[Openswan Users] roadwarrior over pppoe

Paulo F. Sedrez sedrez+openswan at sedrez.ods.org
Wed Aug 29 06:49:41 EDT 2007 

On Wed, 2007-08-29 at 14:50 +1000, David McCullough wrote:
> Jivin Paul Wouters lays it down ...
> > On Wed, 29 Aug 2007, David McCullough wrote:
> > >
> > > The changes are not that hard,  just bulk edits really.

Yeah, I can confirm that: bulk edits. But one has to know what is being
edited...

> > > We did it as part of ocf-linux.sourceforge.net,  and the patch for
> > > openswan-2.4.9 works on 2.6.22,  but is probably too much change
> > > unless you really want OCF support.
> > >
> > > So if someone wanted to just fix up the vanilla 2.4.9 for 2.6.22 they
> > > would find all the mods in the ocf-openswan-2.4.9-20070727.patch.gz
> > > Specifically look at the changes in:
> > >
> > > 	openswan/linux/include/openswan/ipsec_kversion.h
> > >
> > > mostly revolving around the macros ip_hdr, skb_network_header,
> > > skb_set_network_header and so on.  Then look at how they were used in the
> > > patch to know how to fix up the stock 2.4.9 source.

I am going to this code right now, and - besides the skb and ocf stuff -
it has a lot of interesting things - some corrections, optimizations and
extensive logging included.
 
> > Ahh, if you made the changes using ipsec_kversion, then I'll merge those in
> > for 2.4.10.

I will try to make a patch for it in the next few days, but I will left
out most of the code addition from ocf - I will focus in 2.6.22
compatibility. I don't known if the other improvements should go in
2.4.x version, if there is a 2.5.x to be released really soon. If there
is not, I strong suggest David to submit the improvements that could
into the 2.4.x branch.

There is one, in particular, that came to my attention, since it looks
like a bug in one of the implementations of pluto: in the file
programs/pluto/kernel.c, line 1289 and next of stock 2.4.9:

        orphaned_holds = p->next;
        pfree(orphaned_holds);

David's patch:

        orphaned_holds = p->next;
        pfree(p);

I think David's is right, and the stock 2.4.9 shall sometime eat
resources or crash.

(BTW, David, what is LEDMAN?)

-- 
Paulo F. Sedrez <sedrez+openswan at sedrez.ods.org>

More information about the Users mailing list