<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:'times new roman', 'new york', times, serif;font-size:12pt"><div><p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Can you please let me know what is that change<o:p></o:p></p>
<p class="MsoPlainText">in the Outbound policy for which we need an update to
make the<o:p></o:p></p>
<p class="MsoPlainText">Openswan work on Linux. It would be great if you point me
to the part<o:p></o:p></p>
<p class="MsoPlainText">of the pluto / openswan code which actually does the
policy update.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">thanks and Regards,<o:p></o:p></p>
<p class="MsoPlainText">Krishna<o:p></o:p></p>
<p class="MsoPlainText">----------<o:p></o:p></p>
<p class="MsoPlainText">From: Herbert Xu <herbert@gondor.apana.org.au><o:p></o:p></p>
<p class="MsoPlainText">Date: Wed, May 6, 2009 at 10:32 AM<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>To: Paul Wouters
<paul@xelerance.com><o:p></o:p></p>
<p class="MsoPlainText">Cc: krishna murthy <kmurthyjs@yahoo.co.in>,
users@openswan.org, dev@openswan.org<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">We don't need to update policies when rekeying since the
policies<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>haven't
changed.<span style="mso-spacerun:yes"> </span>The outbound policy gets
updated only because<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>that was the
easiest way of getting Openswan to work on Linu.x<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>Cheers,<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>--<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span><span>Visit Openswan at
<a target="_blank" href="http://www.openswan.org/">http://www.openswan.org/</a></span><o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>Email: Herbert Xu
~{PmV>HI~} <herbert@gondor.apana.org.au><o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span><span>Home Page:
<a target="_blank" href="http://gondor.apana.org.au/~herbert/">http://gondor.apana.org.au/~herbert/</a></span><o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span><span>PGP Key:
<a target="_blank" href="http://gondor.apana.org.au/~herbert/pubkey.txt">http://gondor.apana.org.au/~herbert/pubkey.txt</a></span><o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">----------<o:p></o:p></p>
<p class="MsoPlainText">From: Paul Wouters <paul@xelerance.com><o:p></o:p></p>
<p class="MsoPlainText">Date: Tue, May 5, 2009 at 4:45 PM<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>To: krishna murthy
<kmurthyjs@yahoo.co.in>, Herbert Xu<o:p></o:p></p>
<p class="MsoPlainText"><herbert@gondor.apana.org.au><o:p></o:p></p>
<p class="MsoPlainText">Cc: users@openswan.org, dev@openswan.org<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">On Tue, 5 May 2009, krishna murthy wrote:<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>(CC:ed Herbert,
since he probably knows this code best, and bumping<o:p></o:p></p>
<p class="MsoPlainText">to dev@openswan.org)<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>Hmm. All the calls
for that are in programs/pluto/kernel_netlink.c.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>They are all also
located only in one part:<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>if (sadb_op ==
ERO_DELETE || sadb_op == ERO_DEL_INBOUND)<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span><span style="mso-spacerun:yes"> </span>{<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>[...]<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>}<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>else {<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>[...]<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>/*<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>* NEW
will fail when an existing policy, UPD always works.<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>* This
seems to happen in cases with NAT'ed XP clients, or<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>* quick
recycling/resurfacing of roadwarriors on the same IP.<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>*
req.n.nlmsg_type = XFRM_MSG_NEWPOLICY;<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>*/<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes">
</span>req.n.nlmsg_type = XFRM_MSG_UPDPOLICY;<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>if
(sadb_op == ERO_REPLACE)<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>{<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes">
</span>req.n.nlmsg_type = XFRM_MSG_UPDPOLICY;<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>}<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes">
</span>req.n.nlmsg_len = NLMSG_ALIGN(NLMSG_LENGTH(sizeof(req.u.p)));<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>}<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>What I am now not
sure of, is whether XFRM_MSG_UPDPOLICY is just a notification<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>message, or wether
it also has other effects. Perhaps you can look at the<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>NETKEY kernel code
and kernel_netlink.c. It sounds like there might be a bug<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>either in our
code, or in the kernel, that causes some update messages to be<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>missing.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>Paul<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">----------<o:p></o:p></p>
<p class="MsoPlainText">Hi All,<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>I am looking for
Policy update notifications from the XFRM during the<o:p></o:p></p>
<p class="MsoPlainText">IPSec Re-keying. I look for the
"XFRM_MSG_UPDPOLICY" event. The issue<o:p></o:p></p>
<p class="MsoPlainText">I see is that i Only get Policy updates for the Outbound
Policies and<o:p></o:p></p>
<p class="MsoPlainText">not for the Inbound. Below is the dump of " ip xfrm
monitor"<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Updated src 9.1.1.0/24 dst 11.0.0.0/8<o:p></o:p></p>
<p class="MsoPlainText">dir out priority 2360<o:p></o:p></p>
<p class="MsoPlainText">tmpl src 192.168.10.1 dst 192.168.10.2<o:p></o:p></p>
<p class="MsoPlainText">proto esp reqid 16385 mode tunnel<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">never i see a policy update for the "dir=in".
Please let me know if i<o:p></o:p></p>
<p class="MsoPlainText">am missing something.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Thanks in advance for the help,<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Thanks and regards,<o:p></o:p></p>
<p class="MsoPlainText">Krishna<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes">
</span>________________________________<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>Now surf faster
and smarter ! Check out the new Firefox 3 - Yahoo!<o:p></o:p></p>
<p class="MsoPlainText">Edition *<span style="mso-spacerun:yes"> </span>Click
here!<o:p></o:p></p>
<p class="MsoPlainText">_______________________________________________<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>Users@openswan.org<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span><span><a target="_blank" href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a></span><o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span>Building and
Integrating Virtual Private Networks with Openswan:<o:p></o:p></p>
<p class="MsoPlainText"><span style="mso-spacerun:yes"> </span><span><a target="_blank" href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></span><o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p></div><div style="position:fixed"></div></div><br>
<!--1--><hr size=1></hr> Cricket on your mind? Visit the ultimate cricket website. <a href="http://in.rd.yahoo.com/tagline_cricket_1/*http://beta.cricket.yahoo.com"> Enter now!</a></body></html>