nm-openswan development update

[steve <keyhman gmail com>]

Hi,

It's been busy at work and hence development slows down accordingly, but 
my weekends are free and I've made some big strides this weekend.

I also wasted about 5 hours of my time today (not to mention the 
frustration and head scratching for the past 3 weeks) at why the symbol 
plugin for Anjuta (my IDE) wasn't working reliably: it sometimes 
displayed correct data, then other times it wouldn't display that same 
data at all.

The 5 hours today went towards 3 efforts:

1. Try out eclipse (read the docs -- it doesn't support automake build 
systems)
2. Try out Kdevelop (well.. I'm not developing for KDE and it crashed 
everytime I tried to import my project or create a new GTK+ project and 
import my source
3. Try to compile the latest source of the next rev of Anjuta: Too many 
library version conflicts with my FC6 installation to make a sane build 
enviornment feisable on my laptop.

Then I stumbled across the reason for all my problems: I started with 
the source to nm-vpnc (FC6 src rpm + redhat patches) and of course, just 
like copying in school, you get the mistakes as well as the correct 
answers.

Moral of the Story: Don't copy verbatim if you can avoid it.

After I fixed the problem ( which had to do with name/type conflicts on 
typedef struct definitions ) the symbol browser in FC6's default 
installation of Anjuta started working perfectly.

Afterwards, I ran a build of the default vpc source (Just for kicks) 
and  saw warnings about the same thing. Anyway, just wanted to save 
people time if anyone else is writing a vpn plugin, and started with the 
source an existing one for reference like I did.

Development continues on nm-openswan and I hope to have a complete set 
of working alpha code for all targets of the plugin in about 2 weeks. At 
that point I'm going to setup some kind of CVS repository for the dist.

There is still one big design question to be answered through testing. 
If anyone knows openswan well, or cares to help me figure this one out, 
feel free to offer advice. Here's my dilema:

Call out to /usr/libexec/ipsec/whack to initiate/terminate an ipsec 
connection

-OR-

integrate the code for whack into my project and link against it at 
build time (so my code actually talks directly to pluto through a 
socket). I don't like this idea as my code becomes dependant on a 
specific version of openswan (it's hard to explain the why of that). 
Each new major rev of openswan will require an update to my source and a 
recompile to work again and introducing depenancies doesn't seem to fit 
with the design goals of NetworkManager.

All feedback welcome.

I'll send another update once I've got this problem licked and the alpha 
code compiles (without segfaults  at runtime ;)

Steve.