Nortel Netlock VPN Client

Shannon McMackin mcmackin at shentel.net
Wed Feb 4 03:18:20 UTC 2004 

Reddan, Charles G wrote:
> By the way, this isn't a Fedora issue per se... It appears to me 
> to be a specific kernel update issue, which the NetLock vendor 
> simply hasn't kept up-to-date with. It stopped working for me 
> at the same time as some changes to 'skbuff.h' that went in with 
> 2.4.22 in the base (non-Redhat-modified) kernel, when running a 
> custom kernel with RH9. 
> 
> Looking around at the time, I found that the 'skbuff' data 
> structure changed in 2.4.22 and beyond when a new structure 
> definition
> 	struct  net_device   *real_dev;
> was inserted in the MIDDLE of the existing sk_buff structure, 
> displacing anything (e.g., various control structures) that lay 
> beyond that point in the original skbuff structure. The binary-only 
> portion of the Netlock client naturally would not have spontaneously 
> changed itself at the same time, so it would be using now-invalid 
> offsets within the skbuff structure when *it* tries to manipulate 
> these buffers.
> 
> So, the compilable "shim" for the Netlock client still compiled ok, 
> but it isn't the only part of the VPN client. At bootup time, if the
> binary Netlock client modules were loaded (need not actually be in use) 
> I'd get a mess of 
> 	"No more skbuff" 
> messages within a minute or two, followed by failure. I dropped back 
> to a 2.4.21 kernel and it works happily with that... even now on 
> Fedora.
> 
> Looking at NetLock's (now Apani's) web site, their most recent release 
> (3.0 at the start of this year) of the product is said to work with 
> RH9 and Suse 8.2. The more recent version of Suse (9.0) is NOT listed 
> as supported, and since its supplied kernel version includes that same 
> update to skbuff.h, I am not surprised. Hopefully someone at Apani
> is planning to recompile the binary-only portion of their code with 
> a more recent kernel someday. 
> 
> Chuck R.
> 
> 	  
> 
> 
Charles,

Thank you for the most insightful explanation of the issue I've seen 
yet.  Have you sent your findings to support at apani.com?  I was testing 
their beta versions of what is now 3.0 and I had very similar failures 
on FC1, RHEL3 and SUSE 9.  I did come to find that changes in GNOME are 
what kept me from logging in under FC1.  RHEL3 would kernel panic.

I'm gonna follow your lead and try a generic 2.4.21 kernel and see if I 
get any better luck.  Eventually I think I'll end up using RHEL3 because 
that's the direction the apps developers where I work are heading.

Apani claims they're about to release beta code for FC1, RHEL3 and SUSE 
9.  I saw other posts that indicated a finished product would be 
available by May.

Shannon McMackin
mcmackin at shentel.net

More information about the users mailing list