[Openswan Users] 2.4.5 klips mtu issue
Paul Wouters
paul at xelerance.com
Fri Apr 7 20:06:21 CEST 2006
On Fri, 7 Apr 2006, Brian Candler wrote:
> I made a one-line patch to openswan-2.4.5, and now it works. It backs out
> one of the changes which was introduced between 2.4.4 and 2.4.5, the only
> MTU-related one I could see:
>
> --- openswan-2.4.5/linux/net/ipsec/ipsec_xmit.c.orig 2006-04-07 16:08:48.000000000 +0100
> +++ openswan-2.4.5/linux/net/ipsec/ipsec_xmit.c 2006-04-07 16:10:40.000000000 +0100
> @@ -397,7 +397,7 @@
> }
>
> ixs->physmtu = ixs->physdev->mtu;
> - ixs->cur_mtu = ixs->physdev->mtu;
> + /* ixs->cur_mtu = ixs->physdev->mtu; */
> ixs->stats = (struct net_device_stats *) &(ixs->prv->mystats);
>
> return IPSEC_XMIT_OK;
>
> However I'm afraid I'm out of my depth when it comes to explaining why this
> should make a difference, or what the proper fix is to the underlying issue.
Especially because this actually fixes setting the correct mtu. Without this
we were seeing those "small packets" on KLIPS.
We are trying to build a testcase that reproduces this behaviour.
Paul
> Logs at the Cisco side now show the same as I described before:
> - first data packet sent by openswan has DF=1, and is rejected
> - subsequent packets sent by openswan have DF=0, and are accepted
>
> Regards,
>
> Brian.
>
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list