[Openswan dev] [PATCH] AH packets offsets incorrect

David McCullough davidm at snapgear.com
Wed Feb 15 14:52:58 CET 2006

Jivin Paul Wouters lays it down ...
> On Wed, 15 Feb 2006, David McCullough wrote:
> > Here is a patch (orginally posted by Ronen Shitrit <rshitrit at marvell.com>)
> > to fix the packet offsets for AH only processing.
> So what does this fix? Is one of our testcases failing? Or are we missing a testcase
> for some feature that you seem to think is broken?

If you setup a tunnel without ESP it doesn't work.  It used to work in
an older openswan version but stopped when klips was modified to deal
with the pulled IP header on the received SKB's.

The code in ipsec_ah.c still thinks the IP header is there and runs the
hash on the incorrect data.

I don't know if you have test cases for this,  I am running it against
a freeswan test machine.  Without the patch it doesn't work,


David McCullough, davidm at cyberguard.com.au, Custom Embedded Solutions + Security
Ph:+61 734352815 Fx:+61 738913630 http://www.uCdot.org http://www.cyberguard.com

More information about the Dev mailing list