[Openswan dev] decrypted packet appears at wrong ipsec interface

hiren joshi joshihirenn at gmail.com
Fri Jan 16 10:05:21 EST 2009


>
> > +    char name[9];
>
> Using IFNAMSIZ would be better here.
>
>
Thanks Tino!

Any other comment please?
This applies to 2.6.x also.

Regards,
-hiren

---------updated patch-----------

--- net/ipsec/ipsec_rcv.c.orig    Tue Dec 23 13:10:46 2008
+++ net/ipsec/ipsec_rcv.c    Tue Dec 23 15:29:00 2008
@@ -1619,18 +1619,44 @@ int klips26_rcv_encap(struct sk_buff *sk
 {
     struct ipsec_rcv_state nirs, *irs = &nirs;
     struct iphdr *ipp;
+    char name[IFNAMSIZ];
+    struct net_device *ipsecdev = NULL, *prvdev = NULL;
+    struct ipsecpriv *prv = NULL;
+    int i;

     /* Don't unlink in the middle of a turnaround */
     KLIPS_INC_USE;

     memset(irs, 0, sizeof(*irs));

-    /* XXX fudge it so that all nat-t stuff comes from ipsec0    */
-    /*     eventually, the SA itself will determine which device
-     *     it comes from
-     */
-    {
-      skb->dev = ipsec_get_device(0);
+    if(skb->dev) {
+        KLIPS_PRINT(debug_rcv,
+                "klips_debug:klips26_rcv_encap: "
+                "<<< Info -- ");
+        KLIPS_PRINTMORE(debug_rcv, "skb->dev=%s ",
+                skb->dev->name ? skb->dev->name : "NULL");
+        KLIPS_PRINTMORE(debug_rcv, "\n");
+
+        if(skb->dev->name) {
+            for(i = 0; i < IPSEC_NUM_IF; i++) {
+                sprintf(name, IPSEC_DEV_FORMAT, i);
+                ipsecdev = __ipsec_dev_get(name);
+                prv = ipsecdev ? (struct ipsecpriv *)(ipsecdev->priv) :
NULL;
+                prvdev = prv ? (struct net_device *)(prv->dev) : NULL;
+                if(prvdev && !strcmp(prvdev->name, skb->dev->name)) {
+                    skb->dev = ipsecdev;
+                    KLIPS_PRINT(debug_rcv && prvdev,
+                            "klips_debug:klips26_rcv_encap: "
+                            "assigning packet ownership to virtual device
%s from physical device %s.\n",
+                            name, prvdev->name);
+                    break;
+                }
+            }
+        }
+    } else {
+        KLIPS_PRINT(debug_rcv,
+                "klips_debug:klips26_rcv_encap: "
+                "device supplied with skb is NULL\n");
     }

     /* set up for decap loop */
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/dev/attachments/20090116/e20b1d67/attachment.html 


More information about the Dev mailing list