[Openswan dev] Fix for bugreport: ipsec eroute fails (http://bugs.xelerance.com/view.php?id=1018)

Paul Wouters paul at xelerance.com
Mon Feb 9 22:41:24 EST 2009

On Fri, 6 Feb 2009, Carsten Schlote wrote:

Hi Carsten,

I merged in your patches. Thanks a lot for your contribution! It should
appear in 2.6.20.


> for openswan 2.6.19 and 2.6.20rc2 I tracked down the problem with eroute
> causing crashes/aborts when using the --clear option. It's seems that
> the extentions[] definition was too small and wrong.
> There was also a problem with fmt_common_shell_out(), which uses
> snprintf() the old way. I changed the code to work with the old way of
> returning -1 and the new one returning the potential output length which
> might exceed the given buffer and output to buffer was clipped. Some of
> our VPN connections uses lots of lengthy PLUTO_#? parameters and the
> command string was clipped by ~300 bytes. So _upstart script was never
> called and strange things happended. Therefore I increased the buffer
> size for the command string.
> I also commented some dead code in sysdep_*.c, which made me nuts as I
> tried to apply changes to such zombie code and nothing happened in the
> resulting binaries. Functionality was moved to fmt_common_shell_out().
> Code for darwin adn BSD might need similiar changes.
> I attached a patch fixing these problems. Patch was taken against 2.6.19
> +incremental diff to 2.6.20rc+ Harald Jenny's NAT-T patch.
> As I spent some effort and nerves to track down these bugs and to get
> OpenSwan 2.6.20rc2 working on Linux with KLIPs+NAT-T, i think
> other might find the patch useful.
> So far, everything seems to work fine now...
> Happy weekend...
> -- 
> Carsten Schlote <c.schlote at konzeptpark.de>
> konzeptpark.de

More information about the Dev mailing list