Current portage version is 4.8.00.0490 This newer version compiles with kernel 2.6.23-gentoo-r3 without the need for any patches. I will attach an ebuild I made that compiles and installs correctly on my platform (~x86) in he next post.
Created attachment 138575 [details] An ebuild for the new Cisco VPN client I have used this ebuild to install on my ~x86 platform. Hopefully of some use to anyone making a formal portage entry. This is 100% not my work! Its a straight copy of the previous version with a patch line removed.
It doesn't compile cleanly on an amd64 system. Apparently something changed in this area from the previous release. Supposedly the code supports amd64, so it should be an issue with the ebuild.
Hey, just jumping in with my two cents: I tried compiling the ebuild on my amd64 system w/ 2.6.23-gentoo-r3 sources. As Preston Crow stated the compile borks. The specific error is /var/tmp/portage/net-misc/cisco-vpnclient-3des-4.8.01.0640/work/vpnclient/interceptor.c: In function 'do_cni_send': /var/tmp/portage/net-misc/cisco-vpnclient-3des-4.8.01.0640/work/vpnclient/interceptor.c:778: error: invalid operands to binary - The changes in the files/patch-2.6.22 fix code in the vpnclient that address the skb structure which had previously changed in the kernel. Looking at the line where the error occurs in interceptor.c the skb structure now accounts for the 2.6.22 changes > #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) > hard_header_len = skb->network_header - skb->data; > #else in linux/skb.h skb->data is an unsigned char*, BUT skb->network_header changes since its a sk_buff_data_t for x86 its an unsigned char* -- no compile issue, for amd64 its an unsigned int -- trouble! > #if BITS_PER_LONG > 32 > #define NET_SKBUFF_DATA_USES_OFFSET 1 > #endif > #ifdef NET_SKBUFF_DATA_USES_OFFSET > typedef unsigned int sk_buff_data_t; > #else > typedef unsigned char *sk_buff_data_t; > #endif I made a patch that casts skb->network_header to an unsigned char* on the line that failed (in interceptor.c) and added that into the ebuild. The result was something that compiled and installed but the kernel panicked when i used it. Obviously the wrong solution but its definitely that one line thats holding up the show. If someone else has any ideas on how to fix this properly?
Created attachment 140665 [details] ebuild w/ new patch
Created attachment 140667 [details, diff] skbuff offsets patch (64bit)
Okay. Found the problem. The 2.6.23 (or previous?) kernel changes the way the skb structure is used between 32 and 64-bit machines. For 64-bit machines the intermediate indices for the various network headers are stored as offsets. For 32 bit machines they are stored as pointers. The define NET_SKBUFF_DATA_USES_OFFSET is a good give away. There are a bunch of internal functions in skbuff.h that do what we basically have to do now. Created a patch that fixes the problem for amd64. Compiles and runs. I can connect to a couple of different vpn locations. Looks like everything is running properly for amd64 now. Patch and ebuild attached. (Ebuild is the same but with the new patch.) Patch is named 4.8.01.0640-amd64.patch in the ebuild.
It doesn't work on x86_64 with 2.6.24 kernel. I got the following error: ... * Found kernel source directory: * /usr/src/linux * Found kernel object directory: * /lib/modules/2.6.24-gentoo/build * Found sources for kernel version: * 2.6.24-gentoo >>> Unpacking source... >>> Unpacking vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz to /var/tmp/portage/net-misc/cisco-vpnclient-3des-4.8.01.0640/work >>> Source unpacked. >>> Compiling source in /var/tmp/portage/net-misc/cisco-vpnclient-3des-4.8.01.0640/work/vpnclient ... make -C /usr/src/linux SUBDIRS=/var/tmp/portage/net-misc/cisco-vpnclient-3des-4.8.01.0640/work/vpnclient modules make[1]: entrant dans le répertoire « /usr/src/linux-2.6.24-gentoo » scripts/Makefile.build:46: *** CFLAGS was changed in "/var/tmp/portage/net-misc/cisco-vpnclient-3des-4.8.01.0640/work/vpnclient/Makefile". Fix it to use EXTRA_CFLAGS. Arrêt. make[1]: *** [_module_/var/tmp/portage/net-misc/cisco-vpnclient-3des-4.8.01.0640/work/vpnclient] Erreur 2 make[1]: quittant le répertoire « /usr/src/linux-2.6.24-gentoo » make: *** [default] Erreur 2 .... I tried this new version because the latest version in portage tree still want to patch for 2.5.22 kernel and of course it doesn't work. emerge --info compiler config + arch: ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=nocona -O2 -pipe" CHOST="x86_64-pc-linux-gnu"
