NET-POLICY ERRATA

Errata for net-policy 1.0-3.0
=============================

None

Errata for net-policy 0.9.1
===========================

* net-snmp conflict with openssl-0.9.7
----------------------------------------------
  If you are running openssl-0.9.7, stop net-snmp Segmentation faults by 
  going to the  net-snmp snmplib/scapi.c file, and commenting out the 
  line that says "free(c)" near line 364.

* np-cerberus startup script not installed
------------------------------------------
  A startup script for np-cerberus is dsitributed, but not installed. To install and
  activate this startup script follow this example on each client machine:

    # cd /etc/rc.d/init.d
    # cp /usr/local/src/np-cerberus/net/ipsec/np-cerberus .
    # chkconfig --add np-cerberus
    # service np-cerberus start



Errata for net-policy 0.9
=========================

* iptables source should match existing binary
----------------------------------------------
  The original INSTALL document only metions that iptables source should
  be installed. It neglected to mention that the source version should
  match the existing iptables binary version.  'iptables --version' will
  tell you what you binary version is.

* plutoplus can't open shared library
-------------------------------------
Symptoms:
  libnetsnmpagent.so.5: cannot open shared object file: No such file or
  directory

Solution:
  Any time you install shared libraries, you need to make sure that the
  loader can find them. You can do this by adding the directory for the
  library to /etc/ld.so.conf, and then running ldconfig.  The default
  directory for net-snmp is /usr/local/lib.

    # echo "/usr/local/lib" >> /etc/ld.so.conf
    # ldconfig


* plutoplus exits without any errors on startup
-----------------------------------------------
Symptoms:
  "fopen() of file /etc/payload.conf failed in readPayloadConf()" in
  /var/log/secure

Solution:
  Copy the payloads.conf file in the plutoplus directory to /etc/.


* Need symlink to kernel config for redhat.
-------------------------------------------
Symptoms:
  # make
  Makefile.external:12: /usr/src/linux/.config: No such file or directory

Solution:
 Redhat kernel source doesn't come with a default .config. You can symlink to
 the correct one.

  # ln -s /usr/src/linux/configs/kernel-2.4.18-i686.config /usr/src/linux/.config


* need snmp v3 user and agentx master agent
-------------------------------------------
  1) stop the running snmpd
  2) add 'createUser smip MD5 kissthesky DES zonkerharris' to
     /var/net-snmp/snmpd.conf
  3) add the following lines to /usr/local/share/snmpd.conf
     master agentx
     rwuser smip
  4) restart snmpd


* net-policy configure reports opensnmp is not installed, but it is.
--------------------------------------------------------------------
  configure is looking for a variable in the opensnmp library that was
  just added recently. It was added somewhere around 0.3.4, so if you have
  an earlier version, upgrade it.



* opensnmp Db->open compile errors
----------------------------------
Symptoms:
  snmpDatabaseObj.C: In method 'DbHelper::DbHelper (const char *);:
  snmpDatabaseObj.C:80: no matching function for call to 'Db::open (const
  char[15], NULL, DBTYPE, int, int)'

Solution:
 Update the the latest open snmp release, try  the CVS version of opensnmp,
 or send a message to the net-policy mailing list.


* sadb header problem
---------------------
  # cd ../../sadb
  # make
  gcc -I../net -O2 -o sadb sadb_ui.c
  In file included from sadb_ui.c:4:
  /usr/include/linux/autoconf.h:1:2: #error Invalid kernel header included
  in userspace
  make: *** [sadb] Error 1

Solution:
 Remove the include of autoconf.h from sadb_ui.c and try again.


* Errors during load of netlink_dev
-----------------------------------
Symptoms:
  # ./load
  modprobe: Can't locate module netlink_dev
  modprobe of netlink_dev failed
     is kernel configured with CONFIG_NETLINK?

Solution:
 Try:
	$ cd /usr/src/linux
	$ grep -i netlink .config

 CONFIG_NETLINK_DEV should be 'y' or 'm'. I'm guessing 'y' for you, in which
 case you can ignore this message. If it is 'n', you need to rebuild your
 kernel with 'y' or 'm' and reboot.


* __u32 on non-i386/redhat system
---------------------------------
Symptoms:
  In file included from kernel_comm.c:42:
  /usr/include/linux/netlink.h:22: parse error before `__u32'

Solution:
 Add this line somewhere before line 42:

  #include <asm/types.h>


* ipt_priority.h
----------------
Symptoms:
  policy_iterator.c:9: ipt_priority.h: No such file or directory
  make[1]: *** [policy_iterator.o] Error 1

Solution:
 Did you specify a relative path to cerberus when you configured? Don't.
 Use a fully qualified path. (Yes, I know the INSTALL example uses a
 relative path. Sorry.)


* openssl des_is_weak_key conflict
----------------------------------
Symptoms:
  /usr/local/ssl/lib/libcrypto.a(set_key.o): In function `des_is_weak_key':
  set_key.o(.text+0x370): multiple definition of `des_is_weak_key'
  check_key.o:/usr/local/src/np-cerberus/np-cerberus-0.9/net/ipsec/crypto/des/check_key.c:52:
  first defined here
  /usr/bin/ld: Warning: size of symbol `des_is_weak_key' changed from 57 to
  94 in /usr/local/ssl/lib/libcrypto.a(set_key.o)
  collect2: ld returned 1 exit status
  make: *** [plutoplus] Error 1

Solution:
 Remove check_key.o from Makefile.des.


* make install fails in net-policy
----------------------------------
Edit np-distd/Makefile, and remove installlibs and installsubdirs from
the install target (around line 75).