[Openswan Users] Bug#494795: new info

Roberto C. Sánchez roberto at connexer.com
Tue Sep 23 09:24:39 EDT 2008 

All,

The below is in reference to Debian bug #494795:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494795

Essentially, being that I am not a kernel hacker, I am out of my depth
here.  I would appreciate it if someone who is knowledgable about this
could comment on it.

Regards,

-Roberto

On Tue, Sep 23, 2008 at 05:05:13PM +0400, Alexey L. Smirnov wrote:
> Hello,
> 
> It seems I found a possible source of this bug.
> The problem is in the way the pppol2tp driver initializes 
> internal kernel tunnel and socket structures. It implicitly assumes
> that you want to use the kernel-based tunnel immediately after
> you've got a peer tunnel id. This means you must prepare kernel
> socket as follows
> 
> struct sockaddr_pppol2tp sax;
> int fd, session_fd;
> 
> fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
> sax.sa_family = AF_PPPOX;
> sax.sa_protocol = PX_PROTO_OL2TP;
> sax.pppol2tp.fd = tunnel_fd;
> sax.pppol2tp.addr.sin_addr.s_addr = addr->sin_addr.s_addr;
> sax.pppol2tp.addr.sin_port = addr->sin_port;
> sax.pppol2tp.addr.sin_family = AF_INET;
> sax.pppol2tp.s_tunnel  = tunnel_id;
> sax.pppol2tp.s_session = 0;
> sax.pppol2tp.d_tunnel  = peer_tunnel_id;
> sax.pppol2tp.d_session = 0;
> 
> session_fd = connect(fd, (struct sockaddr *)&sax, sizeof(sax));
> 
> Note, that s_session, d_session members must be 0 and you must perform connect() call.
> Only in this case you get properly prepared sockets.
> 
> Now, take a look at init_network() function. They use only socket() call to prepare kernel sockets
> and this is not enough. Thus, when they make connect() to the kernel socket in start_pppd(), they
> get this bug.
> 
> To test this, I moved the kernel support code from init_network() to start_pppd() and 
> add modification of the above initialization code. The bug disappeared. 
> However, this is not whole story. When kernel support is on, pppd uses plugin pppol2tp.so, 
> which is not present in Debian repositories (but present in openltp). 
> So, I'm still unable to get xl2tpd work with kernel support.
> 
> 
> 

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20080923/79bd44d6/attachment.bin

More information about the Users mailing list