HOWTO: compile kernel with LISP support

  • Hello everyone,

    i'm thinking about exchanging my Cisco ISRs against pfSense appliances.
    One of the things currently holding me back is the lack of Locator/Identifier Separation Protocol (LISP) support in pfSense, which i'd really like to see in a future release.
    I'm hoping for a lot of potential imitators, testers and feedback on Lisp so we might even get a pfSense package in the future.

    I'm a versed *nix sysadmin and user, however i don't have much experience with BSD, kernel hacking or coding.
    So if anything is plain wrong or could be improved in this guide, please let me know.
    This guide is basically following the Official OpenLisp install guide found on Github [1] and mostly focusing on how to compile LISP support into the kernel,
    because i expect anyone reading/doing this being able to compile the associated userland applications without any problems.
    Since pfSense seems to make it's own modifications to the BSD kernel, one diff conflict arises. but apart from that, compiling a kernel is no rocket science either.

    [1] install.pdf

    1) Prerequisites
    Since pfSense 2.3 is based on FreeBSD 10.3, you'll need a FreeBSD 10.3 build machine.

    1. install and update ports, git, compile libconfig
    2. download the pfSense sources and openlisp data-plane from github
    3. create a symlink to /usr/src for the pfSense sources, because the lisp install script is looking there by default
      As mentioned earlier, pfSense is making its own modifications to the kernel source and uses a custom kernel config aswell.
      Therefore /usr/src needs to point to the pfSense modified sources.
    cd /usr/ports/devel/libconfig
    make clean install
    cd <workdir>git --clone --depth 1 --branch master --
    git --clone --depth 1 --branch RELENG_2_3 -- pfSense_2.3
    ln -s <workdir>/pfSense_2.3 /usr/src</workdir></workdir> 

    2) patch the kernel
    Patching the kernel is easy with the provided "" script.
    As mentioned before, you'll run into a diff conflict which you need to resolve manually.
    Its important though, that you ignore the warning which the script emits and continue with it.

    cd data-plane
     <ommited>Trying to find the original file [Y/n]? n
    Skip this step and continue (not safe) [y/N]? Y</ommited> 

    This conflict needs to be resolved manually:

    *** 139,144 ****
      #ifdef IPSEC
      	int no_route_but_check_spd = 0;
      	if (inp != NULL) {
    --- 147,158 ----
      #ifdef IPSEC
      	int no_route_but_check_spd = 0;
    + + #ifdef LISP
    + 	struct eidmap *  local_map = NULL;
    + 	struct eidmap *  remote_map = NULL;
    + #endif /* LISP */
    +   	M_ASSERTPKTHDR(m);
      	if (inp != NULL) {

    3) compile the kernel
    At last, we need to add LISP support to the pfSense kernel config, compile it, and make a Kernel package. (assuming amd64 here)
    The result will be a /kernel.txz file which you can install on a pfSense 2.3 machine.

    echo "options LISP" >> /usr/src/sys/amd64/conf/pfSense
    cd /usr/src
    make buildkernel KERNCONF=pfSense
    make distributekernel KERNCONF=pfSense INSTKERNNAME=pfSense-2.3_lisp
    make packagekernel KERNCONF=pfSense INSTKERNNAME=pfSense-2.3_lisp

    4) userland applications
    Two problems i've encountered while compiling userland

    1. 'mapstat' needs to be compiled without IPX support to run on pfsense 'make -DWITHOUT_IPX_SUPPORT'
    2. 'opencp' needs to be compiled using clang on FreeBSD10.3 so 'make CC=clang'

  • So is LISP support baked in to standard pfSense by now?

  • This topic has been readen 1177 times. It means that many people interested in this technology, really good thing to drop NPt away in IPv6 Multihoming.