# kernel freezes after a module load

## tytus

I am trying to load module that is a part of Contivity client

(VPN client, version 3.1.1) for linux. This version of the client

suppedly works with Fedore Core 2 (2.6.5 based kernel). I am

running Gentoo with 2.6.9 based kernel.

My box freezes every time I attempt to load this module. I

suspect that the problem is related to differences in kernel

configuration between my kernel and Fedora (I may be wrong

here). 

I run insmod with strace to get some idea what the problem is but

I am not sure what the output means. Does "Function not

implemented" relates to create_module or umovestr? Which kernel

config option could possibly fix this problem? I run nm on my

vxlinux file but could not find any "umovestr" it can in a kernel

module however...

Any help would be greatly appreciated.

Here is stracd output:

 *Quote:*   

> romanus netlock # strace /sbin/insmod /etc/netlock/mishim.o 
> 
> execve("/sbin/insmod", ["/sbin/insmod", "/etc/netlock/mishim.o"], [/* 42 vars */]) = 0
> 
> brk(0)                                  = 0x804b000
> ...

 

Here is dmesg output:

 *Quote:*   

> mishim: module license 'PROPRIETARY' taints kernel.
> 
> Unable to handle kernel NULL pointer dereference at virtual address 00000000
> 
>  printing eip:
> ...

 [/quote]

----------

## Octo

You are not alone, I was trying to get the Contivity client running before Xmas, but I didn't have time to trouble shoot it.

Shortly after I would start the client, everything would lock up solid.

Have you tried to get a kernel config file from Ferdore Core 2 and compile against that?

----------

## tytus

I have just tried it. It does not seem to work. Remember that I am on 2.6.9 and fedora is 2.6.5. I may try to compile 2.6.5 based kernel with fedora config later.

Here is partial log of my trial to compile my kernel with 2.6.9-gentoo-r8:

 *Quote:*   

> romanus linux # make                        
> 
>   CHK     include/linux/version.h
> 
> scripts/kconfig/conf -s arch/i386/Kconfig
> ...

 

Piotr

----------

## Octo

I have it working. I saw someone post a message to the internal newsgroup at work saying that they got Contivity working with their Linux setup, but I can't remember what the distribution was, it wasn't Gentoo.

I email him and he send me a copy of his config. I sat on it for a couple of weeks because I didn't have the time, but I went through the Networking options and tried to set my Gentoo config up nearly the same as what he had. The one major difference, I didn't enable IPv6.

I then tried it and it worked perfectly and the license code that I had for v2.x worked for v3.1.1e. 

I put my config file on my website at http://octo.dyndns.org/users/octo/config.txt. I have a VIA EPIA MB, so you will most likely need to change the processor type for your system.

If you use take it and try it, please post a message here telling me if it worked for you or not.

Octo

----------

## tytus

I tried to configure my kernel with networking options from your config but it still freezes every time I try to load netlock   :Sad:  . 

```
root@romanus cvc_linux-rh-gcc3-3.1.1 # sh -x netlock start

+ CONF_LOG=/tmp/rc.nleac.log

+ DRV_CONF=/etc/netlock.conf

+ NL_TEMP=/etc/netlock/temp

+ STRLOAD=/usr/sbin/strload

+ DEVICES=en et tr sl fi

+ date '+%n**** %y.%m.%d %H:%M:%S ****%n'

+ '[' -f /etc/rc.d/init.d/functions ']'

++ netstat -an

++ grep 127.0.0.1:9161

++ grep TIME_WAIT

+ timeout=

+ '[' -n '' ']'

+ echo -n 'Starting Netlock services: '

Starting Netlock services: + '[' -f /etc/netlock/mishim.ko ']'

+ '[' -f /etc/netlock/mishim.o ']'

+ /sbin/insmod /etc/netlock/mishim.o

netlock: line 124:  9285 Segmentation fault      /sbin/insmod /etc/netlock/mishim.o 1>&/tmp/mishim.log

+ '[' 139 -eq 0 ']'

+ cat /tmp/mishim.log

+ exit 1
```

I migrated from 2.4 kernel a while ago but I still have not merged 2.6 kernel headers - sys-kernel/linux26-headers package. "The complete Gentoo Linux 2.6 migration guide" (http://www.gentoo.org/doc/en/migration-to-2.6.xml) suggests that this should be done. Additionally it suggests that glibc should be also remerged. Did you do any of these steps?

What version of netlock 3.1.1 did you choose? I see at least 4 of them. The one that is crushing on me is: cvc_linux-rh-gcc3-3.1.1.

Thanks,

Piotr

----------

## Octo

I am using cvc_linux-rh-gcc3-3.1.1e to build Contivity.

I do not have sys-kernel/linux26-headers installed. I am using the gentoo-dev-sources version linux-2.6.9-gentoo-r13. I will try and rebuild everything using 2.6.10-r6 to see if there is a difference in behaviour.

When I decided to upgrade to switch to kernel 2.6, I just emerged the source and compiled it. It took a couple of attempts to get a kernel that worked, but I didn't follow the migration guide. I will look at it later. My system is up to date, usually a couple of times a month I will do an emerge world to get everything updated.

If I can offer any more assitance, let me know.

Octo

----------

## tytus

Octo,

Can you do me a favour: Execute lsmod before loading netlock service and next after loading it and post the output.

Thanks,

Piotr

----------

## onegative

Hello, I am trying to install the client for the first time tonight, I tough I would come on the forums to see if anyone successfully installed it.

From what I see in the release notes, you need this to get the client working:

 *Quote:*   

> 
> 
> 4) The kernel must have netfiltering enabled.
> 
> 2)  The kernel-headers-2.2.x package is needed if 
> ...

 

I dont know if this helps but from what I read you dont have kernel headers?

o-negative

----------

## tytus

Thanks for your reply. Unfortunately I have already tried with and without 2.6 kernel headers. I also recompiled the client with and without the headers   :Crying or Very sad:  .

Let me know if you installed the client successfully. More installlations would probably help to narrow the scope of the possible problem search.

Piotr

----------

## pwr

I've got the same problem too, trying to install the vpn client.  System freezes up on installing the module 'mishim.o'.

n00b question: how do you retrieve dmesg stuff after your system freezes?

