[Openswan dev] Patch for review.
David McCullough
david_mccullough at mcafee.com
Wed Jun 30 21:29:49 EDT 2010
Jivin Kirill Berezin lays it down ...
> Hi.
>
> I found, by chance, the AH xmit path for klips protocol stack is a bit
> broken. After a small research I found the ident field for ip header is
> selected after generation of a hash for a packet. According to RFC 2402
> ident must be selected before generation of a hash.
>
> A possible fix is in the attachment, I hope it will be usefull.
Seems to be working ok for me here as well so I've applied it,
Thanks,
Davidm
> --- ./openswan-2.6.26_new/linux/net/ipsec/ipsec_xmit.c 2010-06-30 04:43:07.000000000 +0400
> +++ ./openswan-2.6.26/linux/net/ipsec/ipsec_xmit.c 2010-05-26 02:36:41.000000000 +0400
> @@ -976,7 +976,6 @@
> ixs->newdst = (__u32)ixs->iph->daddr;
> ixs->newsrc = (__u32)ixs->iph->saddr;
>
> - KLIPS_IP_SELECT_IDENT(ixs->iph, ixs->skb);
> #ifdef NET_21
> skb_set_transport_header(ixs->skb, ipsec_skb_offset(ixs->skb, ip_hdr(ixs->skb)));
> #endif /* NET_21 */
> @@ -2043,7 +2042,7 @@
> }
>
> /* newer kernels require skb->dst to be set in KLIPS_IP_SELECT_IDENT */
> - /* KLIPS_IP_SELECT_IDENT(ip_hdr(ixs->skb), ixs->skb); */
> + KLIPS_IP_SELECT_IDENT(ip_hdr(ixs->skb), ixs->skb);
>
> /* fix up the checksum after changes to the header */
> ip_hdr(ixs->skb)->check = 0;
--
David McCullough, david_mccullough at mcafee.com, Ph:+61 734352815
McAfee - SnapGear http://www.mcafee.com http://www.uCdot.org
More information about the Dev
mailing list