reasoning...First off you should know about kerneli. No point of repeating all the great info on the main site: www.kerneli.org
what to do...FreeS/WAN (www.freeswan.org) needs a crypto library in the kernel to perform all the symetric crypto and hashing for IPSec packet processing. Kerneli does all this. The problem with using the kerneli patch is that you have to recompile the kernel... for version 2.0 of FreeS/WAN the consensus was made to try to get away from that. However, kerneli folks have done a lot of good work so I wanted to see if it was possible to get the best of both worlds: use existing work and allow FreeS/WAN to be installed without a recompile.
In addition to all that FreeS/WAN can detect the presence of kerneli patches. If the patches are present then FreeS/WAN would use the existing interface of kerneli. If, however, they are not present it can install it's own modules for the crypto functions which are completely identical to the ones that would be installed by the kerneli patch.
If this is interesting to you visit my linux-ipsec page, where I will document the progress in using this hack to form an algorithm database interface for KLIPS2.
You need to get three files: Makefile-real, go, and patch-int-2.4.3.1. The first two are conviniently bundled in this here tar ball:
- kerneli-module.tar.gz [ browse ]
The actual patch will ge downloaded using wget with the use of wget.Once you get it you will need to untar it, enter the dir, and run go.
cd kerneli-module ./goThe script will use the patch to create the source code in it and compile it using the configuration in /usr/src/linux. Once compiled you can run:
cd crypto insmod cryptoapi.o for f in digest-*.o cipher-*.o ; do insmod $f ; doneThis will provide all the crypto functionality of kerneli - excluding the loop device which is not needed for FreeS/WAN anyway - in an out-of kernel module distribution.
NOTE: use it at your own risk. I have only tried it with kerenli patch version 2.4.3.1 on my i586 box running vanila 2.4.3 kernel.