Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 284810 - net-firewall/ipsec-tools can't detect policy priority support on sys-kernel/gentoo-sources-2.6.31
Summary: net-firewall/ipsec-tools can't detect policy priority support on sys-kernel/g...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Unspecified (show other bugs)
Hardware: All Linux
: High normal
Assignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-09-13 19:39 UTC by Petr Pisar
Modified: 2010-01-10 01:12 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Petr Pisar 2009-09-13 19:39:29 UTC 
After rebuilding net-firewall/ipsec-tools-0.7.2 on Linux-2.6.31, I found setkey refuses to load policy with priorities:

# /etc/init.d/racoon start
racoon            |* Loading ipsec policies from /etc/ipsec.conf.
racoon            |line 7: Policy priority not compiled in at [ out prio def + 100 ipsec
racoon            |   esp/transport//require
racoon            |   ah/transport//require]
racoon            |parse failed, line 7.
racoon            |* Error while loading ipsec policies
racoon            |* Starting racoon...                                                                       [ ok ]            |

I tried latest net-firewall/ipsec-tools-0.7.3 with the same result. The prioritized policies worked very well before ipsec-tools rebuild.

The configure.log shows:

configure:13100: checking for struct sadb_x_policy.sadb_x_policy_priority
configure:13129: i686-pc-linux-gnu-gcc -c -march=athlon-tbird -O2 -pipe -fomit-frame-pointer -I/usr/src/linux/include  conftest.c >&5
In file included from /usr/include/asm/types.h:4,
                 from /usr/src/linux/include/linux/types.h:4,
                 from /usr/src/linux/include/linux/pfkeyv2.h:9,
                 from conftest.c:24:
/usr/src/linux/include/asm-generic/int-ll64.h:11:29: error: asm/bitsperlong.h: No such file or directory
configure:13136: $? = 1
configure: failed program was:
| /* confdefs.h.  */
| #define PACKAGE_NAME "ipsec-tools"
| #define PACKAGE_TARNAME "ipsec-tools"
| #define PACKAGE_VERSION "0.7.3"
| #define PACKAGE_STRING "ipsec-tools 0.7.3"
| #define PACKAGE_BUGREPORT ""
| #define PACKAGE "ipsec-tools"
| #define VERSION "0.7.3"
| #define STDC_HEADERS 1
| #define HAVE_SYS_TYPES_H 1
| #define HAVE_SYS_STAT_H 1
| #define HAVE_STDLIB_H 1
| #define HAVE_STRING_H 1
| #define HAVE_MEMORY_H 1
| #define HAVE_STRINGS_H 1
| #define HAVE_INTTYPES_H 1
| #define HAVE_STDINT_H 1
| #define HAVE_UNISTD_H 1
| #define HAVE_DLFCN_H 1
| #define LT_OBJDIR ".libs/"
| #define YYTEXT_POINTER 1
| #define PATH_IPSEC_H <netinet/ipsec.h>
| /* end confdefs.h.  */
| #include "/usr/src/linux/include/linux/pfkeyv2.h"
|
| int
| main ()
| {
| static struct sadb_x_policy ac_aggr;
| if (ac_aggr.sadb_x_policy_priority)
| return 0;
|   ;
|   return 0;
| }

This lead to ipsec-tools build system thinking the IPsec policy priorities are not supported by kernel which is obviously wrong, because Linux supports them for long time.

And really if I try to compile such code by hand, it fails with the same error. There are two ways how to make the code compilable:

* Omit the -I/usr/src/linux/include option
* Revert /usr/src/linux symlink from linux-2.6.31-gentoo to linux-2.6.30-gentoo-r6.
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2010-01-10 01:12:44 UTC 
fixed in 0.7.3-r1 as part of linux-info cleanup.