"Fossies" - the Fresh Open Source Software Archive
Member "freeswan-2.06/doc/impl.notes" (8 Jun 2001, 4646 Bytes) of package /linux/misc/old/freeswan-2.06.tar.gz:
As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard
) with prefixed line numbers.
Alternatively you can here view
the uninterpreted source code file.
3 This document is some quick notes to sophisticated implementors, on topics
4 which are a bit too arcane to be mentioned in the install instructions.
5 Beware that it is not updated very often, and may be behind the times.
6 This file is RCSID $Id: impl.notes,v 1.15 2001/06/08 16:22:16 henry Exp $
10 Where are things?
12 If your kernel sources are not located in /usr/src/linux, or local manual
13 pages are not in /usr/local/man/man[1-8], you've got a problem. You may
14 be able to get around it to some extent just by modifying the top-level
15 Makefile, but we don't promise. For a different manpage location, that
16 will probably suffice; for a different kernel location, probably not.
17 We'd welcome reports of what needs to be fixed for this.
23 At the moment, this distribution makes no attempt to support building
24 the software on one machine for use on another. That's hard, especially
25 since the Linux kernel sources are not set up for it at all.
29 One thing at a time
31 (CAUTION: This is somewhat outdated. It's retained because it may be a
32 useful guide for experts. Consult the Makefile for current details.)
34 If you want to do the build and install one step at a time, instead of
35 using the prepackaged make commands like "make menugo", do the following
36 instead. (We do things in a slightly different order here, to avoid
37 unnecessary directory changing.)
39 To fit the kernel part of KLIPS into the kernel sources, do:
41 make insert
43 (This makes a symbolic link /usr/src/linux/net/ipsec, pointing to the
44 KLIPS source directory. It patches some kernel files, where necessary, to
45 know about KLIPS and/or to fix bugs. It adds a default configuration to
46 the kernel configuration file. Finally, it makes the KLIPS communication
47 file, /dev/ipsec, if it's not already there.)
49 Build the libraries, Pluto, and various user-level utilities:
51 make programs
53 Install the Pluto daemon and user-level utilities, and set things up for
54 boot-time startup:
56 make install
58 Configure the kernel:
60 cd /usr/src/linux
61 make menuconfig # (or xconfig, or whatever)
63 See the configuration step of INSTALL for details of what to do within
64 the configuration program. Don't forget to save the results.
66 Go through the usual kernel make process (still in /usr/src/linux):
68 make dep clean zImage
70 Caution: the Linux kernel Makefiles are not always careful about checking
71 for errors. We recommend capturing the output of this step and searching
72 it for any occurrence of "error", "Error", etc. The details of how to do
73 so are unfortunately somewhat shell-dependent, although if you are using
74 the standard shell (rather than csh, tcsh, etc.), this would do:
76 make dep clean zImage 2>&1 | tee junk
77 egrep -i error junk # no output is good output
79 (One glitch here is that the word "error" can sometimes occur legitimately
80 in the make output. For example, the kernel math emulation package has a
81 source file "errors.c". Some judgement is required to ignore such false
82 alarms.) The prepackaged make commands do all this for you.
84 If your kernel is using loadable modules, you'll also need to do:
86 make modules
88 Now you need to install the resulting kernel. If you're not using the
89 kernel's "make install" -- many people aren't -- then you need to do your
90 usual install procedure. You might want to read doc/kernel.notes, which
91 recounts some of our experiences with RedHat 5.2 kernel installation in
94 If "make install" is good enough for you, then:
96 make install
98 (Same comments on error checking as in previous step.) If your kernel is
99 using loadable modules, you'll also need to do:
101 make modules_install
103 Finally, go back to INSTALL for the remaining steps.
107 Klips as a module
109 It is possible to run Klips as a kernel module, meaning that it does not
110 have to be loaded until needed. Formerly this was necessary, in fact,
111 because Klips wouldn't run any other way. Now it will, and we recommend
112 static linking ("y", not "m", to the configuration question) for security.
113 Klips is not terribly large (tens of KB, not hundreds) and should not
114 cause size problems unless your kernel is already pushing the limits.
116 However, Klips does still run as a module, if you want (although beware
117 that we don't test this option very often). "ipsec setup start" and
118 "ipsec setup stop" load and unload it as appropriate, and you should not
119 need to do anything about that yourself.
123 Old Red Hats
125 Our development is currently on a mix of Red Hat 6.2 and 7.1, with 6.2
126 fading fast. Our older Red Hats have been retired, and although FreeS/WAN
127 should still work on them, we no longer make any attempt to ensure that.