Nortel Netlock VPN Client
Reddan, Charles G
charles.reddan at eds.com
Wed Feb 4 00:44:18 UTC 2004
By the way, this isn't a Fedora issue per se... It appears to me
to be a specific kernel update issue, which the NetLock vendor
simply hasn't kept up-to-date with. It stopped working for me
at the same time as some changes to 'skbuff.h' that went in with
2.4.22 in the base (non-Redhat-modified) kernel, when running a
custom kernel with RH9.
Looking around at the time, I found that the 'skbuff' data
structure changed in 2.4.22 and beyond when a new structure
definition
struct net_device *real_dev;
was inserted in the MIDDLE of the existing sk_buff structure,
displacing anything (e.g., various control structures) that lay
beyond that point in the original skbuff structure. The binary-only
portion of the Netlock client naturally would not have spontaneously
changed itself at the same time, so it would be using now-invalid
offsets within the skbuff structure when *it* tries to manipulate
these buffers.
So, the compilable "shim" for the Netlock client still compiled ok,
but it isn't the only part of the VPN client. At bootup time, if the
binary Netlock client modules were loaded (need not actually be in use)
I'd get a mess of
"No more skbuff"
messages within a minute or two, followed by failure. I dropped back
to a 2.4.21 kernel and it works happily with that... even now on
Fedora.
Looking at NetLock's (now Apani's) web site, their most recent release
(3.0 at the start of this year) of the product is said to work with
RH9 and Suse 8.2. The more recent version of Suse (9.0) is NOT listed
as supported, and since its supplied kernel version includes that same
update to skbuff.h, I am not surprised. Hopefully someone at Apani
is planning to recompile the binary-only portion of their code with
a more recent kernel someday.
Chuck R.
More information about the users
mailing list