[Openswan dev] klips and ethernet headers ?
David McCullough
david_mccullough at mcafee.com
Thu Nov 18 07:04:28 EST 2010
Jivin Harald Jenny lays it down ...
> On Thu, Nov 18, 2010 at 09:39:29PM +1000, David McCullough wrote:
> >
> > Hi all,
>
> Hi David
>
> >
> > Here's a question that hopefully someone knows the answer to ;-)
> >
> > Currently openswan is not providing the "correct" MAC addresses if you tcpdump
> > the ipsecX interfaces. Not suprising since klips is not an ethernet
> > driver ;-) You see the ipsecX MAC address for both source and dest.
> > This is filled out before klips sees the skb, only header_ops may be able
> > to clean it up.
> >
> > So, while it may be possible to fix this, my first question is why does
> > klips even try to do ethernet frame stuff ? IPsec is not an ethernet level
> > protocol. All the saving/copying of the hard header and the complexity of
> > the header_ops and mac header maintenance seems like something klips could
> > do without.
> >
> > Can anyone offer a reason this should be there ? If not I may look at
> > purging it all :-)
>
> Hmmmm why not creating a branch for this, remove the code and test it? If the
> reasons are historical (pre 2.4) then the problem has already gone away, if
> not the testing may show them...
Yeah, I thought it was a problem with the IPv6 branch, so I checked it
out. Now I think it just unnessesary code :-)
I thought I would throw it out there, I want to finish ipv6 to the point
where others can start playing. Then I'll look more at this depending on the
feedback.
> P.S: I know not a satisfying answer ;-)
Can't win them all ;-)
Thanks,
Davidm
--
David McCullough, david_mccullough at mcafee.com, Ph:+61 734352815
McAfee - SnapGear http://www.mcafee.com http://www.uCdot.org
More information about the Dev
mailing list