[Openswan dev] klips and ethernet headers ?

David McCullough david_mccullough at mcafee.com
Thu Nov 18 06:39:29 EST 2010

Hi all,

Here's a question that hopefully someone knows the answer to ;-)

Currently openswan is not providing the "correct" MAC addresses if you tcpdump
the ipsecX interfaces.  Not suprising since klips is not an ethernet
driver ;-)  You see the ipsecX MAC address for both source and dest.
This is filled out before klips sees the skb,  only header_ops may be able
to clean it up.

So,  while it may be possible to fix this,  my first question is why does
klips even try to do ethernet frame stuff ?  IPsec is not an ethernet level
protocol.  All the saving/copying of the hard header and the complexity of
the header_ops and mac header maintenance seems like something klips could
do without.

Can anyone offer a reason this should be there ?  If not I may look at
purging it all :-)


David McCullough,      david_mccullough at mcafee.com,  Ph:+61 734352815
McAfee - SnapGear      http://www.mcafee.com         http://www.uCdot.org

More information about the Dev mailing list