[Openswan dev] [Announce] openswan-2.6.20 released

Gilles Espinasse g.esp at free.fr
Thu Feb 12 02:17:01 EST 2009 

----- Original Message ----- 
From: "Paul Wouters" <paul at xelerance.com>
To: <announce at openswan.org>
Sent: Tuesday, February 10, 2009 6:23 AM
Subject: [Openswan dev] [Announce] openswan-2.6.20 released


>
> This release also does not yet contain the new NAT-T code that does not
> require a kernel recompile. That code still needs merging in, but you
> can find it at: http://www.openswan.org/download/testing/nat-t/
>
Every part of the new nat-- patch apply on 2.6.20 except one small part of
new nat-t patch that is rejected.

That's related to this change from 2.6.20rc2 to 2.6.20
diff -Nur openswan-2.6.20rc2/linux/net/ipsec/ipsec_rcv.c
openswan-2.6.20/linux/net/ipsec/ipsec_rcv.c
--- openswan-2.6.20rc2/linux/net/ipsec/ipsec_rcv.c 2009-01-29
19:24:50.000000000 +0100
+++ openswan-2.6.20/linux/net/ipsec/ipsec_rcv.c 2009-02-10
05:54:47.000000000 +0100
@@ -1975,13 +1979,36 @@
   goto rcvleave;
  }

- /* XXX fudge it so that all nat-t stuff comes from ipsec0    */
- /*     eventually, the SA itself will determine which device
-  *     it comes from
-  */
- {
-   skb->dev = ipsec_get_device(0);
- }
+ if(skb->dev)
+   {
+    KLIPS_PRINT(debug_rcv, "klips_debug:klips26_rcv_encap: <<< Info -- ");
+    KLIPS_PRINTMORE(debug_rcv, "skb->dev=%s ",
+  skb->dev->name ? skb->dev->name : "NULL");
+    KLIPS_PRINTMORE(debug_rcv, "\n");
+
+    if(skb->dev->name)
+      {
+  for(i = 0; i < IPSEC_NUM_IF; i++)
+     {
+      snprintf(name, IFNAMSIZ, IPSEC_DEV_FORMAT, i);
+      ipsecdev = __ipsec_dev_get(name);
+      prv = ipsecdev ? (struct ipsecpriv *)(ipsecdev->priv) : NULL;
+      prvdev = prv ? (struct net_device *)(prv->dev) : NULL;
+      if(prvdev && !strncmp(prvdev->name, skb->dev->name, IFNAMSIZ))
+   {
+    skb->dev = ipsecdev;
+    KLIPS_PRINT(debug_rcv && prvdev, "klips_debug:klips26_rcv_encap: "
+       "assigning packet ownership to virtual device %s from physical
device %s.\n",
+       name, prvdev->name);
+     break;
+   }
+     }
+      }
+   } else {
+     KLIPS_PRINT(debug_rcv, "klips_debug:klips26_rcv_encap: "
+   "device supplied with skb is NULL\n");
+   }
+
  irs->hard_header_len = skb->dev->hard_header_len;

 #ifdef CONFIG_IPSEC_NAT_TRAVERSAL

nat-t patch was commenting out the part that has been removed too in 2.6.20
-   skb->dev = ipsec_get_device(0);

Should the new patch change something on the for loop (and what)?

Gilles

More information about the Dev mailing list