[Openswan Users] Revisting old routing problem. Passthrough conns only creating "dir out" policies.

Michael H. Warfield mhw at WittsEnd.com
Mon May 11 19:45:48 EDT 2009 

On Mon, 2009-05-11 at 18:21 -0400, Michael H. Warfield wrote:
> On Mon, 2009-05-11 at 14:44 -0400, Michael H. Warfield wrote:
> > Paul,
> 
> > 	I see now where this can be fixed but I'm really torn.  It could be
> > "fixed" either at the bottom of netlink_shunt_eroute or at the bottom of
> > netlink_raw_eroute.
> 
> 	Looking through more of the code that calls raw_eroute /
> netlink_raw_eroute, maybe that option isn't a good choice after all.
> That gets called from too many locations in kernel.c.  I can't see that
> there wouldn't be any collateral issues created by modifying it's
> behavior rather than modifying netlink_shunt_eroute.

> 	OTOH...  Modifying netlink_shunt_eroute seems pretty cut and dry.

	I haven't tested 2.6.22dr1 of yet but I have generated a patch file
against it patching netlink_shunt_eroute for this problem.  It's
basically my earlier suggested patch (with one stupid typo fix from
merging two changes) and rebased to 2.6.22dr1 to compensate for an
offset.  This time attached as a file if you choose to use it.  I've
built Fedora 10 rpm's with the 2.6.21 flavor of this patch and it's
running on the impacted gateway now.

	Regards,
	Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: openswan-2.6.22dr1-eroute.patch
Type: text/x-patch
Size: 1166 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20090511/8fcf001b/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20090511/8fcf001b/attachment-0001.bin

More information about the Users mailing list