Skip to content

Instantly share code, notes, and snippets.

@syncom

syncom/20190804.build-ipsec-tools-with-asan.md

Last active August 5, 2019 21:07
Show Gist options
  • Save syncom/2c37017d580190f09b1f730cb1136269 to your computer and use it in GitHub Desktop.
Save syncom/2c37017d580190f09b1f730cb1136269 to your computer and use it in GitHub Desktop.
Download ZIP
How to build Android ipsec-tools (racoon) on Ubuntu 18.04 with ASan
Raw
20190804.build-ipsec-tools-with-asan.md

How to build ipsec-tools (racoon) on Ubuntu 18.04 with ASan

This note describes how to build ipsec-tools (racoon) obtained from the Android repository (https://android.googlesource.com/platform/external/ipsec-tools/) on a Ubuntu laptop machine (Dell XPS 13). The system used for this work is Ubuntu 18.04.2 LTS: uname -a gives

Linux xps13 4.15.0-1045-oem #50-Ubuntu SMP Wed Jun 26 11:16:36 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

  1. Install dependencies

    • Install llvm/clang
    sudo apt install clang
    • Install libbsd-dev (for 'strlcat')
    sudo apt install libbsd-dev
    • Install openssl. Note that sudo apt install libssl-dev could satisfy the dependency requirement. However, I only tested with manual installation, as follows.
    cd /tmp
# Obtain openssl 1.0.2l
wget https://www.openssl.org/source/openssl-1.0.2l.tar.gz
tar xvfz openssl-1.0.2l.tar.gz
cd openssl-1.0.2l
./config --prefix=/tmp/openssl-for-ipsec-tools
make
make install

    Now openssl headers and libraries have been installed in '/tmp/openssl-for-ipsec-tools/'.

  2. Clone the Android ipsec-tools repository, and modify the source files.

    cd /tmp
git clone https://android.googlesource.com/platform/external/ipsec-tools
cd ipsec-tools

    Replace the included '<string.h>', with '<bsd/string.h>' in source files.

    find . -name "*.c" | xargs sed -i.bak -e 's|<string\.h|<bsd\/string\.h|g'

    The original source files are backed up to the corresponding '.bak' files. Applied the following patch to Makefile.

    diff --git a/Makefile b/Makefile
index d8c417f..d371807 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,6 @@
all:
-       gcc -O3 -Wall -o racoon -I. -Isrc/include-glibc -Isrc/libipsec \
-       -Isrc/racoon -Isrc/racoon/missing -DHAVE_CONFIG_H -lcrypto \
+       clang -v -O1 -g -fsanitize=address -fno-omit-frame-pointer -o racoon -I. -Isrc/include-glibc -Isrc/libipsec \
+       -Isrc/racoon -Isrc/racoon/missing -I/tmp/openssl-for-ipsec-tools/include -DHAVE_CONFIG_H \
        src/libipsec/pfkey.c \
        src/libipsec/ipsec_strerror.c \
        src/racoon/algorithm.c \
@@ -32,4 +32,5 @@ all:
        src/racoon/vendorid.c \
        src/racoon/vmbuf.c \
        main.c \
-       setup.c
+       setup.c \
+       -L/tmp/openssl-for-ipsec-tools/lib -lcrypto -lbsd -ldl

  3. Build 'ipsec-tools' with make. The generated binary is racoon. Introduce a bug in 'main.c' to trigger an ASan warning.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment