[Openswan dev] Re: Openswan 2.4.0dr9 multiple defaultroute patch

Dirk Nehring dnehring at marcant.net
Mon Aug 15 17:52:33 CEST 2005 

On Mon, Aug 15, 2005 at 04:14:25PM +0200, Paul Wouters wrote:
> On Sat, 13 Aug 2005, Dirk Nehring wrote:
>
> >some months ago, I proposed a patch to fix the problem that Openswan
> >under native 2.6 IPSec doesn't scope with multiple
> >defaultroute. Unfortunately, it jumps into a subroutine from _startklips
> >to compute the default route. Is this necessary under Linux 2.6? Perhaps
> >this issue should be fixed be 2.4.0 is released.
>
> Can you mail me your patch?

Attached, also an temporary "eroute" fix. A better solution would be to
ignore these functions under 2.6 with native IPSec.

Dirk
-------------- next part --------------
diff -ur openswan-2.4.0dr10.orig/programs/ipsec/ipsec.in openswan-2.4.0dr10/programs/ipsec/ipsec.in
--- openswan-2.4.0dr10.orig/programs/ipsec/ipsec.in	2004-12-10 13:38:29.000000000 +0100
+++ openswan-2.4.0dr10/programs/ipsec/ipsec.in	2005-08-14 00:19:20.000000000 +0200
@@ -112,6 +112,10 @@
 	echo "$IPSEC_CONFS"
 	exit 0
 	;;
+eroute)
+	ipsec auto --status | grep "==="
+	exit 0
+	;;
 --*)
 	echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
 	exit 1
diff -ur openswan-2.4.0dr10.orig/programs/_startklips/_startklips.in openswan-2.4.0dr10/programs/_startklips/_startklips.in
--- openswan-2.4.0dr10.orig/programs/_startklips/_startklips.in	2005-03-31 23:07:27.000000000 +0200
+++ openswan-2.4.0dr10/programs/_startklips/_startklips.in	2005-08-14 00:36:47.000000000 +0200
@@ -200,7 +200,7 @@
 # interfaces=%defaultroute:  put ipsec0 on top of default route's interface
 defaultinterface() {
 	phys=`netstat -nr |
-		awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'`
+		awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }' | head -n 1`
 	if test " $phys" = " "
 	then
 		echo "no default route, %defaultroute cannot cope!!!"
@@ -212,7 +212,7 @@
 		exit 1
 	fi
 	next=`netstat -nr |
-		awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'`
+		awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }' | head -n 1`
 	klipsinterface "ipsec0=$phys" $next
 }

More information about the Dev mailing list