----------

## onegative

AFAIK, you can see what happened just BEFORE the system freeze in your logs. Depending on the syslog demon you are using and your configuration, it should be in /var/log/messages.

o-neg

----------

## Octo

Sorry for the delay, just too busy with work.  :Shocked: 

I'm going to try and recompile with the latest kernel.

radius scripts # lsmod

Module                  Size  Used by

ide_scsi               18180  0

via_rhine              23172  0

sundance               22208  0

mii                     5888  2 via_rhine,sundance

crc32                   5376  2 via_rhine,sundance

ide_cd                 42016  0

sr_mod                 18340  0

cdrom                  39452  2 ide_cd,sr_mod

sbp2                   25352  0

ohci1394               35588  0

ieee1394              112056  2 sbp2,ohci1394

radius scripts # ./netlock start

Starting Netlock services:

Netlock vD3.1.1e

*******************************************************************************

*                      Netlock NETWORK SECURITY SYSTEM                        *

*              Copyright (c) 1993-2004  Apani Networks                        *

*                              UNPUBLISHED WORK                               *

*                            ALL RIGHTS RESERVED                              *

* This software or document (and the software described herein) is furnished  *

* under a license agreeement between Apani Networks and the Licensee. The software may   *

* be used or copied only in accordance with the terms of the license          *

* agreement.  The document may not be reproduced in whole or in part except   *

* with the written permission of Apani Networks.                              *

*                  U.S. Government - Restricted Rights Legend                 *

* Use, duplication, or disclosure of this commercial computer software by the *

* U.S. Government is subject to restrictions as defined in the Defense        *

* Federal Acquisition Regulation Supplement (DFARS) 252.227-7014 or Federal   *

* Acquisition Regulation (FAR) 52.227-19 as applicable.                       *

*                    Apani Networks PROPRIETARY                   *

*                                                                             *

* Contains SSH IPSEC technology (pat. pending).  SSH is a registered          *

* trademark of SSH Communications Security Ltd. (http://www.ssh.fi)           *

*******************************************************************************

done.

radius scripts # lsmod

Module                  Size  Used by

nlvcard                 3076  0

mishim                366552  1

ide_scsi               18180  0

via_rhine              23172  0

sundance               22208  0

mii                     5888  2 via_rhine,sundance

crc32                   5376  2 via_rhine,sundance

ide_cd                 42016  0

sr_mod                 18340  0

cdrom                  39452  2 ide_cd,sr_mod

sbp2                   25352  0

ohci1394               35588  0

ieee1394              112056  2 sbp2,ohci1394

radius scripts #

----------

## Octo

I updated my kernel to 2.6.10-gentoo-r6. Contivity is not as stable as it was with my previous build. Within 30-60 seconds of issuing netlock start, my machine locks up. I think it locked up with the old build too, but it was several days before it crashed, maybe I was just lucky.

Here is the dump that I pulled out of my syslog.

Feb  9 20:35:52 radius mishim: module license 'PROPRIETARY' taints kernel.

Feb  9 20:35:52 radius no device index

Feb  9 20:35:52 radius divert: allocating divert_blk for nlv0

Feb  9 20:36:12 radius Unable to handle kernel paging request at virtual address 006752b6

Feb  9 20:36:12 radius printing eip:

Feb  9 20:36:12 radius c02fc754

Feb  9 20:36:12 radius *pde = 00000000

Feb  9 20:36:12 radius Oops: 0000 [#1]

Feb  9 20:36:12 radius PREEMPT SMP

Feb  9 20:36:12 radius Modules linked in: nlvcard mishim ide_scsi via_rhine sundance mii crc32 ide_cd sr_mod cdrom sbp2 ohci1394 ieee1394

Feb  9 20:36:12 radius CPU:    0

Feb  9 20:36:12 radius EIP:    0060:[<c02fc754>]    Tainted: P      VLI

Feb  9 20:36:12 radius EFLAGS: 00010206   (2.6.10-gentoo-r6)

Feb  9 20:36:12 radius EIP is at ip_output+0x34/0x70

Feb  9 20:36:12 radius eax: 0067528a   ebx: 00000000   ecx: d763da30   edx: 00000000

Feb  9 20:36:12 radius esi: d95028f4   edi: d95028f4   ebp: d763da28   esp: d763da28

Feb  9 20:36:12 radius ds: 007b   es: 007b   ss: 0068

Feb  9 20:36:12 radius Process Xvnc (pid: 7853, threadinfo=d763c000 task=d74370a0)

Feb  9 20:36:12 radius Stack: d763da8c dea2c734 dcd3a8a0 dcb18040 00000000 00000246 0200a8c0 6700a8c0

Feb  9 20:36:12 radius d09f5160 d763da00 c02dcc79 dd449a08 00000020 00000000 d5e6a0b4 d74294b4

Feb  9 20:36:12 radius 0000003c dea2c8fe 0000003c dcd3a8a0 00000004 d7429230 d09f5160 d95028f4

Feb  9 20:36:12 radius Call Trace:

Feb  9 20:36:12 radius [<c0104425>] show_stack+0x75/0x90

Feb  9 20:36:12 radius [<c0104580>] show_registers+0x120/0x190

Feb  9 20:36:12 radius [<c010478e>] die+0xee/0x180

Feb  9 20:36:12 radius [<c0117772>] do_page_fault+0x262/0x63b

Feb  9 20:36:12 radius [<c010407b>] error_code+0x2b/0x30

Feb  9 20:36:12 radius [<dea2c734>] nl_send_skb+0x94/0xe0 [mishim]

Feb  9 20:36:12 radius [<dea2caeb>] mip_pkt_output+0x1b/0x24 [mishim]

Feb  9 20:36:12 radius Code: f7 42 14 00 ff 89 c1 0f 94 c0 25 ff 00 00 00 c1 e0 02 8b 80 e0 0b 4a c0 8b 52 10 f7 d0 8b 04 90 ff 40 2c 8b 41 30 8b 40 58 89 e5 <8b> 40 2c 39 41 60 76 0d 8b 81 ac 00 00 00 66 83 78 08 00 74 17

Feb  9 20:36:12 radius <6>note: Xvnc[7853] exited with preempt_count 1

Feb  9 20:36:12 radius scheduling while atomic: Xvnc/0x00000001/7853

Feb  9 20:36:12 radius [<c0104455>] dump_stack+0x15/0x20

Feb  9 20:36:12 radius [<c034e126>] schedule+0x686/0x690

Feb  9 20:36:12 radius [<c02dc1cb>] __lock_sock+0x6b/0x90

Feb  9 20:36:12 radius [<c02dc8f7>] lock_sock+0x37/0x40

Feb  9 20:36:12 radius [<c02d9de2>] sock_fasync+0x42/0x160

Feb  9 20:36:12 radius [<c02d9d76>] sock_close+0x16/0x40

Feb  9 20:36:12 radius [<c0159567>] __fput+0x157/0x170

Feb  9 20:36:12 radius [<c0157e16>] filp_close+0x46/0x70

Feb  9 20:36:12 radius [<c011fd89>] put_files_struct+0x89/0xe0

Feb  9 20:36:12 radius [<c0120b16>] do_exit+0x1c6/0x460

Feb  9 20:36:12 radius [<c0104817>] die+0x177/0x180

Feb  9 20:36:12 radius [<c0117772>] do_page_fault+0x262/0x63b

Feb  9 20:36:12 radius [<c010407b>] error_code+0x2b/0x30

Feb  9 20:36:12 radius [<dea2c734>] nl_send_skb+0x94/0xe0 [mishim]

Feb  9 20:36:12 radius [<dea2caeb>] mip_pkt_output+0x1b/0x24 [mishim]

----------

## darkarchon

 *Octo wrote:*   

> I updated my kernel to 2.6.10-gentoo-r6. Contivity is not as stable as it was with my previous build. 

 How did you get it to build ? I am having problems with make. Something about nlprintk. Does it even compile with gcc 3.4.3  ? Or do you have to use specific gcc version (3.1.1 or 3.3.1) ? 

 *Quote:*   

> malabari cvc_linux-rh-gcc3-3.1.1 # make all
> 
> cd src && make all
> 
> make[1]: Entering directory `/root/saab/cvc_linux-rh-gcc3-3.1.1/src'
> ...

