<div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
It might be safer to use strncmp and snprintf instead of strcmp and sprintf.<font color="#888888"><br>
</font></blockquote><div><br>Thanks Brad!<br>
<br>
So here is the final version:<br>
<br>
--- net/ipsec/ipsec_rcv.c.orig Tue Dec 23 13:10:46 2008<br>
+++ net/ipsec/ipsec_rcv.c Tue Dec 23 15:29:00 2008<br>
@@ -1619,18 +1619,44 @@ int klips26_rcv_encap(struct sk_buff *sk<br>
{<br>
struct ipsec_rcv_state nirs, *irs = &nirs;<br>
struct iphdr *ipp;<br>
+ char name[IFNAMSIZ];<br>
+ struct net_device *ipsecdev = NULL, *prvdev = NULL;<br>
+ struct ipsecpriv *prv = NULL;<br>
+ int i;<br>
<br>
/* Don't unlink in the middle of a turnaround */<br>
KLIPS_INC_USE;<br>
<br>
memset(irs, 0, sizeof(*irs));<br>
<br>
- /* XXX fudge it so that all nat-t stuff comes from ipsec0 */<br>
- /* eventually, the SA itself will determine which device<br>
- * it comes from<br>
- */ <br>
- {<br>
- skb->dev = ipsec_get_device(0);<br>
+ if(skb->dev) {<br>
+ KLIPS_PRINT(debug_rcv,<br>
+ "klips_debug:klips26_rcv_encap: "<br>
+ "<<< Info -- ");<br>
+ KLIPS_PRINTMORE(debug_rcv, "skb->dev=%s ",<br>
+ skb->dev->name ? skb->dev->name : "NULL");<br>
+ KLIPS_PRINTMORE(debug_rcv, "\n");<br>
+<br>
+ if(skb->dev->name) {<br>
+ for(i = 0; i < IPSEC_NUM_IF; i++) {<br>
+ snprintf(name, IFNAMSIZ, IPSEC_DEV_FORMAT, i);<br>
+ ipsecdev = __ipsec_dev_get(name);<br>
+ prv = ipsecdev ? (struct ipsecpriv *)(ipsecdev->priv) : NULL;<br>
+ prvdev = prv ? (struct net_device *)(prv->dev) : NULL;<br>
+ if(prvdev && !strncmp(prvdev->name, skb->dev->name, IFNAMSIZ)) {<br>
+ skb->dev = ipsecdev;<br>
+ KLIPS_PRINT(debug_rcv && prvdev,<br>
+ "klips_debug:klips26_rcv_encap: "<br>
+ "assigning packet ownership to virtual device %s from physical device %s.\n",<br>
+ name, prvdev->name);<br>
+ break;<br>
+ }<br>
+ }<br>
+ }<br>
+ } else {<br>
+ KLIPS_PRINT(debug_rcv,<br>
+ "klips_debug:klips26_rcv_encap: "<br>
+ "device supplied with skb is NULL\n");<br>
}<br>
<br>
/* set up for decap loop */<br><br></div></div><br>