3 This document is some quick notes to sophisticated implementors, on topics
4 which are a bit too arcane to be mentioned in the install instructions.
5 Beware that it is not updated very often, and may be behind the times.
6 This file is RCSID $Id: impl.notes,v 1.15 2001/06/08 16:22:16 henry Exp $
12 If your kernel sources are not located in /usr/src/linux, or local manual
13 pages are not in /usr/local/man/man[1-8], you've got a problem. You may
14 be able to get around it to some extent just by modifying the top-level
15 Makefile, but we don't promise. For a different manpage location, that
16 will probably suffice; for a different kernel location, probably not.
17 We'd welcome reports of what needs to be fixed for this.
23 At the moment, this distribution makes no attempt to support building
24 the software on one machine for use on another. That's hard, especially
25 since the Linux kernel sources are not set up for it at all.
31 (CAUTION: This is somewhat outdated. It's retained because it may be a
32 useful guide for experts. Consult the Makefile for current details.)
34 If you want to do the build and install one step at a time, instead of
35 using the prepackaged make commands like "make menugo", do the following
36 instead. (We do things in a slightly different order here, to avoid
37 unnecessary directory changing.)
39 To fit the kernel part of KLIPS into the kernel sources, do:
43 (This makes a symbolic link /usr/src/linux/net/ipsec, pointing to the
44 KLIPS source directory. It patches some kernel files, where necessary, to
45 know about KLIPS and/or to fix bugs. It adds a default configuration to
46 the kernel configuration file. Finally, it makes the KLIPS communication
47 file, /dev/ipsec, if it's not already there.)
49 Build the libraries, Pluto, and various user-level utilities:
53 Install the Pluto daemon and user-level utilities, and set things up for
61 make menuconfig # (or xconfig, or whatever)
63 See the configuration step of INSTALL for details of what to do within
64 the configuration program. Don't forget to save the results.
66 Go through the usual kernel make process (still in /usr/src/linux):
70 Caution: the Linux kernel Makefiles are not always careful about checking
71 for errors. We recommend capturing the output of this step and searching
72 it for any occurrence of "error", "Error", etc. The details of how to do
73 so are unfortunately somewhat shell-dependent, although if you are using
74 the standard shell (rather than csh, tcsh, etc.), this would do:
76 make dep clean zImage 2>&1 | tee junk
77 egrep -i error junk # no output is good output
79 (One glitch here is that the word "error" can sometimes occur legitimately
80 in the make output. For example, the kernel math emulation package has a
81 source file "errors.c". Some judgement is required to ignore such false
82 alarms.) The prepackaged make commands do all this for you.
84 If your kernel is using loadable modules, you'll also need to do:
88 Now you need to install the resulting kernel. If you're not using the
89 kernel's "make install" -- many people aren't -- then you need to do your
90 usual install procedure. You might want to read doc/kernel.notes, which
91 recounts some of our experiences with RedHat 5.2 kernel installation in
94 If "make install" is good enough for you, then:
98 (Same comments on error checking as in previous step.) If your kernel is
99 using loadable modules, you'll also need to do:
103 Finally, go back to INSTALL for the remaining steps.
109 It is possible to run Klips as a kernel module, meaning that it does not
110 have to be loaded until needed. Formerly this was necessary, in fact,
111 because Klips wouldn't run any other way. Now it will, and we recommend
112 static linking ("y", not "m", to the configuration question) for security.
113 Klips is not terribly large (tens of KB, not hundreds) and should not
114 cause size problems unless your kernel is already pushing the limits.
116 However, Klips does still run as a module, if you want (although beware
117 that we don't test this option very often). "ipsec setup start" and
118 "ipsec setup stop" load and unload it as appropriate, and you should not
119 need to do anything about that yourself.
125 Our development is currently on a mix of Red Hat 6.2 and 7.1, with 6.2
126 fading fast. Our older Red Hats have been retired, and although FreeS/WAN
127 should still work on them, we no longer make any attempt to ensure that.