 

----------

## Anml4ixoye

Ok, well I'm in the same boat as you all. Gentoo with Kernel 2.6.10. 

This was my dmesg output:

```

NetLOCK: flushing heap cache

NetLOCK: Could not allocate 116 bytes from system (currently using 0 bytes)

Unable to handle kernel paging request at virtual address d0c132a0

 printing eip:

c037510b

*pde = 0928f067

*pte = 00000000

Oops: 0000 [#1]

Modules linked in: ohci_hcd ne2k_pci 8390 snd_emu10k1 snd_util_mem snd_hwdep snd_via82xx snd_ac97_codec gameport snd_mpu401_uart snd_rawmidi uhci_hcd parport_pc parport via_agp agpgart snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_pcm snd_timer snd_page_alloc snd_mixer_oss snd sbp2 ohci1394 ieee1394 usb_storage ehci_hcd usbcore

CPU:    0

EIP:    0060:[<c037510b>]    Tainted: P      VLI

```

Looking at System.map, the eip hits here:

```

c0374dd0 t tcp_v4_or_free

c0374df0 T tcp_v4_conn_request

c03752b0 T tcp_v4_syn_recv_sock

```

The difference being an offset of 31B. tcp_v4_conn_request seems to be from /usr/src/linux/ipv4/tcp_ipv4.c. I used objdump to disassemble the header and this is the assembly around that offset address:

```

000000c0 <tcp_v4_get_port>:

      c0:       55                      push   %ebp

      c1:       57                      push   %edi

      c2:       56                      push   %esi

      c3:       53                      push   %ebx

      c4:       83 ec 14                sub    $0x14,%esp

      c7:       8b 7c 24 2c             mov    0x2c(%esp),%edi

      cb:       b8 00 e0 ff ff          mov    $0xffffe000,%eax

      d0:       21 e0                   and    %esp,%eax

      d2:       81 40 14 00 01 00 00    addl   $0x100,0x14(%eax)

      d9:       66 85 ff                test   %di,%di

      dc:       0f 85 9e 01 00 00       jne    280 <tcp_v4_get_port+0x1c0>

      e2:       a1 04 00 00 00          mov    0x4,%eax

      e7:       8b 1d 00 00 00 00       mov    0x0,%ebx

      ed:       89 44 24 08             mov    %eax,0x8(%esp)

      f1:       8b 3d 08 00 00 00       mov    0x8,%edi

      f7:       29 d8                   sub    %ebx,%eax

      f9:       8d 70 01                lea    0x1(%eax),%esi

      fc:       8b 0d 00 00 00 00       mov    0x0,%ecx

     102:       8b 2d 04 00 00 00       mov    0x4,%ebp

     108:       4f                      dec    %edi

     109:       41                      inc    %ecx

     10a:       39 d9                   cmp    %ebx,%ecx

     10c:       7c 06                   jl     114 <tcp_v4_get_port+0x54>

     10e:       3b 4c 24 08             cmp    0x8(%esp),%ecx

     112:       7e 02                   jle    116 <tcp_v4_get_port+0x56>

     114:       89 d9                   mov    %ebx,%ecx

     116:       89 c8                   mov    %ecx,%eax

     118:       25 ff ff 00 00          and    $0xffff,%eax

     11d:       21 f8                   and    %edi,%eax

     11f:       8d 44 85 00             lea    0x0(%ebp,%eax,4),%eax

     123:       89 44 24 10             mov    %eax,0x10(%esp)

     127:       8b 00                   mov    (%eax),%eax

     129:       85 c0                   test   %eax,%eax

     12b:       74 20                   je     14d <tcp_v4_get_port+0x8d>

     12d:       8d 76 00                lea    0x0(%esi),%esi

     130:       8b 10                   mov    (%eax),%edx

     132:       8d 74 26 00             lea    0x0(%esi),%esi

     136:       66 8b 40 fc             mov    0xfffffffc(%eax),%ax

     13a:       25 ff ff 00 00          and    $0xffff,%eax

     13f:       39 c8                   cmp    %ecx,%eax

     141:       0f 84 29 01 00 00       je     270 <tcp_v4_get_port+0x1b0>

     147:       85 d2                   test   %edx,%edx

     149:       89 d0                   mov    %edx,%eax

     14b:       75 e3                   jne    130 <tcp_v4_get_port+0x70>

     14d:       85 f6                   test   %esi,%esi

     14f:       89 0d 00 00 00 00       mov    %ecx,0x0

     155:       c7 44 24 0c 01 00 00    movl   $0x1,0xc(%esp)

     15c:       00

     15d:       89 cf                   mov    %ecx,%edi

     15f:       7e 5c                   jle    1bd <tcp_v4_get_port+0xfd>

     161:       31 db                   xor    %ebx,%ebx

     163:       85 db                   test   %ebx,%ebx

     165:       c7 44 24 0c 01 00 00    movl   $0x1,0xc(%esp)

     16c:       00

     16d:       0f 84 cf 00 00 00       je     242 <tcp_v4_get_port+0x182>

     173:       8b 43 0c                mov    0xc(%ebx),%eax

     176:       85 c0                   test   %eax,%eax

     178:       0f 85 a2 00 00 00       jne    220 <tcp_v4_get_port+0x160>

     17e:       8b 74 24 28             mov    0x28(%esp),%esi

     182:       80 7e 03 00             cmpb   $0x0,0x3(%esi)

     186:       0f 84 84 00 00 00       je     210 <tcp_v4_get_port+0x150>

     18c:       8a 46 02                mov    0x2(%esi),%al

     18f:       3c 0a                   cmp    $0xa,%al

     191:       74 7d                   je     210 <tcp_v4_get_port+0x150>

     193:       66 c7 43 02 01 00       movw   $0x1,0x2(%ebx)

     199:       8d b4 26 00 00 00 00    lea    0x0(%esi),%esi

     1a0:       8b 74 24 28             mov    0x28(%esp),%esi

     1a4:       81 c6 d0 01 00 00       add    $0x1d0,%esi

     1aa:       8b 46 20                mov    0x20(%esi),%eax

     1ad:       85 c0                   test   %eax,%eax

     1af:       74 3b                   je     1ec <tcp_v4_get_port+0x12c>

     1b1:       39 d8                   cmp    %ebx,%eax

     1b3:       75 19                   jne    1ce <tcp_v4_get_port+0x10e>

     1b5:       c7 44 24 0c 00 00 00    movl   $0x0,0xc(%esp)

     1bc:       00

     1bd:       e8 fc ff ff ff          call   1be <tcp_v4_get_port+0xfe>

     1c2:       8b 44 24 0c             mov    0xc(%esp),%eax

     1c6:       83 c4 14                add    $0x14,%esp

     1c9:       5b                      pop    %ebx

     1ca:       5e                      pop    %esi

     1cb:       5f                      pop    %edi

     1cc:       5d                      pop    %ebp

     1cd:       c3                      ret

     1ce:       68 20 01 00 00          push   $0x120

