[Openswan dev] KLIPS broken in 2.6.25?

David McCullough david_mccullough at mcafee.com
Sat Apr 3 09:55:49 EDT 2010 

Jivin Harald Jenny lays it down ...
> Ruben I suspect you use Ubuntu, I use Debian - can anybody with Fedora confirm the problem also exists there?

The problem is universal AFAICT,  I started tracking it down on thursday but
holidays have got in the way.  I think something is wrong with all the
changed SA stuff in pluto,  but thats just a feeling at the moment,  I
couldn't sdee it.  Check all the changes around esatype etc in
kernel_pfkey.c 

I have found one translation error already but it doesn't seem to affect
anything.  I must some of the proto2satype names and their arguments types
are not that intuitive ;-)

Hopefully I'll get to it in a day or so if no one beta me ;-) ;-)

Cheers,
Davidm

> On Fri, Apr 02, 2010 at 06:15:22PM +0200, Ruben Laban wrote:
> > On Friday 02 April 2010 at 17:34 (CET), Harald Jenny wrote:
> > > can it be that a change in userspace between 2.6.24 and 2.6.25 broke KLIPS,
> > > at least when built as module for kernel 2.6.26 and 2.6.30 the following
> > > happens to me:
> > >
> > > transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
> > > STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
> > > pfkey_lib_debug:pfkey_msg_parse: satype 4 conversion to proto failed for
> > > msg_type 14 (x-addflow(eroute)). pfkey_lib_debug:pfkey_msg_build: Trouble
> > > parsing newly built pfkey message, error=-22. pfkey_msg_build of flow
> > > tun.1001 at 62.178.14.33 failed, code -22
> > >
> > > Problem is present when running KLIPS 2.6.24 or 2.6.25 with userspace
> > > 2.6.25 and vanishes when grading back to 2.6.24 - can please anybody
> > > confirm if this is a real problem or am I chasing down a ghost?
> > 
> > I experience the same.
> > 
> > Just now i tested against a 2.6.33 kernel: still no go.
> > Kernels I tried before include: 2.6.24+ubuntu patches, 2.6.27+ubuntu patches, 
> > vanilla 2.6.28.10, vanilla 2.6.32.2, and probably much but those didn't leave 
> > any traces on my test boxes.
> > 
> > -- 
> > Regards,
> > 
> > Ruben Laban
> > Senior Systems and Network Administrator
> > ISM eCompany
> > _______________________________________________
> > Dev mailing list
> > Dev at openswan.org
> > http://lists.openswan.org/mailman/listinfo/dev
> _______________________________________________
> Dev mailing list
> Dev at openswan.org
> http://lists.openswan.org/mailman/listinfo/dev
> 
> 

-- 
David McCullough,      david_mccullough at mcafee.com,  Ph:+61 734352815
McAfee - SnapGear      http://www.mcafee.com         http://www.uCdot.org

More information about the Dev mailing list