[Openswan Users] Fix for bugreport: ipsec eroute fails (http://bugs.xelerance.com/view.php?id=1018)

Carsten Schlote c.schlote at konzeptpark.de
Fri Feb 6 14:04:43 EST 2009

Hi Paul,

for openswan 2.6.19 and 2.6.20rc2 I tracked down the problem with eroute
causing crashes/aborts when using the --clear option. It's seems that
the extentions[] definition was too small and wrong. 

There was also a problem with fmt_common_shell_out(), which uses
snprintf() the old way. I changed the code to work with the old way of
returning -1 and the new one returning the potential output length which
might exceed the given buffer and output to buffer was clipped. Some of
our VPN connections uses lots of lengthy PLUTO_#? parameters and the
command string was clipped by ~300 bytes. So _upstart script was never
called and strange things happended. Therefore I increased the buffer
size for the command string.

I also commented some dead code in sysdep_*.c, which made me nuts as I
tried to apply changes to such zombie code and nothing happened in the
resulting binaries. Functionality was moved to fmt_common_shell_out(). 
Code for darwin adn BSD might need similiar changes.

I attached a patch fixing these problems. Patch was taken against 2.6.19
+incremental diff to 2.6.20rc+ Harald Jenny's NAT-T patch.

As I spent some effort and nerves to track down these bugs and to get
OpenSwan 2.6.20rc2 working on Linux with KLIPs+NAT-T, i think
other might find the patch useful.

So far, everything seems to work fine now...

Happy weekend...
Carsten Schlote <c.schlote at konzeptpark.de>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openswan-2.6.20rc2-fixes.patch
Type: text/x-patch
Size: 9877 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20090206/6c8396be/attachment-0001.bin 

More information about the Users mailing list