     1d3:       68 00 00 00 00          push   $0x0

     1d8:       68 14 00 00 00          push   $0x14

     1dd:       68 00 00 00 00          push   $0x0

     1e2:       e8 fc ff ff ff          call   1e3 <tcp_v4_get_port+0x123>

     1e7:       83 c4 10                add    $0x10,%esp

     1ea:       eb c9                   jmp    1b5 <tcp_v4_get_port+0xf5>

     1ec:       89 f8                   mov    %edi,%eax

     1ee:       25 ff ff 00 00          and    $0xffff,%eax

     1f3:       50                      push   %eax

     1f4:       53                      push   %ebx

     1f5:       8b 44 24 30             mov    0x30(%esp),%eax

     1f9:       50                      push   %eax

     1fa:       e8 fc ff ff ff          call   1fb <tcp_v4_get_port+0x13b>

     1ff:       83 c4 0c                add    $0xc,%esp

     202:       8b 46 20                mov    0x20(%esi),%eax

     205:       eb aa                   jmp    1b1 <tcp_v4_get_port+0xf1>

     207:       89 f6                   mov    %esi,%esi

     209:       8d bc 27 00 00 00 00    lea    0x0(%edi),%edi

     210:       66 c7 43 02 00 00       movw   $0x0,0x2(%ebx)

     216:       eb 88                   jmp    1a0 <tcp_v4_get_port+0xe0>

     218:       90                      nop

     219:       8d b4 26 00 00 00 00    lea    0x0(%esi),%esi

     220:       66 83 7b 02 00          cmpw   $0x0,0x2(%ebx)

     225:       0f 84 75 ff ff ff       je     1a0 <tcp_v4_get_port+0xe0>

     22b:       8b 44 24 28             mov    0x28(%esp),%eax

     22f:       80 78 03 00             cmpb   $0x0,0x3(%eax)

     233:       74 db                   je     210 <tcp_v4_get_port+0x150>

     235:       8a 40 02                mov    0x2(%eax),%al

     238:       3c 0a                   cmp    $0xa,%al

     23a:       0f 85 60 ff ff ff       jne    1a0 <tcp_v4_get_port+0xe0>

     240:       eb ce                   jmp    210 <tcp_v4_get_port+0x150>

     242:       89 f8                   mov    %edi,%eax

     244:       25 ff ff 00 00          and    $0xffff,%eax

     249:       50                      push   %eax

     24a:       8b 4c 24 14             mov    0x14(%esp),%ecx

     24e:       51                      push   %ecx

     24f:       e8 fc ff ff ff          call   250 <tcp_v4_get_port+0x190>

     254:       89 c3                   mov    %eax,%ebx

     256:       85 db                   test   %ebx,%ebx

     258:       58                      pop    %eax

     259:       5a                      pop    %edx

     25a:       0f 85 13 ff ff ff       jne    173 <tcp_v4_get_port+0xb3>

     260:       e9 58 ff ff ff          jmp    1bd <tcp_v4_get_port+0xfd>

     265:       8d 74 26 00             lea    0x0(%esi),%esi

     269:       8d bc 27 00 00 00 00    lea    0x0(%edi),%edi

     270:       4e                      dec    %esi

     271:       85 f6                   test   %esi,%esi

     273:       0f 8f 90 fe ff ff       jg     109 <tcp_v4_get_port+0x49>

     279:       e9 cf fe ff ff          jmp    14d <tcp_v4_get_port+0x8d>

     27e:       89 f6                   mov    %esi,%esi

     280:       89 f8                   mov    %edi,%eax

     282:       8b 15 08 00 00 00       mov    0x8,%edx

     288:       4a                      dec    %edx

     289:       25 ff ff 00 00          and    $0xffff,%eax

     28e:       21 d0                   and    %edx,%eax

     290:       8b 15 04 00 00 00       mov    0x4,%edx

     296:       8d 04 82                lea    (%edx,%eax,4),%eax

     299:       89 44 24 10             mov    %eax,0x10(%esp)

     29d:       8b 00                   mov    (%eax),%eax

     29f:       85 c0                   test   %eax,%eax

     2a1:       0f 84 ba fe ff ff       je     161 <tcp_v4_get_port+0xa1>

     2a7:       89 f6                   mov    %esi,%esi

     2a9:       8d bc 27 00 00 00 00    lea    0x0(%edi),%edi

     2b0:       8b 10                   mov    (%eax),%edx

     2b2:       8d 74 26 00             lea    0x0(%esi),%esi

     2b6:       8d 48 fc                lea    0xfffffffc(%eax),%ecx

     2b9:       66 39 78 fc             cmp    %di,0xfffffffc(%eax)

     2bd:       89 cb                   mov    %ecx,%ebx

     2bf:       74 0b                   je     2cc <tcp_v4_get_port+0x20c>

     2c1:       85 d2                   test   %edx,%edx

     2c3:       89 d0                   mov    %edx,%eax

     2c5:       75 e9                   jne    2b0 <tcp_v4_get_port+0x1f0>

     2c7:       e9 95 fe ff ff          jmp    161 <tcp_v4_get_port+0xa1>

     2cc:       8b 70 08                mov    0x8(%eax),%esi

     2cf:       85 f6                   test   %esi,%esi

     2d1:       0f 84 8c fe ff ff       je     163 <tcp_v4_get_port+0xa3>

     2d7:       8b 74 24 28             mov    0x28(%esp),%esi

     2db:       8a 56 03                mov    0x3(%esi),%dl

     2de:       80 fa 01                cmp    $0x1,%dl

     2e1:       0f 87 b9 fe ff ff       ja     1a0 <tcp_v4_get_port+0xe0>

     2e7:       66 83 79 02 00          cmpw   $0x0,0x2(%ecx)

     2ec:       7e 0f                   jle    2fd <tcp_v4_get_port+0x23d>

     2ee:       84 d2                   test   %dl,%dl

     2f0:       74 0b                   je     2fd <tcp_v4_get_port+0x23d>

     2f2:       8a 46 02                mov    0x2(%esi),%al

     2f5:       3c 0a                   cmp    $0xa,%al

     2f7:       0f 85 a3 fe ff ff       jne    1a0 <tcp_v4_get_port+0xe0>

     2fd:       c7 44 24 0c 01 00 00    movl   $0x1,0xc(%esp)

     304:       00

     305:       8b 74 24 28             mov    0x28(%esp),%esi

     309:       8a 46 02                mov    0x2(%esi),%al

     30c:       3c 06                   cmp    $0x6,%al

     30e:       0f 84 96 00 00 00       je     3aa <tcp_v4_get_port+0x2ea>

     314:       8b 86 3c 01 00 00       mov    0x13c(%esi),%eax

     31a:       89 44 24 04             mov    %eax,0x4(%esp)

     31e:       81 e2 ff 00 00 00       and    $0xff,%edx

     324:       89 14 24                mov    %edx,(%esp)

     327:       8b 69 0c                mov    0xc(%ecx),%ebp

     32a:       85 ed                   test   %ebp,%ebp

     32c:       74 2c                   je     35a <tcp_v4_get_port+0x29a>

