[Openswan Users] multiple tunnel fails after upgrade, kernel 2.6.8 bug!?

Tue Sep 7 23:41:04 CEST 2004

On Tue, Sep 07, 2004 at 10:26:35PM +1000, herbert wrote:
> On Tue, Sep 07, 2004 at 02:00:54PM +0200, Vik Heyndrickx wrote:
> > 
> > I can from the left host:
> > - never ping 10.222.222.1, regardless wether the tunnel is up or not
> > - ping 10.222.223.1, but only when the tunnel is up, as expected.
> 
> What if you ping with -s 10000, does it work then?

If it does, then this patch should fix the problem.

What happened is that I filled in the SA selectors before the policy
selectors became fully functional.  However, SA selectors were only
a temporary hack and broke with IPIP tunnel SAs which are used by
IPCOMP.

What doesn't make sense is why it didn't work for you when you
disabled compression.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-------------- next part --------------
Index: programs/pluto/kernel_netlink.c
===================================================================
RCS file: /public/cvs/openswan-2/programs/pluto/kernel_netlink.c,v
retrieving revision 1.19
diff -u -r1.19 kernel_netlink.c

--- programs/pluto/kernel_netlink.c	1 Jun 2004 14:43:20 -0000	1.19
+++ programs/pluto/kernel_netlink.c	7 Sep 2004 12:41:46 -0000
@@ -584,15 +584,6 @@
     ip2xfrm(sa->src, &req.p.saddr);
     ip2xfrm(sa->dst, &req.p.id.daddr);
 
-    if (sa->src_client)
-    {
-	ip2xfrm(&sa->src_client->addr, &req.p.sel.saddr);
-	ip2xfrm(&sa->dst_client->addr, &req.p.sel.daddr);
-	req.p.sel.prefixlen_s = sa->src_client->maskbits;
-	req.p.sel.prefixlen_d = sa->dst_client->maskbits;
-        req.p.sel.family = sa->src_client->addr.u.v4.sin_family;
-    }
-
     req.p.id.spi = sa->spi;
     req.p.id.proto = satype2proto(sa->satype);
     req.p.family = sa->src->u.v4.sin_family;
