[Openswan Users] [Openswan dev] Fix for bugreport: ipsec eroute fails (http://bugs.xelerance.com/view.php?id=1018)

Paul Wouters paul at xelerance.com
Fri Feb 6 15:35:42 EST 2009


On Fri, 6 Feb 2009, Carsten Schlote wrote:

> for openswan 2.6.19 and 2.6.20rc2 I tracked down the problem with eroute
> causing crashes/aborts when using the --clear option. It's seems that
> the extentions[] definition was too small and wrong. 

Thanks for your patch. I'm looking at integrating it for 2.6.20.

> There was also a problem with fmt_common_shell_out(), which uses
> snprintf() the old way. I changed the code to work with the old way of
> returning -1 and the new one returning the potential output length which
> might exceed the given buffer and output to buffer was clipped. Some of
> our VPN connections uses lots of lengthy PLUTO_#? parameters and the
> command string was clipped by ~300 bytes. So _upstart script was never
> called and strange things happended. Therefore I increased the buffer
> size for the command string.

Ahh.

> I also commented some dead code in sysdep_*.c, which made me nuts as I
> tried to apply changes to such zombie code and nothing happened in the
> resulting binaries. Functionality was moved to fmt_common_shell_out(). 
> Code for darwin adn BSD might need similiar changes.

that is not dead code. The do_command_*() functions are set via kernel_ops
paramters, depending on the protostack= and OS.

Thanks again for the patch!

Paul


More information about the Users mailing list