```

the tcp_v4_get_port function is a static function inside the tcp_ipv4.c file that looks like

```

static int tcp_v4_get_port(struct sock *sk, unsigned short snum)

{

        struct tcp_bind_hashbucket *head;

        struct hlist_node *node;

        struct tcp_bind_bucket *tb;

        int ret;

                                                                                                                           

        local_bh_disable();

        if (!snum) {

                int low = sysctl_local_port_range[0];

                int high = sysctl_local_port_range[1];

                int remaining = (high - low) + 1;

                int rover;

                                                                                                                           

                spin_lock(&tcp_portalloc_lock);

                rover = tcp_port_rover;

                do {

                        rover++;

                        if (rover < low || rover > high)

                                rover = low;

                        head = &tcp_bhash[tcp_bhashfn(rover)];

                        spin_lock(&head->lock);

                        tb_for_each(tb, node, &head->chain)

                                if (tb->port == rover)

                                        goto next;

                        break;

                next:

                        spin_unlock(&head->lock);

                } while (--remaining > 0);

                tcp_port_rover = rover;

                spin_unlock(&tcp_portalloc_lock);

                                                                                                                           

                /* Exhausted local port range during search? */

                ret = 1;

                if (remaining <= 0)

                        goto fail;

                                                                                                                           

                /* OK, here is the one we will use.  HEAD is

                 * non-NULL and we hold it's mutex.

                 */

                snum = rover;

        } else {

                head = &tcp_bhash[tcp_bhashfn(snum)];

                spin_lock(&head->lock);

                tb_for_each(tb, node, &head->chain)

                        if (tb->port == snum)

                                goto tb_found;

        }

        tb = NULL;

        goto tb_not_found;

tb_found:

        if (!hlist_empty(&tb->owners)) {

                if (sk->sk_reuse > 1)

                        goto success;

                if (tb->fastreuse > 0 &&

                    sk->sk_reuse && sk->sk_state != TCP_LISTEN) {

                        goto success;

                } else {

                        ret = 1;

                        if (tcp_bind_conflict(sk, tb))

                                goto fail_unlock;

                }

        }

tb_not_found:

        ret = 1;

        if (!tb && (tb = tcp_bucket_create(head, snum)) == NULL)

                goto fail_unlock;

        if (hlist_empty(&tb->owners)) {

                if (sk->sk_reuse && sk->sk_state != TCP_LISTEN)

                        tb->fastreuse = 1;

                else

                        tb->fastreuse = 0;

        } else if (tb->fastreuse &&

                   (!sk->sk_reuse || sk->sk_state == TCP_LISTEN))

                tb->fastreuse = 0;

success:

        if (!tcp_sk(sk)->bind_hash)

                tcp_bind_hash(sk, tb, snum);

        BUG_TRAP(tcp_sk(sk)->bind_hash == tb);

        ret = 0;

                                                                                                                           

fail_unlock:

        spin_unlock(&head->lock);

fail:

        local_bh_enable();

        return ret;

}

```

and that's about as far as I've gotten. Hoping that might spur someone along.

Cory

----------

## darkarchon

 *darkarchon wrote:*   

> How did you get it to build ? I am having problems with make. Something about nlprintk. 

 

I managed to proceed from this error by putting a line of code in linux_wrapper.c, as shown below in red.

 *Quote:*   

> # pwd
> 
> /root/cvc_linux-rh-gcc3-3.1.1/src
> 
> #  more linux_wrapper.c
> ...

 

Now, I am stuck at mishim.o and the lockups. Anyone managed to make it work ? 

I did notice that I had to disable the ndiswrapper with all the Net Filtering enabled in the kernel because there would be a kernel panic during a bootup. I  removed ndiswrapper and disabled the wlan0 and just used the eth0, and now I can boot just fine. But, if there is any effort to load mishim.o there is a serious freeze.

----------

## darkarchon

Questions for you folks:

1- Can you get the browser open to 127.0.0.1:9161 or is the connection refused ?

2- Are you supposed to do start_cvc before netlock start ? Or vice-versa ? What is the correct order ?

----------

## darkarchon

Does this look right ? We are trying to connect to port 9161, but the port range goes from 32768 to 61000 because of ip_local_port_range:

 *Quote:*   

> # pwd
> 
> /proc/sys/net/ipv4
> 
> # more ip_local_port_range
> ...

 

----------

## darkarchon

I got it to work partially. It seems that the nleac command will set up the port 9161 to listen and start_cvc will use it. I can see the CVC client in the web browser, but am unable to go anywhere because I have a socket error. But, if I do the netlock start I still get a freeze.  :Sad: 

 *Quote:*   

> # pwd
> 
> /root/cvc_linux-rh-gcc3-3.1.1/etc/netlock
> 
> # start-stop-daemon --start --exec ./nleac 
> ...

 

----------

## darkarchon

bump

----------

## darkarchon

I was able to get Contivity VPN to run on this brief setup for SuSe Personal 9.1. However, I must also add that RPMs suck so bad that YaST fel apart down on the very first software update post-installation. 

 *Quote:*   

> # uname -a
> 
> Linux linux 2.6.5-7.147-default #1 Thu Jan 27 09:19:29 UTC 2005 i686 i686 i386 GNU/Linux
> 
> # gcc -v 
> ...

 [/color]

----------

## monsterfoo

i finally got mishim to load and not freeze up my box.

i think the key (for me it was anyway) is to make sure you have

```
Processor type and features --> Use register arguments (CONFIG_REGPARM)
```

enabled

----------

## rburcham

good work.

I set the kernel param as described above and rebuilt my 2.6.10-gentoo-r6.  The mishim.ko loads properly now without crashing the box.  Also, all of my Netlock 2.x license and params are preserved from my previous install.  

Thanks for the help!

----------

## okapi

 *rburcham wrote:*   

> good work.
> 
> I set the kernel param as described above and rebuilt my 2.6.10-gentoo-r6.  The mishim.ko loads properly now without crashing the box.  Also, all of my Netlock 2.x license and params are preserved from my previous install.  
> 
> Thanks for the help!

 

Were you able to connect somewhere?

My modules dont freeze the kernel anymore.

I am able to use the web interface at localhost:9161.

But when I try to connect somewhere, I stall endlessly on a "Negotiation requested..." message.

----------

## tytus

Did somebody get netlock to actually work? I added 

```
 Processor type and features --> Use register arguments (CONFIG_REGPARM)
```

 but my kernel  2.6.10-gentoo-r6 still freezes few seconds after executing

```
netlock start
```

The kernel config change altered the previous behavior however: I don't get any kernel error messages (dmesg) after starting netlock  :Confused: 

----------

## okapi

Mishim module doesn't freeze my kernel anymore with 2.6.11-gentoo-r11 (which use linux 2.6.11.12) but I am still unable to connect anywhere. IPSEC negotiation just hang and sometime crash the kernel.

 *tytus wrote:*   

> Did somebody get netlock to actually work? I added 
> 
> ```
>  Processor type and features --> Use register arguments (CONFIG_REGPARM)
> ```
> ...

 

----------

## monsterfoo

i have the same problem as okapi.  grrr.   :Mad:   haven't found a way around it.

----------

## Octo

It has been a while since I tried to get Contivity to work, but I just had the demo up and running for 15 minutes without any crashes. The demo automatically shutdown after 15 minutes, so it may have worked longer.

I had to do a couple of things, including putting the following into my kernel (2.6.12-gentoo-r9):

Processor type and features --> Use register arguments (CONFIG_REGPARM)

And the I edited src/linux_wrapper.c

I removed this line:

new_skb->security = skb->security;

and added:

#include <linux/tcp.h>

#include <asm/checksum.h>

directly after:

#include <linux/udp.h>

----------

## tytus

I have it running with 2.6.9 and 2.6.10 stock kernels from kernel.org. I have been using it for quite a while now. No crashes.

