!
#3 Updated by Tobias Brunner 10 months ago
- Status changed from New to Resolved
- Assignee set to Martin Willi
#4 Updated by Andreas Steffen 16 days ago
- Tracker changed from Bug to Issue
- Status changed from Resolved to Closed