[Openswan dev] KLIPS broken in 2.6.25?
David McCullough
david_mccullough at mcafee.com
Sat Apr 3 09:55:49 EDT 2010
Jivin Harald Jenny lays it down ...
> Ruben I suspect you use Ubuntu, I use Debian - can anybody with Fedora confirm the problem also exists there?
The problem is universal AFAICT, I started tracking it down on thursday but
holidays have got in the way. I think something is wrong with all the
changed SA stuff in pluto, but thats just a feeling at the moment, I
couldn't sdee it. Check all the changes around esatype etc in
kernel_pfkey.c
I have found one translation error already but it doesn't seem to affect
anything. I must some of the proto2satype names and their arguments types
are not that intuitive ;-)
Hopefully I'll get to it in a day or so if no one beta me ;-) ;-)
Cheers,
Davidm
> On Fri, Apr 02, 2010 at 06:15:22PM +0200, Ruben Laban wrote:
> > On Friday 02 April 2010 at 17:34 (CET), Harald Jenny wrote:
> > > can it be that a change in userspace between 2.6.24 and 2.6.25 broke KLIPS,
> > > at least when built as module for kernel 2.6.26 and 2.6.30 the following
> > > happens to me:
> > >
> > > transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
> > > STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
> > > pfkey_lib_debug:pfkey_msg_parse: satype 4 conversion to proto failed for
> > > msg_type 14 (x-addflow(eroute)). pfkey_lib_debug:pfkey_msg_build: Trouble
> > > parsing newly built pfkey message, error=-22. pfkey_msg_build of flow
> > > tun.1001 at 62.178.14.33 failed, code -22
> > >
> > > Problem is present when running KLIPS 2.6.24 or 2.6.25 with userspace
> > > 2.6.25 and vanishes when grading back to 2.6.24 - can please anybody
> > > confirm if this is a real problem or am I chasing down a ghost?
> >
> > I experience the same.
> >
> > Just now i tested against a 2.6.33 kernel: still no go.
> > Kernels I tried before include: 2.6.24+ubuntu patches, 2.6.27+ubuntu patches,
> > vanilla 2.6.28.10, vanilla 2.6.32.2, and probably much but those didn't leave
> > any traces on my test boxes.
> >
> > --
> > Regards,
> >
> > Ruben Laban
> > Senior Systems and Network Administrator
> > ISM eCompany
> > _______________________________________________
> > Dev mailing list
> > Dev at openswan.org
> > http://lists.openswan.org/mailman/listinfo/dev
> _______________________________________________
> Dev mailing list
> Dev at openswan.org
> http://lists.openswan.org/mailman/listinfo/dev
>
>
--
David McCullough, david_mccullough at mcafee.com, Ph:+61 734352815
McAfee - SnapGear http://www.mcafee.com http://www.uCdot.org
More information about the Dev
mailing list