----------

## csjean

I have been having a very difficult time with my Contivity VPN client but it works perfectly now!

Here is the list of changes I had to make to make everything work:

1- (as tytus wrote) Change .config for Kernel 

```
 Processor type and features --> Use register arguments (CONFIG_REGPARM) 
```

2- Change the linux_wrapper.c that comes with the contivity client rh sources (cvc_linux-rh-gcc3-3.3.tar.gz):

Here is the DIFF between the new linux_wrapper and the original one.

```

diff linux_wrapper.c linux_wrapper.c.orig

75,77d74

< #include <asm/checksum.h>

<

< #include <net/inet_hashtables.h>

421,422c418

<       /* return ip_rcv(skb, skb->dev, pt); */

<       return netif_rx(skb);

---

>       return ip_rcv(skb, skb->dev, pt);

530,531c526,527

<     /* new_skb->stamp = skb->stamp; */

<     /* new_skb->security = skb->security; */

---

>     new_skb->stamp = skb->stamp;

>     new_skb->security = skb->security;

557c553

<   /* skb_to->stamp = skb_from->stamp; */

---

>   skb_to->stamp = skb_from->stamp;

607c603

<     skb->dst = &rt->u.dst;

---

>     skb->dst = &rt->u.dst;

```

After having recompiled the kernel and netlock, everything worked fine (to my great surprice   :Wink:  ).

I thank everybody who participated on this list, you kept the hope alive.

----------

## rburcham

Can anyone get this to link against glibc 2.4?  Which gcc?  I am using 3.4.6 and can't get their precompiled libs to link.

----------

## rburcham

Confused, I have started again with a clean cvc_linux-rh-gcc3-3.3, and applied the above suggested changes to linux_wrapper.c, and now it seems I can't even parse:

```
# make all

cd src && make all

make[1]: Entering directory `/usr/src/cvc_linux-rh-gcc3-3.3/src'

cd k2.6 && make

make[2]: Entering directory `/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6'

make -C /lib/modules/2.6.17-gentoo-r4/build SUBDIRS=/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6 modules

make[3]: Entering directory `/usr/src/linux-2.6.17-gentoo-r4'

  CC [M]  /usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.o

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:178: error: syntax error before '*' token

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c: In function `register_nl_netfilter':

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:185: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:186: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:187: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:187: error: `input_hook' undeclared (first use in this function)

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:187: error: (Each undeclared identifier is reported only once

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:187: error: for each function it appears in.)

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:188: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:189: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:191: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:192: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:193: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:193: error: `output_hook' undeclared (first use in this function)

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:194: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:195: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c: At top level:

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:161: error: storage size of `input_filter' isn't known

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:162: error: storage size of `output_filter' isn't known

make[4]: *** [/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.o] Error 1

make[3]: *** [_module_/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6] Error 2

make[3]: Leaving directory `/usr/src/linux-2.6.17-gentoo-r4'

make[2]: *** [kmod_build] Error 2

make[2]: Leaving directory `/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6'

make[1]: *** [all] Error 2

make[1]: Leaving directory `/usr/src/cvc_linux-rh-gcc3-3.3/src'

make: *** [all] Error 2
```

Fails with both gcc-3.3.6 and 3.4.6.  Line 178 is the second line in the block below:

```
int register_nl_netfilter (

  nf_hookfn *input_hook,

  nf_hookfn *output_hook

)

{

  int rval;

  /* Register the netfilter hooks. */

  input_filter.list.next = NULL;

  input_filter.list.prev = NULL;

  input_filter.hook = input_hook;

  input_filter.pf = PF_INET;

  input_filter.hooknum = NF_IP_LOCAL_IN;

...
```

----------

## Cluster

Today I made a HOWTO for getting this to work on a latest 2.6 kernel: here.

----------

## rburcham

Cluster, many thanks for starting a Howto - good form!  I retrieved and applied your cvc patch, but I am still having trouble on the compile step:

```
# patch -p1 < cvc.patch

patching file src/linux_wrapper.c

# make all

cd src && make all

make[1]: Entering directory `/usr/src/cvc_linux-rh-gcc3-3.3/src'

cd k2.6 && make

make[2]: Entering directory `/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6'

make -C /lib/modules/2.6.17-gentoo-r4/build SUBDIRS=/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6 modules

make[3]: Entering directory `/usr/src/linux-2.6.17-gentoo-r4'

  CC [M]  /usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.o

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:46:71: linux/utsrelease.h: No such file or directory

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:180: error: syntax error before '*' token

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c: In function `register_nl_netfilter':

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:187: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:188: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:189: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:189: error: `input_hook' undeclared (first use in this function)

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:189: error: (Each undeclared identifier is reported only once

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:189: error: for each function it appears in.)

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:190: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:191: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:193: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:194: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:195: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:195: error: `output_hook' undeclared (first use in this function)

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:196: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:197: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c: At top level:

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:329: error: conflicting types for `nl_nf_register_hook'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:131: error: previous declaration of `nl_nf_register_hook'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:163: error: storage size of `input_filter' isn't known

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:164: error: storage size of `output_filter' isn't known

make[4]: *** [/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.o] Error 1

make[3]: *** [_module_/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6] Error 2

make[3]: Leaving directory `/usr/src/linux-2.6.17-gentoo-r4'

make[2]: *** [kmod_build] Error 2

make[2]: Leaving directory `/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6'

make[1]: *** [all] Error 2

make[1]: Leaving directory `/usr/src/cvc_linux-rh-gcc3-3.3/src'

make: *** [all] Error 2
```

Where might a brother find linux/utsrelease.h?  Are my kernel headers not up to date?

```
# find /usr/include | grep -i release

# find /usr/include | grep -i uts

/usr/include/GL/uglglutshapes.h

/usr/include/qt4/QtXml/QXmlInputSource

/usr/include/sys/utsname.h

/usr/include/bits/utsname.h

/usr/include/xorg/inputstr.h

/usr/include/linux/uts.h

/usr/include/linux/utsname.h

/usr/include/OpenSP/InputSource.h

/usr/include/OpenSP/InternalInputSource.h

/usr/include/mjpegtools/mplex/inputstrm.hpp

/usr/include/mjpegtools/mplex/outputstrm.hpp

# emerge sys-kernel/linux-headers -vp

These are the packages that would be merged, in order:

Calculating dependencies... done!

[ebuild   R   ] sys-kernel/linux-headers-2.6.17-r1  USE="-gcc64" 0 kB

Total size of downloads: 0 kB
```

