[Openswan dev] klips and ethernet headers ?
harald at a-little-linux-box.at
Thu Nov 18 06:55:13 EST 2010
On Thu, Nov 18, 2010 at 09:39:29PM +1000, David McCullough wrote:
> Hi all,
> Here's a question that hopefully someone knows the answer to ;-)
> Currently openswan is not providing the "correct" MAC addresses if you tcpdump
> the ipsecX interfaces. Not suprising since klips is not an ethernet
> driver ;-) You see the ipsecX MAC address for both source and dest.
> This is filled out before klips sees the skb, only header_ops may be able
> to clean it up.
> So, while it may be possible to fix this, my first question is why does
> klips even try to do ethernet frame stuff ? IPsec is not an ethernet level
> protocol. All the saving/copying of the hard header and the complexity of
> the header_ops and mac header maintenance seems like something klips could
> do without.
> Can anyone offer a reason this should be there ? If not I may look at
> purging it all :-)
Hmmmm why not creating a branch for this, remove the code and test it? If the
reasons are historical (pre 2.4) then the problem has already gone away, if
not the testing may show them...
P.S: I know not a satisfying answer ;-)
> David McCullough, david_mccullough at mcafee.com, Ph:+61 734352815
> McAfee - SnapGear http://www.mcafee.com http://www.uCdot.org
> Dev mailing list
> Dev at openswan.org
More information about the Dev