NET-POLICY ERRATA Errata for net-policy 1.0-3.0 ============================= None Errata for net-policy 0.9.1 =========================== * net-snmp conflict with openssl-0.9.7 ---------------------------------------------- If you are running openssl-0.9.7, stop net-snmp Segmentation faults by going to the net-snmp snmplib/scapi.c file, and commenting out the line that says "free(c)" near line 364. * np-cerberus startup script not installed ------------------------------------------ A startup script for np-cerberus is dsitributed, but not installed. To install and activate this startup script follow this example on each client machine: # cd /etc/rc.d/init.d # cp /usr/local/src/np-cerberus/net/ipsec/np-cerberus . # chkconfig --add np-cerberus # service np-cerberus start Errata for net-policy 0.9 ========================= * iptables source should match existing binary ---------------------------------------------- The original INSTALL document only metions that iptables source should be installed. It neglected to mention that the source version should match the existing iptables binary version. 'iptables --version' will tell you what you binary version is. * plutoplus can't open shared library ------------------------------------- Symptoms: libnetsnmpagent.so.5: cannot open shared object file: No such file or directory Solution: Any time you install shared libraries, you need to make sure that the loader can find them. You can do this by adding the directory for the library to /etc/ld.so.conf, and then running ldconfig. The default directory for net-snmp is /usr/local/lib. # echo "/usr/local/lib" >> /etc/ld.so.conf # ldconfig * plutoplus exits without any errors on startup ----------------------------------------------- Symptoms: "fopen() of file /etc/payload.conf failed in readPayloadConf()" in /var/log/secure Solution: Copy the payloads.conf file in the plutoplus directory to /etc/. * Need symlink to kernel config for redhat. ------------------------------------------- Symptoms: # make Makefile.external:12: /usr/src/linux/.config: No such file or directory Solution: Redhat kernel source doesn't come with a default .config. You can symlink to the correct one. # ln -s /usr/src/linux/configs/kernel-2.4.18-i686.config /usr/src/linux/.config * need snmp v3 user and agentx master agent ------------------------------------------- 1) stop the running snmpd 2) add 'createUser smip MD5 kissthesky DES zonkerharris' to /var/net-snmp/snmpd.conf 3) add the following lines to /usr/local/share/snmpd.conf master agentx rwuser smip 4) restart snmpd * net-policy configure reports opensnmp is not installed, but it is. -------------------------------------------------------------------- configure is looking for a variable in the opensnmp library that was just added recently. It was added somewhere around 0.3.4, so if you have an earlier version, upgrade it. * opensnmp Db->open compile errors ---------------------------------- Symptoms: snmpDatabaseObj.C: In method 'DbHelper::DbHelper (const char *);: snmpDatabaseObj.C:80: no matching function for call to 'Db::open (const char[15], NULL, DBTYPE, int, int)' Solution: Update the the latest open snmp release, try the CVS version of opensnmp, or send a message to the net-policy mailing list. * sadb header problem --------------------- # cd ../../sadb # make gcc -I../net -O2 -o sadb sadb_ui.c In file included from sadb_ui.c:4: /usr/include/linux/autoconf.h:1:2: #error Invalid kernel header included in userspace make: *** [sadb] Error 1 Solution: Remove the include of autoconf.h from sadb_ui.c and try again. * Errors during load of netlink_dev ----------------------------------- Symptoms: # ./load modprobe: Can't locate module netlink_dev modprobe of netlink_dev failed is kernel configured with CONFIG_NETLINK? Solution: Try: $ cd /usr/src/linux $ grep -i netlink .config CONFIG_NETLINK_DEV should be 'y' or 'm'. I'm guessing 'y' for you, in which case you can ignore this message. If it is 'n', you need to rebuild your kernel with 'y' or 'm' and reboot. * __u32 on non-i386/redhat system --------------------------------- Symptoms: In file included from kernel_comm.c:42: /usr/include/linux/netlink.h:22: parse error before `__u32' Solution: Add this line somewhere before line 42: #include * ipt_priority.h ---------------- Symptoms: policy_iterator.c:9: ipt_priority.h: No such file or directory make[1]: *** [policy_iterator.o] Error 1 Solution: Did you specify a relative path to cerberus when you configured? Don't. Use a fully qualified path. (Yes, I know the INSTALL example uses a relative path. Sorry.) * openssl des_is_weak_key conflict ---------------------------------- Symptoms: /usr/local/ssl/lib/libcrypto.a(set_key.o): In function `des_is_weak_key': set_key.o(.text+0x370): multiple definition of `des_is_weak_key' check_key.o:/usr/local/src/np-cerberus/np-cerberus-0.9/net/ipsec/crypto/des/check_key.c:52: first defined here /usr/bin/ld: Warning: size of symbol `des_is_weak_key' changed from 57 to 94 in /usr/local/ssl/lib/libcrypto.a(set_key.o) collect2: ld returned 1 exit status make: *** [plutoplus] Error 1 Solution: Remove check_key.o from Makefile.des. * make install fails in net-policy ---------------------------------- Edit np-distd/Makefile, and remove installlibs and installsubdirs from the install target (around line 75).