Also:

```
# emerge --info

Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-3.3.6, glibc-2.4-r3, 2.6.17-gentoo-r4 i686)

=================================================================

System uname: 2.6.17-gentoo-r4 i686 Intel(R) Pentium(R) M processor 1.73GHz

Gentoo Base System version 1.12.5

Last Sync: Mon, 16 Oct 2006 03:00:01 +0000

app-admin/eselect-compiler: [Not Present]

dev-java/java-config: 2.0.30

dev-lang/python:     2.3.5-r2, 2.4.3-r4

dev-python/pycrypto: 2.0.1-r5

dev-util/ccache:     [Not Present]

dev-util/confcache:  [Not Present]

sys-apps/sandbox:    1.2.17

sys-devel/autoconf:  2.13, 2.59-r7

sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2

sys-devel/binutils:  2.16.1-r3

sys-devel/gcc-config: 1.3.13-r4

sys-devel/libtool:   1.5.22

virtual/os-headers:  2.6.17-r1

ACCEPT_KEYWORDS="x86"

AUTOCLEAN="yes"

CBUILD="i686-pc-linux-gnu"

CFLAGS="-O2 -march=pentium3 -fomit-frame-pointer -pipe"

CHOST="i686-pc-linux-gnu"

CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/lib/mozilla/defaults/pref /usr/share/X11/xkb /usr/share/config"

CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/splash /etc/terminfo"

CXXFLAGS="-O2 -march=pentium3 -fomit-frame-pointer -pipe"

DISTDIR="/usr/portage/distfiles"

FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict"

GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"

LINGUAS=""

MAKEOPTS="-j2"

PKGDIR="/usr/portage/packages"

PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"

PORTAGE_TMPDIR="/var/tmp"

PORTDIR="/usr/portage"

PORTDIR_OVERLAY="/usr/local/portage"

SYNC="rsync://rsync.gentoo.org/gentoo-portage"

USE="x86 X aac alsa arts berkdb bitmap-fonts cairo cdr cli crypt cups dbus dlloader dri dvd dvdr dvdread eds elibc_glibc emboss encode esd fam firefox fortran gdbm gif gnome gpm gstreamer gtk hal input_devices_evdev input_devices_keyboard input_devices_mouse ipv6 isdnlog jpeg kde kernel_linux ldap libg++ live mad mikmod mp3 mpeg ncurses nls nptl nptlonly nsplugin nvidia offensive ogg opengl oss pam pcre perl png ppds pppd python qt qt3 qt4 quicktime readline real reflection rtc sdl session spell spl ssl tcltk tcpd truetype truetype-fonts type1-fonts udev unicode userland_GNU video_cards_nv video_cards_nvidia video_cards_vesa vorbis win32codecs xml xorg xv xvid zlib"

Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS
```

----------

## rburcham

Cluster, in which version of sys-kernel/linux-headers are you getting /usr/include/linux/utsrelease.h?  I can not find it in any package, and I have keyworded and installed up to 2.6.18.

I cannot get cvc to make following the howto.  It fails to parse the patched linux_wrapper.c as described above.

Anyone else have this working?  Care to share an emerge --info?

----------

## Cluster

rburcham, I am using the vanilla kernel from kernel.org, version 2.6.18.1:

$ locate utsrelease.h

/usr/src/linux-2.6.18.1/include/linux/utsrelease.h

with /usr/src/linux pointing to /usr/src/linux-2.6.18.1.  I don't know in which version this file first appeared.  It's possible that Gentoo is patching it to the old behavior...

----------

## rburcham

Well I went ahead and symlinked /usr/include/linux/utsrelease.h to /usr/src/linux/include/linux/utsrelease.h.  That got me around the missing include warning, but the syntax error still persists:

```
# make

cd src && make all

make[1]: Entering directory `/usr/src/cvc_linux-rh-gcc3-3.3/src'

cd k2.6 && make

make[2]: Entering directory `/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6'

make -C /lib/modules/2.6.18-gentoo-r1/build SUBDIRS=/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6 modules

make[3]: Entering directory `/usr/src/linux-2.6.18-gentoo-r1'

  CC [M]  /usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.o

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:180: error: syntax error before '*' token

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c: In function `register_nl_netfilter':

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:187: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:188: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:189: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:189: error: `input_hook' undeclared (first use in this function)

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:189: error: (Each undeclared identifier is reported only once

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:189: error: for each function it appears in.)

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:190: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:191: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:193: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:194: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:195: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:195: error: `output_hook' undeclared (first use in this function)

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:196: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:197: error: invalid use of undefined type `struct nf_hook_ops'

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c: At top level:

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:163: error: storage size of `input_filter' isn't known

/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.c:164: error: storage size of `output_filter' isn't known

make[4]: *** [/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6/linux_wrapper.o] Error 1

make[3]: *** [_module_/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6] Error 2

make[3]: Leaving directory `/usr/src/linux-2.6.18-gentoo-r1'

make[2]: *** [kmod_build] Error 2

make[2]: Leaving directory `/usr/src/cvc_linux-rh-gcc3-3.3/src/k2.6'

make[1]: *** [all] Error 2

make[1]: Leaving directory `/usr/src/cvc_linux-rh-gcc3-3.3/src'

make: *** [all] Error 2
```

In which include is the nf_hookfn callback type defined?  Let me do some grepping here....

```
# grep -ri nf_hookfn /usr/src/linux/include/*

/usr/src/linux/include/linux/netfilter.h:typedef unsigned int nf_hookfn(unsigned int hooknum,

/usr/src/linux/include/linux/netfilter.h:       nf_hookfn *hook;

roblt1 cvc_linux-rh-gcc3-3.3 # grep -ri nf_hookfn /usr/include/*

#
```

Okay clearly the linux-headers and gentoo-sources packages are out of whack.  I will hack around with the header files from the gentoo-sources package, and I will report any progress here.

*EDIT*

Before I forget, we need to add a CONFIG_NETFILTER blurb to the kernel configuration section of your howto...

*EDIT 2*

I got it compiled.  I struck the kernel headers provided by linux-headers and went with those provided by gentoo-sources-2.6.18-gentoo-r1.  I also edited the utsrelease.h to remove the "-gentoo-r1" from the release version.

Modules build and load now, and no kernel freeze problems either.  Thanks for the howto.

----------

## Cluster

rburcham, thanks for the netfilter suggestion.  What is the harm in not having it enabled?

----------

## rburcham

One of the cvc kernel modules failed to load complaining of a missing NETFILTER symbol or two, I didn't record which.  But they obviously were NETFILTER symbols, and when I configured, built and installed the necessary modules I was golden.

*EDIT*

Here, it was one of these :)  (my guess is one of the hook registration functions)

```
# strings /usr/src/linux/net/netfilter/netfilter.o  | grep nf_

nf_afinfo

nf_register_afinfo

nf_unregister_afinfo

nf_hooks

nf_register_hook

nf_unregister_hook

nf_register_hooks

nf_unregister_hooks

nf_hook_slow

nf_ct_attach

nf_log_register

nf_log_unregister_pf

nf_log_unregister_logger

nf_log_packet

nf_register_queue_handler

nf_unregister_queue_handler

nf_unregister_queue_handlers

nf_reinject

nf_register_sockopt

nf_unregister_sockopt

nf_setsockopt

nf_getsockopt

nf_log

nf_queue

```

*EDIT 2*

Bingo!

```
# strings mishim.o | grep nf_

SP: gen_key_schedules() for esp_conf_key failed.

SP: NLKALLOC() - esp_conf_key_table_buff failed.

SP: Invalid esp_conf_algor_number.

nf_register_hook

nf_unregister_hook

