Hi, openvpn-devel in the current openwrt tree is broken, due to upstream- breakage.
For the record, it's built like this:
$ ./configure --target=mips-openwrt-linux --host=mips-openwrt-linux
--build=i686-pc-linux-gnu --program-prefix= --program-suffix= --prefix=/usr
--exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/lib
--sysconfdir=/etc --datadir=/usr/share --localstatedir=/var --mandir=/usr/man
--infodir=/usr/info --disable-nls --enable-small --disable-selinux
--disable-systemd --disable-plugins --disable-debug --disable-eurephia
--disable-pkcs11 --enable-lzo --disable-crypto disable-x509-alt-username-ssl
--enable-server --disable-management --enable-socks --enable-http
--enable-fragment --enable-multihome --disable-iproute2 --enable-def-auth
--enable-pf --enable-ssl --enable-crypto --with-crypto-library=polarssl
... and the real breakage is the combination of --enable-pf,
--disable-plugins, --disable-management and --with-crypto-library=polarssl.
What this will do is:
- config.h defines ENABLE_PF
/* Enable internal packet filter */
#define ENABLE_PF 1
- syshead.h turns it off again
#if defined(ENABLE_DEF_AUTH) && P2MP_SERVER && defined(ENABLE_MANAGEMENT)
#define MANAGEMENT_DEF_AUTH
#endif
...
/*
* Enable packet filter?
*/
#if defined(ENABLE_PF) && P2MP_SERVER && defined(ENABLE_PLUGIN) &&
defined(HAVE_STAT)
#define PLUGIN_PF
#endif
#if defined(ENABLE_PF) && P2MP_SERVER && defined(MANAGEMENT_DEF_AUTH)
#define MANAGEMENT_PF
#endif
#if !defined(PLUGIN_PF) && !defined(MANAGEMENT_PF)
#undef ENABLE_PF
#endif
- so pf.c gets compiled into an empty pf.o module (all ok)
- now, init.c does more interesting things
- include "config.h" -> #define ENABLE_PF 1
- include "syshead.h" -> #undef ENABLE_PF
- include "init.h"
include "openvpn.h"
include "ssl.h"
include "ssl_backend.h"
include "ssl_polarssl.h"
include "config.h" --> #define ENABLE_PF 1
- so init.c and multi.c get compiled with the function calls towards
pf.c, but pf.o is empty -> linker fails
This cannot be triggered with --disable-pf, or OpenSSL (because ssl_openssl.h
does not include config.h), or if either plugins or management are enabled.
The quick fix is "remove config.h from ssl_polarssl.h" - because all .c
modules right now include this anyway, as the first thing, including all
SSL modules. I would propose to do that right away (patch attached), but
would like confirmation from Adriaan that I'm not overlooking anything.
The "right" fix is manyfold (and I think I'll agree with Alon here)
- stop calling our own include files many layers deep
- stop modifying config.h variables from sysdep.h - if we want to
override ENABLE_PF depending on other options, let's do it in
configure
- cleanup the amazing heap of #ifdefs in sysdep.h
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
From ac9a8b9ea08a52f7afbfa6a80ea3e6eed20e26e2 Mon Sep 17 00:00:00 2001 From: Gert Doering <[email protected]> List-Post: [email protected] Date: Thu, 14 Jun 2012 16:41:37 +0200 Subject: [PATCH] Remove #include "config.h" from ssl_polarssl.h This include is superfluous, as all callers already include config.h - and under certain combinations of configure options and syshead.h Signed-off-by: Gert Doering <[email protected]> --- src/openvpn/ssl_polarssl.h | 1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git a/src/openvpn/ssl_polarssl.h b/src/openvpn/ssl_polarssl.h index 2b02a6f..456573f 100644 --- a/src/openvpn/ssl_polarssl.h +++ b/src/openvpn/ssl_polarssl.h @@ -31,7 +31,6 @@ #define SSL_POLARSSL_H_ #include <polarssl/ssl.h> -#include "config.h" #if defined(ENABLE_PKCS11) #include <polarssl/pkcs11.h> -- 1.7.3.4
pgpSkKMUkOIRt.pgp
Description: PGP signature
