[Openswan dev] openswan 2.4.8r1, klips NAT-T and Kernel 2.6.20.x (OK)

Tue Mar 20 09:30:00 EDT 2007

On Mon, 19 Mar 2007, Marcos Tadeu wrote:

> I am not shure about correct list to post, but...
> The several changes in udp.c file makes "make nattpatch" fail.
> I see some msgs about kernel crash, if kernel > 2.6.18 (19). Maybe, the
> peeple do not observe a patch fail, a continue the "make".
>
> This is the patch need post "make nattpath | (cd /usr/src/linux-2.6.20.3
> && patch -p1)":

The problem with just these fixes is that we still crash the kernel. At
this point I am not entirely sure if it is encapsulation related, because
we also crash 2.6.19/20/20.1 at other points (eg with aes and 3des module).

Be careful with running anything above 2.6.18.1 for now. We are working on
getting things to work with 2.6.20.1

Paul

> --- net/ipv4/udp.c.orig 2007-03-19 23:07:51.000000000 -0300
> +++ net/ipv4/udp.c      2007-03-19 23:09:59.000000000 -0300
> @@ -1089,10 +1089,14 @@
>                         return 0;
>                 }
>                 if (ret < 0) {
> -                       /* process the ESP packet */
> -                       ret = xfrm4_rcv_encap(skb, up->encap_type);
> -                       UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, up->pcflag);
> -                       return -ret;
> +                       if(xfrm4_rcv_encap_func != NULL) {
> +                         ret = (*xfrm4_rcv_encap_func)(skb, up->encap_type);
> +                         UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, up->pcflag);
> +                       } else {
> +                         UDP_INC_STATS_BH(UDP_MIB_INERRORS, up->pcflag);
> +                         ret = 1;
> +                       }
> +                       return ret;
>                 }
>                 /* FALLTHROUGH -- it's a UDP Packet */
>         }
> =============================
>
> The original udp.c.rej
> ***************
> *** 1021,1030 ****
>                         return 0;
>                 }
>                 if (ret < 0) {
> -                       /* process the ESP packet */
> -                       ret = xfrm4_rcv_encap(skb, up->encap_type);
> -                       UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
> -                       return -ret;
>                 }
>                 /* FALLTHROUGH -- it's a UDP Packet */
>         }
> --- 1060,1073 ----
>                         return 0;
>                 }
>                 if (ret < 0) {
> +                       if(xfrm4_rcv_encap_func != NULL) {
> +                         ret = (*xfrm4_rcv_encap_func)(skb, up->encap_type);
> +                         UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
> +                       } else {
> +                         UDP_INC_STATS_BH(UDP_MIB_INERRORS);
> +                         ret = 1;
> +                       }
> +                       return ret;
>                 }
>                 /* FALLTHROUGH -- it's a UDP Packet */
>         }
> ==========================
>
> Good news: this email passes through NAT-T (client kernel 2.6.20.2, server
>  kernel 2.4.34.1)
>
>

-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155