```

----------

## rburcham

Kernel 2.6.22 introduces major net_device reorganization - the following patch fixes cvc client 3.3 to work on 2.6.22 and should be safe for previous kernels too (it includes Cluster's patch for cvc 3.3 referenced on his howto site linked above).  I am sure the same principle would work on 3.5 also, but I don't have that version of cvc handy.

```
--- cvc_linux-rh-gcc3-3.3/src/linux_wrapper.c   2005-07-12 18:52:40.000000000 -0500

+++ cvc_linux-rh-gcc3-3.3_k2.6.22/src/linux_wrapper.c   2007-07-29 17:20:34.000000000 -0500

@@ -43,6 +43,7 @@

 *****************************************************************************/

 #include <linux/version.h>

+#include <linux/utsrelease.h> /* XXX added for UTS_RELEASE variable */

 /* Version 2.2.x */

 #if ((LINUX_VERSION_CODE >= 0x020200) && (LINUX_VERSION_CODE < 0x020300))

@@ -72,17 +73,18 @@

 #include <linux/inetdevice.h>

 #include <net/ip.h>

 #include <linux/udp.h>

+#include <linux/tcp.h>

 #if ((LINUX_VERSION_CODE >= 0x020200) && (LINUX_VERSION_CODE < 0x020300))

   #include <linux/firewall.h>

   #include <asm/spinlock.h>

-  #include <net/route.h>

 #else

   #include <linux/netfilter_ipv4.h>

   #include <linux/spinlock.h>

 #if (LINUX_VERSION_CODE >= 0x020500)

   #include <net/flow.h>

+  #include <net/route.h> /* XXX moved out of #if */

   struct rtable;

 static inline int ip_route_output(struct rtable **rp,

@@ -126,6 +128,9 @@

 typedef struct net_device net_device_t;

 #endif

+int nl_nf_register_hook(struct nf_hook_ops *reg); /* XXX added */

+int mishim_init(); /* XXX added */

+int mishim_uninit();  /* XXX added */

 net_device_t *nl_dev_base;

 int kmalloc_pri = GFP_ATOMIC;

@@ -292,8 +297,11 @@

 void init_misc(void)

 {

-

+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 22)  /*ROB*/

+        nl_dev_base = first_net_device();

+#else

         nl_dev_base = dev_base;

+#endif

 }

 #if ((LINUX_VERSION_CODE >= 0x020200) && (LINUX_VERSION_CODE < 0x020300))

@@ -415,7 +423,8 @@

 int nl_ip_rcv(struct sk_buff *skb, struct packet_type *pt)

 {

-       return ip_rcv(skb, skb->dev, pt);

+       /* return ip_rcv(skb, skb->dev, pt); XXX removed */

+       return netif_rx(skb);

 }

 void nl_ip_send_check(struct iphdr *iph)

@@ -465,7 +474,11 @@

 }

 net_device_t *dev_next (net_device_t *dev)

 {

+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 22)  /*ROB*/

+  return next_net_device(dev);

+#else

   return (dev->next);

+#endif

 }

 int ip_summed(struct sk_buff *skb)

 {

@@ -517,14 +530,20 @@

     head_offset = new_skb->head - skb->head;

     new_skb->dev = skb->dev;

     new_skb->dst = dst_clone(skb->dst);

+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 22)  /*ROB*/

+    new_skb->transport_header = skb->transport_header+head_offset;

+    new_skb->network_header = skb->network_header+head_offset;

+    new_skb->mac_header = skb->mac_header+head_offset;

+#else

     new_skb->h.raw = skb->h.raw+head_offset;

     new_skb->nh.raw = skb->nh.raw+head_offset;

     new_skb->mac.raw = skb->mac.raw+head_offset;

+#endif

     memcpy(new_skb->cb, skb->cb, sizeof(skb->cb));

     new_skb->priority = skb->priority;

     new_skb->protocol = skb->protocol;

-    new_skb->stamp = skb->stamp;

-    new_skb->security = skb->security;

+    new_skb->tstamp = skb->tstamp;     /* XXX changed stamp to tstamp */

+    /* new_skb->security = skb->security; XXX removed */

 #if ((LINUX_VERSION_CODE >= 0x020200) && (LINUX_VERSION_CODE < 0x020300))

     new_skb->used = skb->used;

 #endif

@@ -544,13 +563,19 @@

 {

   skb_to->dev = skb_from->dev;

   skb_to->dst = skb_from->dst;

+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 22)  /*ROB*/

+  skb_to->transport_header = skb_from->transport_header;

+  skb_to->network_header = skb_from->network_header;

+  skb_to->mac_header = skb_from->mac_header;

+#else

   skb_to->h.raw = skb_from->h.raw;

   skb_to->nh.raw = skb_from->nh.raw;

   skb_to->mac.raw = skb_from->mac.raw;

+#endif

   memcpy(skb_to->cb, skb_from->cb, sizeof(skb_from->cb));

   skb_to->priority = skb_from->priority;

   skb_to->protocol = skb_from->protocol;

-  skb_to->stamp = skb_from->stamp;

+  skb_to->tstamp = skb_from->tstamp;   /* XXX changed stamp to tstamp */

 #if ((LINUX_VERSION_CODE >= 0x020200) && (LINUX_VERSION_CODE < 0x020300))

   skb_to->used = skb_from->used;

 #else

@@ -563,7 +588,11 @@

 struct iphdr * nl_skb_iph (struct sk_buff *skb)

 {

+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 22)  /*ROB*/

+  return ((struct iphdr *)skb_network_header(skb));

+#else

   return skb->nh.iph;

+#endif

 }

 net_device_t * nl_skb_dev (struct sk_buff *skb)

@@ -584,10 +613,18 @@

   if (skb)

     {

+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 22)  /*ROB*/

+    skb->network_header = (struct iphdr *) skb->data;

+#else

     skb->nh.iph = (struct iphdr *) skb->data;

+#endif

     skb->dev = dev;

+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 22)  /*ROB*/

+    iph = ((struct iphdr *)skb_network_header(skb));

+#else

     iph = skb->nh.iph;

+#endif

     rval = ip_route_output (&rt, iph->daddr, 0, RT_TOS(iph->tos), 0);

@@ -719,7 +756,11 @@

     {

     goto done_exit;

     }

+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 22)  /*ROB*/

+  iph = ((struct iphdr *)skb_network_header(skb));

+#else

   iph = skb->nh.iph;

+#endif

   header_length = iph->ihl << 2;                /* get the ip header length */

   h_ptr = (char*)iph + header_length;           /* get pointer to proto header */

   frag_ptr = skb_shinfo( skb )->frag_list;      /* at most, one frag */

@@ -735,11 +776,19 @@

     csum = csum_partial( h_ptr, ntohs(iph->tot_len) - header_length, 0 );

     check = csum_fold( csum_partial( frag_ptr->data, nl_data_len( frag_ptr ), csum ) );

     }

+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 22)  /*ROB*/

+  if ( ((struct iphdr *)skb_network_header(skb))->protocol == 17 )            /* if UDP, */

+#else

   if ( skb->nh.iph->protocol == 17 )            /* if UDP, */

+#endif

     {

     ((struct udphdr*)h_ptr)->check = check;

     }

+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 22)  /*ROB*/

+  if ( ((struct iphdr *)skb_network_header(skb))->protocol == 6 )            /* if UDP, */

+#else

   if ( skb->nh.iph->protocol == 6 )             /* if TCP, */

+#endif

     {

     ((struct tcphdr*)h_ptr)->check = check;

     }
```

----------

