Skip to content

Instantly share code, notes, and snippets.

@syncom
Last active August 5, 2019 21:07
Show Gist options
  • Save syncom/2c37017d580190f09b1f730cb1136269 to your computer and use it in GitHub Desktop.
Save syncom/2c37017d580190f09b1f730cb1136269 to your computer and use it in GitHub Desktop.
How to build Android ipsec-tools (racoon) on Ubuntu 18.04 with ASan

How to build ipsec-tools (racoon) on Ubuntu 18.04 with ASan

This note describes how to build ipsec-tools (racoon) obtained from the Android repository (https://android.googlesource.com/platform/external/ipsec-tools/) on a Ubuntu laptop machine (Dell XPS 13). The system used for this work is Ubuntu 18.04.2 LTS: uname -a gives

Linux xps13 4.15.0-1045-oem #50-Ubuntu SMP Wed Jun 26 11:16:36 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
  1. Install dependencies

    • Install llvm/clang
    sudo apt install clang
    • Install libbsd-dev (for 'strlcat')
    sudo apt install libbsd-dev
    • Install openssl. Note that sudo apt install libssl-dev could satisfy the dependency requirement. However, I only tested with manual installation, as follows.
    cd /tmp
    # Obtain openssl 1.0.2l
    wget https://www.openssl.org/source/openssl-1.0.2l.tar.gz
    tar xvfz openssl-1.0.2l.tar.gz
    cd openssl-1.0.2l
    ./config --prefix=/tmp/openssl-for-ipsec-tools
    make
    make install

    Now openssl headers and libraries have been installed in '/tmp/openssl-for-ipsec-tools/'.

  2. Clone the Android ipsec-tools repository, and modify the source files.

    cd /tmp
    git clone https://android.googlesource.com/platform/external/ipsec-tools
    cd ipsec-tools

    Replace the included '<string.h>', with '<bsd/string.h>' in source files.

    find . -name "*.c" | xargs sed -i.bak -e 's|<string\.h|<bsd\/string\.h|g'

    The original source files are backed up to the corresponding '.bak' files. Applied the following patch to Makefile.

    diff --git a/Makefile b/Makefile
    index d8c417f..d371807 100644
    --- a/Makefile
    +++ b/Makefile
    @@ -1,6 +1,6 @@
    all:
    -       gcc -O3 -Wall -o racoon -I. -Isrc/include-glibc -Isrc/libipsec \
    -       -Isrc/racoon -Isrc/racoon/missing -DHAVE_CONFIG_H -lcrypto \
    +       clang -v -O1 -g -fsanitize=address -fno-omit-frame-pointer -o racoon -I. -Isrc/include-glibc -Isrc/libipsec \
    +       -Isrc/racoon -Isrc/racoon/missing -I/tmp/openssl-for-ipsec-tools/include -DHAVE_CONFIG_H \
            src/libipsec/pfkey.c \
            src/libipsec/ipsec_strerror.c \
            src/racoon/algorithm.c \
    @@ -32,4 +32,5 @@ all:
            src/racoon/vendorid.c \
            src/racoon/vmbuf.c \
            main.c \
    -       setup.c
    +       setup.c \
    +       -L/tmp/openssl-for-ipsec-tools/lib -lcrypto -lbsd -ldl
    
  3. Build 'ipsec-tools' with make. The generated binary is racoon. Introduce a bug in 'main.c' to trigger an ASan warning.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment