[Openswan dev] decrypted packet appears at wrong ipsec interface
hiren joshi
joshihirenn at gmail.com
Sat Jan 17 02:27:10 EST 2009
>
> It might be safer to use strncmp and snprintf instead of strcmp and
> sprintf.
>
Thanks Brad!
So here is the final version:
--- net/ipsec/ipsec_rcv.c.orig Tue Dec 23 13:10:46 2008
+++ net/ipsec/ipsec_rcv.c Tue Dec 23 15:29:00 2008
@@ -1619,18 +1619,44 @@ int klips26_rcv_encap(struct sk_buff *sk
{
struct ipsec_rcv_state nirs, *irs = &nirs;
struct iphdr *ipp;
+ char name[IFNAMSIZ];
+ struct net_device *ipsecdev = NULL, *prvdev = NULL;
+ struct ipsecpriv *prv = NULL;
+ int i;
/* Don't unlink in the middle of a turnaround */
KLIPS_INC_USE;
memset(irs, 0, sizeof(*irs));
- /* XXX fudge it so that all nat-t stuff comes from ipsec0 */
- /* eventually, the SA itself will determine which device
- * it comes from
- */
- {
- skb->dev = ipsec_get_device(0);
+ if(skb->dev) {
+ KLIPS_PRINT(debug_rcv,
+ "klips_debug:klips26_rcv_encap: "
+ "<<< Info -- ");
+ KLIPS_PRINTMORE(debug_rcv, "skb->dev=%s ",
+ skb->dev->name ? skb->dev->name : "NULL");
+ KLIPS_PRINTMORE(debug_rcv, "\n");
+
+ if(skb->dev->name) {
+ for(i = 0; i < IPSEC_NUM_IF; i++) {
+ snprintf(name, IFNAMSIZ, IPSEC_DEV_FORMAT, i);
+ ipsecdev = __ipsec_dev_get(name);
+ prv = ipsecdev ? (struct ipsecpriv *)(ipsecdev->priv) :
NULL;
+ prvdev = prv ? (struct net_device *)(prv->dev) : NULL;
+ if(prvdev && !strncmp(prvdev->name, skb->dev->name,
IFNAMSIZ)) {
+ skb->dev = ipsecdev;
+ KLIPS_PRINT(debug_rcv && prvdev,
+ "klips_debug:klips26_rcv_encap: "
+ "assigning packet ownership to virtual device
%s from physical device %s.\n",
+ name, prvdev->name);
+ break;
+ }
+ }
+ }
+ } else {
+ KLIPS_PRINT(debug_rcv,
+ "klips_debug:klips26_rcv_encap: "
+ "device supplied with skb is NULL\n");
}
/* set up for decap loop */
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/dev/attachments/20090117/fa1f1974/attachment.html
More information about the Dev
mailing list