Created attachment 141819 [details] Patch to fix kernel 2.6.24 build errors I got this patch from http://projects.tuxx-home.at/ciscovpn/patches/vpnclient-linux-2.6.24-final.diff (thanks to bug #207536). Applying this to the first ebuild above gives a clean compile on under 2.6.24.on ~x86. Regards Ian
Using the second ebuild on 2.6.24/amd64, build fails: /usr/bin/make -C /usr/src/linux SUBDIRS=/var/tmp/paludis/net-misc/cisco-vpnclient-3des-4.8.01.0640/work/vpnclient modules make[1]: Entering directory `/usr/src/linux-2.6.24-gentoo' scripts/Makefile.build:46: *** CFLAGS was changed in "/var/tmp/paludis/net-misc/cisco-vpnclient-3des-4.8.01.0640/work/vpnclient/Makefile". Fix it to use EXTRA_CFLAGS. Stop. make[1]: *** [_module_/var/tmp/paludis/net-misc/cisco-vpnclient-3des-4.8.01.0640/work/vpnclient] Error 2 Reading on the tuxx.home.at forum where the 2.6.24 patch came from, it seems that in the Makefile, line 15: CFLAGS += -mcmodel=kernel -mno-red-zone needs to change to: EXTRA_CFLAGS += -mcmodel=kernel -mno-red-zone for this to build. After I manually changed that, I was able to build and run the vpnclient with no problems.
(In reply to comment #9) > > Reading on the tuxx.home.at forum where the 2.6.24 patch came from, it seems Sorry, that should be forums.tuxx-home.at, not tuxx.home.
A fixed up patch is on bug #207536 for 2.6.24...
I was about to submit my own cisco-vpnclient-3des-4.8.01.0640.ebuild when I found these. What I did was adapting the current cisco-vpnclient-3des/files/2.6.24.patch from my portage tree to the 4.8.01 version; this is very similar, but not identical to vpnclient-linux-2.6.24-final.diff. In fact, after inspecting the differences, I believe that the current portage 2.6.24.patch is slightly better (probably resolves some compilation warnings or similar) - here are the changes from vpnclient-linux-2.6.24-final.diff to my adapted version of the 2.6.24.patch: diff -r 58aa9e2c20f6 -r e8c3faa2970d Makefile --- a/Makefile Mon Apr 28 10:41:28 2008 +0200 +++ b/Makefile Mon Apr 28 10:27:15 2008 +0200 @@ -12,7 +12,7 @@ SOURCE_OBJS := linuxcniapi.o frag.o IPSe SOURCE_OBJS := linuxcniapi.o frag.o IPSecDrvOS_linux.o interceptor.o linuxkernelapi.o ifeq ($(SUBARCH),x86_64) -CFLAGS += -mcmodel=kernel -mno-red-zone +EXTRA_CFLAGS += -mcmodel=kernel -mno-red-zone NO_SOURCE_OBJS := libdriver64.so else NO_SOURCE_OBJS := libdriver.so diff -r 58aa9e2c20f6 -r e8c3faa2970d interceptor.c --- a/interceptor.c Mon Apr 28 10:41:28 2008 +0200 +++ b/interceptor.c Mon Apr 28 10:27:15 2008 +0200 @@ -52,7 +52,13 @@ unsigned long rx_bytes; unsigned long rx_bytes; /*methods of the cipsec network device*/ -static void interceptor_init(struct net_device *); +static +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) +void +#else +int +#endif +interceptor_init(struct net_device *); static struct net_device_stats *interceptor_stats(struct net_device *dev); static int interceptor_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd); @@ -129,9 +135,14 @@ static struct notifier_block interceptor }; #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) -static void +static +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) +void #else -static void __init +int +#endif +#else +static int __init #endif interceptor_init(struct net_device *dev) { @@ -146,6 +157,9 @@ interceptor_init(struct net_device *dev) dev->flags |= IFF_NOARP; dev->flags &= ~(IFF_BROADCAST | IFF_MULTICAST); kernel_memset(dev->broadcast, 0xFF, ETH_ALEN); +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24) + return 0; +#endif } static struct net_device_stats * Thus, I attach a new ebuild-and-patch pair.
Created attachment 151224 [details, diff] 2.6.24.patch from current portage tree ported to cisco's 4.8.01 version Obsoletes vpnclient-linux-2.6.24-final.diff
Created attachment 151225 [details] updated ebuild Like Alistair's ebuild (epatching 4.8.01.0640-amd64.patch), additionally epatching my 4.8.01-2.6.24.patch.
OK, this has been added to the tree now. I apologize for the delay.
