[Openswan dev] klips and ethernet headers ?
Harald Jenny
harald at a-little-linux-box.at
Thu Nov 18 06:55:13 EST 2010
On Thu, Nov 18, 2010 at 09:39:29PM +1000, David McCullough wrote:
>
> Hi all,
Hi David
>
> Here's a question that hopefully someone knows the answer to ;-)
>
> Currently openswan is not providing the "correct" MAC addresses if you tcpdump
> the ipsecX interfaces. Not suprising since klips is not an ethernet
> driver ;-) You see the ipsecX MAC address for both source and dest.
> This is filled out before klips sees the skb, only header_ops may be able
> to clean it up.
>
> So, while it may be possible to fix this, my first question is why does
> klips even try to do ethernet frame stuff ? IPsec is not an ethernet level
> protocol. All the saving/copying of the hard header and the complexity of
> the header_ops and mac header maintenance seems like something klips could
> do without.
>
> Can anyone offer a reason this should be there ? If not I may look at
> purging it all :-)
Hmmmm why not creating a branch for this, remove the code and test it? If the
reasons are historical (pre 2.4) then the problem has already gone away, if
not the testing may show them...
>
> Cheers,
> Davidm
Kind regards
Harald
P.S: I know not a satisfying answer ;-)
>
> --
> David McCullough, david_mccullough at mcafee.com, Ph:+61 734352815
> McAfee - SnapGear http://www.mcafee.com http://www.uCdot.org
> _______________________________________________
> Dev mailing list
> Dev at openswan.org
> http://lists.openswan.org/mailman/listinfo/dev
More information about the Dev
mailing list